333cb8fb8e | ||
---|---|---|
.devcontainer | ||
.github | ||
examples | ||
test | ||
.gitignore | ||
.tflint.override.hcl | ||
CHANGELOG-v2.md | ||
CHANGELOG-v3.md | ||
CHANGELOG-v4.md | ||
CHANGELOG.md | ||
GNUmakefile | ||
LICENSE | ||
README.md | ||
SECURITY.md | ||
locals.tf | ||
main.tf | ||
outputs.tf | ||
telemetry.tf | ||
variables.tf | ||
versions.tf |
README.md
terraform-azurerm-vnet
Create a basic virtual network in Azure
This Terraform module deploys a Virtual Network in Azure with a subnet or a set of subnets passed in as input parameters.
The module does not create nor expose a network security group. This would need to be defined separately as additional security rules on subnets in the deployed network.
Notice to contributor
Thanks for your contribution! This module was created before Terraform introduce for_each
, and according to the document:
If your instances are almost identical,
count
is appropriate. If some of their arguments need distinct values that can't be directly derived from an integer, it's safer to usefor_each
.
This module contains resources with count
meta-argument, but if we change count
to for_each
directly, it would require heavily manually state move operations with extremely caution, or the users who are maintaining existing infrastructure would face potential breaking change.
This module replicated a new azurerm_subnet
which used for_each
, and we provide a new toggle variable named use_for_each
, this toggle is a switcher between count
set and for_each
set. Now user can set var.use_for_each
to true
to use for_each
, and users who're maintaining existing resources could keep this toggle false
to avoid potential breaking change. If you'd like to make changes to subnet resource, make sure that you've change both resource
blocks. Thanks for your cooperation.
Notice on Upgrade to V4.x
In v4.0.0, we would make var.use_for_each
a required variable so the users must set the value explicitly. For whom are maintaining the existing infrastructure that was created with count
should use false
, for those who are creating a new stack, we encourage them to use true
.
V4.0.0 is a major version upgrade. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident.
Running the terraform plan
first to inspect the plan is strongly advised.
Notice on Upgrade to V3.x
We've added a CI pipeline for this module to speed up our code review and to enforce a high code quality standard, if you want to contribute by submitting a pull request, please read Pre-Commit & Pr-Check & Test section, or your pull request might be rejected by CI pipeline.
A pull request will be reviewed when it has passed Pre Pull Request Check in the pipeline, and will be merged when it has passed the acceptance tests. Once the ci Pipeline failed, please read the pipeline's output, thanks for your cooperation.
V3.0.0 is a major version upgrade. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident.
Running the terraform plan
first to inspect the plan is strongly advised.
We kept most code untouched, but the following breaking changes might affect your stack:
var.vnet_location
now is required. #72var.resource_group_name
now cannot be set tonull
. #72var.subnet_prefixes
's default value now is["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
. #73
Terraform and terraform-provider-azurerm version restrictions
Now Terraform core's version is v1.x and terraform-provider-azurerm's version is v3.x.
Example Usage
Please refer to the sub folders under examples
folder. You can execute terraform apply
command in examples
's sub folder to try the module. These examples are tested against every PR with the E2E Test.
Enable or disable tracing tags
We're using BridgeCrew Yor and yorbox to help manage tags consistently across infrastructure as code (IaC) frameworks. In this module you might see tags like:
resource "azurerm_resource_group" "rg" {
location = "eastus"
name = random_pet.name
tags = merge(var.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
avm_git_commit = "3077cc6d0b70e29b6e106b3ab98cee6740c916f6"
avm_git_file = "main.tf"
avm_git_last_modified_at = "2023-05-05 08:57:54"
avm_git_org = "lonegunmanb"
avm_git_repo = "terraform-yor-tag-test-module"
avm_yor_trace = "a0425718-c57d-401c-a7d5-f3d88b2551a4"
} /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))
}
To enable tracing tags, set the variable to true:
module "example" {
source = "{module_source}"
...
tracing_tags_enabled = true
}
The tracing_tags_enabled
is default to false
.
To customize the prefix for your tracing tags, set the tracing_tags_prefix
variable value in your Terraform configuration:
module "example" {
source = "{module_source}"
...
tracing_tags_prefix = "custom_prefix_"
}
The actual applied tags would be:
{
custom_prefix_git_commit = "3077cc6d0b70e29b6e106b3ab98cee6740c916f6"
custom_prefix_git_file = "main.tf"
custom_prefix_git_last_modified_at = "2023-05-05 08:57:54"
custom_prefix_git_org = "lonegunmanb"
custom_prefix_git_repo = "terraform-yor-tag-test-module"
custom_prefix_yor_trace = "a0425718-c57d-401c-a7d5-f3d88b2551a4"
}
Pre-Commit & Pr-Check & Test
Configurations
We assumed that you have setup service principal's credentials in your environment variables like below:
export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"
On Windows Powershell:
$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"
We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest
To run the pre-commit task, we can run the following command:
$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
On Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
In pre-commit task, we will:
- Run
terraform fmt -recursive
command for your Terraform code. - Run
terrafmt fmt -f
command for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted. - Run
go mod tidy
andgo mod vendor
for test folder to ensure that all the dependencies have been synced. - Run
gofmt
for all go code files. - Run
gofumpt
for all go code files. - Run
terraform-docs
onREADME.md
file, then runmarkdown-table-formatter
to format markdown tables inREADME.md
.
Then we can run the pr-check task to check whether our code meets our pipeline's requirement(We strongly recommend you run the following command before you commit):
$ docker run --rm -v $(pwd):/src -w /src -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-check
On Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-check
To run the e2e-test, we can run the following command:
docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
Prerequisites
Authors
Originally created by Eugene Chuvyrov
License
Requirements
Name | Version |
---|---|
terraform | >= 1.3.5 |
azurerm | ~> 4.0 |
modtm | 0.3.2 |
random | >= 3.3.2, < 4.0 |
Providers
Name | Version |
---|---|
azurerm | ~> 4.0 |
modtm | 0.3.2 |
random | >= 3.3.2, < 4.0 |
Modules
No modules.
Resources
Name | Type |
---|---|
azurerm_subnet.subnet_count | resource |
azurerm_subnet.subnet_for_each | resource |
azurerm_subnet_network_security_group_association.vnet | resource |
azurerm_subnet_route_table_association.vnet | resource |
azurerm_virtual_network.vnet | resource |
azurerm_virtual_network_dns_servers.this | resource |
modtm_telemetry.telemetry | resource |
random_uuid.telemetry | resource |
azurerm_client_config.telemetry | data source |
modtm_module_source.telemetry | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
address_space | The address space that is used by the virtual network. | list(string) |
[ |
no |
bgp_community | (Optional) The BGP community attribute in format <as-number>:<community-value> . |
string |
null |
no |
ddos_protection_plan | The set of DDoS protection plan configuration | object({ |
null |
no |
dns_servers | The DNS servers to be used with vNet. | list(string) |
[] |
no |
enable_telemetry | This variable controls whether or not telemetry is enabled for the module. For more information see https://aka.ms/avm/telemetryinfo. If it is set to false, then no telemetry will be collected. |
bool |
true |
no |
nsg_ids | A map of subnet name to Network Security Group IDs | map(string) |
{} |
no |
resource_group_name | Name of the resource group to be imported. | string |
n/a | yes |
route_tables_ids | A map of subnet name to Route table ids | map(string) |
{} |
no |
subnet_delegation | A map of subnet name to delegation block on the subnet | map(map(any)) |
{} |
no |
subnet_enforce_private_link_endpoint_network_policies | A map of subnet name to enable/disable private link endpoint network policies on the subnet. | map(bool) |
{} |
no |
subnet_enforce_private_link_service_network_policies | A map of subnet name to enable/disable private link service network policies on the subnet. | map(bool) |
{} |
no |
subnet_names | A list of public subnets inside the vNet. | list(string) |
[ |
no |
subnet_prefixes | The address prefix to use for the subnet. | list(string) |
[ |
no |
subnet_service_endpoints | A map of subnet name to service endpoints to add to the subnet. | map(any) |
{} |
no |
tags | The tags to associate with your network and subnets. | map(string) |
{} |
no |
tracing_tags_enabled | Whether enable tracing tags that generated by BridgeCrew Yor. | bool |
false |
no |
tracing_tags_prefix | Default prefix for generated tracing tags | string |
"avm_" |
no |
use_for_each | Use for_each instead of count to create multiple resource instances. Defaults to true . |
bool |
true |
no |
vnet_location | The location of the vnet to create. | string |
n/a | yes |
vnet_name | Name of the vnet to create | string |
"acctvnet" |
no |
Outputs
Name | Description |
---|---|
vnet_address_space | The address space of the newly created vNet |
vnet_guid | The GUID of the newly created vNet |
vnet_id | The id of the newly created vNet |
vnet_location | The location of the newly created vNet |
vnet_name | The Name of the newly created vNet |
vnet_subnets | The ids of subnets created inside the newly created vNet |
vnet_subnets_name_id | Can be queried subnet-id by subnet name by using lookup(module.vnet.vnet_subnets_name_id, subnet1) |