Module to deploy a Virtual Network in Azure along with subnets, NSGs and Route Tables and the ability to integrate existing DDOS protections plans to VNets.
Note that this module requires an existing resource group.
The following requirements are needed by this module:
The following providers are used by this module:
The following resources are used by this module:
- azurerm_management_lock.this (resource)
- azurerm_resource_group_template_deployment.telemetry (resource)
- azurerm_role_assignment.this (resource)
- azurerm_subnet.subnet (resource)
- azurerm_subnet_network_security_group_association.vnet (resource)
- azurerm_subnet_route_table_association.vnet (resource)
- azurerm_virtual_network.vnet (resource)
- random_id.telem (resource)
The following input variables are required:
Description: The name of the resource group where the resources will be deployed.
Type: string
The following input variables are optional (have default values):
Description: The address space that is used by the virtual network.
Type: string
Default: "10.0.0.0/16"
Description: The list of the address spaces that is used by the virtual network.
Type: list(string)
Default: []
Description: The set of DDoS protection plan configuration.
Type:
object({
enable = bool
id = string
})Default: null
Description: n/a
Type:
map(object({
name = optional(string, null)
log_categories_and_groups = optional(set(string), ["allLogs"])
metric_categories = optional(set(string), ["AllMetrics"])
log_analytics_destination_type = optional(string, "Dedicated")
workspace_resource_id = optional(string, null)
storage_account_resource_id = optional(string, null)
event_hub_authorization_rule_resource_id = optional(string, null)
event_hub_name = optional(string, null)
marketplace_partner_resource_id = optional(string, null)
}))Default: {}
Description: The DNS servers to be used with vNet.
If no values are specified, this defaults to Azure DNS.
Type: list(string)
Default: []
Description: This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetry.
If it is set to false, then no telemetry will be collected.
Type: bool
Default: true
Description: The lock level to apply to the Virtual Network. Default is None. Possible values are None, CanNotDelete, and ReadOnly.
Type:
object({
name = optional(string, null)
kind = optional(string, "None")
})Default: {}
Description: The name of the virtual network to create.
Type: string
Default: "acctvnet"
Description: A map of subnet name to Network Security Group IDs.
Type: map(string)
Default: {}
Description: A map of private endpoints to create on the Virtual Network. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
name- (Optional) The name of the private endpoint. One will be generated if not set.role_assignments- (Optional) A map of role assignments to create on the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. Seevar.role_assignmentsfor more information.lock- (Optional) The lock level to apply to the private endpoint. Default isNone. Possible values areNone,CanNotDelete, andReadOnly.tags- (Optional) A mapping of tags to assign to the private endpoint.subnet_resource_id- The resource ID of the subnet to deploy the private endpoint in.private_dns_zone_group_name- (Optional) The name of the private DNS zone group. One will be generated if not set.private_dns_zone_resource_ids- (Optional) A set of resource IDs of private DNS zones to associate with the private endpoint. If not set, no zone groups will be created and the private endpoint will not be associated with any private DNS zones. DNS records must be managed external to this module.application_security_group_resource_ids- (Optional) A map of resource IDs of application security groups to associate with the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.private_service_connection_name- (Optional) The name of the private service connection. One will be generated if not set.network_interface_name- (Optional) The name of the network interface. One will be generated if not set.location- (Optional) The Azure location where the resources will be deployed. Defaults to the location of the resource group.resource_group_name- (Optional) The resource group where the resources will be deployed. Defaults to the resource group of the Key Vault.ip_configurations- (Optional) A map of IP configurations to create on the private endpoint. If not specified the platform will create one. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.name- The name of the IP configuration.private_ip_address- The private IP address of the IP configuration.
Type:
map(object({
role_assignments = map(object({})) # see https://azure.github.io/Azure-Verified-Modules/Azure-Verified-Modules/specs/shared/interfaces/#role-assignments
lock = object({}) # see https://azure.github.io/Azure-Verified-Modules/Azure-Verified-Modules/specs/shared/interfaces/#resource-locks
tags = optional(map(any), {}) # see https://azure.github.io/Azure-Verified-Modules/Azure-Verified-Modules/specs/shared/interfaces/#tags
service = string
subnet_resource_id = string
private_dns_zone_group_name = optional(string, null)
private_dns_zone_resource_ids = optional(set(string), [])
application_security_group_resource_ids = optional(set(string), [])
network_interface_name = optional(string, null)
ip_configurations = optional(map(object({
name = string
group_id = optional(string, null)
member_name = optional(string, null)
private_ip_address = string
})), {})
}))Default: {}
Description: A map with key (string) subnet name, value (bool) true or false to indicate enable or disable network policies for the private link endpoint on the subnet. Default value is false.
Type: map(bool)
Default: {}
Description: A map with key (string) subnet name, value (bool) true or false to indicate enable or disable network policies for the private link service on the subnet. Default value is false.
Type: map(bool)
Default: {}
Description: n/a
Type:
map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, true)
condition = optional(string, null)
condition_version = optional(string, "2.0")
delegated_managed_identity_resource_id = optional(string)
}))Default: {}
Description: A map of subnet name to Route table ids.
Type: map(string)
Default: {}
Description: service_delegation blocks for azurerm_subnet resource, subnet names as keys, list of delegation blocks as value, more details about delegation block could be found at the document.
Type:
map(list(object({
name = string
service_delegation = object({
name = string
actions = optional(list(string))
})
})))Default: {}
Description: A list of public subnets inside the vNet.
Type: list(string)
Default:
[
"subnet1"
]Description: The address prefix to use for the subnet.
Type: list(string)
Default:
[
"10.0.1.0/24"
]Description: A map with key (string) subnet name, value (list(string)) to indicate enabled service endpoints on the subnet. Default value is [].
Type: map(list(string))
Default: {}
Description: The tags to associate with your network and subnets.
Type: map(any)
Default: {}
Description: Whether enable tracing tags that generated by BridgeCrew Yor.
Type: bool
Default: false
Description: Default prefix for generated tracing tags.
Type: string
Default: "avm_"
Description: The location/region where the virtual network is created. Changing this forces a new resource to be created.
Type: string
Default: null
The following outputs are exported:
Description: The ids of the newly created subnets
Description: The address space of the newly created vNet
Description: The id of the newly created vNet
Description: The location of the newly created vNet
Description: The name of the newly created vNet
No modules.