Azure Virtual Network

The module creates Azure Virtual Network with flexible number of subnets, and optionally creates Azure Bastion in the managed Virtual Network.

NOTE: This module is meant to be used with an already created Resource Group.

The module follows Azure naming conventions. Name variables passed to the module are only suffixes used in the full resource names that are defined by Azure standards.

Abbreviations are used for resource names in most cases, based on these Azure recommendations

$550

BUY

License

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com

Provision instructions

Initialize mandatory providers:

hashicorp/azurerm

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_azure_vnet" {
  source  = "solutions.corewide.com/azure/tf-azure-vnet/azurerm"
  version = "~> 2.0.0"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init

Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 2.0 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "2.0.0"

v2.0.0 released 1 year, 7 months ago

New version approx. every 13 weeks

Upgrade Notes

Changelog

From `v1.x` to `v2.x`

Since v2.0.0, the module changes naming model of managed resources in accordance with Azure naming conventions, so all resources of the module will be re-created. Also, there is re-named variable name_prefix to name_suffix, it must be updated in module's declaration.

From `v2.x` to `v3.x`

Module from v3.0 has changed Azure provider version which isn't compatible with an old version. After the module version is upgraded, re-init module to upgrade Azure provider version.
Upgrade Azure provider version on project level to ~> 4.0:

 hclterraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}

Upgrade project dependencies:

 bashterraform init --upgrade

Create Virtual Network only:

 hclresource "azurerm_resource_group" "foo" {
  name     = "foo"
  location = "eastus"
}

module "vnet" {
  source  = "solutions.corewide.com/azure/tf-azure-vnet/azurerm"
  version = "~> 2.0"

  name_suffix         = "bar"
  resource_group_name = azurerm_resource_group.foo.name
  region              = azurerm_resource_group.foo.location

  address_space = [
    "10.0.0.0/16",
  ]

  tags = {
    Project = "foo"
  }
}

Create Virtual Network with 1 Subnet and Bastion Service:

Bastion Service requires a dedicated Subnet and Public IP that are created within the module. You need to define a valid CIDR pool for that subnet, which requires at least /26 Mask, as in example below

 hclresource "azurerm_resource_group" "foo" {
  name     = "foo"
  location = "eastus"
}

module "vnet" {
  source  = "solutions.corewide.com/azure/tf-azure-vnet/azurerm"
  version = "~> 2.0"

  name_suffix         = "bar"
  resource_group_name = azurerm_resource_group.foo.name
  region              = azurerm_resource_group.foo.location
  bastion_pool        = "10.0.250.0/26"

  address_space = [
    "10.0.0.0/16",
  ]

  subnets = [
    {
      name_suffix = "baz"

      addresses = [
        "10.0.1.0/26",
      ]
    },
  ]

  tags = {
    Project = "foo"
  }
}

Create Virtual Network with 2 Subnets packed in different configuration flavors:

Network Security Group and Route Table is created per each Subnet automatically, but without any rules except Azure provisioned defaults. Call these resources later on to attach any custom rules as desired

 hclresource "azurerm_resource_group" "foo" {
  name     = "foo"
  location = "eastus"
}

module "vnet" {
  source  = "solutions.corewide.com/azure/tf-azure-vnet/azurerm"
  version = "~> 2.0"

  name_suffix         = "bar"
  resource_group_name = azurerm_resource_group.foo.name
  region              = azurerm_resource_group.foo.location

  address_space = [
    "10.0.0.0/16",
  ]

  subnets = [
    {
      name_suffix = "baz"

      addresses = [
        "10.0.1.0/24",
      ]
    },
    {
      name_suffix = "biz"

      addresses = [
        "10.0.2.0/24",
      ]

      service_endpoints = [
        "Microsoft.AzureCosmosDB",
      ]
    },
    {
      name_suffix = "qux"
      delegation  = "Microsoft.AzureCosmosDB/clusters"

      addresses = [
        "10.0.3.0/24",
      ]
    },
  ]

  tags = {
    Project = "foo"
  }
}

Variable	Description	Type	Default	Required	Sensitive
`address_space`	The list of IP pools for Virtual Network	`list(string)`		yes	no
`name_suffix`	Naming suffix for the resources created by the module	`string`		yes	no
`region`	Resource Group location where Virtual Network will be created	`string`		yes	no
`resource_group_name`	The Resource Group Name in which resources should be created	`string`		yes	no
`bastion_pool`	Create Azure Bastion within the VN if set. Will create a special Subnet with provisioned IP pool to setup Bastion service (at least /26 mask required)	`string`		no	no
`subnets`	A list of Virtual Network Subnets to create	`list(object)`	`[]`	no	no
`subnets[*].addresses`	List of IP Pools to assign to the Subnet (within the VN pools)	`list(string)`		yes	no
`subnets[*].delegation`	If set, will delegate this Subnet to the Service defined here	`string`		no	no
`subnets[*].enable_private_endpoints`	Enable or Disable network policies for the private link endpoint on the Subnet. Set to `true` if using Private Link Endpoints	`bool`	`false`	no	no
`subnets[*].name_suffix`	The name suffix of the Subnet to create	`string`		yes	no
`subnets[*].service_endpoints`	If set, will allow the setup of listed Services endpoints within this Subnet for secure private communications. Additional configurations on the Service resources required	`list(string)`		no	no
`tags`	A map of tags to apply (where key is a tag name and value is a tag value)	`map(any)`	`{}`	no	no

Output	Description	Type	Sensitive
`bastion`	Contains attributes of azurerm_bastion_host.bastion resource	`computed`	no
`network_security_groups`	The list of Network Security Groups associated to created Subnets. Passes attributes of azurerm_network_security_group.nsg resources	`computed`	no
`route_tables`	The list of Route Tables associated to created Subnets. Passes attributes of azurerm_route_table.rt resources	`computed`	no
`subnets`	The list of created Subnets within the Virtual Network. Passes attributes of azurerm_subnet.snet resources	`computed`	no
`virtual_network`	Contains attributes of azurerm_virtual_network resource	`resource`	no