Azure Support module. It creates a subnet, a Network Security Group and a bastion VM instance from a Claranet image by default. Included module documentation:
| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 7.x.x | 1.3.x | >= 3.0 |
| >= 6.x.x | 1.x | >= 3.0 |
| >= 5.x.x | 0.15.x | >= 2.0 |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
| >= 3.x.x | 0.12.x | >= 2.0 |
| >= 2.x.x | 0.12.x | < 2.0 |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "azure_network_vnet" {
source = "claranet/vnet/azurerm"
version = "x.x.x"
environment = var.environment
location = module.azure_region.location
location_short = module.azure_region.location_short
client_name = var.client_name
stack = var.stack
resource_group_name = module.rg.resource_group_name
vnet_cidr = ["10.10.0.0/16"]
}
module "run" {
source = "claranet/run/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
monitoring_function_enabled = false
vm_monitoring_enabled = true
backup_vm_enabled = true
update_center_enabled = false
recovery_vault_cross_region_restore_enabled = true
vm_backup_daily_policy_retention = 31
}
resource "tls_private_key" "bastion" {
algorithm = "RSA"
}
module "support" {
source = "git::ssh://git@git.fr.clara.net/claranet/projects/cloud/azure/terraform/module/support.git?ref=vX.X.X"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
virtual_network_name = module.azure_network_vnet.virtual_network_name
# Bastion parameters
vm_size = "Standard_B1s"
storage_os_disk_size_gb = "32"
admin_ssh_ips = var.admin_ssh_ips
# Define your private ip bastion if you want to override it
bastion_private_ip = "10.10.10.10"
# Set to null to deactivate backup (not recommended)
bastion_backup_policy_id = module.run.vm_backup_policy_id
# Optional: Put your SSH key here
ssh_public_key = tls_private_key.bastion.public_key_openssh
# Define your subnets if you want to override it
subnet_cidr_list = ["10.10.10.0/24"]
# support_dns_zone_name = var.support_dns_zone_name
# Diagnostics / logs
diagnostics_storage_account_name = module.run.logs_storage_account_name
azure_monitor_data_collection_rule_id = module.run.data_collection_rule_id
log_analytics_workspace_guid = module.run.log_analytics_workspace_guid
}| Name | Version |
|---|---|
| azurerm | ~> 3.67 |
| tls | >= 3.0 |
| Name | Source | Version |
|---|---|---|
| azure_region | claranet/regions/azurerm | ~> 7.1.0 |
| bastion_vm | claranet/linux-vm/azurerm | ~> 7.11.0 |
| claranet_gallery_images | claranet/claranet-gallery-images/azapi | ~> 7.0.0 |
| support_nsg | claranet/nsg/azurerm | ~> 7.7.0 |
| support_subnet | claranet/subnet/azurerm | ~> 7.0.0 |
| Name | Type |
|---|---|
| azurerm_subnet_network_security_group_association.subnet_bastion_association | resource |
| tls_private_key.ssh | resource |
| azurerm_client_config.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aad_ssh_login_admin_objects_ids | Azure Active Directory objects IDs allowed to connect as administrator on the VM. | list(string) |
[] |
no |
| aad_ssh_login_enabled | Enable SSH logins with Azure Active Directory. | bool |
false |
no |
| aad_ssh_login_extension_version | VM Extension version for Azure Active Directory SSH Login extension. | string |
"1.0" |
no |
| aad_ssh_login_user_objects_ids | Azure Active Directory objects IDs allowed to connect as standard user on the VM. | list(string) |
[] |
no |
| admin_password | Password for the administrator account of the virtual machine. | string |
null |
no |
| admin_ssh_ips | Claranet IPs allowed to use SSH on bastion. | list(string) |
n/a | yes |
| admin_username | Name of the administrator user. | string |
"claranet" |
no |
| azure_monitor_agent_auto_upgrade_enabled | Automatically update agent when publisher releases a new version of the agent. | bool |
false |
no |
| azure_monitor_agent_version | Azure Monitor Agent extension version. | string |
"1.12" |
no |
| azure_monitor_data_collection_rule_id | Data Collection Rule ID from Azure Monitor for metrics and logs collection. Used with new monitoring agent, set to null if legacy agent is used. |
string |
n/a | yes |
| bastion_backup_policy_id | Backup policy ID from the Recovery Vault to attach the Virtual Machine to (value to null to disable backup). |
string |
n/a | yes |
| bastion_custom_data | The Base64-Encoded Custom Data which should be used for the bastion. Changing this forces a new resource to be created. | string |
null |
no |
| bastion_extra_tags | Additional tags to associate with your bastion instance. | map(string) |
{} |
no |
| bastion_identity | Map with identity block informations as described here https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#identity. | object({ |
{ |
no |
| bastion_maintenance_configuration_ids | List of maintenance configurations to attach to this VM. | list(string) |
[] |
no |
| bastion_patch_mode | Specifies the mode of in-guest patching to this Linux Virtual Machine. Possible values are AutomaticByPlatform and ImageDefault |
string |
"ImageDefault" |
no |
| bastion_private_ip | Allows to define the private IP to associate with the bastion. | string |
null |
no |
| bastion_public_ip_sku | Public IP SKU attached to the bastion VM. Can be null if no public IP is needed.If set to null, the Terraform module must be executed from a host having connectivity to the bastion private IP.Thus, the bootstrap's ansible playbook will use the bastion private IP for inventory. |
string |
"Standard" |
no |
| bastion_public_ip_zones | Zones for public IP attached to the VM. Can be null if no zone distpatch. |
list(number) |
[ |
no |
| bastion_user_data | The Base64-Encoded User Data which should be used for the bastion. | string |
null |
no |
| bastion_vm_image | Bastion Virtual Machine source image information. See https://www.terraform.io/docs/providers/azurerm/r/virtual_machine.html#storage_image_reference. This variable cannot be used if vm_image_id is already defined. Defaults to Claranet image. |
object({ |
null |
no |
| bastion_vm_image_id | The ID of the Image which this Virtual Machine should be created from. This variable supersedes the vm_image variable if not null. Defaults to Claranet image. |
string |
null |
no |
| client_name | Client name/account used in naming. | string |
n/a | yes |
| custom_bastion_dns_label | Custom name for DNS label. | string |
null |
no |
| custom_bastion_ipconfig_name | Custom name for IP Configuration. | string |
null |
no |
| custom_bastion_nic_name | Custom name for NIC. | string |
null |
no |
| custom_bastion_public_ip_name | Custom name for public IP. | string |
null |
no |
| custom_bastion_storage_os_disk_name | Custom name for Bastion OS disk. | string |
"" |
no |
| custom_bastion_vm_hostname | Custom Bastion hostname. | string |
"" |
no |
| custom_bastion_vm_name | VM Name as displayed on the console. | string |
"" |
no |
| custom_security_group_name | Custom name for Network Security Group. | string |
null |
no |
| custom_subnet_name | Custom name for Subnet. | string |
null |
no |
| default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
| diagnostics_storage_account_name | Name of the Storage Account in which store VM diagnostics. | string |
n/a | yes |
| environment | Project environment. | string |
n/a | yes |
| extensions_extra_tags | Extra tags to set on the VM extensions. | map(string) |
{} |
no |
| flow_log_enabled | Provision network watcher flow logs. | bool |
false |
no |
| flow_log_location | The location where the Network Watcher Flow Log resides. Changing this forces a new resource to be created. Defaults to the location of the Network Watcher. |
string |
null |
no |
| flow_log_logging_enabled | Enable Network Flow Logging. | bool |
true |
no |
| flow_log_retention_policy_days | The number of days to retain flow log records. | number |
31 |
no |
| flow_log_retention_policy_enabled | Boolean flag to enable/disable retention. | bool |
true |
no |
| flow_log_storage_account_id | Network watcher flow log storage account ID. | string |
null |
no |
| flow_log_traffic_analytics_enabled | Boolean flag to enable/disable traffic analytics. | bool |
true |
no |
| flow_log_traffic_analytics_interval_in_minutes | How frequently service should do flow analytics in minutes. | number |
10 |
no |
| location | Azure location. | string |
n/a | yes |
| location_short | Short string for Azure location. | string |
n/a | yes |
| log_analytics_workspace_guid | The resource GUID of the attached workspace. | string |
null |
no |
| log_analytics_workspace_id | The resource ID of the attached workspace. | string |
null |
no |
| log_analytics_workspace_location | The location of the attached workspace. | string |
null |
no |
| name_prefix | Optional prefix for the generated name. | string |
"bastion" |
no |
| name_suffix | Optional suffix for the generated name. | string |
"" |
no |
| network_watcher_name | The name of the Network Watcher. Changing this forces a new resource to be created. | string |
null |
no |
| network_watcher_resource_group_name | The name of the resource group in which the Network Watcher was deployed. Changing this forces a new resource to be created. | string |
null |
no |
| nic_extra_tags | Additional tags to associate with your network interface. | map(string) |
{} |
no |
| nsg_additional_rules | Additional network security group rules to add. For arguments please refer to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#argument-reference. | list(object({ |
[] |
no |
| nsg_extra_tags | Additional tags to associate with your Network Security Group. | map(string) |
{} |
no |
| private_link_endpoint_enabled | Enable or disable network policies for the Private Endpoint on the subnet. | bool |
null |
no |
| private_link_service_enabled | Enable or disable network policies for the Private Link Service on the subnet. | bool |
null |
no |
| public_ip_extra_tags | Additional tags to associate with your public IP. | map(string) |
{} |
no |
| resource_group_name | Resource group name. | string |
n/a | yes |
| route_table_name | The Route Table name to associate with the subnet. | string |
null |
no |
| route_table_rg | The Route Table RG to associate with the subnet. Default is the same RG than the subnet. | string |
null |
no |
| service_endpoint_policy_ids | The list of IDs of Service Endpoint Policies to associate with the subnet. | list(string) |
null |
no |
| service_endpoints | The list of Service endpoints to associate with the subnet. | list(string) |
[] |
no |
| ssh_public_key | SSH public key, generated if empty. | string |
null |
no |
| stack | Project stack name. | string |
n/a | yes |
| storage_os_disk_account_type | The Type of Storage Account which should back this the Internal OS Disk. Possible values are Standard_LRS, StandardSSD_LRS, Premium_LRS, StandardSSD_ZRS and Premium_ZRS. |
string |
"Premium_ZRS" |
no |
| storage_os_disk_caching | Specifies the caching requirements for the OS Disk. | string |
"ReadWrite" |
no |
| storage_os_disk_extra_tags | Additional tags to set on the OS disk. | map(string) |
{} |
no |
| storage_os_disk_overwrite_tags | True to overwrite existing OS disk tags instead of merging. | bool |
false |
no |
| storage_os_disk_size_gb | Specifies the size of the OS Disk in gigabytes. | string |
n/a | yes |
| storage_os_disk_tagging_enabled | Should OS disk tagging be enabled? Defaults to true. |
bool |
true |
no |
| subnet_cidr_list | The address prefixes to use for the subnet. | list(string) |
n/a | yes |
| virtual_network_name | Bastion VM virtual network name. | string |
n/a | yes |
| virtual_network_resource_group_name | Bastion VM virtual network resource group name, default to resource_group_name if empty. |
string |
"" |
no |
| vm_size | Bastion virtual machine size. | string |
n/a | yes |
| Name | Description |
|---|---|
| bastion_admin_password | Password of the admin user. |
| bastion_admin_username | Username of the admin user. |
| bastion_hostname | Bastion hostname. |
| bastion_maintenance_configurations_assignments | Maintenance configurations assignments configurations. |
| bastion_network_interface_id | Bastion network interface ID. |
| bastion_network_interface_private_ip | Bastion private IP. |
| bastion_network_public_ip | Bastion public IP. |
| bastion_network_public_ip_id | Bastion public IP ID. |
| bastion_public_domain_name_label | Bastion public DNS. |
| bastion_ssh_private_key | Bastion SSH private key. |
| bastion_ssh_public_key | Bastion SSH public key. |
| bastion_virtual_machine_id | Bastion virtual machine ID. |
| bastion_virtual_machine_identity | System Identity assigned to the bastion virtual machine. |
| bastion_virtual_machine_name | Bastion virtual machine name. |
| bastion_virtual_machine_os_disk | Bastion virtual machine OS disk object. |
| network_security_group_id | Network security group ID. |
| network_security_group_name | Network security group name. |
| subnet_cidr_list | CIDR list of the created subnet. |
| subnet_id | ID of the created subnet. |
| subnet_name | Name of the created subnet. |
| terraform_module | Information about this Terraform module. |