This feature creates an Azure VPN Gateway with its own dedicated Subnet, public IP, and the connections resources.
Gateway SKU list description is available on Microsoft documentation.
| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 7.x.x | 1.3.x | >= 3.0 |
| >= 6.x.x | 1.x | >= 3.0 |
| >= 5.x.x | 0.15.x | >= 2.0 |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
| >= 3.x.x | 0.12.x | >= 2.0 |
| >= 2.x.x | 0.12.x | < 2.0 |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "azure_network_vnet" {
source = "claranet/vnet/azurerm"
version = "x.x.x"
environment = var.environment
location = module.azure_region.location
location_short = module.azure_region.location_short
client_name = var.client_name
stack = var.stack
resource_group_name = module.rg.resource_group_name
vnet_cidr = ["10.10.1.0/16"]
}
module "logs" {
source = "claranet/run/azurerm//modules/logs"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
extra_tags = {
foo = "bar"
}
}
module "vpn_gw" {
source = "claranet/vpn/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
virtual_network_name = module.azure_network_vnet.virtual_network_name
subnet_gateway_cidr = "10.10.1.0/25"
vpn_connections = [
{
name = "azure_to_claranet"
name_suffix = "claranet"
vpn_gw_custom_name = "azure_to_claranet_vpn_connection"
local_gw_custom_name = "azure_to_claranet_local_gateway"
extra_tags = { to = "claranet" }
local_gateway_address = "89.185.1.1"
local_gateway_address_spaces = ["89.185.1.1/32"]
}
]
logs_destinations_ids = [
module.logs.log_analytics_workspace_id,
module.logs.logs_storage_account_id
]
extra_tags = {
foo = "bar"
}
}| Name | Version |
|---|---|
| azurecaf | ~> 1.2, >= 1.2.22 |
| azurerm | ~> 3.39 |
| random | ~> 3.0 |
| Name | Source | Version |
|---|---|---|
| diagnostics | claranet/diagnostic-settings/azurerm | ~> 6.5.0 |
| subnet_gateway | claranet/subnet/azurerm | 7.0.0 |
| Name | Type |
|---|---|
| azurerm_local_network_gateway.local_network_gateway | resource |
| azurerm_public_ip.virtual_gateway_pubip | resource |
| azurerm_virtual_network_gateway.public_virtual_network_gateway | resource |
| azurerm_virtual_network_gateway_connection.virtual_network_gateway_connection | resource |
| random_password.vpn_ipsec_shared_key | resource |
| azurecaf_name.gw_pub_ip | data source |
| azurecaf_name.local_network_gateway | data source |
| azurecaf_name.vnet_gw | data source |
| azurecaf_name.vpn_gw_connection | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_routes_to_advertise | Additional routes reserved for this virtual network in CIDR notation. | list(string) |
null |
no |
| client_name | Client name/account used in naming. | string |
n/a | yes |
| custom_diagnostic_settings_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
| custom_name | Custom VPN Gateway name, generated if not set. | string |
"" |
no |
| default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
| environment | Project environment. | string |
n/a | yes |
| extra_tags | Additional tags to associate with your VPN Gateway. | map(string) |
{} |
no |
| location | Azure region to use. | string |
n/a | yes |
| location_short | Short string for Azure location. | string |
n/a | yes |
| logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formated string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the ` |
` character. | list(string) |
n/a |
| logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| name_prefix | Optional prefix for the generated name. | string |
"" |
no |
| name_suffix | Optional suffix for the generated name. | string |
"" |
no |
| network_resource_group_name | VNet and Subnet Resource group name. To use only if you need to have a dedicated Resource Group for all VPN GW resources. (set via resource_group_name variable.) |
string |
"" |
no |
| resource_group_name | Name of the resource group. | string |
n/a | yes |
| stack | Project stack name. | string |
n/a | yes |
| subnet_gateway_cidr | CIDR range for the dedicated Gateway subnet. Must be a range available in the VNet. | string |
null |
no |
| subnet_id | Subnet Gateway ID to use if already existing. Must be named GatewaySubnet. |
string |
null |
no |
| use_caf_naming | Use the Azure CAF naming provider to generate default resource name. custom_name override this if set. Legacy default name is used if this is set to false. |
bool |
true |
no |
| virtual_network_name | Virtual Network Name where the dedicated VPN Subnet and GW will be created. | string |
n/a | yes |
| vpn_client_configuration | VPN client configuration authorizations. | object({ |
null |
no |
| vpn_connections | List of VPN Connection configurations. | list(object({ |
[] |
no |
| vpn_gw_active_active | If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. |
bool |
false |
no |
| vpn_gw_enable_bgp | If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false. | bool |
false |
no |
| vpn_gw_generation | Configuration of the generation of the virtual network gateway. Valid options are Generation1, Generation2 or None |
string |
"Generation2" |
no |
| vpn_gw_ipconfig_custom_names | List of VPN GW IP Config resource custom name. One per IP on the gateway. | list(string) |
[] |
no |
| vpn_gw_public_ip_allocation_method | Defines the allocation method for this IP address. Possible values are Static or Dynamic. |
string |
"Dynamic" |
no |
| vpn_gw_public_ip_custom_names | List of VPN GW Public IP resource custom name. One per IP on the gateway. | list(string) |
[] |
no |
| vpn_gw_public_ip_number | Number of Public IPs to allocate and associated to the Gateway. By default only 1. Maximum is 3. | number |
1 |
no |
| vpn_gw_public_ip_sku | The SKU of the Public IP. Accepted values are Basic and Standard. |
string |
"Basic" |
no |
| vpn_gw_public_ip_zones | Public IP zones to configure. | list(number) |
[ |
no |
| vpn_gw_routing_type | The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. |
string |
"RouteBased" |
no |
| vpn_gw_sku | Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw[1-3]AZ, VpnGw[1-5], VpnGw[1-5]AZ, and depend on the type and vpn_type arguments.A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway. SKU details and list is available at https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways. |
string |
"VpnGw2AZ" |
no |
| vpn_gw_type | The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created |
string |
"Vpn" |
no |
| Name | Description |
|---|---|
| vpn_connection_ids | The VPN created connections IDs. |
| vpn_gw_id | Azure VPN GW ID. |
| vpn_gw_name | Azure VPN GW name. |
| vpn_gw_subnet_id | Dedicated subnet ID for the GW. |
| vpn_local_gateway_names | Azure VNET local Gateway names. |
| vpn_local_gw_ids | Azure VNET local Gateway IDs. |
| vpn_public_ip | Azure VPN GW public IP. |
| vpn_public_ip_name | Azure VPN GW public IP resource name. |
| vpn_shared_keys | Shared Keys used for VPN connections. |
- If
vpn_gw_active_activevariable istrue, at least two public IPs will be provisionned unless more IPs are set via thevpn_gw_public_ip_numbervariable.
Microsoft VPN Gateway documentation docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways