Azure - Virtual Network Module

Introduction

This module will create a new Virtual Network, associated subnets and network security groups in Azure.

Naming convention for this service is as follows:
service-market-environment-location-product

Requirements

Name	Version
terraform	>= 0.13.0
azurerm	>= 3.18.0

Providers

Name	Version
azurerm	>= 3.18.0

Inputs

Name	Description	Type	Default	Required
address_space	CIDRs for virtual network	list(string)	n/a	yes
aks_subnets	AKS subnets	map(object({ subnet_info = any route_table = object({ bgp_route_propagation_enabled = bool routes = map(map(string)) # keys are route names, value map is route properties (address_prefix, next_hop_type, next_hop_in_ip_address) # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table#route }) }))	null	no
dns_servers	If applicable, a list of custom DNS servers to use inside your virtual network. Unset will use default Azure-provided resolver	list(string)	null	no
enforce_subnet_names	enforce subnet names based on naming_rules variable	bool	true	no
location	Azure Region	string	n/a	yes
names	Names to be applied to resources	map(string)	n/a	yes
naming_rules	naming conventions yaml file	string	""	no
peer_defaults	Maps of peer arguments.	object({ id = string allow_virtual_network_access = bool allow_forwarded_traffic = bool allow_gateway_transit = bool use_remote_gateways = bool })	{ "allow_forwarded_traffic": false, "allow_gateway_transit": false, "allow_virtual_network_access": true, "id": null, "use_remote_gateways": false }	no
peers	Peer virtual networks. Keys are names, allowed values are same as for peer_defaults. Id value is required.	any	{}	no
resource_group_name	Resource group name	string	n/a	yes
route_tables	Maps of route tables	map(object({ bgp_route_propagation_enabled = bool use_inline_routes = bool # Setting to true will revert any external route additions. routes = map(map(string)) # keys are route names, value map is route properties (address_prefix, next_hop_type, next_hop_in_ip_address) # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table#route }))	{}	no
subnet_defaults	Maps of CIDRs, policies, endpoints and delegations	object({ cidrs = list(string) private_endpoint_network_policies = string private_link_service_network_policies_enabled = bool service_endpoints = list(string) delegations = map(object({ name = string actions = list(string) })) create_network_security_group = bool # create/associate network security group with subnet configure_nsg_rules = bool # deny ingress/egress traffic and configure nsg rules based on below parameters allow_internet_outbound = bool # allow outbound traffic to internet (configure_nsg_rules must be set to true) allow_lb_inbound = bool # allow inbound traffic from Azure Load Balancer (configure_nsg_rules must be set to true) allow_vnet_inbound = bool # allow all inbound from virtual network (configure_nsg_rules must be set to true) allow_vnet_outbound = bool # allow all outbound from virtual network (configure_nsg_rules must be set to true) route_table_association = string })	{ "allow_internet_outbound": false, "allow_lb_inbound": false, "allow_vnet_inbound": false, "allow_vnet_outbound": false, "cidrs": [], "configure_nsg_rules": true, "create_network_security_group": true, "delegations": {}, "private_endpoint_network_policies": "Disabled", "private_link_service_network_policies_enabled": true, "route_table_association": null, "service_endpoints": [] }	no
subnets	Map of subnets. Keys are subnet names, Allowed values are the same as for subnet_defaults	any	{}	no
tags	Tags to be applied to resources	map(string)	n/a	yes

Outputs

Name	Description
aks	Virtual network information matching AKS module input.
route_tables	Maps of custom route tables.
subnet	Map of subnet data objects.
subnet_nsg_ids	Map of subnet ids to associated network_security_group ids.
subnet_nsg_names	Map of subnet names to associated network_security_group names.
subnets	Maps of subnet info.
vnet	Virtual network data object.

For a full list of details provided in the output please view:
- Virtual Network (vnet) - https://www.terraform.io/docs/providers/azurerm/r/virtual_network.html
- Subnet(s) - https://www.terraform.io/docs/providers/azurerm/r/subnet.html

## Requirements

Name	Version
terraform	>= 0.13.0
azurerm	>= 4.0.0

Providers

Name	Version
azurerm	>= 4.0.0

Modules

Name	Source	Version
aks_subnet	./subnet	n/a
subnet	./subnet	n/a

Resources

Name	Type
azurerm_route.aks_route	resource
azurerm_route.non_inline_route	resource
azurerm_route_table.aks_route_table	resource
azurerm_route_table.route_table	resource
azurerm_subnet_route_table_association.aks	resource
azurerm_subnet_route_table_association.association	resource
azurerm_virtual_network.vnet	resource
azurerm_virtual_network_peering.peer	resource

Inputs

Name	Description	Type	Default	Required
address_space	CIDRs for virtual network	list(string)	n/a	yes
aks_subnets	AKS subnets	map(object({ subnet_info = any route_table = object({ bgp_route_propagation_enabled = bool routes = map(map(string)) # keys are route names, value map is route properties (address_prefix, next_hop_type, next_hop_in_ip_address) # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table#route }) }))	null	no
dns_servers	If applicable, a list of custom DNS servers to use inside your virtual network. Unset will use default Azure-provided resolver	list(string)	null	no
enforce_subnet_names	enforce subnet names based on naming_rules variable	bool	true	no
location	Azure Region	string	n/a	yes
names	Names to be applied to resources	map(string)	n/a	yes
naming_rules	naming conventions yaml file	string	""	no
peer_defaults	Maps of peer arguments.	object({ id = string allow_virtual_network_access = bool allow_forwarded_traffic = bool allow_gateway_transit = bool use_remote_gateways = bool })	{ "allow_forwarded_traffic": false, "allow_gateway_transit": false, "allow_virtual_network_access": true, "id": null, "use_remote_gateways": false }	no
peers	Peer virtual networks. Keys are names, allowed values are same as for peer_defaults. Id value is required.	any	{}	no
resource_group_name	Resource group name	string	n/a	yes
route_tables	Maps of route tables	map(object({ bgp_route_propagation_enabled = bool use_inline_routes = bool # Setting to true will revert any external route additions. routes = map(map(string)) # keys are route names, value map is route properties (address_prefix, next_hop_type, next_hop_in_ip_address) # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table#route }))	{}	no
subnet_defaults	Maps of CIDRs, policies, endpoints and delegations	object({ cidrs = list(string) private_endpoint_network_policies = string private_link_service_network_policies_enabled = bool service_endpoints = list(string) delegations = map(object({ name = string actions = list(string) })) create_network_security_group = bool # create/associate network security group with subnet security_group_prefix = string # prefix for network security group name configure_nsg_rules = bool # deny ingress/egress traffic and configure nsg rules based on below parameters allow_internet_outbound = bool # allow outbound traffic to internet (configure_nsg_rules must be set to true) allow_lb_inbound = bool # allow inbound traffic from Azure Load Balancer (configure_nsg_rules must be set to true) allow_vnet_inbound = bool # allow all inbound from virtual network (configure_nsg_rules must be set to true) allow_vnet_outbound = bool # allow all outbound from virtual network (configure_nsg_rules must be set to true) route_table_association = string })	{ "allow_internet_outbound": false, "allow_lb_inbound": false, "allow_vnet_inbound": false, "allow_vnet_outbound": false, "cidrs": [], "configure_nsg_rules": true, "create_network_security_group": true, "delegations": {}, "private_endpoint_network_policies": "Disabled", "private_link_service_network_policies_enabled": true, "route_table_association": null, "security_group_prefix": null, "service_endpoints": [] }	no
subnets	Map of subnets. Keys are subnet names, Allowed values are the same as for subnet_defaults	any	{}	no
tags	Tags to be applied to resources	map(string)	n/a	yes
use_product_name	use product_name as prefix for VNET resource	bool	false	no
virtual_network_name	Optional override for the virtual network name. If not set, name is generated from other variables.	string	null	no

Outputs

Name	Description
aks	Virtual network information matching AKS module input.
route_tables	Maps of custom route tables.
subnet	Map of subnet data objects.
subnet_nsg_ids	Map of subnet ids to associated network_security_group ids.
subnet_nsg_names	Map of subnet names to associated network_security_group names.
subnets	Maps of subnet info.
vnet	Virtual network data object.