virtual-network-hub
avinor/virtual-network-hub/azurerm
A Terraform module to create a hub virtual network according to Microsoft Best Practice of deploying Hub-Spoke
Hub network This module deploys a hub network using the Microsoft recommended Hub-Spoke network topology . Generally there should only be one hub in each region with multiple spokes, where each of them can also be in separate subscriptions. Currently, it does not support setting up peering between hub's in different regions, but that could be added as a feature later. The virtual network will be created with 4 subnets, AzureFirewallSubnet, GatewaySubnet, Management and DMZ. AzureFirewallSubnet and GatewaySubnet will not contain any UDR (User Defined Route) or NSG (Network Security Group) since that is not possible with resources deployed in those subnets. Management and DMZ will route all outgoing traffic through firewall instance. !hub topology Source: In diagram hub network is connected
| Name | Type | Description | Default |
|---|---|---|---|
| resource_group_name | string | Name of resource group to deploy resources in. | |
| address_space | string | The full address space that is used the virtual network. Requires at least a /24 | |
| location | string | The Azure Region in which to create resource. | |
| public_ip_names | list(string) | Public ips is a list of ip names that are connected to the firewall. At least on | |
| name | string | Name of hub network. | |
| dmz_nsg_rules | list(any) | Network security rules to add to dmz subnet. See README for details on how to se | [] |
| firewall_zones | list(string) | A collection of availability zones to spread the Firewall over. | null |
| firewall_nat_rules | list(object({ name | List of nat rules to apply to firewall. | [] |
| create_ddos_plan | bool | Create a DDos protection plan and attach to vnet. | false |
| private_dns_zone | string | Name of private dns zone to create and associate with virtual network. This is t | null |
| enable_advanced_threat_protection | bool | Boolean flag which controls if advanced threat protection is enabled. | true |
| storage_account_resource_group_create | bool | Property for supporting terraform state created by older version of this module. | false |
| public_ip_prefix_length | number | Specifies the number of bits of the prefix. The value can be set between 24 (256 | 30 |
| peering_assignment | list(string) | List of principal ids that should have access to peer to this Hub network. All s | [] |
| resolvable_private_dns_zones | list(string) | List of resolvable private dns zones to create and associate with virtual networ | [] |
| service_endpoints | list(string) | Service endpoints to add to the firewall subnet. | [
"Microsoft.AzureActiveDirectory",
|
| management_nsg_rules | list(any) | Network security rules to add to management subnet. See README for details on ho | [] |
| tags | map(string) | Tags to apply to all resources created. | {} |
| diagnostics | object({ destination = s | Diagnostic settings for those resources that support it. See README.md for detai | null |
| firewall_application_rules | list(object({ name | List of application rules to apply to firewall. | [] |
| firewall_network_rules | list(object({ name | List of network rules to apply to firewall. | [] |
| netwatcher | object({ resource_group_lo | Properties for creating network watcher. If set it will create Network Watcher r | null |
| threat_intel_mode | string | The operation mode for threat intelligence-based filtering. Possible values are: | "Deny" |
private_dns — Private dns settings if configured. Id and name of private dns.resolvable_private_dns_zones — Map of resolvable private dns zones settings if configured. The key is the private zone name where dpublic_ip_prefix — Public ip prefix of firewall.vnet_id — Virtual network id.vnet_resource_group_name — Virtual network resource group name.vnet_name — Virtual network name.subnets — Map with subnets created and their id. Used for network rules etc.firewall_private_ip — Private ip of firewall.Azure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,