| Module version | Terraform version | OpenTofu version | AzureRM version |
|---|---|---|---|
| >= 8.x.x | Unverified | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | >= 3.0 | |
| >= 6.x.x | 1.x | >= 3.0 | |
| >= 5.x.x | 0.15.x | >= 2.0 | |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
| >= 3.x.x | 0.12.x | >= 2.0 | |
| >= 2.x.x | 0.12.x | < 2.0 | |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
location = module.azure_region.location
stack = var.stack
}
module "logs" {
source = "claranet/run/azurerm//modules/logs"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
}
data "azurerm_virtual_wan" "virtual_wan" {
name = var.virtual_wan_name
resource_group_name = var.virtual_wan_resource_group_name
}
module "virtual_hub" {
source = "claranet/virtual-wan/azurerm//modules/virtual-hub"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
virtual_hub_address_prefix = "10.0.0.0/23"
virtual_wan_id = data.azurerm_virtual_wan.virtual_wan.id
extra_tags = local.tags
}
module "vpn" {
source = "claranet/virtual-wan/azurerm//modules/vpn"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
logs_destinations_ids = [
module.logs.log_analytics_workspace_id,
]
virtual_wan_id = data.azurerm_virtual_wan.virtual_wan.id
virtual_hub_id = module.virtual_hub.virtual_hub_id
vpn_gateway_instance_0_bgp_peering_address = ["169.254.21.1"]
vpn_gateway_instance_1_bgp_peering_address = ["169.254.22.1"]
vpn_sites = [
{
name = "site1"
links = [
{
name = "site1-primary-endpoint"
ip_address = "20.20.20.20"
bgp = [
{
asn = 65530
peering_address = "169.254.21.2"
}
]
},
{
name = "site1-secondary-endpoint"
ip_address = "21.21.21.21"
bgp = [
{
asn = 65530
peering_address = "169.254.22.2"
}
]
}
]
}
]
vpn_connections = [
{
name = "cn-hub-to-site1"
site_name = "site1"
links = [
{
name = "site1-primary-link"
bandwidth_mbps = 200
bgp_enabled = true
ipsec_policy = {
dh_group = "DHGroup14"
ike_encryption_algorithm = "AES256"
ike_integrity_algorithm = "SHA256"
encryption_algorithm = "AES256"
integrity_algorithm = "SHA256"
pfs_group = "PFS14"
sa_data_size_kb = 102400000
sa_lifetime_sec = 3600
}
protocol = "IKEv2"
shared_key = "VeryStrongSecretKeyForPrimaryLink"
},
{
name = "site1-secondary-link"
bandwidth_mbps = 200
bgp_enabled = true
ipsec_policy = {
dh_group = "DHGroup14"
ike_encryption_algorithm = "AES256"
ike_integrity_algorithm = "SHA256"
encryption_algorithm = "AES256"
integrity_algorithm = "SHA256"
pfs_group = "PFS14"
sa_data_size_kb = 102400000
sa_lifetime_sec = 3600
}
protocol = "IKEv2"
shared_key = "VeryStrongSecretKeyForSecondaryLink"
policy_based_traffic_selector_enabled = true
}
]
traffic_selector_policy = [
{
local_address_ranges = ["10.0.0.0/16"],
remote_address_ranges = ["10.92.34.50/32"]
}
]
}
]
extra_tags = local.tags
}
locals {
tags = {
env = "prod"
stack = "hub"
}
}| Name | Version |
|---|---|
| azurecaf | ~> 1.2, >= 1.2.22 |
| azurerm | ~> 3.39 |
| Name | Source | Version |
|---|---|---|
| vpn_gateway_diagnostic_settings | claranet/diagnostic-settings/azurerm | ~> 7.0.0 |
| Name | Type |
|---|---|
| azurerm_vpn_gateway.vpn | resource |
| azurerm_vpn_gateway_connection.vpn_gateway_connection | resource |
| azurerm_vpn_site.vpn_site | resource |
| azurecaf_name.azure_vpngw_caf | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| client_name | Name of client. | string |
n/a | yes |
| custom_diagnostic_settings_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
| custom_name | Custom name for the VPN Gateway | string |
null |
no |
| default_tags_enabled | Option to enabled or disable default tags | bool |
true |
no |
| environment | Name of application's environment. | string |
n/a | yes |
| extra_tags | Extra tags for the VPN Gateway | map(string) |
null |
no |
| internet_security_enabled | Define internet security parameter in VPN Connections if set | bool |
null |
no |
| location | Azure location. | string |
n/a | yes |
| location_short | Short string for Azure location. | string |
n/a | yes |
| logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formated string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the ` |
` character. | list(string) |
n/a |
| logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| name_prefix | Prefix for generated resources names. | string |
"" |
no |
| name_slug | Slug to use with the generated resources names. | string |
"" |
no |
| name_suffix | Suffix for the generated resources names. | string |
"" |
no |
| resource_group_name | Name of the application's resource group. | string |
n/a | yes |
| stack | Name of application's stack. | string |
n/a | yes |
| virtual_hub_id | ID of the Virtual Hub in which to deploy the VPN | string |
n/a | yes |
| virtual_wan_id | ID of the Virtual Wan who hosts the Virtual Hub | string |
n/a | yes |
| vpn_connections | VPN Connections configuration | list(object({ |
[] |
no |
| vpn_gateway_bgp_peer_weight | The weight added to Routes learned from this BGP Speaker. | number |
0 |
no |
| vpn_gateway_instance_0_bgp_peering_address | List of custom BGP IP Addresses to assign to the first instance | list(string) |
null |
no |
| vpn_gateway_instance_1_bgp_peering_address | List of custom BGP IP Addresses to assign to the second instance | list(string) |
null |
no |
| vpn_gateway_routing_preference | Azure routing preference. Tou can choose to route traffic either via Microsoft network or via the ISP network through public Internet |
string |
"Microsoft Network" |
no |
| vpn_gateway_scale_unit | The scale unit for this VPN Gateway | number |
1 |
no |
| vpn_sites | VPN Site configuration | list(object({ |
[] |
no |
| Name | Description |
|---|---|
| vpn_gateway_bgp_settings | BGP settings of the VPN Gateway |
| vpn_gateway_connection_ids | List of name and IDs of VPN gateway connections |
| vpn_gateway_id | ID of the created VPN gateway |