https://github.com/cloudnationhq/terraform-azure-vwan
Terraform module which creates azure virtual wan resources used by workloads and accelerators.
https://github.com/cloudnationhq/terraform-azure-vwan
azure terraform wam
Last synced: about 1 month ago
JSON representation
Terraform module which creates azure virtual wan resources used by workloads and accelerators.
- Host: GitHub
- URL: https://github.com/cloudnationhq/terraform-azure-vwan
- Owner: CloudNationHQ
- License: mit
- Created: 2024-01-18T10:57:42.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-11-11T15:34:49.000Z (7 months ago)
- Last Synced: 2024-11-11T16:33:03.155Z (7 months ago)
- Topics: azure, terraform, wam
- Language: HCL
- Homepage: https://registry.terraform.io/modules/CloudNationHQ/vwan/azure/latest
- Size: 204 KB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# Virtual Wan
This terraform module streamlines the setup and management of virtual wan components on azure, offering customizable choices for wan topology, connectivity and security policies.
## Features
Simplified virtual wan deployment
Multiple secure virtual hub support
Utilization of terratest for robust validation
Ability to define and manage routing intents on virtual hubs
Vpn gateway support on virtual hubs with multi-site and link connectivity
Ability to configure multiple vpn gateway connections on sites
Site to site vpn capabilities for secure connectivity between networks
Point to site vpn support for secure client access to virtual hub
Nat rules support for address translation on vpn gateways
Expressroute gateway enablement on virtual hubs for hybrid connectivity
## Requirements
The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (~> 1.0)
- [azurerm](#requirement\_azurerm) (~> 4.0)
## Providers
The following providers are used by this module:
- [azurerm](#provider\_azurerm) (~> 4.0)
## Resources
The following resources are used by this module:
- [azurerm_express_route_gateway.er_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/express_route_gateway) (resource)
- [azurerm_point_to_site_vpn_gateway.p2s_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/point_to_site_vpn_gateway) (resource)
- [azurerm_virtual_hub.vhub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub) (resource)
- [azurerm_virtual_hub_security_partner_provider.spp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_security_partner_provider) (resource)
- [azurerm_virtual_wan.vwan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_wan) (resource)
- [azurerm_vpn_gateway.vpn_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_gateway) (resource)
- [azurerm_vpn_gateway_connection.vpn_connection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_gateway_connection) (resource)
- [azurerm_vpn_gateway_nat_rule.nat_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_gateway_nat_rule) (resource)
- [azurerm_vpn_server_configuration.p2s_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_server_configuration) (resource)
- [azurerm_vpn_site.vpn_site](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/vpn_site) (resource)
## Required Inputs
The following input variables are required:
Description: Contains all virtual wan configuration
Type:
```hcl
object({
name = string
resource_group = optional(string, null)
location = optional(string, null)
allow_branch_to_branch_traffic = optional(bool, true)
disable_vpn_encryption = optional(bool, false)
type = optional(string, "Standard")
office365_local_breakout_category = optional(string, "None")
tags = optional(map(string))
vhubs = optional(map(object({
name = optional(string)
location = optional(string, null)
address_prefix = string
sku = optional(string, "Standard")
hub_routing_preference = optional(string, "ExpressRoute")
virtual_router_auto_scale_min_capacity = optional(number, 2)
tags = optional(map(string))
routes = optional(map(object({
address_prefixes = list(string)
next_hop_ip_address = string
})), {})
point_to_site_vpn = optional(object({
vpn_server_configuration_name = optional(string)
authentication_types = optional(list(string), ["Certificate"])
protocols = optional(list(string), ["IkeV2"])
scale_unit = optional(number, 1)
routing_preference_internet_enabled = optional(bool, false)
internet_security_enabled = optional(bool, false)
dns_servers = optional(list(string), [])
connection_configuration_name = optional(string)
ipsec_policy = optional(object({
dh_group = string
pfs_group = string
ike_integrity = string
ike_encryption = string
ipsec_integrity = string
ipsec_encryption = string
sa_lifetime_seconds = number
sa_data_size_kilobytes = number
}))
radius = optional(object({
server = list(object({
address = string
secret = string
score = number
}))
client_root_certificate = optional(object({
name = string
thumbprint = string
}))
server_root_certificate = optional(object({
name = string
public_cert_data = string
}))
}))
client_root_certificates = optional(map(object({
name = optional(string)
public_cert_data = string
})), {})
client_revoked_certificates = optional(map(object({
name = optional(string)
thumbprint = string
})), {})
azure_active_directory = optional(object({
audience = string
issuer = string
tenant = string
}))
vpn_client_configuration = object({
address_pool = list(string)
})
route = optional(object({
associated_route_table_id = string
inbound_route_map_id = optional(string)
outbound_route_map_id = optional(string)
propagated_route_table = optional(object({
ids = list(string)
labels = optional(list(string), [])
}))
}))
}))
site_to_site_vpn = optional(object({
name = string
routing_preference = optional(string, null)
bgp_route_translation_for_nat_enabled = optional(bool, false)
scale_unit = optional(number, 1)
bgp_settings = optional(object({
asn = number
peer_weight = number
instance_0_bgp_peering_address = optional(object({
custom_ips = list(string)
}))
instance_1_bgp_peering_address = optional(object({
custom_ips = list(string)
}))
}))
vpn_sites = optional(map(object({
name = optional(string)
address_prefix = string
device_vendor = optional(string, "Microsoft")
device_model = optional(string, "VpnSite")
o365_policy = optional(object({
traffic_category = optional(object({
allow_endpoint_enabled = optional(bool, false)
default_endpoint_enabled = optional(bool, false)
optimize_endpoint_enabled = optional(bool, false)
}))
}))
vpn_links = optional(map(object({
name = optional(string)
ip_address = optional(string, null)
provider_name = optional(string, null)
speed_in_mbps = optional(number, null)
fqdn = optional(string, null)
bgp = optional(object({
peering_address = string
asn = number
}))
})), { "link1" = {} })
connections = optional(map(object({
name = optional(string)
internet_security_enabled = optional(bool, false)
local_address_ranges = optional(list(string), [])
remote_address_ranges = optional(list(string), [])
inbound_route_map_id = optional(string, null)
outbound_route_map_id = optional(string, null)
vpn_links = map(object({
shared_key = string
bgp_enabled = optional(bool, false)
protocol = optional(string, "IKEv2")
ingress_nat_rule_ids = optional(list(string), [])
egress_nat_rule_ids = optional(list(string), [])
bandwidth_mbps = optional(number, 10)
connection_mode = optional(string, "Default")
local_azure_ip_address_enabled = optional(bool, false)
policy_based_traffic_selector_enabled = optional(bool, false)
ratelimit_enabled = optional(bool, false)
route_weight = optional(number, 0)
vpn_site_link_id = optional(string)
custom_bgp_address = optional(map(object({
ip_address = string
ip_configuration_id = string
})), {})
ipsec_policy = optional(map(object({
pfs_group = string
dh_group = string
sa_data_size_kb = number
sa_lifetime_sec = number
integrity_algorithm = string
encryption_algorithm = string
ike_integrity_algorithm = string
ike_encryption_algorithm = string
})), {})
}))
})), {})
})), {})
nat_rules = optional(map(object({
name = optional(string)
ip_configuration_id = optional(string, null)
mode = optional(string, "EgressSnat")
type = optional(string, "Static")
external_mappings = map(object({
address_space = string
port_range = optional(string, null)
}))
internal_mappings = map(object({
address_space = string
port_range = optional(string, null)
}))
})), {})
}), null)
express_route_gateway = optional(object({
name = optional(string)
scale_units = number
allow_non_virtual_wan_traffic = optional(bool, false)
}))
security_partner_provider = optional(object({
name = string
security_provider_name = string
}))
})), {})
})
```
## Optional Inputs
The following input variables are optional (have default values):
### [location](#input\_location)
Description: default azure region and can be used if location is not specified inside the object.
Type: `string`
Default: `null`
Description: contains naming convention
Type: `map(string)`
Default: `null`
### [resource\_group](#input\_resource\_group)
Description: default resource group and can be used if resourcegroup is not specified inside the object.
Type: `string`
Default: `null`
Description: default tags to be used.
Type: `map(string)`
Default: `{}`
## Outputs
The following outputs are exported:
Description: contains virtual hub configuration
Description: contains virtual wan configuration
## Goals
For more information, please see our [goals and non-goals](./GOALS.md).
## Testing
For more information, please see our testing [guidelines](./TESTING.md)
## Notes
Using a dedicated module, we've developed a naming convention for resources that's based on specific regular expressions for each type, ensuring correct abbreviations and offering flexibility with multiple prefixes and suffixes.
Full examples detailing all usages, along with integrations with dependency modules, are located in the examples directory.
To update the module's documentation run `make doc`
## Contributors
We welcome contributions from the community! Whether it's reporting a bug, suggesting a new feature, or submitting a pull request, your input is highly valued.
For more information, please see our contribution [guidelines](./CONTRIBUTING.md).
## License
MIT Licensed. See [LICENSE](./LICENSE) for full details.
## References
- [Documentation](https://learn.microsoft.com/en-us/azure/virtual-wan/)
- [Rest Api](https://learn.microsoft.com/en-us/rest/api/virtualwan/)
- [Rest Api Specs](https://github.com/Azure/azure-rest-api-specs/blob/main/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/virtualWan.json)