https://github.com/data-platform-hq/terraform-azurerm-vmss-forwarder
Terraform module for creation of Custom Firewall solution with traffic forwarding
https://github.com/data-platform-hq/terraform-azurerm-vmss-forwarder
azurerm bind9 forwarding-proxy iptables terraform-module
Last synced: 3 months ago
JSON representation
Terraform module for creation of Custom Firewall solution with traffic forwarding
- Host: GitHub
- URL: https://github.com/data-platform-hq/terraform-azurerm-vmss-forwarder
- Owner: data-platform-hq
- License: other
- Created: 2023-12-24T21:56:08.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-16T08:49:02.000Z (8 months ago)
- Last Synced: 2024-09-17T10:45:21.608Z (8 months ago)
- Topics: azurerm, bind9, forwarding-proxy, iptables, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/data-platform-hq/vmss-forwarder/azurerm/latest
- Size: 46.9 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Azure VMSS Forwarder Terraform module
Terraform module for creation Azure VMSS Forwarder
## Usage
This module provides an ability to deploy Azure VMSS Forwarder.
```hcl
data "azurerm_resource_group" "example" {
name = "example"
}
data "azurerm_subnet" "example" {
name = "example-subnet-name"
virtual_network_name = "example"
resource_group_name = data.azurerm_resource_group.example.name
}
module "vmss_forwarder" {
source = "data-platform-hq/vmss-forwarder/azurerm"
version = "~> 1.0"
load_balancer_name = "example-load-balancer-name"
vm_scale_set_name = "example-vm-scale-set-name"
location = "eastus"
resource_group = data.azurerm_resource_group.example.name
subnet_id = data.azurerm_subnet.example.id
spoke_cidrs = ["10.0.0.0/8"]
additional_dns_zones = [
{
zone_name = "example.com"
server_ip_addresses = ["10.120.0.4"]
}
]
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [azurerm](#requirement\_azurerm) | >= 4.0.1 |
| [random](#requirement\_random) | >=3.5.0 |
## Providers
| Name | Version |
|------|---------|
| [random](#provider\_random) | >=3.5.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [lb](#module\_lb) | data-platform-hq/load-balancer/azurerm | 1.1.0 |
| [vmss](#module\_vmss) | data-platform-hq/vmss/azurerm | 1.3.0 |
## Resources
| Name | Type |
|------|------|
| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_dns\_zones](#input\_additional\_dns\_zones) | List of objects to configure custom DNS zones. DNS Traffic would be forwarded to mentioned DNS Server IP Address in case zone name is matched in query |
list(object({
zone_name = string
server_ip_addresses = list(string)
})) | `[]` | no |
| [admin\_username](#input\_admin\_username) | VM Scale Set admin username | `string` | `"azureuser"` | no |
| [analytics\_workspace\_id](#input\_analytics\_workspace\_id) | Resource ID of Log Analytics Workspace | `string` | `null` | no |
| [default\_dns\_servers](#input\_default\_dns\_servers) | List of IP Addresses of the DNS Servers that would resolve queries by default. Default value is an Azure DNS Server public ip | `list(string)` | [
"168.63.129.16"
]
| no |
| [dnssec\_validation](#input\_dnssec\_validation) | DNSSEC validation value in bind9 config | `string` | `"no"` | no |
| [drc\_datasource\_name](#input\_drc\_datasource\_name) | Datasource syslog name | `string` | `"datasource-syslog"` | no |
| [drc\_enabled](#input\_drc\_enabled) | Enable data collection rule. var.analytics\_workspace\_id must be provided | `bool` | `false` | no |
| [drc\_facility\_names](#input\_drc\_facility\_names) | List of Facility names | `list(string)` | [
"daemon",
"syslog",
"user"
]
| no |
| [drc\_log\_levels](#input\_drc\_log\_levels) | List of Log levels | `list(string)` | [
"Debug"
]
| no |
| [lb\_enable\_diagnostic\_setting](#input\_lb\_enable\_diagnostic\_setting) | Enable diagnostic setting. var.analytics\_workspace\_id must be provided | `bool` | `false` | no |
| [load\_balancer\_name](#input\_load\_balancer\_name) | Load Balancer name | `string` | n/a | yes |
| [location](#input\_location) | The Azure Region in which resources would be created. | `string` | n/a | yes |
| [public\_ip\_prefix\_enabled](#input\_public\_ip\_prefix\_enabled) | Boolean flag that determines whether Public IP Address prefix is assigned to VMSS. By default it is disable because NAT Gateway is used for default outbound traffic. | `string` | `false` | no |
| [resource\_group](#input\_resource\_group) | The name of the resource group. | `string` | n/a | yes |
| [spoke\_cidrs](#input\_spoke\_cidrs) | List of IP Address CIDRs that would be managed in Iptables configuration. Traffic would be forwarded between those networks. | `list(string)` | `[]` | no |
| [subnet\_id](#input\_subnet\_id) | The ID of the Subnet where this Network first Interface should be located in. | `string` | n/a | yes |
| [tags](#input\_tags) | Resource tags | `map(any)` | `{}` | no |
| [vm\_scale\_set\_name](#input\_vm\_scale\_set\_name) | VM Scale Set name | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [lb\_id](#output\_lb\_id) | Load Balancer id |
| [lb\_private\_ip](#output\_lb\_private\_ip) | Load Balancer private ip address |
| [vmss\_id](#output\_vmss\_id) | VM Scale Sets id |
| [vmss\_password](#output\_vmss\_password) | VM Scale Sets admin password value |
| [vmss\_username](#output\_vmss\_username) | VM Scale Sets admin username value |
## License
Apache 2 Licensed. For more information please see [LICENSE](https://github.com/data-platform-hq/terraform-azurerm-vmss-forwarder/blob/main/LICENSE)