https://github.com/kolosovpetro/azureprivateendpoint

Using Terraform to set up an Azure Private Endpoint for SQL Server in a dedicated subnet, ensuring private access. Configure a Private DNS Zone and link it to the VNet for name resolution. Deny public access and use a VM in another subnet to validate connectivity via nslookup ensuring secure private communication.
https://github.com/kolosovpetro/azureprivateendpoint

azure private-endpoints terraform terraform-project

Last synced: 2 months ago
JSON representation

Using Terraform to set up an Azure Private Endpoint for SQL Server in a dedicated subnet, ensuring private access. Configure a Private DNS Zone and link it to the VNet for name resolution. Deny public access and use a VM in another subnet to validate connectivity via nslookup ensuring secure private communication.

• Host: GitHub
• URL: https://github.com/kolosovpetro/azureprivateendpoint
• Owner: kolosovpetro
• License: gpl-2.0
• Created: 2025-02-03T16:28:31.000Z (4 months ago)
• Default Branch: master
• Last Pushed: 2025-02-03T18:23:58.000Z (4 months ago)
• Last Synced: 2025-02-12T12:17:55.787Z (4 months ago)
• Topics: azure, private-endpoints, terraform, terraform-project
• Language: HCL
• Homepage:
• Size: 82 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Azure Private Endpoint

Using Terraform to set up an Azure Private Endpoint for SQL Server in a dedicated subnet, ensuring private access.

Configure a Private DNS Zone and link it to the VNet for name resolution. Deny public access and use a VM in another

subnet to validate connectivity via `nslookup`, ensuring secure, private communication.

## Nslookup output

After Private endpoint is provisioned, VM can resolve DNS as expected.

![Nslookup](./images/nslookup.png)

Which matches actual private IP of network interface

![NIC](./images/azure-portal-nic.png)

## Terraform Init

- Create and configure Azure Storage Account for Terraform state

- Create `azure.sas.conf` file with the following content:

    ```bash

    storage_account_name = "storage_account_name"

    container_name       = "container_name"

    key                  = "terraform.tfstate"

    sas_token            = "sas_token"

    ```

- `terraform init -backend-config="azure.sas.conf" -reconfigure -upgrade`

## Module referencing

- Bitbucket: `git::[email protected]:kolosovpetro/terraform.git//modules/storage`

- Github: `git::[email protected]:kolosovpetro/terraform.git//modules/storage`

## Pre-commit configuration

- Install python3 via Windows Store

- `pip install --upgrade pip`

- `pip install pre-commit`

- Update PATH variable

- `pre-commit install`

### Install terraform docs

- `choco install terraform-docs`

### Install tflint

- `choco install tflint`

### Documentation

- https://github.com/antonbabenko/pre-commit-terraform

- https://github.com/kolosovpetro/AzureTerraformBackend

- https://github.com/terraform-docs/terraform-docs

- https://terraform-docs.io/user-guide/installation/

- https://pre-commit.com/

## Storage account configuration file

  ```bash

  storage_account_name = "storage_account_name"

  container_name       = "container_name"

  key                  = "terraform.tfstate"

  sas_token            = "sas_token"

  ```

## Deploy storage account for terraform state

- See [CreateAzureStorageAccount.ps1](./CreateAzureStorageAccount.ps1)

# Module documentation

## Requirements

| Name                                                                | Version |

|---------------------------------------------------------------------|---------|

|  [azurerm](#requirement\_azurerm) | =3.71.0 |

## Providers

| Name                                                          | Version |

|---------------------------------------------------------------|---------|

|  [azurerm](#provider\_azurerm) | 3.71.0  |

## Modules

| Name                                                                             | Source                      | Version |

|----------------------------------------------------------------------------------|-----------------------------|---------|

|  [resource\_group](#module\_resource\_group) | ./modules/example_submodule | n/a     |

## Resources

| Name                                                                                                                              | Type        |

|-----------------------------------------------------------------------------------------------------------------------------------|-------------|

| [azurerm_resource_group.public](https://registry.terraform.io/providers/hashicorp/azurerm/3.71.0/docs/resources/resource_group)   | resource    |

| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/3.71.0/docs/data-sources/client_config) | data source |

## Inputs

| Name                                                                                                        | Description              | Type     | Default | Required |

|-------------------------------------------------------------------------------------------------------------|--------------------------|----------|---------|:--------:|

|  [prefix](#input\_prefix)                                                        | Prefix for all resources | `string` | n/a     |   yes    |

|  [resource\_group\_location](#input\_resource\_group\_location) | Resource group location  | `string` | n/a     |   yes    |

|  [resource\_group\_name](#input\_resource\_group\_name)             | Resource group name      | `string` | n/a     |   yes    |

## Outputs

No outputs.