https://github.com/libre-devops/terraform-azurerm-subnet
A module used to deploy subnets to an existing vnet 🛜
https://github.com/libre-devops/terraform-azurerm-subnet
Last synced: about 1 year ago
JSON representation
A module used to deploy subnets to an existing vnet 🛜
- Host: GitHub
- URL: https://github.com/libre-devops/terraform-azurerm-subnet
- Owner: libre-devops
- License: mit
- Created: 2025-04-23T23:33:38.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-23T23:40:04.000Z (about 1 year ago)
- Last Synced: 2025-04-24T00:29:12.520Z (about 1 year ago)
- Language: PowerShell
- Size: 0 Bytes
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
```hcl
resource "azurerm_subnet" "subnet" {
for_each = var.subnets
name = each.key
resource_group_name = var.rg_name
virtual_network_name = var.vnet_name
address_prefixes = toset(each.value.address_prefixes)
service_endpoints = toset(each.value.service_endpoints)
service_endpoint_policy_ids = toset(each.value.service_endpoint_policy_ids)
private_endpoint_network_policies = each.value.private_endpoint_network_policies
private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled
default_outbound_access_enabled = each.value.default_outbound_access_enabled
dynamic "delegation" {
for_each = each.value.delegation != null ? each.value.delegation : []
content {
name = delegation.value.type
service_delegation {
name = delegation.value.type
actions = lookup(var.subnet_delegations_actions, delegation.value.type, delegation.value.action)
}
}
}
}
locals {
subnets = {
for subnet in azurerm_subnet.subnet :
subnet.name => subnet.id
}
}
resource "azurerm_subnet_network_security_group_association" "vnet" {
for_each = var.nsg_ids != null ? var.nsg_ids : {}
subnet_id = local.subnets[each.key]
network_security_group_id = each.value
}
locals {
route_table_associations = {
for assoc in azurerm_subnet_route_table_association.this :
assoc.subnet_id => {
subnet_id = assoc.subnet_id,
route_table_id = assoc.route_table_id
}
}
grouped_by_route_table = {
for rt_id in distinct([for assoc in local.route_table_associations : assoc.route_table_id]) :
rt_id => [for assoc in local.route_table_associations : assoc.subnet_id if assoc.route_table_id == rt_id]
}
}
resource "azurerm_route_table" "this" {
for_each = var.route_tables
name = each.key
location = var.location
resource_group_name = var.rg_name
bgp_route_propagation_enabled = each.value.bgp_route_propagation_enabled
dynamic "route" {
for_each = each.value.routes
content {
name = route.key
address_prefix = route.value.address_prefix
next_hop_type = route.value.next_hop_type
next_hop_in_ip_address = lookup(route.value, "next_hop_in_ip_address", null)
}
}
}
resource "azurerm_subnet_route_table_association" "this" {
depends_on = [azurerm_subnet.subnet]
for_each = var.subnet_route_table_associations
subnet_id = local.subnets[each.key]
route_table_id = azurerm_route_table.this[each.value].id
}
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_route_table.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource |
| [azurerm_subnet.subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
| [azurerm_subnet_network_security_group_association.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
| [azurerm_subnet_route_table_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [create\_diagnostic\_settings](#input\_create\_diagnostic\_settings) | Whether diagnostic settings should be made | `bool` | `false` | no |
| [diagnostic\_settings](#input\_diagnostic\_settings) | An object containing the diagnostic settings for a resource |
object({
diagnostic_settings_name = optional(string)
target_resource_id = optional(string)
storage_account_id = optional(string)
eventhub_name = optional(string)
eventhub_authorization_rule_id = optional(string)
law_id = optional(string)
law_destination_type = optional(string, "Dedicated")
partner_solution_id = optional(string)
enabled_log = optional(list(object({
category = optional(string)
category_group = optional(string)
})), [])
metric = optional(list(object({
category = string
enabled = optional(bool, true)
})), [])
enable_all_logs = optional(bool, false)
enable_all_metrics = optional(bool, false)
}) | `null` | no |
| [diagnostic\_settings\_enable\_all\_logs\_and\_metrics](#input\_diagnostic\_settings\_enable\_all\_logs\_and\_metrics) | Whether all logs and metrics should be enabled | `bool` | `false` | no |
| [dns\_servers](#input\_dns\_servers) | The DNS servers to be used with vNet. | `list(string)` | `[]` | no |
| [location](#input\_location) | The location for this resource to be put in | `string` | n/a | yes |
| [nsg\_ids](#input\_nsg\_ids) | A map of subnet name to Network Security Group IDs | `map(string)` | `{}` | no |
| [rg\_name](#input\_rg\_name) | The name of the resource group, this module does not create a resource group, it is expecting the value of a resource group already exists | `string` | n/a | yes |
| [route\_tables](#input\_route\_tables) | Map of Route Tables to be created, where the key is the name of the Route Table. | map(object({
bgp_route_propagation_enabled = optional(bool, false)
routes = map(object({
address_prefix = string
next_hop_type = string
next_hop_in_ip_address = optional(string)
}))
})) | `{}` | no |
| [route\_tables\_ids](#input\_route\_tables\_ids) | A map of subnet name to Route table ids | `map(string)` | `{}` | no |
| [subnet\_delegations\_actions](#input\_subnet\_delegations\_actions) | List of delegation actions when delegations of subnets is used, will be done for query | `map(list(string))` | {
"GitHub.Network/networkSettings": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.AVS/PrivateClouds": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.ApiManagement/service": [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"
],
"Microsoft.Apollo/npu": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.App/environments": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.App/testClients": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.AzureCosmosDB/clusters": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.BareMetal/AzureHPC": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.BareMetal/AzureHostedService": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.BareMetal/AzurePaymentHSM": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.BareMetal/AzureVMware": [
"Microsoft.Network/networkinterfaces/*",
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.BareMetal/CrayServers": [
"Microsoft.Network/networkinterfaces/*",
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.BareMetal/MonitoringServers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Batch/batchAccounts": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.CloudTest/hostedpools": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.CloudTest/images": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.CloudTest/pools": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Codespaces/plans": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.ContainerInstance/containerGroups": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.ContainerService/TestClients": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.ContainerService/managedClusters": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DBforMySQL/flexibleServers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DBforMySQL/servers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DBforMySQL/serversv2": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DBforPostgreSQL/flexibleServers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DBforPostgreSQL/serversv2": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.DBforPostgreSQL/singleServers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Databricks/workspaces": [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"
],
"Microsoft.DelegatedNetwork/controller": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DevCenter/networkConnection": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.DevOpsInfrastructure/pools": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.DocumentDB/cassandraClusters": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Fidalgo/networkSettings": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.HardwareSecurityModules/dedicatedHSMs": [
"Microsoft.Network/networkinterfaces/*",
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.Kusto/clusters": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.LabServices/labplans": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Logic/integrationServiceEnvironments": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.MachineLearningServices/workspaces": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.Netapp/volumes": [
"Microsoft.Network/networkinterfaces/*",
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.Network/dnsResolvers": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.Network/fpgaNetworkInterfaces": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Network/managedResolvers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Network/networkWatchers.": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.Network/virtualNetworkGateways": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Orbital/orbitalGateways": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.PowerPlatform/enterprisePolicies": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.PowerPlatform/vnetaccesslinks": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.ServiceFabricMesh/networks": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.ServiceNetworking/trafficControllers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Singularity/accounts/networks": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Singularity/accounts/npu": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Sql/managedInstances": [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"
],
"Microsoft.Sql/managedInstancesOnebox": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Sql/managedInstancesStage": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Sql/managedInstancesTest": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Sql/servers": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.StoragePool/diskPools": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.StreamAnalytics/streamingJobs": [
"Microsoft.Network/virtualNetworks/subnets/join/action"
],
"Microsoft.Synapse/workspaces": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Web/hostingEnvironments": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Microsoft.Web/serverFarms": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"NGINX.NGINXPLUS/nginxDeployments": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"PaloAltoNetworks.Cloudngfw/firewalls": [
"Microsoft.Network/virtualNetworks/subnets/action"
],
"Qumulo.Storage/fileSystems": [
"Microsoft.Network/virtualNetworks/subnets/action"
]
} | no |
| [subnet\_enforce\_private\_link\_endpoint\_network\_policies](#input\_subnet\_enforce\_private\_link\_endpoint\_network\_policies) | A map of subnet name to enable/disable private link endpoint network policies on the subnet. | `map(bool)` | `{}` | no |
| [subnet\_enforce\_private\_link\_service\_network\_policies](#input\_subnet\_enforce\_private\_link\_service\_network\_policies) | A map of subnet name to enable/disable private link service network policies on the subnet. | `map(bool)` | `{}` | no |
| [subnet\_route\_table\_associations](#input\_subnet\_route\_table\_associations) | Map where the key is the subnet name and the value is the name of the route table to associate with. | `map(string)` | `{}` | no |
| [subnet\_service\_endpoints](#input\_subnet\_service\_endpoints) | A map of subnet name to service endpoints to add to the subnet. | `map(any)` | `{}` | no |
| [subnets](#input\_subnets) | Map of subnets with their properties | map(object({
address_prefixes = set(string)
private_endpoint_network_policies = optional(string, "Disabled")
private_link_service_network_policies_enabled = optional(bool, false)
default_outbound_access_enabled = optional(bool, true)
service_endpoint_policy_ids = optional(set(string))
delegation = optional(list(object({
type = optional(string)
action = optional(list(string)) # Optional user-defined action
})))
service_endpoints = optional(list(string))
})) | `{}` | no |
| [tags](#input\_tags) | The tags to associate with your network and subnets. | `map(string)` | n/a | yes |
| [vnet\_name](#input\_vnet\_name) | Name of the vnet to create | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [route\_table\_ids](#output\_route\_table\_ids) | Map of Route Table names to their IDs. |
| [subnet\_ids\_associated\_with\_route\_tables](#output\_subnet\_ids\_associated\_with\_route\_tables) | The IDs of the subnets associated with each route table |
| [subnets\_ids](#output\_subnets\_ids) | The ids of the subnets created |
| [subnets\_names](#output\_subnets\_names) | The name of the subnets created |
| [vnet\_dns\_servers](#output\_vnet\_dns\_servers) | The dns servers of the vnet, if it is using Azure default, this module will return the Azure 'wire' IP as a list of string in the 1st element |