From 68705e8ee7dff2923f893ad8c1b4fe29135c8ee6 Mon Sep 17 00:00:00 2001 From: Adam Stuart <51229242+adstuart@users.noreply.github.com> Date: Tue, 4 Aug 2020 15:49:51 +0100 Subject: [PATCH] Add files via upload --- hub-and-spoke-vnet.tf | 378 +++++++++++++++++++++++++++++++ main.tf | 23 +- on-prem.tf | 509 ++++++++++++++++++++---------------------- outputs.tf | 6 +- variables.tf | 42 ++-- vm-extensions.tf | 94 +++----- 6 files changed, 697 insertions(+), 355 deletions(-) create mode 100644 hub-and-spoke-vnet.tf diff --git a/hub-and-spoke-vnet.tf b/hub-and-spoke-vnet.tf new file mode 100644 index 0000000..8dc9a9b --- /dev/null +++ b/hub-and-spoke-vnet.tf @@ -0,0 +1,378 @@ +####################################################################### +## Define Locals +####################################################################### + +locals { + shared-key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" +} + +####################################################################### +## Create Virtual Networks +####################################################################### + +resource "azurerm_virtual_network" "hub-vnet" { + name = "hub-vnet" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + address_space = ["10.0.0.0/16"] + + tags = { + environment = "hub-spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_virtual_network" "spoke-vnet" { + name = "spoke-vnet" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + address_space = ["10.1.0.0/16"] + + tags = { + environment = "spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Subnets +####################################################################### + +resource "azurerm_subnet" "hub-gateway-subnet" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefix = "10.0.255.224/27" +} + +resource "azurerm_subnet" "hub-bastion-subnet" { + name = "AzureBastionSubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefix = "10.0.1.0/27" +} + +resource "azurerm_subnet" "hub-dns" { + name = "DNSSubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + address_prefix = "10.0.0.0/24" +} + +resource "azurerm_subnet" "spoke-bastion-subnet" { + name = "AzureBastionSubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.spoke-vnet.name + address_prefix = "10.1.1.0/27" +} + +resource "azurerm_subnet" "spoke-infrastructure" { + name = "InfrastructureSubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.spoke-vnet.name + address_prefix = "10.1.0.0/24" +} + +####################################################################### +## Create Public IPs +####################################################################### + +resource "azurerm_public_ip" "hub-bastion-pip" { + name = "hub-bastion-pip" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + allocation_method = "Static" + sku = "Standard" + + tags = { + environment = "hub" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_public_ip" "spoke-bastion-pip" { + name = "spoke-bastion-pip" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + allocation_method = "Static" + sku = "Standard" + + tags = { + environment = "spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Bastion Services +####################################################################### + +resource "azurerm_bastion_host" "hub-bastion-host" { + name = "hub-bastion-host" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + ip_configuration { + name = "hub-bastion-host" + subnet_id = azurerm_subnet.hub-bastion-subnet.id + public_ip_address_id = azurerm_public_ip.hub-bastion-pip.id + } + + tags = { + environment = "hub" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_bastion_host" "spoke-bastion-host" { + name = "spoke-bastion-host" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + ip_configuration { + name = "spoke-bastion-host" + subnet_id = azurerm_subnet.spoke-bastion-subnet.id + public_ip_address_id = azurerm_public_ip.spoke-bastion-pip.id + } + + tags = { + environment = "spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Network Peering +####################################################################### + +resource "azurerm_virtual_network_peering" "hub-spoke-peer" { + name = "hub-spoke-peer" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.hub-vnet.name + remote_virtual_network_id = azurerm_virtual_network.spoke-vnet.id + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = true + use_remote_gateways = false + depends_on = [azurerm_virtual_network.spoke-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] +} + +####################################################################### +## Create Network Interface +####################################################################### + +resource "azurerm_network_interface" "az-dns-nic" { + name = "az-dns-nic" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + enable_ip_forwarding = false + + ip_configuration { + name = "az-dns-nic" + subnet_id = azurerm_subnet.hub-dns.id + private_ip_address_allocation = "Dynamic" + } + + tags = { + environment = "hub-spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_network_interface" "az-mgmt-nic" { + name = "az-mgmt-nic" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + enable_ip_forwarding = false + + ip_configuration { + name = "az-mgmt-nic" + subnet_id = azurerm_subnet.spoke-infrastructure.id + private_ip_address_allocation = "Dynamic" + } + + tags = { + environment = "spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Virtual Machine +####################################################################### + +resource "azurerm_virtual_machine" "az-dns-vm" { + name = "az-dns-vm" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + network_interface_ids = [azurerm_network_interface.az-dns-nic.id] + vm_size = var.vmsize + + storage_image_reference { + offer = "WindowsServer" + publisher = "MicrosoftWindowsServer" + sku = "2019-Datacenter" + version = "latest" + } + + storage_os_disk { + name = "az-dns-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "az-dns-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_windows_config { + provision_vm_agent = true + } + + tags = { + environment = "hub-spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_virtual_machine" "az-mgmt-vm" { + name = "az-mgmt-vm" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + network_interface_ids = [azurerm_network_interface.az-mgmt-nic.id] + vm_size = var.vmsize + + storage_image_reference { + offer = "WindowsServer" + publisher = "MicrosoftWindowsServer" + sku = "2019-Datacenter" + version = "latest" + } + + storage_os_disk { + name = "az-mgmt-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "az-mgmt-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_windows_config { + provision_vm_agent = true + } + + tags = { + environment = "spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +############################################################################# +## Create Virtual Network Gateway +############################################################################# + +resource "azurerm_public_ip" "hub-vpn-gateway-pip" { + name = "hub-vpn-gateway-pip" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "hub-vnet-gateway" { + name = "hub-vpn-gateway" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + type = "Vpn" + vpn_type = "RouteBased" + + active_active = false + enable_bgp = false + sku = "VpnGw1" + + ip_configuration { + name = "vnetGatewayConfig" + public_ip_address_id = azurerm_public_ip.hub-vpn-gateway-pip.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.hub-gateway-subnet.id + } + depends_on = [azurerm_public_ip.hub-vpn-gateway-pip] + + tags = { + environment = "hub-spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Connections +####################################################################### + +resource "azurerm_virtual_network_gateway_connection" "hub-onprem-conn" { + name = "hub-onprem-conn" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + type = "Vnet2Vnet" + routing_weight = 1 + + virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id + peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id + + shared_key = local.shared-key +} + +resource "azurerm_virtual_network_gateway_connection" "onprem-hub-conn" { + name = "onprem-hub-conn" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + type = "Vnet2Vnet" + routing_weight = 1 + virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id + peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id + + shared_key = local.shared-key + + tags = { + environment = "hub-spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create VNet Peering +####################################################################### + +resource "azurerm_virtual_network_peering" "spoke-hub-peer" { + name = "spoke-hub-peer" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.spoke-vnet.name + remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id + + allow_virtual_network_access = true + allow_forwarded_traffic = true + allow_gateway_transit = false + use_remote_gateways = true + depends_on = [azurerm_virtual_network.spoke-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] +} \ No newline at end of file diff --git a/main.tf b/main.tf index 3100909..7d2316a 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,19 @@ -provider "azurerm" { - version = "=2.0.0" - features {} -} +provider "azurerm" { + version = "=2.0.0" + features {} +} + +####################################################################### +## Create Resource Group +####################################################################### + +resource "azurerm_resource_group" "privatelink-dns-microhack-rg" { + name = "privatelink-dns-microhack-rg" + location = var.location + + tags = { + environment = "hub-spoke" + deployment = "terraform" + microhack = "privatelink-dns" + } +} \ No newline at end of file diff --git a/on-prem.tf b/on-prem.tf index 3e5ddc6..65a516d 100644 --- a/on-prem.tf +++ b/on-prem.tf @@ -1,265 +1,244 @@ - -####################################################################### -## Create Resource Group -####################################################################### - -resource "azurerm_resource_group" "private-link-microhack-onprem-rg" { - name = "private-link-microhack-onprem-rg" - location = var.location - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -####################################################################### -## Create Virtual Network -####################################################################### - -resource "azurerm_virtual_network" "onprem-vnet" { - name = "onprem-vnet" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - address_space = ["192.168.0.0/16"] - dns_servers = ["192.168.0.4"] - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -####################################################################### -## Create Subnets -####################################################################### - -resource "azurerm_subnet" "onprem-gateway-subnet" { - name = "GatewaySubnet" - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - virtual_network_name = azurerm_virtual_network.onprem-vnet.name - address_prefix = "192.168.255.224/27" -} - -resource "azurerm_subnet" "onprem-infrastructure-subnet" { - name = "InfrastructureSubnet" - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - virtual_network_name = azurerm_virtual_network.onprem-vnet.name - address_prefix = "192.168.0.0/24" -} - -####################################################################### -## Create Public IPs -####################################################################### - -resource "azurerm_public_ip" "onprem-mgmt-pip" { - name = "onprem-mgmt-pip" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - allocation_method = "Static" - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -####################################################################### -## Create Network Interfaces -####################################################################### - -resource "azurerm_network_interface" "onprem-dns-nic" { - name = "onprem-dns-nic" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - enable_ip_forwarding = false - - ip_configuration { - name = "onprem-dns-nic" - subnet_id = azurerm_subnet.onprem-infrastructure-subnet.id - private_ip_address_allocation = "static" - private_ip_address = "192.168.0.4" - } - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -resource "azurerm_network_interface" "onprem-mgmt-nic" { - name = "onprem-mgmt-nic" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - enable_ip_forwarding = false - - ip_configuration { - name = "onprem-mgmt-nic" - subnet_id = azurerm_subnet.onprem-infrastructure-subnet.id - private_ip_address_allocation = "static" - private_ip_address = "192.168.0.5" - public_ip_address_id = azurerm_public_ip.onprem-mgmt-pip.id - } - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - - -########################################################## -## Create Network Security Group and rule -########################################################### - -resource "azurerm_network_security_group" "onprem-mgmt-nsg" { - name = "onprem-mgmt-nsg" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - - security_rule { - name = "Allow_RDP" - priority = 1001 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "3389" - source_address_prefix = "*" - destination_address_prefix = "*" - } - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -resource "azurerm_subnet_network_security_group_association" "mgmt-nsg-association" { - subnet_id = azurerm_subnet.onprem-infrastructure-subnet.id - network_security_group_id = azurerm_network_security_group.onprem-mgmt-nsg.id -} - -####################################################################### -## Create Virtual Machines -####################################################################### - -resource "azurerm_virtual_machine" "onprem-dns-vm" { - name = "onprem-dns-vm" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - network_interface_ids = [azurerm_network_interface.onprem-dns-nic.id] - vm_size = var.vmsize - - storage_image_reference { - offer = "WindowsServer" - publisher = "MicrosoftWindowsServer" - sku = "2019-Datacenter" - version = "latest" - } - - storage_os_disk { - name = "onprem-dns-osdisk" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } - - os_profile { - computer_name = "onprem-dns-vm" - admin_username = var.username - admin_password = var.password - } - - os_profile_windows_config { - provision_vm_agent = true - } - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -resource "azurerm_virtual_machine" "onprem-mgmt-vm" { - name = "onprem-mgmt-vm" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - network_interface_ids = [azurerm_network_interface.onprem-mgmt-nic.id] - vm_size = var.vmsize - - storage_image_reference { - offer = "WindowsServer" - publisher = "MicrosoftWindowsServer" - sku = "2019-Datacenter" - version = "latest" - } - - storage_os_disk { - name = "onprem-mgmt-osdisk" - caching = "ReadWrite" - create_option = "FromImage" - managed_disk_type = "Standard_LRS" - } - - os_profile { - computer_name = "onprem-mgmt-vm" - admin_username = var.username - admin_password = var.password - } - - os_profile_windows_config { - provision_vm_agent = true - } - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} - -####################################################################### -## Create Virtual Network Gateway -####################################################################### - -resource "azurerm_public_ip" "onprem-vpn-gateway-pip" { - name = "onprem-vpn-gateway-pip" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - allocation_method = "Dynamic" -} - -resource "azurerm_virtual_network_gateway" "onprem-vpn-gateway" { - name = "onprem-vpn-gateway" - location = var.location - resource_group_name = azurerm_resource_group.private-link-microhack-onprem-rg.name - - type = "Vpn" - vpn_type = "RouteBased" - - active_active = false - enable_bgp = false - sku = "VpnGw1" - - ip_configuration { - name = "vnetGatewayConfig" - public_ip_address_id = azurerm_public_ip.onprem-vpn-gateway-pip.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurerm_subnet.onprem-gateway-subnet.id - } - depends_on = [azurerm_public_ip.onprem-vpn-gateway-pip] - - tags = { - environment = "onprem" - deployment = "terraform" - microhack = "private-link" - } -} + +####################################################################### +## Create Virtual Network +####################################################################### + +resource "azurerm_virtual_network" "onprem-vnet" { + name = "onprem-vnet" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + address_space = ["192.168.0.0/16"] + dns_servers = ["192.168.0.4"] + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Subnets +####################################################################### + +resource "azurerm_subnet" "onprem-gateway-subnet" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefix = "192.168.255.224/27" +} + +resource "azurerm_subnet" "onprem-bastion-subnet" { + name = "AzureBastionSubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefix = "192.168.1.0/27" +} + +resource "azurerm_subnet" "onprem-infrastructure-subnet" { + name = "InfrastructureSubnet" + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + virtual_network_name = azurerm_virtual_network.onprem-vnet.name + address_prefix = "192.168.0.0/24" +} + +####################################################################### +## Create Public IPs +####################################################################### + +resource "azurerm_public_ip" "onprem-bastion-pip" { + name = "onprem-bastion-pip" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + allocation_method = "Static" + sku = "Standard" + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Bastion Service +####################################################################### + +resource "azurerm_bastion_host" "onprem-bastion-host" { + name = "onprem-bastion-host" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + ip_configuration { + name = "onprem-bastion-host" + subnet_id = azurerm_subnet.onprem-bastion-subnet.id + public_ip_address_id = azurerm_public_ip.onprem-bastion-pip.id + } + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Network Interfaces +####################################################################### + +resource "azurerm_network_interface" "onprem-dns-nic" { + name = "onprem-dns-nic" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + ip_configuration { + name = "onprem-dns-nic" + subnet_id = azurerm_subnet.onprem-infrastructure-subnet.id + private_ip_address_allocation = "static" + private_ip_address = "192.168.0.4" + } + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_network_interface" "onprem-mgmt-nic" { + name = "onprem-mgmt-nic" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + ip_configuration { + name = "onprem-mgmt-nic" + subnet_id = azurerm_subnet.onprem-infrastructure-subnet.id + private_ip_address_allocation = "static" + private_ip_address = "192.168.0.5" + } + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + + +####################################################################### +## Create Virtual Machines +####################################################################### + +resource "azurerm_virtual_machine" "onprem-dns-vm" { + name = "onprem-dns-vm" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + network_interface_ids = [azurerm_network_interface.onprem-dns-nic.id] + vm_size = var.vmsize + + storage_image_reference { + offer = "WindowsServer" + publisher = "MicrosoftWindowsServer" + sku = "2019-Datacenter" + version = "latest" + } + + storage_os_disk { + name = "onprem-dns-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "onprem-dns-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_windows_config { + provision_vm_agent = true + } + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +resource "azurerm_virtual_machine" "onprem-mgmt-vm" { + name = "onprem-mgmt-vm" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + network_interface_ids = [azurerm_network_interface.onprem-mgmt-nic.id] + vm_size = var.vmsize + + storage_image_reference { + offer = "WindowsServer" + publisher = "MicrosoftWindowsServer" + sku = "2019-Datacenter" + version = "latest" + } + + storage_os_disk { + name = "onprem-mgmt-osdisk" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" + } + + os_profile { + computer_name = "onprem-mgmt-vm" + admin_username = var.username + admin_password = var.password + } + + os_profile_windows_config { + provision_vm_agent = true + } + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} + +####################################################################### +## Create Virtual Network Gateway +####################################################################### + +resource "azurerm_public_ip" "onprem-vpn-gateway-pip" { + name = "onprem-vpn-gateway-pip" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "onprem-vpn-gateway" { + name = "onprem-vpn-gateway" + location = var.location + resource_group_name = azurerm_resource_group.privatelink-dns-microhack-rg.name + + type = "Vpn" + vpn_type = "RouteBased" + + active_active = false + enable_bgp = false + sku = "VpnGw1" + + ip_configuration { + name = "vnetGatewayConfig" + public_ip_address_id = azurerm_public_ip.onprem-vpn-gateway-pip.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.onprem-gateway-subnet.id + } + depends_on = [azurerm_public_ip.onprem-vpn-gateway-pip] + + tags = { + environment = "onprem" + deployment = "terraform" + microhack = "privatelink-dns" + } +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 157c900..8b13789 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1 @@ - -output "public_ip_address" { - description = "The actual ip address allocated to the On Prem Management VM" - value = azurerm_public_ip.onprem-mgmt-pip.ip_address -} + diff --git a/variables.tf b/variables.tf index 572f2ee..15af492 100644 --- a/variables.tf +++ b/variables.tf @@ -1,21 +1,21 @@ -variable "location" { - description = "Location to deploy resources" - type = string - default = "WestEurope" -} - -variable "username" { - description = "Username for Virtual Machines" - type = string - default = "AzureAdmin" -} - -variable "password" { - description = "Password must meet Azure complexity requirements" - type = string -} - -variable "vmsize" { - description = "Size of the VMs" - default = "Standard_D2_v3" -} +variable "location" { + description = "Location to deploy resources" + type = string + default = "WestEurope" +} + +variable "username" { + description = "Username for Virtual Machines" + type = string + default = "AzureAdmin" +} + +variable "password" { + description = "Password must meet Azure complexity requirements" + type = string +} + +variable "vmsize" { + description = "Size of the VMs" + default = "Standard_D2_v3" +} \ No newline at end of file diff --git a/vm-extensions.tf b/vm-extensions.tf index 29560a5..c5b39f6 100644 --- a/vm-extensions.tf +++ b/vm-extensions.tf @@ -1,60 +1,34 @@ - -########################################################## -## Install DNS role on onprem and AZ DNS servers -########################################################## - -resource "azurerm_virtual_machine_extension" "install-dns-onprem-dc" { - - name = "install-dns-onprem-dc" - virtual_machine_id = azurerm_virtual_machine.onprem-dns-vm.id - publisher = "Microsoft.Compute" - type = "CustomScriptExtension" - type_handler_version = "1.9" - - settings = <