From 76179df8aaddd0e6e3b3f05c61b91b0abf8b8be4 Mon Sep 17 00:00:00 2001 From: "pan-dev-content-sync-trigger[bot]" Date: Thu, 19 Sep 2024 03:07:05 +0000 Subject: [PATCH] Sync azure Terraform module documentation --- .../vmseries/examples/standalone_panorama.md | 57 ++- .../docs/swfw/azure/vmseries/modules/appgw.md | 8 +- .../swfw/azure/vmseries/modules/bootstrap.md | 4 +- .../azure/vmseries/modules/loadbalancer.md | 72 ++-- .../docs/swfw/azure/vmseries/modules/natgw.md | 16 +- .../swfw/azure/vmseries/modules/panorama.md | 5 +- .../swfw/azure/vmseries/modules/public_ip.md | 346 ++++++++++++++++++ .../modules/virtual_network_gateway.md | 26 +- .../swfw/azure/vmseries/modules/vmseries.md | 12 +- .../docs/swfw/azure/vmseries/modules/vmss.md | 40 +- .../docs/swfw/azure/vmseries/modules/vnet.md | 11 + .../common_vmseries.md | 85 ++++- .../common_vmseries_and_autoscale.md | 95 ++++- .../dedicated_vmseries.md | 119 ++++-- .../dedicated_vmseries_and_autoscale.md | 95 ++++- 15 files changed, 852 insertions(+), 139 deletions(-) create mode 100644 products/terraform/docs/swfw/azure/vmseries/modules/public_ip.md diff --git a/products/terraform/docs/swfw/azure/vmseries/examples/standalone_panorama.md b/products/terraform/docs/swfw/azure/vmseries/examples/standalone_panorama.md index 9a665f1d4..3cf443890 100644 --- a/products/terraform/docs/swfw/azure/vmseries/examples/standalone_panorama.md +++ b/products/terraform/docs/swfw/azure/vmseries/examples/standalone_panorama.md @@ -151,6 +151,7 @@ terraform destroy Name | Version | Source | Description --- | --- | --- | --- `vnet` | - | ../../modules/vnet | +`public_ip` | - | ../../modules/public_ip | `panorama` | - | ../../modules/panorama | ### Resources @@ -175,6 +176,7 @@ Name | Type | Description [`name_prefix`](#name_prefix) | `string` | A prefix that will be added to all created resources. [`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation. [`tags`](#tags) | `map` | Map of tags to assign to the created resources. +[`public_ips`](#public_ips) | `object` | A map defining Public IP Addresses and Prefixes. [`availability_sets`](#availability_sets) | `map` | A map defining availability sets. [`panoramas`](#panoramas) | `map` | A map defining Azure Virtual Machine based on Palo Alto Networks Panorama image. @@ -182,9 +184,9 @@ Name | Type | Description Name | Description --- | --- -`username` | Initial administrative username to use for VM-Series. -`password` | Initial administrative password to use for VM-Series. -`panorama_mgmt_ips` | +`username` | Initial administrative username to use for Panorama. +`password` | Initial administrative password to use for Panorama. +`panorama_mgmt_ips` | IP addresses for the Panorama management interface. ### Required Inputs details @@ -215,6 +217,8 @@ For detailed documentation on each property refer to [module documentation](../. - `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a full resource name, including prefixes. - `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET. +- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by + default Azure DNS is used). - `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is disabled. @@ -238,6 +242,7 @@ map(object({ resource_group_name = optional(string) create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) vnet_encryption = optional(string) network_security_groups = optional(map(object({ name = string @@ -325,6 +330,49 @@ Map of tags to assign to the created resources. Type: map(string) +Default value: `map[]` + +[back to list](#modules-optional-inputs) + +#### public_ips + +A map defining Public IP Addresses and Prefixes. + +Following properties are available: + +- `public_ip_addresses` - (`map`, optional) map of objects describing Public IP Addresses, please refer to + [module documentation](../../modules/public_ip#public_ip_addresses) + for available properties. +- `public_ip_prefixes` - (`map`, optional) map of objects describing Public IP Prefixes, please refer to + [module documentation](../../modules/public_ip#public_ip_prefixes) + for available properties. + + +Type: + +```hcl +object({ + public_ip_addresses = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })), {}) + public_ip_prefixes = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + length = optional(number) + })), {}) + }) +``` + + Default value: `map[]` [back to list](#modules-optional-inputs) @@ -458,10 +506,11 @@ map(object({ interfaces = list(object({ name = string subnet_key = string - private_ip_address = optional(string) create_public_ip = optional(bool, false) public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + private_ip_address = optional(string) })) logging_disks = optional(map(object({ name = string diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/appgw.md b/products/terraform/docs/swfw/azure/vmseries/modules/appgw.md index bf2755500..e4b7944a3 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/appgw.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/appgw.md @@ -930,19 +930,23 @@ Type: string A map defining listener's public IP configuration. Following properties are available: -- `name` - (`string`, required) name of the Public IP resource. - `create` - (`bool`, optional, defaults to `true`) controls if the Public IP resource is created or sourced. +- `name` - (`string`, optional) name of the Public IP resource, required unless `public_ip` module and `id` + property are used. - `resource_group_name` - (`string`, optional, defaults to `null`) name of the Resource Group hosting the Public IP resource, used only for sourced resources. +- `id` - (`string`, optional, defaults to `null`) ID of the Public IP to associate with the Listener. + Property is used when Public IP is not created or sourced within this module. Type: ```hcl object({ - name = string create = optional(bool, true) + name = optional(string) resource_group_name = optional(string) + id = optional(string) }) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/bootstrap.md b/products/terraform/docs/swfw/azure/vmseries/modules/bootstrap.md index b440fd917..33ba4e617 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/bootstrap.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/bootstrap.md @@ -154,11 +154,11 @@ details refer to the [var.file_shares](#file_shares) variable documentation. ### Requirements - `terraform`, version: >= 1.5, < 2.0 -- `azurerm`, version: ~> 3.98 +- `azurerm`, version: ~> 3.98, <= 3.114 ### Providers -- `azurerm`, version: ~> 3.98 +- `azurerm`, version: ~> 3.98, <= 3.114 diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/loadbalancer.md b/products/terraform/docs/swfw/azure/vmseries/modules/loadbalancer.md index 6f4662424..3d66fc8ac 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/loadbalancer.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/loadbalancer.md @@ -153,8 +153,8 @@ Name | Description --- | --- `id` | The identifier of the Load Balancer resource. `backend_pool_id` | The identifier of the backend pool. -`frontend_ip_configs` | Map of IP addresses, one per each entry of `frontend_ips` input. Contains public IP address for the frontends that have it, -private IP address otherwise. +`frontend_ip_configs` | Map of IP prefixes/addresses, one per each entry of `frontend_ips` input. Contains public IP prefix/address for the frontends +that have it, private IP address otherwise. `health_probe` | The health probe object. @@ -204,35 +204,44 @@ To ease configuration they were grouped per Load Balancer type. Private Load Balancer: -- `name` - (`string`, required) name of a frontend IP configuration -- `subnet_id` - (`string`, required) an ID of an existing subnet that will host the private Load Balancer -- `private_ip_address` - (`string`, required) the IP address of the Load Balancer -- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below -- `gwlb_fip_id` - (`string`, optional, defaults to `null`) an ID of a frontend IP configuration - of a Gateway Load Balancer +- `name` - (`string`, required) name of a frontend IP configuration. +- `subnet_id` - (`string`, required) an ID of an existing subnet that will host the private Load Balancer. +- `private_ip_address` - (`string`, required) the IP address of the Load Balancer. +- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below. +- `gwlb_fip_id` - (`string`, optional, defaults to `null`) an ID of a frontend IP configuration of a + Gateway Load Balancer. Public Load Balancer: -- `name` - (`string`, required) name of a frontend IP configuration -- `public_ip_name` - (`string`, required) name of a public IP resource -- `create_public_ip` - (`bool`, optional, defaults to `false`) when set to `true` a new public IP will be +- `name` - (`string`, required) name of a frontend IP configuration. +- `create_public_ip` - (`bool`, optional, defaults to `false`) when set to `true` a new Public IP will be created, otherwise an existing resource will be used; - in both cases the name of the resource is controlled by `public_ip_name` property + in both cases the name of the resource is controlled by `public_ip_name` property. +- `public_ip_name` - (`string`, optional) name of a Public IP resource, required unless `public_ip` module and + `public_ip_id` property are used. - `public_ip_resource_group_name` - (`string`, optional, defaults to the Load Balancer's RG) name of a Resource Group - hosting an existing public IP resource -- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below -- `out_rules` - (`map`, optional, defaults to `{}`) a map defining outbound rules, see details below + hosting an existing Public IP resource. +- `public_ip_id` - (`string`, optional, defaults to `null`) ID of the Public IP Address to associate with the + Frontend. Property is used when Public IP is not created or sourced within this module. +- `public_ip_address` - (`string`, optional, defaults to `null`) IP address of the Public IP to associate with the + Frontend. Property is used when Public IP is not created or sourced within this module. +- `public_ip_prefix_id` - (`string`, optional, defaults to `null`) ID of the Public IP Prefix to associate with the + Frontend. Property is used when you need to source Public IP Prefix. +- `public_ip_prefix_address` - (`string`, optional, defaults to `null`) IP address of the Public IP Prefix to associate + with the Frontend. Property is used when you need to source Public IP Prefix. +- `in_rules` - (`map`, optional, defaults to `{}`) a map defining inbound rules, see details below. +- `out_rules` - (`map`, optional, defaults to `{}`) a map defining outbound rules, see details below. Below are the properties for the `in_rules` map: -- `name` - (`string`, required) a name of an inbound rule +- `name` - (`string`, required) a name of an inbound rule. - `protocol` - (`string`, required) communication protocol, either 'Tcp', 'Udp' or 'All'. - `port` - (`number`, required) communication port, this is both the front- and the backend port - if `backend_port` is not set; value of `0` means all ports + if `backend_port` is not set; value of `0` means all ports. - `backend_port` - (`number`, optional, defaults to `null`) this is the backend port to forward traffic - to in the backend pool + to in the backend pool. - `health_probe_key` - (`string`, optional, defaults to `default`) a key from the `var.health_probes` map defining - a health probe to use with this rule + a health probe to use with this rule. - `floating_ip` - (`bool`, optional, defaults to `true`) enables floating IP for this rule. - `session_persistence` - (`string`, optional, defaults to `Default`) controls session persistance/load distribution, three values are possible: @@ -250,21 +259,20 @@ Setting at least one `out_rule` switches the outgoing traffic from SNAT to outbo single backend, and you cannot mix SNAT and outbound rules traffic in rules using the same backend, setting one `out_rule` switches the outgoing traffic route for **ALL** `in_rules`. -- `name` - (`string`, required) a name of an outbound rule -- `protocol` - (`string`, required) protocol used by the rule. One of `All`, `Tcp` or `Udp` is accepted +- `name` - (`string`, required) a name of an outbound rule. +- `protocol` - (`string`, required) protocol used by the rule. One of `All`, `Tcp` or `Udp` is accepted. - `allocated_outbound_ports` - (`number`, optional, defaults to `null`) number of ports allocated per instance, when skipped provider defaults will be used (`1024`), when set to `0` port allocation will be set to default number (Azure defaults); - maximum value is `64000` -- `enable_tcp_reset` - (`bool`, optional, defaults to Azure defaults) ignored when `protocol` is set to `Udp` -- `idle_timeout_in_minutes` - (`number`, optional, defaults to Azure defaults) TCP connection timeout in minutes - (between 4 and 120) - in case the connection is idle, ignored when `protocol` is set to `Udp` + maximum value is `64000`. +- `enable_tcp_reset` - (`bool`, optional, defaults to Azure defaults) ignored when `protocol` is set to `Udp`. +- `idle_timeout_in_minutes` - (`number`, optional, defaults to Azure defaults) TCP connection timeout in minutes (between 4 + and 120) in case the connection is idle, ignored when `protocol` is set to `Udp`. Examples ```hcl -# rules for a public Load Balancer, reusing an existing public IP and doing port translation +# rules for a public Load Balancer, reusing an existing Public IP and doing port translation frontend_ips = { pip_existing = { create_public_ip = false @@ -323,9 +331,13 @@ Type: ```hcl map(object({ name = string - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_id = optional(string) + public_ip_address = optional(string) + public_ip_prefix_id = optional(string) + public_ip_prefix_address = optional(string) subnet_id = optional(string) private_ip_address = optional(string) gwlb_fip_id = optional(string) @@ -370,14 +382,14 @@ Controls zones for Load Balancer's fronted IP configurations. For: -- public IPs - these are zones in which the public IP resource is available. +- public IPs - these are zones in which the Public IP resource is available. - private IPs - these are zones to which Azure will deploy paths leading to Load Balancer frontend IPs (all frontends are affected). Setting this variable to explicit `null` disables a zonal deployment. This can be helpful in regions where Availability Zones are not available. -For public Load Balancers, since this setting controls also Availability Zones for public IPs, you need to specify all zones +For public Load Balancers, since this setting controls also Availability Zones for Public IPs, you need to specify all zones available in a region (typically 3): `["1","2","3"]`. diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/natgw.md b/products/terraform/docs/swfw/azure/vmseries/modules/natgw.md index 6a2ac2eba..54b228632 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/natgw.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/natgw.md @@ -211,9 +211,12 @@ A map defining a Public IP resource. List of available properties: - `create` - (`bool`, required) controls whether a Public IP is created, sourced, or not used at all. -- `name` - (`string`, required) name of a created or sourced Public IP. +- `name` - (`string`, optional) name of a created or sourced Public IP, required unless `public_ip` module and + `id` property are used. - `resource_group_name` - (`string`, optional) name of a resource group hosting the sourced Public IP resource, ignored when `create = true`. +- `id` - (`string`, optional, defaults to `null`) ID of the Public IP to associate with the NAT Gateway. + Property is used when Public IP Address is not created or sourced within this module. The module operates in 3 modes, depending on combination of `create` and `name` properties: @@ -247,8 +250,9 @@ Type: ```hcl object({ create = bool - name = string + name = optional(string) resource_group_name = optional(string) + id = optional(string) }) ``` @@ -264,11 +268,14 @@ A map defining a Public IP Prefix resource. List of available properties: - `create` - (`bool`, required) controls whether a Public IP Prefix is created, sourced, or not used at all. -- `name` - (`string`, required) name of a created or sourced Public IP Prefix. +- `name` - (`string`, optional) name of a created or sourced Public IP Prefix, required unless `public_ip` + module and `id` property are used. - `resource_group_name` - (`string`, optional) name of a resource group hosting the sourced Public IP Prefix resource, ignored when `create = true`. - `length` - (`number`, optional, defaults to `28`) number of bits of the Public IP Prefix, this value can be between `0` and `31` but can be limited on subscription level (Azure default is `/28`). +- `id` - (`string`, optional, defaults to `null`) ID of the Public IP Prefix to associate with the NAT Gateway. + Property is used when Public IP Prefix is not created or sourced within this module. The module operates in 3 modes, depending on combination of `create` and `name` properties: @@ -302,9 +309,10 @@ Type: ```hcl object({ create = bool - name = string + name = optional(string) resource_group_name = optional(string) length = optional(number, 28) + id = optional(string) }) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/panorama.md b/products/terraform/docs/swfw/azure/vmseries/modules/panorama.md index e5a5f6640..65661444f 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/panorama.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/panorama.md @@ -270,10 +270,12 @@ Following configuration options are available: - `public_ip_name` - (`string`, optional, defaults to `null`) name of the public IP to associate with the interface. When `create_public_ip` is set to `true` this will become a name of a newly created Public IP interface. Otherwise this is a name of an existing interfaces that will - be sourced and attached to the interface. + be sourced and attached to the interface. Not used when using `public_ip` module. - `public_ip_resource_group_name` - (`string`, optional, defaults to `var.resource_group_name`) name of a Resource Group that contains public IP that that will be associated with the interface. Used only when `create_public_ip` is `false`. +- `public_ip_id` - (`string`, optional, defaults to `null`) ID of the public IP to associate with the + interface. Property is used when public IP is not created or sourced within this module. Example: @@ -307,6 +309,7 @@ list(object({ create_public_ip = optional(bool, false) public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_id = optional(string) })) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/public_ip.md b/products/terraform/docs/swfw/azure/vmseries/modules/public_ip.md new file mode 100644 index 000000000..f93efb384 --- /dev/null +++ b/products/terraform/docs/swfw/azure/vmseries/modules/public_ip.md @@ -0,0 +1,346 @@ +--- +hide_title: true +id: public_ip +keywords: +- pan-os +- panos +- firewall +- configuration +- terraform +- vmseries +- vm-series +- swfw +- software-firewalls +- azure +pagination_next: null +pagination_prev: null +sidebar_label: Public Ip +title: Palo Alto Networks Public IP Module for Azure +--- + +# Palo Alto Networks Public IP Module for Azure + +A Terraform module for deploying Public IP Addresses and Prefixes required for the VM-Series firewalls and other infrastructure +components in Azure. + +[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-azurerm-swfw-modules/tree/main/modules/public_ip) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/swfw-modules/azurerm/latest/submodules/public_ip) + +## Purpose + +All other modules that may require a Public IP Address resource support simple creation of it. This module allows more advanced +creation of Public IP Addresses and Prefixes, including: +- Specifying Availability Zones for Public IPs separately from the main resource +- Specifying Domain Name Label and Idle Timeout for Public IPs +- Allocating Public IP Addresses from an existing Public IP Prefix (e.g. Custom non-Microsoft IP Prefix) + +## Usage + +In order to use module `public_ip`, you need to deploy `azurerm_resource_group` as a prerequisite. Then you can use below code as +an example of calling module to create Public IP Addresses and Prefixes: + +```hcl +module "public_ip" { + source = ""PaloAltoNetworks/swfw-modules/azurerm//modules/public_ip" + + region = var.region + public_ip_addresses = { + for k, v in var.public_ips.public_ip_addresses : k => merge(v, { + name = "${var.name_prefix}${v.name}" + resource_group_name = coalesce(v.resource_group_name, local.resource_group.name) + }) + } + public_ip_prefixes = { + for k, v in var.public_ips.public_ip_prefixes : k => merge(v, { + name = "${var.name_prefix}${v.name}" + resource_group_name = coalesce(v.resource_group_name, local.resource_group.name) + }) + } + + tags = var.tags +} +``` + +Below there are provided sample values for `public_ips` map: + +```hcl +public_ips = { + public_ip_addresses = { + # create a new public ip address in zone 1, with domain name label "domainname" and idle timeout of 10 minutes + pip1 = { + create = true + name = "new-public-ip-name1" + resource_group_name = "pip-rg-name" + zones = ["1"] + domain_name_label = "domainname" + idle_timeout_in_minutes = 10 + } + # create a new public ip address in all zones (default) and allocate it from an existing ip prefix + pip2 = { + create = true + name = "new-public-ip-name2" + resource_group_name = "pip-rg-name" + prefix_name = "public-ip-prefix-name" + prefix_resource_group_name = "ippre-rg-name" + } + # source an existing public ip address + pip3 = { + create = false + name = "existing-public-ip-name" + resource_group_name = "pip-rg-name" + } + } + public_ip_prefixes = { + # create a new public ip prefix in zone 1 with a prefix length of /28 (default) + ippre1 = { + create = true + name = "new-public-ip-prefix-name1" + resource_group_name = "ippre-rg-name" + zones = ["1"] + } + # create a new public ip prefix in all zones (default) with a prefix length of /30 + ippre2 = { + create = true + name = "new-public-ip-prefix-name2" + resource_group_name = "ippre-rg-name" + length = 30 + } + # source and existing public ip prefix + ippre3 = { + create = false + name = "existing-public-ip-prefix-name" + resource_group_name = "ippre-rg-name" + } + } +} +``` + +To make defining the Public IPs easy, you can use the following variable in the _glue_ code: + +```hcl +variable "public_ips" { + description = "A map defining Public IP Addresses and Prefixes." + default = {} + type = object({ + public_ip_addresses = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })), {}) + public_ip_prefixes = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + length = optional(number) + })), {}) + }) +} +``` + +## Reference + +### Requirements + +- `terraform`, version: >= 1.5, < 2.0 +- `azurerm`, version: ~> 3.98 + +### Providers + +- `azurerm`, version: ~> 3.98 + + + +### Resources + +- `public_ip` (managed) +- `public_ip_prefix` (managed) +- `public_ip` (data) +- `public_ip_prefix` (data) +- `public_ip_prefix` (data) + +### Required Inputs + +Name | Type | Description +--- | --- | --- +[`region`](#region) | `string` | The name of the Azure region to deploy the resources in. + +### Optional Inputs + +Name | Type | Description +--- | --- | --- +[`tags`](#tags) | `map` | The map of tags to assign to all created resources. +[`public_ip_addresses`](#public_ip_addresses) | `map` | Map of objects describing Public IP Addresses. +[`public_ip_prefixes`](#public_ip_prefixes) | `map` | Map of objects describing Public IP Prefixes. + +### Outputs + +Name | Description +--- | --- +`pip_ids` | The identifiers of the created or sourced Public IP Addresses. +`pip_ip_addresses` | The IP values of the created or sourced Public IP Addresses. +`ippre_ids` | The identifiers of the created or sourced Public IP Prefixes. +`ippre_ip_prefixes` | The IP values of the created or sourced Public IP Prefixes. + +### Required Inputs details + +#### region + +The name of the Azure region to deploy the resources in. + +Type: string + +[back to list](#modules-required-inputs) + +### Optional Inputs details + +#### tags + +The map of tags to assign to all created resources. + +Type: map(string) + +Default value: `map[]` + +[back to list](#modules-optional-inputs) + +#### public_ip_addresses + +Map of objects describing Public IP Addresses. + +List of available properties: + +- `create` - (`bool`, required) controls whether a Public IP Address is created or sourced. +- `name` - (`string`, required) name of a created or sourced Public IP Address. +- `resource_group_name` - (`string`, required) name of a Resource Group for created Public IP Address or hosting an + existing Public IP Address. +- `zones` - (`list`, optional, defaults to ["1", "2", "3"]) list of Availability Zones in which the Public + IP Address is available, setting this variable to explicit `null` disables a zonal deployment. +- `domain_name_label` - (`string`, optional, defaults to `null`) a label for the Domain Name, will be used to make up + the FQDN. If a domain name label is specified, an A DNS record is created for the Public IP in + the Microsoft Azure DNS system. +- `idle_timeout_in_minutes` - (`number`, optional, defaults to Azure default) the Idle Timeout in minutes for the Public IP + Address, possible values are in the range from 4 to 32. +- `prefix_name` - (`string`, optional) the name of an existing Public IP Prefix from where Public IP Addresses + should be allocated. +- `prefix_resource_group_name` - (`string`, optional, defaults to the PIP's RG) name of a Resource Group hosting an existing + Public IP Prefix resource. + +Example: + +```hcl +# create two new Public IP Addresses, where the first IP is only in Availability Zone 1 +# and the second IP is in all 3 Availability Zones (default) and is allocated from a specific Public IP Prefix +public_ip_addresses = { + pip1 = { + create = true + name = "new-public-ip-name1" + resource_group_name = "pip-rg-name" + zones = ["1"] + } + pip2 = { + create = true + name = "new-public-ip-name2" + resource_group_name = "pip-rg-name" + prefix_name = "public-ip-prefix-name" + prefix_resource_group_name = "ippre-rg-name" + } +} + +# source an existing Public IP +public_ip_addresses = { + pip1 = { + create = false + name = "existing-public-ip-name" + resource_group_name = "pip-rg-name" + } +} +``` + + +Type: + +```hcl +map(object({ + create = bool + name = string + resource_group_name = string + zones = optional(list(string), ["1", "2", "3"]) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })) +``` + + +Default value: `&{}` + +[back to list](#modules-optional-inputs) + +#### public_ip_prefixes + +Map of objects describing Public IP Prefixes. + +List of available properties: + +- `create` - (`bool`, required) controls whether a Public IP Prefix is created or sourced. +- `name` - (`string`, required) name of a created or sourced Public IP Prefix. +- `resource_group_name` - (`string`, required) name of a Resource Group for created Public IP Prefix or hosting an existing + Public IP Prefix. +- `zones` - (`list`, optional, defaults to ["1", "2", "3"]) list of Availability Zones in which the Public IP + Address is available, setting this variable to explicit `null` disables a zonal deployment. +- `length` - (`number`, optional, defaults to `28`) number of bits of the Public IP Prefix, this value can be + between `0` and `31` but can be limited on subscription level (Azure default is `/28`). + +Example: + +```hcl +# create two new Public IP Prefixes, where the first one is only in Availability Zone 1 and with default prefix length of `/28` +# and the second one is in all 3 Availability Zones (default) and with prefix length of `/30` +public_ip_prefixes = { + ippre1 = { + create = true + name = "new-public-ip-prefix-name1" + resource_group_name = "ippre-rg-name" + zones = ["1"] + } + ippre2 = { + create = true + name = "new-public-ip-prefix-name2" + resource_group_name = "ippre-rg-name" + length = 30 + } +} + +# source an existing Public IP Prefix +public_ip_prefixes = { + ippre1 = { + create = false + name = "existing-public-ip-prefix-name" + resource_group_name = "ippre-rg-name" + } +} +``` + + +Type: + +```hcl +map(object({ + create = bool + name = string + resource_group_name = string + zones = optional(list(string), ["1", "2", "3"]) + length = optional(number, 28) + })) +``` + + +Default value: `&{}` + +[back to list](#modules-optional-inputs) \ No newline at end of file diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/virtual_network_gateway.md b/products/terraform/docs/swfw/azure/vmseries/modules/virtual_network_gateway.md index 51558ae32..516f1ba64 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/virtual_network_gateway.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/virtual_network_gateway.md @@ -503,13 +503,18 @@ A map defining the Public IPs used by the Virtual Network Gateway. Following properties are available: - `primary` - (`map`, required) a map defining the primary Public IP address, following properties are available: - - `name` - (`string`, required) name of the IP config. - - `create_public_ip` - (`bool`, optional, defaults to `true`) controls if a Public IP is created or sourced. - - `public_ip_name` - (`string`, required) name of a Public IP resource, depending on the value of - `create_public_ip` property this will be a name of a newly create or existing resource - (for values of `true` and `false` accordingly). - - `dynamic_private_ip_allocation` - (`bool`, optional, defaults to `true`) controls if the private IP address is assigned - dynamically or statically. + - `name` - (`string`, required) name of the IP config. + - `create_public_ip` - (`bool`, optional, defaults to `true`) controls if a Public IP is created or sourced. + - `public_ip_name` - (`string`, optional) name of a Public IP resource, required unless `public_ip` module + and `public_ip_id` property are used. Depending on the value of `create_public_ip` + property, this will be a name of a newly created or existing resource (for values of + `true` and `false` accordingly). + - `public_ip_resource_group_name` - (`string`, optional, defaults to the Load Balancer's RG) name of a Resource Group + hosting an existing Public IP resource. + - `public_ip_id` - (`string`, optional, defaults to `null`) ID of the public IP to associate with the + interface. Property is used when public IP is not created or sourced within this module. + - `dynamic_private_ip_allocation` - (`bool`, optional, defaults to `true`) controls if the private IP address is assigned + dynamically or statically. - `secondary` - (`map`, optional, defaults to `null`) a map defining the secondary Public IP address resource. Required only for `type` set to `Vpn` and `active-active` set to `true`. Same properties available as for `primary` property. @@ -522,13 +527,16 @@ object({ primary = object({ name = string create_public_ip = optional(bool, true) - public_ip_name = string + public_ip_name = optional(string) + public_ip_resource_group_name = optional(string) + public_ip_id = optional(string) private_ip_address_allocation = optional(string, "Dynamic") }) secondary = optional(object({ name = string create_public_ip = optional(bool, true) - public_ip_name = string + public_ip_name = optional(string) + public_ip_id = optional(string) private_ip_address_allocation = optional(string, "Dynamic") })) }) diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/vmseries.md b/products/terraform/docs/swfw/azure/vmseries/modules/vmseries.md index fe895a96b..265a0610f 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/vmseries.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/vmseries.md @@ -70,6 +70,7 @@ If your Region doesn't, use an alternative mechanism of Availability Set, which - `linux_virtual_machine` (managed) - `network_interface` (managed) +- `network_interface_application_gateway_backend_address_pool_association` (managed) - `network_interface_backend_address_pool_association` (managed) - `public_ip` (managed) - `public_ip` (data) @@ -299,14 +300,20 @@ Following configuration options are available: - `public_ip_name` - (`string`, optional, defaults to `null`) name of the public IP to associate with the interface. When `create_public_ip` is set to `true` this will become a name of a newly created Public IP interface. Otherwise this is a name of an existing interfaces that will - be sourced and attached to the interface. + be sourced and attached to the interface. Not used when using `public_ip` module. - `public_ip_resource_group_name` - (`string`, optional, defaults to `var.resource_group_name`) name of a Resource Group that contains public IP that that will be associated with the interface. Used only when `create_public_ip` is `false`. +- `public_ip_id` - (`string`, optional, defaults to `null`) ID of the public IP to associate with the + interface. Property is used when public IP is not created or sourced within this module. - `attach_to_lb_backend_pool` - (`bool`, optional, defaults to `false`) set to `true` if you would like to associate this interface with a Load Balancer backend pool. - `lb_backend_pool_id` - (`string`, optional, defaults to `null`) ID of an existing backend pool to associate the interface with. +- `appgw_backend_pool_id` - (`string`, optional, defaults to `null`) ID of an existing Application Gateway backend pool + to associate the interface with. +- `attach_to_appgw_backend_pool` - (`bool`, optional, defaults to `false`) set to `true` if you would like to associate this + interface with an Application Gateway backend pool. Example: @@ -341,9 +348,12 @@ list(object({ create_public_ip = optional(bool, false) public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_id = optional(string) private_ip_address = optional(string) lb_backend_pool_id = optional(string) attach_to_lb_backend_pool = optional(bool, false) + appgw_backend_pool_id = optional(string) + attach_to_appgw_backend_pool = optional(bool, false) })) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/vmss.md b/products/terraform/docs/swfw/azure/vmseries/modules/vmss.md index 7943a4218..2fa519446 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/vmss.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/vmss.md @@ -140,6 +140,7 @@ Name | Version | Source | Description - `linux_virtual_machine_scale_set` (managed) - `monitor_autoscale_setting` (managed) +- `public_ip_prefix` (data) ### Required Inputs @@ -282,15 +283,21 @@ Interfaces will be attached to VM in the order you define here, therefore: Following configuration options are available: -- `name` - (`string`, required) the interface name. -- `subnet_id` - (`string`, required) ID of an existing subnet to create the interface in. -- `create_public_ip` - (`bool`, optional, defaults to `false`) if `true`, create a public IP for the interface. -- `lb_backend_pool_ids` - (`list`, optional, defaults to `[]`) a list of identifiers of existing Load Balancer backend pools - to associate the interface with. -- `appgw_backend_pool_ids` - (`list`, optional, defaults to `[]`) a list of identifier of Application Gateway's backend pools - to associate the interface with. -- `pip_domain_name_label` - (`string`, optional, defaults to `null`) the IP Prefix which should be used for the Domain Name - Label for each Virtual Machine Instance. +- `name` - (`string`, required) the interface name. +- `subnet_id` - (`string`, required) ID of an existing subnet to create the interface in. +- `create_public_ip` - (`bool`, optional, defaults to `false`) if `true`, create a public IP for the interface. +- `pip_domain_name_label` - (`string`, optional, defaults to `null`) the Prefix which should be used for the Domain + Name Label for each Virtual Machine Instance. +- `pip_idle_timeout_in_minutes` - (`number`, optional, defaults to Azure default) the Idle Timeout in minutes for the Public + IP Address, possible values are in the range from 4 to 32. +- `pip_prefix_name` - (`string`, optional) the name of an existing Public IP Address Prefix from where Public IP + Addresses should be allocated. +- `pip_prefix_resource_group_name` - (`string`, optional, defaults to the VMSS's RG) name of a Resource Group hosting an + existing Public IP Prefix resource. +- `lb_backend_pool_ids` - (`list`, optional, defaults to `[]`) a list of identifiers of existing Load Balancer + backend pools to associate the interface with. +- `appgw_backend_pool_ids` - (`list`, optional, defaults to `[]`) a list of identifier of Application Gateway's backend + pools to associate the interface with. Example: @@ -318,12 +325,15 @@ Type: ```hcl list(object({ - name = string - subnet_id = string - create_public_ip = optional(bool, false) - lb_backend_pool_ids = optional(list(string), []) - appgw_backend_pool_ids = optional(list(string), []) - pip_domain_name_label = optional(string) + name = string + subnet_id = string + create_public_ip = optional(bool, false) + pip_domain_name_label = optional(string) + pip_idle_timeout_in_minutes = optional(number) + pip_prefix_name = optional(string) + pip_prefix_resource_group_name = optional(string) + lb_backend_pool_ids = optional(list(string), []) + appgw_backend_pool_ids = optional(list(string), []) })) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/modules/vnet.md b/products/terraform/docs/swfw/azure/vmseries/modules/vnet.md index fb0a3d645..3711a80bb 100644 --- a/products/terraform/docs/swfw/azure/vmseries/modules/vnet.md +++ b/products/terraform/docs/swfw/azure/vmseries/modules/vnet.md @@ -184,6 +184,7 @@ Name | Type | Description [`tags`](#tags) | `map` | The map of tags to assign to all created resources. [`create_virtual_network`](#create_virtual_network) | `bool` | Controls Virtual Network creation. [`address_space`](#address_space) | `list` | The address space used by the virtual network. +[`dns_servers`](#dns_servers) | `list` | List of IP addresses of custom DNS servers (by default Azure DNS is used). [`vnet_encryption`](#vnet_encryption) | `string` | Enables Azure Virtual Network encryption feature (in `AllowUnencrypted` mode by default). [`network_security_groups`](#network_security_groups) | `map` | Map of objects describing Network Security Groups. [`route_tables`](#route_tables) | `map` | Map of objects describing a Route Tables. @@ -259,6 +260,16 @@ The address space used by the virtual network. You can supply more than one address space. Required only when you create a VNET. +Type: list(string) + +Default value: `&{}` + +[back to list](#modules-optional-inputs) + +#### dns_servers + +List of IP addresses of custom DNS servers (by default Azure DNS is used). + Type: list(string) Default value: `&{}` diff --git a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries.md b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries.md index 5f6c1bfe8..72b7766e0 100644 --- a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries.md +++ b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries.md @@ -209,6 +209,7 @@ Name | Version | Source | Description --- | --- | --- | --- `vnet` | - | ../../modules/vnet | `vnet_peering` | - | ../../modules/vnet_peering | +`public_ip` | - | ../../modules/public_ip | `natgw` | - | ../../modules/natgw | `load_balancer` | - | ../../modules/loadbalancer | `appgw` | - | ../../modules/appgw | @@ -241,6 +242,7 @@ Name | Type | Description [`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation. [`tags`](#tags) | `map` | Map of tags to assign to the created resources. [`vnet_peerings`](#vnet_peerings) | `map` | A map defining VNET peerings. +[`public_ips`](#public_ips) | `object` | A map defining Public IP Addresses and Prefixes. [`natgws`](#natgws) | `map` | A map defining NAT Gateways. [`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (both private and public) Load Balancers. [`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment. @@ -265,7 +267,7 @@ Name | Description `test_vms_usernames` | Initial administrative username to use for test VMs. `test_vms_passwords` | Initial administrative password to use for test VMs. `test_vms_ips` | IP Addresses of the test VMs. -`app_lb_frontend_ips` | IP Addresses of the load balancers. +`test_lb_frontend_ips` | IP Addresses of the test load balancers. ### Required Inputs details @@ -296,6 +298,8 @@ For detailed documentation on each property refer to [module documentation](../. - `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a full resource name, including prefixes. - `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET. +- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by + default Azure DNS is used). - `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is disabled. @@ -319,6 +323,7 @@ map(object({ resource_group_name = optional(string) create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) vnet_encryption = optional(string) network_security_groups = optional(map(object({ name = string @@ -433,6 +438,49 @@ map(object({ ``` +Default value: `map[]` + +[back to list](#modules-optional-inputs) + +#### public_ips + +A map defining Public IP Addresses and Prefixes. + +Following properties are available: + +- `public_ip_addresses` - (`map`, optional) map of objects describing Public IP Addresses, please refer to + [module documentation](../../modules/public_ip#public_ip_addresses) + for available properties. +- `public_ip_prefixes` - (`map`, optional) map of objects describing Public IP Prefixes, please refer to + [module documentation](../../modules/public_ip#public_ip_prefixes) + for available properties. + + +Type: + +```hcl +object({ + public_ip_addresses = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })), {}) + public_ip_prefixes = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + length = optional(number) + })), {}) + }) +``` + + Default value: `map[]` [back to list](#modules-optional-inputs) @@ -491,14 +539,16 @@ map(object({ idle_timeout = optional(number, 4) public_ip = optional(object({ create = bool - name = string + name = optional(string) resource_group_name = optional(string) + key = optional(string) })) public_ip_prefix = optional(object({ create = bool - name = string + name = optional(string) resource_group_name = optional(string) length = optional(number) + key = optional(string) })) })) ``` @@ -577,9 +627,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -658,9 +710,10 @@ map(object({ subnet_key = string zones = optional(list(string)) public_ip = object({ - name = string create = optional(bool, true) + name = optional(string) resource_group_name = optional(string) + key = optional(string) }) domain_name_label = optional(string) capacity = optional(object({ @@ -1100,7 +1153,9 @@ The most basic properties are as follows: backend pool. - `application_gateway_key` - (`string`, optional, defaults to `null`) key of an Application Gateway defined in `var.appgws` variable, network interface that has this property defined will be added to the Application - Gateway's backend pool. + Gateway's backend pool. Mutually exclusive with `appgw_backend_pool_id`. + - `appgw_backend_pool_id` - (`string`, optional, defaults to `null`) ID of the Application Gateway backend pool to which + the network interface will be added. Mutually exclusive with `application_gateway_key`. For details on all properties refer to [module's documentation](../../modules/panorama#interfaces). @@ -1158,9 +1213,11 @@ map(object({ create_public_ip = optional(bool, false) public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) private_ip_address = optional(string) load_balancer_key = optional(string) application_gateway_key = optional(string) + appgw_backend_pool_id = optional(string) })) })) ``` @@ -1279,6 +1336,7 @@ map(object({ name = string create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) hub_resource_group_name = optional(string) hub_vnet_name = string network_security_groups = optional(map(object({ @@ -1354,9 +1412,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -1401,10 +1461,13 @@ map(object({ custom_data = optional(string) })) bastions = map(object({ - name = string - public_ip_name = optional(string) - vnet_key = string - subnet_key = string + name = string + create_public_ip = optional(bool, true) + public_ip_name = optional(string) + public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + vnet_key = string + subnet_key = string })) })) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries_and_autoscale.md b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries_and_autoscale.md index 4b1868470..b1f82fc65 100644 --- a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries_and_autoscale.md +++ b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/common_vmseries_and_autoscale.md @@ -239,6 +239,7 @@ Name | Version | Source | Description --- | --- | --- | --- `vnet` | - | ../../modules/vnet | `vnet_peering` | - | ../../modules/vnet_peering | +`public_ip` | - | ../../modules/public_ip | `natgw` | - | ../../modules/natgw | `load_balancer` | - | ../../modules/loadbalancer | `appgw` | - | ../../modules/appgw | @@ -268,6 +269,7 @@ Name | Type | Description [`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation. [`tags`](#tags) | `map` | Map of tags to assign to the created resources. [`vnet_peerings`](#vnet_peerings) | `map` | A map defining VNET peerings. +[`public_ips`](#public_ips) | `object` | A map defining Public IP Addresses and Prefixes. [`natgws`](#natgws) | `map` | A map defining NAT Gateways. [`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (both private and public) Load Balancers. [`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment. @@ -282,12 +284,13 @@ Name | Description --- | --- `usernames` | Initial firewall administrative usernames for all deployed Scale Sets. `passwords` | Initial firewall administrative passwords for all deployed Scale Sets. +`natgw_public_ips` | Nat Gateways Public IP resources. `metrics_instrumentation_keys` | The Instrumentation Key of the created instance(s) of Azure Application Insights. `lb_frontend_ips` | IP Addresses of the load balancers. `test_vms_usernames` | Initial administrative username to use for test VMs. `test_vms_passwords` | Initial administrative password to use for test VMs. `test_vms_ips` | IP Addresses of the test VMs. -`app_lb_frontend_ips` | IP Addresses of the load balancers. +`test_lb_frontend_ips` | IP Addresses of the test load balancers. ### Required Inputs details @@ -318,6 +321,8 @@ For detailed documentation on each property refer to [module documentation](../. - `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a full resource name, including prefixes. - `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET. +- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by + default Azure DNS is used). - `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is disabled. @@ -341,6 +346,7 @@ map(object({ resource_group_name = optional(string) create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) vnet_encryption = optional(string) network_security_groups = optional(map(object({ name = string @@ -455,6 +461,49 @@ map(object({ ``` +Default value: `map[]` + +[back to list](#modules-optional-inputs) + +#### public_ips + +A map defining Public IP Addresses and Prefixes. + +Following properties are available: + +- `public_ip_addresses` - (`map`, optional) map of objects describing Public IP Addresses, please refer to + [module documentation](../../modules/public_ip#public_ip_addresses) + for available properties. +- `public_ip_prefixes` - (`map`, optional) map of objects describing Public IP Prefixes, please refer to + [module documentation](../../modules/public_ip#public_ip_prefixes) + for available properties. + + +Type: + +```hcl +object({ + public_ip_addresses = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })), {}) + public_ip_prefixes = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + length = optional(number) + })), {}) + }) +``` + + Default value: `map[]` [back to list](#modules-optional-inputs) @@ -515,12 +564,14 @@ map(object({ create = bool name = string resource_group_name = optional(string) + key = optional(string) })) public_ip_prefix = optional(object({ create = bool name = string resource_group_name = optional(string) length = optional(number) + key = optional(string) })) })) ``` @@ -599,9 +650,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -680,9 +733,10 @@ map(object({ subnet_key = string zones = optional(list(string)) public_ip = object({ - name = string create = optional(bool, true) + name = optional(string) resource_group_name = optional(string) + key = optional(string) }) domain_name_label = optional(string) capacity = optional(object({ @@ -948,8 +1002,8 @@ The basic Scale Set configuration properties are as follows: - `application_gateway_key` - (`string`, optional, defaults to `null`) key of an Application Gateway defined in the `var.appgws`, network interface that has this property defined will be added to the Application Gateways's backend pool. - - `pip_domain_name_label` - (`string`, optional, defaults to `null`) prefix which should be used for the Domain Name Label - for each VM instance. + + For details on all properties refer to [module's documentation](../../modules/vmss#interfaces). - `autoscaling_profiles` - (`list`, optional, defaults to `[]`) a list of autoscaling profiles, for details on available properties please refer to @@ -1002,12 +1056,15 @@ map(object({ webhooks_uris = optional(map(string), {}) }), {}) interfaces = list(object({ - name = string - subnet_key = string - create_public_ip = optional(bool) - load_balancer_key = optional(string) - application_gateway_key = optional(string) - pip_domain_name_label = optional(string) + name = string + subnet_key = string + create_public_ip = optional(bool) + pip_domain_name_label = optional(string) + pip_idle_timeout_in_minutes = optional(number) + pip_prefix_name = optional(string) + pip_prefix_resource_group_name = optional(string) + load_balancer_key = optional(string) + application_gateway_key = optional(string) })) autoscaling_profiles = optional(list(object({ name = string @@ -1161,6 +1218,7 @@ map(object({ name = string create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) hub_resource_group_name = optional(string) hub_vnet_name = string network_security_groups = optional(map(object({ @@ -1236,9 +1294,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -1283,10 +1343,13 @@ map(object({ custom_data = optional(string) })) bastions = map(object({ - name = string - public_ip_name = optional(string) - vnet_key = string - subnet_key = string + name = string + create_public_ip = optional(bool, true) + public_ip_name = optional(string) + public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + vnet_key = string + subnet_key = string })) })) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries.md b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries.md index 935cb51ec..ddee8e05f 100644 --- a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries.md +++ b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries.md @@ -213,6 +213,7 @@ Name | Version | Source | Description --- | --- | --- | --- `vnet` | - | ../../modules/vnet | `vnet_peering` | - | ../../modules/vnet_peering | +`public_ip` | - | ../../modules/public_ip | `natgw` | - | ../../modules/natgw | `load_balancer` | - | ../../modules/loadbalancer | `appgw` | - | ../../modules/appgw | @@ -245,6 +246,7 @@ Name | Type | Description [`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation. [`tags`](#tags) | `map` | Map of tags to assign to the created resources. [`vnet_peerings`](#vnet_peerings) | `map` | A map defining VNET peerings. +[`public_ips`](#public_ips) | `object` | A map defining Public IP Addresses and Prefixes. [`natgws`](#natgws) | `map` | A map defining NAT Gateways. [`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (both private and public) Load Balancers. [`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment. @@ -269,7 +271,7 @@ Name | Description `test_vms_usernames` | Initial administrative username to use for test VMs. `test_vms_passwords` | Initial administrative password to use for test VMs. `test_vms_ips` | IP Addresses of the test VMs. -`app_lb_frontend_ips` | IP Addresses of the load balancers. +`test_lb_frontend_ips` | IP Addresses of the test load balancers. ### Required Inputs details @@ -292,7 +294,7 @@ Type: string #### vnets A map defining VNETs. - + For detailed documentation on each property refer to [module documentation](../../modules/vnet) - `create_virtual_network` - (`bool`, optional, defaults to `true`) when set to `true` will create a VNET, `false` will source @@ -300,6 +302,8 @@ For detailed documentation on each property refer to [module documentation](../. - `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a full resource name, including prefixes. - `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET. +- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by + default Azure DNS is used). - `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is disabled. @@ -323,6 +327,7 @@ map(object({ resource_group_name = optional(string) create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) vnet_encryption = optional(string) network_security_groups = optional(map(object({ name = string @@ -378,7 +383,7 @@ Example: ``` name_prefix = "test-" ``` - + **Note!** \ This prefix is not applied to existing resources. If you plan to reuse i.e. a VNET please specify it's full name, even if it is also prefixed with the same value as the one in this property. @@ -394,7 +399,7 @@ Default value: `` When set to `true` it will cause a Resource Group creation. Name of the newly specified RG is controlled by `resource_group_name`. - + When set to `false` the `resource_group_name` parameter is used to specify a name of an existing Resource Group. @@ -437,18 +442,61 @@ map(object({ ``` +Default value: `map[]` + +[back to list](#modules-optional-inputs) + +#### public_ips + +A map defining Public IP Addresses and Prefixes. + +Following properties are available: + +- `public_ip_addresses` - (`map`, optional) map of objects describing Public IP Addresses, please refer to + [module documentation](../../modules/public_ip#public_ip_addresses) + for available properties. +- `public_ip_prefixes` - (`map`, optional) map of objects describing Public IP Prefixes, please refer to + [module documentation](../../modules/public_ip#public_ip_prefixes) + for available properties. + + +Type: + +```hcl +object({ + public_ip_addresses = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })), {}) + public_ip_prefixes = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + length = optional(number) + })), {}) + }) +``` + + Default value: `map[]` [back to list](#modules-optional-inputs) #### natgws -A map defining NAT Gateways. +A map defining NAT Gateways. Please note that a NAT Gateway is a zonal resource, this means it's always placed in a zone (even when you do not specify one explicitly). Please refer to Microsoft documentation for notes on NAT Gateway's zonal resiliency. For detailed documentation on each property refer to [module documentation](../../modules/natgw). - + Following properties are supported: - `name` - (`string`, required) a name of a NAT Gateway. In case `create_natgw = false` this should be a full resource name, including prefixes. @@ -495,14 +543,16 @@ map(object({ idle_timeout = optional(number, 4) public_ip = optional(object({ create = bool - name = string + name = optional(string) resource_group_name = optional(string) + key = optional(string) })) public_ip_prefix = optional(object({ create = bool - name = string + name = optional(string) resource_group_name = optional(string) length = optional(number) + key = optional(string) })) })) ``` @@ -534,8 +584,8 @@ Following properties are available: - `nsg_auto_rules_settings` - (`map`, optional, defaults to `null`) a map defining a location of an existing NSG rule that will be populated with `Allow` rules for each load balancing rule (`in_rules`), please refer to [module documentation](../../modules/loadbalancer#nsg_auto_rules_settings) for - available properties. - + available properties. + Please note that in this example two additional properties are available: - `nsg_vnet_key` - (`string`, optional, mutually exclusive with `nsg_name`) a key pointing to a VNET definition in the @@ -581,9 +631,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -620,7 +672,7 @@ For detailed documentation on how to configure this resource, for available prop refer to [module documentation](../../modules/appgw). **Note!** \ -The `rules` property is meant to bind together `backend_setting`, `redirect` or `url_path_map` (all 3 are mutually exclusive). +The `rules` property is meant to bind together `backend_setting`, `redirect` or `url_path_map` (all 3 are mutually exclusive). It represents the Rules section of an Application Gateway in Azure Portal. Below you can find a brief list of most important properties: @@ -642,11 +694,11 @@ Below you can find a brief list of most important properties: settings, see [module's documentation](../../modules/appgw#backend_settings) for details. - `probes` - (`map`, optional, defaults to module default) defines backend probes used check health of backends, see [module's documentation](../../modules/appgw#probes) for details. -- `rewrites` - (`map`, optional, defaults to module default) defines rewrite rules, see +- `rewrites` - (`map`, optional, defaults to module default) defines rewrite rules, see [module's documentation](../../modules/appgw#rewrites) for details. -- `redirects` - (`map`, optional, mutually exclusive with `backend_settings` and `url_path_maps`) static redirects +- `redirects` - (`map`, optional, mutually exclusive with `backend_settings` and `url_path_maps`) static redirects definition, see [module's documentation](../../modules/appgw#redirects) for details. -- `url_path_maps` - (`map`, optional, mutually exclusive with `backend_settings` and `redirects`) URL path maps definition, +- `url_path_maps` - (`map`, optional, mutually exclusive with `backend_settings` and `redirects`) URL path maps definition, see [module's documentation](../../modules/appgw#url_path_maps) for details. - `rules` - (`map`, required) Application Gateway Rules definition, bind together a `listener` with either `backend_setting`, `redirect` or `url_path_map`, see @@ -662,9 +714,10 @@ map(object({ subnet_key = string zones = optional(list(string)) public_ip = object({ - name = string create = optional(bool, true) + name = optional(string) resource_group_name = optional(string) + key = optional(string) }) domain_name_label = optional(string) capacity = optional(object({ @@ -794,7 +847,7 @@ Following properties are supported: - `name` - (`string`, required) name of the Application Insights. - `update_domain_count` - (`number`, optional, defaults to Azure default) specifies the number of update domains that are used. - `fault_domain_count` - (`number`, optional, defaults to Azure default) specifies the number of fault domains that are used. - + **Note!** \ Please keep in mind that Azure defaults are not working for every region (especially the small ones, without any Availability Zones). Please verify how many update and fault domain are supported in a region before deploying this resource. @@ -875,7 +928,7 @@ You can create or re-use an existing Storage Account and/or File Share. For deta will host (created) a Storage Account. When skipped the code will fall back to `var.resource_group_name`. - `storage_account` - (`map`, optional, defaults to `{}`) a map controlling basic Storage Account configuration. - + The property you should pay attention to is: - `create` - (`bool`, optional, defaults to module default) controls if the Storage Account specified in the `name` property @@ -884,8 +937,8 @@ You can create or re-use an existing Storage Account and/or File Share. For deta For detailed documentation see [module's documentation](../../modules/bootstrap#storage_account). - `storage_network_security` - (`map`, optional, defaults to `{}`) a map defining network security settings for a **new** - storage account. - + storage account. + The properties you should pay attention to are: - `allowed_subnet_keys` - (`list`, optional, defaults to `[]`) a list of keys pointing to Subnet definitions in the @@ -895,9 +948,9 @@ You can create or re-use an existing Storage Account and/or File Share. For deta Subnets described in `allowed_subnet_keys`. For detailed documentation see [module's documentation](../../modules/bootstrap#storage_network_security). - + - `file_shares_configuration` - (`map`, optional, defaults to `{}`) a map defining common File Share setting. - + The properties you should pay attention to are: - `create_file_shares` - (`bool`, optional, defaults to module default) controls if the File Shares defined in the @@ -1104,7 +1157,9 @@ The most basic properties are as follows: backend pool. - `application_gateway_key` - (`string`, optional, defaults to `null`) key of an Application Gateway defined in `var.appgws` variable, network interface that has this property defined will be added to the Application - Gateway's backend pool. + Gateway's backend pool. Mutually exclusive with `appgw_backend_pool_id`. + - `appgw_backend_pool_id` - (`string`, optional, defaults to `null`) ID of the Application Gateway backend pool to which + the network interface will be added. Mutually exclusive with `application_gateway_key`. For details on all properties refer to [module's documentation](../../modules/panorama#interfaces). @@ -1162,9 +1217,11 @@ map(object({ create_public_ip = optional(bool, false) public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) private_ip_address = optional(string) load_balancer_key = optional(string) application_gateway_key = optional(string) + appgw_backend_pool_id = optional(string) })) })) ``` @@ -1283,6 +1340,7 @@ map(object({ name = string create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) hub_resource_group_name = optional(string) hub_vnet_name = string network_security_groups = optional(map(object({ @@ -1358,9 +1416,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -1405,10 +1465,13 @@ map(object({ custom_data = optional(string) })) bastions = map(object({ - name = string - public_ip_name = optional(string) - vnet_key = string - subnet_key = string + name = string + create_public_ip = optional(bool, true) + public_ip_name = optional(string) + public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + vnet_key = string + subnet_key = string })) })) ``` diff --git a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries_and_autoscale.md b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries_and_autoscale.md index 89d2ebe97..0627647c7 100644 --- a/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries_and_autoscale.md +++ b/products/terraform/docs/swfw/azure/vmseries/reference-architectures/dedicated_vmseries_and_autoscale.md @@ -233,6 +233,7 @@ Name | Version | Source | Description --- | --- | --- | --- `vnet` | - | ../../modules/vnet | `vnet_peering` | - | ../../modules/vnet_peering | +`public_ip` | - | ../../modules/public_ip | `natgw` | - | ../../modules/natgw | `load_balancer` | - | ../../modules/loadbalancer | `appgw` | - | ../../modules/appgw | @@ -262,6 +263,7 @@ Name | Type | Description [`create_resource_group`](#create_resource_group) | `bool` | When set to `true` it will cause a Resource Group creation. [`tags`](#tags) | `map` | Map of tags to assign to the created resources. [`vnet_peerings`](#vnet_peerings) | `map` | A map defining VNET peerings. +[`public_ips`](#public_ips) | `object` | A map defining Public IP Addresses and Prefixes. [`natgws`](#natgws) | `map` | A map defining NAT Gateways. [`load_balancers`](#load_balancers) | `map` | A map containing configuration for all (both private and public) Load Balancers. [`appgws`](#appgws) | `map` | A map defining all Application Gateways in the current deployment. @@ -276,12 +278,13 @@ Name | Description --- | --- `usernames` | Initial firewall administrative usernames for all deployed Scale Sets. `passwords` | Initial firewall administrative passwords for all deployed Scale Sets. +`natgw_public_ips` | Nat Gateways Public IP resources. `metrics_instrumentation_keys` | The Instrumentation Key of the created instance(s) of Azure Application Insights. `lb_frontend_ips` | IP Addresses of the load balancers. `test_vms_usernames` | Initial administrative username to use for test VMs. `test_vms_passwords` | Initial administrative password to use for test VMs. `test_vms_ips` | IP Addresses of the test VMs. -`app_lb_frontend_ips` | IP Addresses of the load balancers. +`test_lb_frontend_ips` | IP Addresses of the test load balancers. ### Required Inputs details @@ -312,6 +315,8 @@ For detailed documentation on each property refer to [module documentation](../. - `name` - (`string`, required) a name of a VNET. In case `create_virtual_network = false` this should be a full resource name, including prefixes. - `address_space` - (`list`, required when `create_virtual_network = false`) a list of CIDRs for a newly created VNET. +- `dns_servers` - (`list`, optional, defaults to module defaults) a list of IP addresses of custom DNS servers (by + default Azure DNS is used). - `vnet_encryption` - (`string`, optional, defaults to module default) enables Azure Virtual Network Encryption when set, only possible value at the moment is `AllowUnencrypted`. When set to `null`, the feature is disabled. @@ -335,6 +340,7 @@ map(object({ resource_group_name = optional(string) create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) vnet_encryption = optional(string) network_security_groups = optional(map(object({ name = string @@ -449,6 +455,49 @@ map(object({ ``` +Default value: `map[]` + +[back to list](#modules-optional-inputs) + +#### public_ips + +A map defining Public IP Addresses and Prefixes. + +Following properties are available: + +- `public_ip_addresses` - (`map`, optional) map of objects describing Public IP Addresses, please refer to + [module documentation](../../modules/public_ip#public_ip_addresses) + for available properties. +- `public_ip_prefixes` - (`map`, optional) map of objects describing Public IP Prefixes, please refer to + [module documentation](../../modules/public_ip#public_ip_prefixes) + for available properties. + + +Type: + +```hcl +object({ + public_ip_addresses = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + domain_name_label = optional(string) + idle_timeout_in_minutes = optional(number) + prefix_name = optional(string) + prefix_resource_group_name = optional(string) + })), {}) + public_ip_prefixes = optional(map(object({ + create = bool + name = string + resource_group_name = optional(string) + zones = optional(list(string)) + length = optional(number) + })), {}) + }) +``` + + Default value: `map[]` [back to list](#modules-optional-inputs) @@ -509,12 +558,14 @@ map(object({ create = bool name = string resource_group_name = optional(string) + key = optional(string) })) public_ip_prefix = optional(object({ create = bool name = string resource_group_name = optional(string) length = optional(number) + key = optional(string) })) })) ``` @@ -593,9 +644,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -674,9 +727,10 @@ map(object({ subnet_key = string zones = optional(list(string)) public_ip = object({ - name = string create = optional(bool, true) + name = optional(string) resource_group_name = optional(string) + key = optional(string) }) domain_name_label = optional(string) capacity = optional(object({ @@ -942,8 +996,8 @@ The basic Scale Set configuration properties are as follows: - `application_gateway_key` - (`string`, optional, defaults to `null`) key of an Application Gateway defined in the `var.appgws`, network interface that has this property defined will be added to the Application Gateways's backend pool. - - `pip_domain_name_label` - (`string`, optional, defaults to `null`) prefix which should be used for the Domain Name Label - for each VM instance. + + For details on all properties refer to [module's documentation](../../modules/vmss#interfaces). - `autoscaling_profiles` - (`list`, optional, defaults to `[]`) a list of autoscaling profiles, for details on available properties please refer to @@ -996,12 +1050,15 @@ map(object({ webhooks_uris = optional(map(string), {}) }), {}) interfaces = list(object({ - name = string - subnet_key = string - create_public_ip = optional(bool) - load_balancer_key = optional(string) - application_gateway_key = optional(string) - pip_domain_name_label = optional(string) + name = string + subnet_key = string + create_public_ip = optional(bool) + pip_domain_name_label = optional(string) + pip_idle_timeout_in_minutes = optional(number) + pip_prefix_name = optional(string) + pip_prefix_resource_group_name = optional(string) + load_balancer_key = optional(string) + application_gateway_key = optional(string) })) autoscaling_profiles = optional(list(object({ name = string @@ -1155,6 +1212,7 @@ map(object({ name = string create_virtual_network = optional(bool, true) address_space = optional(list(string)) + dns_servers = optional(list(string)) hub_resource_group_name = optional(string) hub_vnet_name = string network_security_groups = optional(map(object({ @@ -1230,9 +1288,11 @@ map(object({ frontend_ips = optional(map(object({ name = string subnet_key = optional(string) - public_ip_name = optional(string) create_public_ip = optional(bool, false) + public_ip_name = optional(string) public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + public_ip_prefix_key = optional(string) private_ip_address = optional(string) gwlb_key = optional(string) in_rules = optional(map(object({ @@ -1277,10 +1337,13 @@ map(object({ custom_data = optional(string) })) bastions = map(object({ - name = string - public_ip_name = optional(string) - vnet_key = string - subnet_key = string + name = string + create_public_ip = optional(bool, true) + public_ip_name = optional(string) + public_ip_resource_group_name = optional(string) + public_ip_key = optional(string) + vnet_key = string + subnet_key = string })) })) ```