terraform-azurerm-avm-ptn-virtualwan/main.s2s-vpn-gateway.tf at main · pepsico-ecommerce/terraform-azurerm-avm-ptn-virtualwan · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Create a vpn site. Sites represent the Physical locations (On-Premises) you wish to connect.
module "vpn_site" {
  source = "./modules/site-to-site-vpn-site"

  vpn_sites = {
    for key, value in local.vpn_sites : key => {
      name                = value.name
      resource_group_name = module.virtual_hubs.resource_object[value.virtual_hub_key].resource_group
      location            = module.virtual_hubs.resource_object[value.virtual_hub_key].location
      virtual_wan_id      = azurerm_virtual_wan.virtual_wan.id
      address_cidrs       = value.address_cidrs
      device_vendor       = value.device_vendor
      device_model        = value.device_model
      links               = value.links
      o365_policy         = value.o365_policy
      tags                = value.tags
    }
  }
}

moved {
  from = azurerm_vpn_site.vpn_site
  to   = module.vpn_site.azurerm_vpn_site.vpn_site
}

# Create a site to site vpn connection between a vpn gateway and a vpn site.
module "vpn_site_connection" {
  source = "./modules/site-to-site-gateway-conn"

  vpn_site_connection = {
    for key, conn in local.vpn_site_connections : key => {
      name                      = conn.name
      remote_vpn_site_id        = module.vpn_site.resource_object[conn.remote_vpn_site_key].id
      vpn_gateway_id            = module.vpn_gateway.resource_object[conn.vpn_gateway_key].id
      internet_security_enabled = try(conn.internet_security_enabled, null)
      vpn_links = [
        for link in conn.vpn_links : {
          name                                  = link.name
          vpn_site_link_id                      = module.vpn_site.resource_object[link.vpn_site_key].links[link.vpn_site_link_number].id
          bandwidth_mbps                        = try(link.bandwidth_mbps, null)
          bgp_enabled                           = try(link.bgp_enabled, null)
          connection_mode                       = try(link.connection_mode, null)
          egress_nat_rule_ids                   = try(link.egress_nat_rule_ids, null)
          ingress_nat_rule_ids                  = try(link.ingress_nat_rule_ids, null)
          ipsec_policy                          = try(link.ipsec_policy, null)
          protocol                              = try(link.protocol, null)
          ratelimit_enabled                     = try(link.ratelimit_enabled, null)
          route_weight                          = try(link.route_weight, null)
          shared_key                            = try(link.shared_key, null)
          local_azure_ip_address_enabled        = try(link.local_azure_ip_address_enabled, null)
          policy_based_traffic_selector_enabled = try(link.policy_based_traffic_selector_enabled, null)
          custom_bgp_addresses = try(link.custom_bgp_addresses, null) == null ? [] : [
            for custom_bgp_address in link.custom_bgp_addresses : {
              ip_address          = custom_bgp_address.ip_address
              ip_configuration_id = module.vpn_gateway.ip_configuration_ids[conn.vpn_gateway_key][custom_bgp_address.instance]
            }
          ]
        }
      ]
      routing                 = try(conn.routing, null)
      traffic_selector_policy = try(conn.traffic_selector_policy, null)
    }

  }
}

moved {
  from = azurerm_vpn_gateway_connection.vpn_site_connection
  to   = module.vpn_site_connection.azurerm_vpn_gateway_connection.vpn_site_connection
}