-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.tf
119 lines (93 loc) · 2.94 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
module "vpc" {
# https://registry.terraform.io/modules/Azure/network/azurerm/latest
source = "Azure/network/azurerm"
version = ">= 5.0, < 6.0"
resource_group_location = var.location
resource_group_name = var.resource_group_name
vnet_name = var.name
tags = var.tags
address_spaces = var.cidrs
subnet_prefixes = var.subnet_cidrs
subnet_names = [
var.subnet_name_public,
var.subnet_name_private,
var.subnet_name_private_dns_resolver,
]
subnet_delegation = {
"${var.subnet_name_private_dns_resolver}" = [
{
name = "Microsoft.Network/dnsResolvers"
service_delegation = {
name = "Microsoft.Network/dnsResolvers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
]
}
use_for_each = true # https://github.com/Azure/terraform-azurerm-network#notice-to-contributor
}
data "azurerm_subnet" "public" {
resource_group_name = var.resource_group_name
virtual_network_name = module.vpc.vnet_name
name = var.subnet_name_public
depends_on = [module.vpc.vnet_subnets]
}
data "azurerm_subnet" "private" {
resource_group_name = var.resource_group_name
virtual_network_name = module.vpc.vnet_name
name = var.subnet_name_private
depends_on = [module.vpc.vnet_subnets]
}
data "azurerm_subnet" "dns-inbound" {
resource_group_name = var.resource_group_name
virtual_network_name = module.vpc.vnet_name
name = var.subnet_name_private_dns_resolver
depends_on = [module.vpc.vnet_subnets]
}
#
# Private DNS resolver resources
#
resource "azurerm_private_dns_resolver" "main" {
location = var.location
resource_group_name = var.resource_group_name
name = var.name
tags = var.tags
virtual_network_id = module.vpc.vnet_id
}
resource "azurerm_private_dns_resolver_inbound_endpoint" "main" {
location = var.location
name = var.name
tags = var.tags
private_dns_resolver_id = azurerm_private_dns_resolver.main.id
ip_configurations {
private_ip_allocation_method = "Dynamic"
subnet_id = data.azurerm_subnet.dns-inbound.id
}
}
#
# NAT resources
#
resource "azurerm_nat_gateway" "nat" {
location = var.location
resource_group_name = var.resource_group_name
name = var.name
sku_name = "Standard"
idle_timeout_in_minutes = 10
}
resource "azurerm_subnet_nat_gateway_association" "nat" {
nat_gateway_id = azurerm_nat_gateway.nat.id
subnet_id = data.azurerm_subnet.private.id
}
resource "azurerm_public_ip" "nat" {
location = var.location
resource_group_name = var.resource_group_name
name = "${var.name}-nat"
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_nat_gateway_public_ip_association" "nat" {
nat_gateway_id = azurerm_nat_gateway.nat.id
public_ip_address_id = azurerm_public_ip.nat.id
}