-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
131 lines (108 loc) · 4 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.79.0"
}
}
}
locals {
workload = "bigenterprise"
}
resource "azurerm_resource_group" "default" {
name = "rg-${local.workload}"
location = var.location
}
module "vnet_firewall" {
source = "./modules/vnet/hub"
workload = local.workload
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
}
module "vnet_spoke1" {
source = "./modules/vnet/spoke1"
workload = local.workload
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
}
module "vnet_spoke2" {
source = "./modules/vnet/spoke2"
workload = local.workload
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
}
module "peerings" {
source = "./modules/vnet/peerings"
resource_group_name = azurerm_resource_group.default.name
firewall_vnet_id = module.vnet_firewall.vnet_id
firewall_vnet_name = module.vnet_firewall.vnet_name
spoke1_vnet_id = module.vnet_spoke1.vnet_id
spoke1_vnet_name = module.vnet_spoke1.vnet_name
spoke2_vnet_id = module.vnet_spoke2.vnet_id
spoke2_vnet_name = module.vnet_spoke2.vnet_name
}
module "vm1" {
source = "./modules/vm"
name = "vm1"
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
subnet_id = module.vnet_spoke1.subnet_id
size = var.vm_size
create_public_ip = true
}
module "vm2" {
source = "./modules/vm"
name = "vm2"
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
subnet_id = module.vnet_spoke2.subnet_id
size = var.vm_size
create_public_ip = false
}
resource "azurerm_log_analytics_workspace" "default" {
name = "log-${local.workload}"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
sku = "PerGB2018"
retention_in_days = 30
}
resource "azurerm_ip_group" "home" {
name = "ipgroup-home-space"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
cidrs = var.home_cidrs
}
resource "azurerm_ip_group" "vnets" {
name = "ipgroup-vnet-space"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
cidrs = [
module.vnet_firewall.address_space[0],
module.vnet_spoke1.address_space[0],
module.vnet_spoke2.address_space[0]
]
}
module "firewall" {
source = "./modules/firewall"
workload = local.workload
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
sku_tier = var.firewall_sku_tier
policies_sku = var.firewall_policies_sku
threat_intel_mode = var.firewall_threat_intel_mode
firewall_subnet_id = module.vnet_firewall.subnet_id
log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id
vnet_ip_group_id = azurerm_ip_group.vnets.id
home_ip_group_id = azurerm_ip_group.home.id
vm2_private_ip_address = module.vm2.private_ip_address
}
module "user_defined_routes" {
source = "./modules/vnet/routes"
workload = local.workload
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
spoke1_subnet_id = module.vnet_spoke1.subnet_id
spoke2_subnet_id = module.vnet_spoke2.subnet_id
spoke2_cidr = module.vnet_spoke2.address_space[0]
firewall_private_ip = module.firewall.firewall_private_ip
}