Add sample for iothub with private link

2024-02-05 21:12:12 +00:00 · 2024-02-05 21:12:12 +00:00 · 8c845be0a2
commit 8c845be0a2
parent 369cd83197
6 changed files with 232 additions and 0 deletions
--- a/quickstart/201-private-link-iothub-builtin-endpoint/main.tf
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/main.tf
@ -0,0 +1,65 @@
+resource "random_string" "suffix" {
+  length  = 5
+  special = false
+  upper   = false
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "rg-iothub-${random_string.suffix.result}"
+  location = var.location
+}
+
+resource "azurerm_iothub" "iothub" {
+  name                = "iothub-${random_string.suffix.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  public_network_access_enabled = false
+
+  sku {
+    name     = "S1"
+    capacity = 1
+  }
+
+  cloud_to_device {
+    max_delivery_count = 30
+    default_ttl        = "PT1H"
+    feedback {
+      time_to_live       = "PT1H10M"
+      max_delivery_count = 15
+      lock_duration      = "PT30S"
+    }
+  }
+
+}
+
+resource "azurerm_iothub_shared_access_policy" "iothub_policy" {
+  name                = "iothub-policy"
+  resource_group_name = azurerm_resource_group.rg.name
+  iothub_name         = azurerm_iothub.iothub.name
+
+  registry_read   = true
+  registry_write  = true
+  service_connect = true
+
+  depends_on = [azurerm_private_endpoint.iothub]
+}
+
+resource "azurerm_iothub_dps" "dps" {
+  name                = "test-device-${random_string.suffix.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  allocation_policy   = "Hashed"
+  public_network_access_enabled = false
+
+  sku {
+    name     = "S1"
+    capacity = "1"
+  }
+
+  linked_hub {
+    connection_string = azurerm_iothub_shared_access_policy.iothub_policy.primary_connection_string
+    location = azurerm_resource_group.rg.location
+    allocation_weight       = 150
+    apply_allocation_policy = true
+  }
+}
--- a/quickstart/201-private-link-iothub-builtin-endpoint/network.tf
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/network.tf
@ -0,0 +1,90 @@
+resource "azurerm_virtual_network" "vnet" {
+  name                = "iothub-vnet-${random_string.suffix.result}"
+  address_space       = [var.vnet_address_space]
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_subnet" "snet" {
+  name                 = "iothub-snet-${random_string.suffix.result}"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = [var.iothub_subnet_address_space]
+}
+
+## Private DNS Zone
+resource "azurerm_private_dns_zone" "iothub" {
+  name                = "privatelink.azure-devices.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone" "eventhub" {
+  name                = "privatelink.servicebus.windows.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone" "dps" {
+  name                = "privatelink.azure-devices-provisioning.net"
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "iothub" {
+  name                  = "vnet-link-iothub-${random_string.suffix.result}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.iothub.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "eventhub" {
+  name                  = "vnet-link-eventhub-${random_string.suffix.result}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.eventhub.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "dps" {
+  name                  = "vnet-link-dps-${random_string.suffix.result}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.dps.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+## Private Endpoint
+resource "azurerm_private_endpoint" "iothub" {
+  name                = "pep-iothub-${random_string.suffix.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  subnet_id           = azurerm_subnet.snet.id
+
+  private_service_connection {
+    name                           = "psc-iothub-${random_string.suffix.result}"
+    private_connection_resource_id = azurerm_iothub.iothub.id
+    subresource_names              = ["iotHub"]
+    is_manual_connection           = false
+  }
+
+  private_dns_zone_group {
+    name                 = "privateDNSZoneGroup"
+    private_dns_zone_ids = [azurerm_private_dns_zone.iothub.id]
+  }
+
+}
+
+resource "azurerm_private_endpoint" "dps" {
+  name                = "pep-dps-${random_string.suffix.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  subnet_id           = azurerm_subnet.snet.id
+
+  private_service_connection {
+    name                           = "psc-iothub-${random_string.suffix.result}"
+    private_connection_resource_id = azurerm_iothub_dps.dps.id
+    subresource_names              = ["iotDps"]
+    is_manual_connection           = false
+  }
+
+  private_dns_zone_group {
+    name                 = "privateDNSZoneGroup"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dps.id]
+  }
+}
--- a/quickstart/201-private-link-iothub-builtin-endpoint/outputs.tf
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/outputs.tf
@ -0,0 +1,19 @@
+output "resource_group_name" {
+  description = "The name of the created resource group."
+  value       = azurerm_resource_group.rg.name
+}
+  
+output "virtual_network_name" {
+  description = "The name of the created virtual network."
+  value       = azurerm_virtual_network.vnet.name
+}
+  
+output "iothub_subnet_name" {
+  description = "The name of the created subnet for iothub."
+  value       = azurerm_subnet.snet.name
+}
+
+output "iothub_name" {
+  description = "The name of the created iothub."
+  value       = azurerm_subnet.snet.name
+}
--- a/quickstart/201-private-link-iothub-builtin-endpoint/provider.tf
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/provider.tf
@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.2"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.35.0, < 4.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+  }
+}
--- a/quickstart/201-private-link-iothub-builtin-endpoint/readme.md
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/readme.md
@ -0,0 +1,27 @@
+# Azure Private Link for IoT Hub and IoT Hub Device Provisioning Service
+
+This template specifies configuration for deploying [Azure IoT Hub](https://learn.microsoft.com/azure/iot-hub/) and [Azure IoT Hub Device Provisioning Service](https://learn.microsoft.com/azure/iot-dps/) services in a Virtual Network.
+
+In addition to deploying the two resources above, it deploys the necessary network components required to set up private network connectivity between IoT Hub, the IoT Hub's built-in eventhub endpoint and the Azure DPS using [Azure Private Link Service](https://docs.microsoft.com/en-us/azure/private-link/). 
+
+## Terraform resource types
+
+* [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+* [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+* [azurerm_iothub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub)
+* [azurerm_iothub_shared_access_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub_shared_access_policy)
+* [azurerm_iothub_dps](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub_dps)
+* [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+* [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+* [azurerm_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone)
+* [azurerm_private_dns_zone_virtual_network_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link)
+* [azurerm_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint)
+
+
+## Variables
+
+| Name | Description | Default |
+| ---- | ----------- | ------- |
+| `location` | Location of the resource group. | `eastus` |
+| `vnet_address_space` | Private IP address range of the virtual network | `10.0.0.0/16` |
+| `iothub_subnet_address_space` | Private IP address of the iothub subnet  | `10.0.3.0/24` |
--- a/quickstart/201-private-link-iothub-builtin-endpoint/variables.tf
+++ b/quickstart/201-private-link-iothub-builtin-endpoint/variables.tf
@ -0,0 +1,17 @@
+variable "location" {
+    type = string
+    default = "westeurope"
+    description = "Location of the resource group"
+}
+
+variable "vnet_address_space" {
+    type = string
+    default = "10.0.0.0/16"
+    description = "Address range of the virtual network"
+}
+
+variable "iothub_subnet_address_space" {
+    type = string
+    default = "10.0.3.0/24"
+    description = "Address range of the subnet containing the iothub"
+}