Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
terraform-azure/quickstart/301-machine-learning-hub-spoke-secure/network-hub.tf
ryhud b16eefa5ca terraform fmt
2021-11-12 15:37:16 -05:00

176 lines
6.5 KiB
HCL
Raw Permalink Blame History

#Hub Virtual Network
resource "azurerm_virtual_network" "hub" {
name = "vnet-hub-${var.name}-${var.environment}"
address_space = var.vnet_hub_address_space
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_subnet" "snet-jumphost" {
name = "snet-jumphost"
resource_group_name = azurerm_resource_group.hub_rg.name
virtual_network_name = azurerm_virtual_network.hub.name
address_prefixes = var.jumphost_subnet_address_space
}
resource "azurerm_subnet" "azure_bastion" {
name = "AzureBastionSubnet"
resource_group_name = azurerm_resource_group.hub_rg.name
virtual_network_name = azurerm_virtual_network.hub.name
address_prefixes = var.bastion_subnet_address_space
}
resource "azurerm_subnet" "azure_firewall" {
name = "AzureFirewallSubnet"
resource_group_name = azurerm_resource_group.hub_rg.name
virtual_network_name = azurerm_virtual_network.hub.name
address_prefixes = var.firewall_subnet_address_space
}
#Vnet Peering
resource "azurerm_virtual_network_peering" "direction1" {
name = "${azurerm_resource_group.hub_rg.name}-to-${azurerm_resource_group.default.name}"
resource_group_name = azurerm_resource_group.hub_rg.name
virtual_network_name = azurerm_virtual_network.hub.name
remote_virtual_network_id = azurerm_virtual_network.default.id
allow_virtual_network_access = true
allow_forwarded_traffic = false
allow_gateway_transit = false
use_remote_gateways = false
depends_on = [
azurerm_virtual_network.hub,
azurerm_virtual_network.default
]
}
resource "azurerm_virtual_network_peering" "direction2" {
name = "${azurerm_resource_group.default.name}-to-${azurerm_resource_group.hub_rg.name}"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
remote_virtual_network_id = azurerm_virtual_network.hub.id
allow_virtual_network_access = true
allow_forwarded_traffic = false
allow_gateway_transit = false
use_remote_gateways = false
depends_on = [
azurerm_virtual_network.hub,
azurerm_virtual_network.default
]
}
# Private DNS Zones
resource "azurerm_private_dns_zone" "dnsvault" {
name = "privatelink.vaultcore.azure.net"
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
name = "dnsvaultlink"
resource_group_name = azurerm_resource_group.hub_rg.name
private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
virtual_network_id = azurerm_virtual_network.hub.id
}
resource "azurerm_private_dns_zone" "dnsstorageblob" {
name = "privatelink.blob.core.windows.net"
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
name = "dnsblobstoragelink"
resource_group_name = azurerm_resource_group.hub_rg.name
private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
virtual_network_id = azurerm_virtual_network.hub.id
}
resource "azurerm_private_dns_zone" "dnsstoragefile" {
name = "privatelink.file.core.windows.net"
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
name = "dnsfilestoragelink"
resource_group_name = azurerm_resource_group.hub_rg.name
private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
virtual_network_id = azurerm_virtual_network.hub.id
}
resource "azurerm_private_dns_zone" "dnscontainerregistry" {
name = "privatelink.azurecr.io"
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
name = "dnscrlink"
resource_group_name = azurerm_resource_group.hub_rg.name
private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
virtual_network_id = azurerm_virtual_network.hub.id
}
resource "azurerm_private_dns_zone" "dnsazureml" {
name = "privatelink.api.azureml.ms"
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
name = "dnsazuremllink"
resource_group_name = azurerm_resource_group.hub_rg.name
private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
virtual_network_id = azurerm_virtual_network.hub.id
}
resource "azurerm_private_dns_zone" "dnsnotebooks" {
name = "privatelink.notebooks.azure.net"
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
name = "dnsnotebookslink"
resource_group_name = azurerm_resource_group.hub_rg.name
private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
virtual_network_id = azurerm_virtual_network.hub.id
}
# NSG for jump_host Subnet
resource "azurerm_network_security_group" "jump_host" {
name = "nsg-jumphost-subnet"
location = azurerm_resource_group.hub_rg.location
resource_group_name = azurerm_resource_group.hub_rg.name
}
resource "azurerm_subnet_network_security_group_association" "jumphost_nsg_assoc" {
subnet_id = azurerm_subnet.snet-jumphost.id
network_security_group_id = azurerm_network_security_group.jump_host.id
depends_on = [
azurerm_network_interface.dsvm
]
}
# Route Table for Jump host subnet
resource "azurerm_route_table" "jumphost_rt" {
name = "rt-jumphost"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_route" "jumphost-fw-route" {
name = "udr-Default"
resource_group_name = azurerm_resource_group.default.name
route_table_name = azurerm_route_table.jumphost_rt.name
address_prefix = "0.0.0.0/0"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = azurerm_firewall.azure_firewall_instance.ip_configuration[0].private_ip_address
}
resource "azurerm_subnet_route_table_association" "rt-jumphost-link" {
subnet_id = azurerm_subnet.snet-jumphost.id
route_table_id = azurerm_route_table.jumphost_rt.id
}
Reference in New Issue View Git Blame Copy Permalink