This feature creates an Azure VPN Gateway with its own dedicated Subnet, public IP, and the connections resources.
Gateway SKU list description is available on Microsoft documentation.
Module version | Terraform version | OpenTofu version | AzureRM version |
---|---|---|---|
>= 8.x.x | Unverified | 1.8.x | >= 4.0 |
>= 7.x.x | 1.3.x | >= 3.0 | |
>= 6.x.x | 1.x | >= 3.0 | |
>= 5.x.x | 0.15.x | >= 2.0 | |
>= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
>= 3.x.x | 0.12.x | >= 2.0 | |
>= 2.x.x | 0.12.x | < 2.0 | |
< 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper
available in the documentation.
module "vpn_gw" {
source = "claranet/vpn/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.name
virtual_network_name = module.vnet.name
subnet_cidr = "10.10.1.0/25"
vpn_connections = [
{
name = "azure_to_claranet"
name_suffix = "claranet"
custom_name = "azure_to_claranet_vpn_connection"
local_gw_custom_name = "azure_to_claranet_local_gateway"
extra_tags = { to = "claranet" }
local_gateway_address = "89.185.1.1"
local_gateway_address_spaces = ["89.185.1.1/32"]
}
]
logs_destinations_ids = [
module.logs.id,
module.logs.storage_account_id
]
extra_tags = {
foo = "bar"
}
}
Name | Version |
---|---|
azurecaf | ~> 1.2.28 |
azurerm | ~> 4.0 |
random | ~> 3.0 |
Name | Source | Version |
---|---|---|
diagnostics | claranet/diagnostic-settings/azurerm | ~> 8.0.0 |
subnet_gateway | claranet/subnet/azurerm | ~> 8.0.0 |
Name | Type |
---|---|
azurerm_local_network_gateway.main | resource |
azurerm_public_ip.main | resource |
azurerm_virtual_network_gateway.main | resource |
azurerm_virtual_network_gateway_connection.main | resource |
random_password.main | resource |
azurecaf_name.gw_pub_ip | data source |
azurecaf_name.local_network_gateway | data source |
azurecaf_name.vnet_gw | data source |
azurecaf_name.vpn_gw_connection | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
active_active | If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. |
bool |
false |
no |
additional_routes_to_advertise | Additional routes reserved for this virtual network in CIDR notation. | list(string) |
[] |
no |
bgp_enabled | If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false . |
bool |
false |
no |
client_name | Client name/account used in naming. | string |
n/a | yes |
custom_name | Custom VPN Gateway name, generated if not set. | string |
"" |
no |
default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
diagnostic_settings_custom_name | Custom name of the diagnostics settings, name will be default if not set. |
string |
"default" |
no |
environment | Project environment. | string |
n/a | yes |
extra_tags | Additional tags to associate with your VPN Gateway. | map(string) |
{} |
no |
gateway_generation | Configuration of the generation of the Virtual Network Gateway. Valid options are Generation1 , Generation2 or None . |
string |
"Generation2" |
no |
ipconfig_custom_names | List of VPN GW IP Config resource custom name. One per IP on the gateway. | list(string) |
[] |
no |
location | Azure region to use. | string |
n/a | yes |
location_short | Short string for Azure location. | string |
n/a | yes |
logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account , Log Analytics Workspace and Event Hub . No more than one of each can be set.If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character. |
list(string) |
n/a | yes |
logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
name_prefix | Optional prefix for the generated name. | string |
"" |
no |
name_suffix | Optional suffix for the generated name. | string |
"" |
no |
network_resource_group_name | VNet and subnet Resource Group name. To use only if you need to have a dedicated Resource Group for all VPN Gateway resources. (set via resource_group_name variable.) |
string |
"" |
no |
public_ip_allocation_method | Defines the allocation method for this IP address. Possible values are Static or Dynamic . |
string |
"Static" |
no |
public_ip_count | Number of Public IPs to allocate and associated to the Gateway. By default only 1. Maximum is 3. | number |
1 |
no |
public_ip_custom_names | List of VPN GW Public IP resource custom name. One per IP on the gateway. | list(string) |
[] |
no |
public_ip_sku | The SKU of the public IP. Accepted values are Basic and Standard . |
string |
"Standard" |
no |
public_ip_zones | Public IP zones to configure. | list(number) |
[ |
no |
resource_group_name | Name of the resource group. | string |
n/a | yes |
routing_type | The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased . Defaults to RouteBased . |
string |
"RouteBased" |
no |
sku | Configuration of the size and capacity of the Virtual Network Gateway. Valid options are Basic , Standard , HighPerformance , UltraPerformance , ErGw[1-3]AZ , VpnGw[1-5] , VpnGw[1-5]AZ , and depend on the type and vpn_type arguments.A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.SKU details and list is available in the documentation. |
string |
"VpnGw2AZ" |
no |
stack | Project stack name. | string |
n/a | yes |
subnet_cidr | CIDR range for the dedicated Gateway subnet. Must be a range available in the VNet. | string |
null |
no |
subnet_id | Subnet Gateway ID to use if already existing. Must be named GatewaySubnet . |
string |
null |
no |
type | The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute . Changing the type forces a new resource to be created. |
string |
"Vpn" |
no |
virtual_network_name | Virtual Network Name where the dedicated VPN subnet and Gateway will be created. | string |
n/a | yes |
vpn_client_configuration | VPN client configuration authorizations. | object({ |
null |
no |
vpn_connections | List of VPN connection configurations. | list(object({ |
[] |
no |
Name | Description |
---|---|
id | VPN Gateway ID. |
local_gateway_ids | Azure VNET local Gateway IDs. |
local_gateway_names | Azure VNET local Gateway names. |
module_diagnostics | Diagnostics settings module outputs. |
name | VPN Gateway name. |
public_ip_adresses | Azure VPN Gateway public IPs. |
public_ip_name | Azure VPN Gateway public IP resource name. |
resource | VPN Gateway resource object. |
resource_public_ip | Azure VPN Gateway Public IP resource object. |
shared_keys | Shared Keys used for VPN connections. |
subnet_id | Dedicated subnet ID for the GW. |
vpn_connection_ids | The VPN created connections IDs. |
- If
vpn_gw_active_active
variable istrue
, at least two public IPs will be provisionned unless more IPs are set via thevpn_gw_public_ip_number
variable.
Microsoft VPN Gateway documentation docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways