diff --git a/terraform/azure/examples/main.tf b/terraform/azure/examples/main.tf new file mode 100644 index 0000000..361c19d --- /dev/null +++ b/terraform/azure/examples/main.tf @@ -0,0 +1,36 @@ +module "network" { + source = "../modules/vnet" + vnet_name = "myvnet" + address_space = ["10.0.0.0/16"] + location = "eastus" + resource_group_name = "testrg" + subnet_names = ["aks_subnet", "appgw_subnet"] + subnet_address_prefixes = ["10.0.1.0/24", "10.0.2.0/24"] + nsg_name = "testnsg" + + inbound_rules = { + rule1 = { + name = "inbound_rule1" + priority = 100 + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "80" + source_address_prefix = "1.2.3.4" + destination_address_prefix = "10.0.1.0/24" + } + } + + outbound_rules = { + rule1 = { + name = "outbound_rule1" + priority = 100 + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "10.0.1.0/24" + destination_address_prefix = "5.6.7.8" + } + } +} diff --git a/terraform/azure/examples/provider.tf b/terraform/azure/examples/provider.tf new file mode 100644 index 0000000..b3fc7b2 --- /dev/null +++ b/terraform/azure/examples/provider.tf @@ -0,0 +1,18 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>1.5.0" + } + } +} + +provider "azurerm" { + features {} + + client_id = " " + client_secret = " " + tenant_id = " " + subscription_id = " " + skip_provider_registration = true +} \ No newline at end of file diff --git a/terraform/azure/modules/vnet/README.md b/terraform/azure/modules/vnet/README.md new file mode 100644 index 0000000..c93911a --- /dev/null +++ b/terraform/azure/modules/vnet/README.md @@ -0,0 +1,76 @@ + +# Azure Virtual Network (VNet) Module + +This Terraform module creates an Azure Virtual Network (VNet) along with subnets, a network security group (NSG), and associated security rules in Azure. It simplifies the provisioning of network resources for your Azure infrastructure. + +## Features + +- Creates an Azure Virtual Network (VNet) with customizable settings. +- Defines subnets within the VNet with flexible address prefixes. +- Configures a Network Security Group (NSG) with inbound and outbound security rules. +- Supports easy customization of security rules based on your requirements. +- Modular design for reusability across different Azure environments. + +## Usage + +```hcl +module "azure_vnet" { + source = "./azure_vnet_module" # Replace with the actual path to the module directory + + # Input variables + resource_group_name = "my-resource-group" + vnet_name = "my-vnet" + address_space = ["10.0.0.0/16"] + location = "East US" + subnet_names = ["subnet1", "subnet2"] + subnet_address_prefixes = ["10.0.1.0/24", "10.0.2.0/24"] + nsg_name = "my-nsg" + + inbound_rules = { + rule1 = { + name = "inbound_rule1" + priority = 100 + access = "Allow" + protocol = "TCP" + source_port_range = "*" + destination_port_range = "80" + source_address_prefix = "1.2.3.4" + destination_address_prefix = "10.0.1.0/24" + } + } + + outbound_rules = { + rule1 = { + name = "outbound_rule1" + priority = 100 + access = "Allow" + protocol = "TCP" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "10.0.1.0/24" + destination_address_prefix = "5.6.7.8" + } + } +} +``` + +## Inputs + +| Name | Description | Type | Default | Required | +|------------------------|----------------------------------------------|------------|---------|----------| +| `resource_group_name` | Name of the Azure Resource Group. | `string` | | Yes | +| `vnet_name` | Name of the Azure Virtual Network. | `string` | | Yes | +| `address_space` | Address space for the VNet. | `list(string)` | | Yes | +| `location` | Azure region where resources will be created.| `string` | | Yes | +| `subnet_names` | List of subnet names. | `list(string)` | | Yes | +| `subnet_address_prefixes` | List of subnet address prefixes. | `list(string)` | | Yes | +| `nsg_name` | Name of the Network Security Group (NSG). | `string` | | Yes | +| `inbound_rules` | Map of inbound security rules. | `map(object)` | | Yes | +| `outbound_rules` | Map of outbound security rules. | `map(object)` | | Yes | + +## Outputs + +| Name | Description | +|-------------|---------------------------------------------------| +| `vnet_id` | The ID of the created Azure Virtual Network. | +| `subnet_ids`| List of IDs of the created subnets. | diff --git a/terraform/azure/modules/vnet/locals.tf b/terraform/azure/modules/vnet/locals.tf new file mode 100644 index 0000000..0e14b66 --- /dev/null +++ b/terraform/azure/modules/vnet/locals.tf @@ -0,0 +1,3 @@ +locals { + environment = "Development" +} \ No newline at end of file diff --git a/terraform/azure/modules/vnet/outputs.tf b/terraform/azure/modules/vnet/outputs.tf new file mode 100644 index 0000000..f6daf4a --- /dev/null +++ b/terraform/azure/modules/vnet/outputs.tf @@ -0,0 +1,10 @@ +output "vnet_id" { + description = "ID of the created Azure Virtual Network" + value = azurerm_virtual_network.Vnet.id +} + +output "subnet_ids" { + description = "IDs of the created subnets" + value = azurerm_subnet.subnets.*.id +} + diff --git a/terraform/azure/modules/vnet/variables.tf b/terraform/azure/modules/vnet/variables.tf new file mode 100644 index 0000000..6aa0126 --- /dev/null +++ b/terraform/azure/modules/vnet/variables.tf @@ -0,0 +1,93 @@ +variable "vnet_name" { + description = "Name of the Azure Virtual Network" + default = "testvnet" + type = string +} + +variable "address_space" { + description = "Address space for the Azure Virtual Network" + default = ["10.0.0.0/16"] + type = list(string) +} + +variable "location" { + description = "Azure region where the resources will be created" + default = "us-east-1" + type = string +} + +variable "resource_group_name" { + description = "Name of the Azure Resource Group" + default = "testrg" + type = string +} + +variable "subnet_names" { + description = "Names of the subnets" + default = ["testsubnet"] + type = list(string) +} + +variable "subnet_address_prefixes" { + description = "Address prefixes for the subnets" + default = ["10.0.1.0/24"] + type = list(string) +} + +variable "nsg_name" { + description = "Name of Security group" + default = "testnsg" + type = string +} + +variable "inbound_rules" { + description = "A map of inbound security rules" + default = { + rule1 = { + name = "inbound_rule1" + priority = 100 + access = "Allow" + protocol = "TCP" + source_port_range = "*" + destination_port_range = "80" + source_address_prefix = "1.2.3.4" + destination_address_prefix = "10.0.1.0/24" + } + } + type = map(object({ + name = string + priority = number + access = string + protocol = string + source_port_range = string + destination_port_range = string + source_address_prefix = string + destination_address_prefix = string + })) +} + +variable "outbound_rules" { + description = "A map of outbound security rules" + default = { + rule1 = { + name = "outbound_rule1" + priority = 100 + access = "Allow" + protocol = "TCP" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "10.0.1.0/24" + destination_address_prefix = "5.6.7.8" + } + } + type = map(object({ + name = string + priority = number + access = string + protocol = string + source_port_range = string + destination_port_range = string + source_address_prefix = string + destination_address_prefix = string + })) +} diff --git a/terraform/azure/modules/vnet/vnet.tf b/terraform/azure/modules/vnet/vnet.tf new file mode 100644 index 0000000..18363c8 --- /dev/null +++ b/terraform/azure/modules/vnet/vnet.tf @@ -0,0 +1,86 @@ +#To create resource group +resource "azurerm_resource_group" "resourcegroup" { + name = var.resource_group_name + location = var.location + + tags = { + Name = var.resource_group_name + Environment = "${local.environment}" + } +} + +#To create virtual network +resource "azurerm_virtual_network" "Vnet" { + name = var.vnet_name + address_space = var.address_space + location = var.location + resource_group_name = azurerm_resource_group.resourcegroup.name + + tags = { + Name = var.vnet_name + Environment = "${local.environment}" + } +} + +#To create subnets +resource "azurerm_subnet" "subnets" { + count = length(var.subnet_names) + name = var.subnet_names[count.index] + resource_group_name = azurerm_resource_group.resourcegroup.name + virtual_network_name = azurerm_virtual_network.Vnet.name + address_prefixes = [var.subnet_address_prefixes[count.index]] + } + +#To create network security group +resource "azurerm_network_security_group" "default_nsg" { + name = var.nsg_name + location = var.location + resource_group_name = azurerm_resource_group.resourcegroup.name + + tags = { + Name = var.nsg_name + Environment = "${local.environment}" + } +} + +#To add inbound rules +resource "azurerm_network_security_rule" "inbound" { + for_each = var.inbound_rules + + name = each.value.name + priority = each.value.priority + direction = "Inbound" + access = each.value.access + protocol = each.value.protocol + source_port_range = each.value.source_port_range + destination_port_range = each.value.destination_port_range + source_address_prefix = each.value.source_address_prefix + destination_address_prefix = each.value.destination_address_prefix + resource_group_name = azurerm_resource_group.resourcegroup.name + network_security_group_name = azurerm_network_security_group.default_nsg.name +} + +#To add outbound rules +resource "azurerm_network_security_rule" "outbound" { + for_each = var.outbound_rules + + name = each.value.name + priority = each.value.priority + direction = "Outbound" + access = each.value.access + protocol = each.value.protocol + source_port_range = each.value.source_port_range + destination_port_range = each.value.destination_port_range + source_address_prefix = each.value.source_address_prefix + destination_address_prefix = each.value.destination_address_prefix + resource_group_name = azurerm_resource_group.resourcegroup.name + network_security_group_name = azurerm_network_security_group.default_nsg.name +} + +#To create network security group association +resource "azurerm_subnet_network_security_group_association" "nsg_association" { + count = length(azurerm_subnet.subnets) + subnet_id = azurerm_subnet.subnets[count.index].id + network_security_group_id = azurerm_network_security_group.default_nsg.id +} +