Skip to content

Commit

Permalink
Add private endpoints and update versions
Browse files Browse the repository at this point in the history
  • Loading branch information
@Utesgui
Utesgui authored May 7, 2024
1 parent 348f6ba commit 2428e05
Show file tree
Hide file tree
Showing 5 changed files with 171 additions and 12 deletions.
6 changes: 5 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.28.0"
version = ">= 3.102.0"
}
}
backend "local" {}
Expand Down Expand Up @@ -108,6 +108,10 @@ module "scepman" {
| <a name="input_law_name"></a> [law\_name](#input\_law\_name) | Name of the Log Analytics Workspace | `string` | n/a | yes |
| <a name="input_law_resource_group"></a> [law\_resource\_group](#input\_law\_resource\_group) | Resource Group of existing Log Analytics Workspace | `string` | `null` | no |
| <a name="input_key_vault_name"></a> [key\_vault\_name](#input\_key\_vault\_name) | Name of the key vault | `string` | n/a | yes |
| <a name="input_vnet_name"></a> [vnet\_name](#input\_vnet\_name) | Name of VNET created for internal communication | `string` | vnet-scepman | no |
| <a name="input_vnet_address_space"></a> [vnet\_address\_space](#input\_vnet\_address\_space) | Address-Space of the VNET | `list(any)` | ["10.255.255.0/24"] | no |
| <a name="input_subnet_appservices_name"></a> [subnet\_appservices\_name](#input\_subnet\_appservices\_name) | Name of the subnet created for integrating the App Services | `string` | snet-scepman-appservices | no |
| <a name="input_subnet_endpoints_name"></a> [subnet\_endpoints\_name](#input\_subnet\_endpoints\_name) | Name of the subnet created for the other endpoints | `string` | snet-scepman-endpoints | no |
| <a name="input_location"></a> [location](#input\_location) | Azure Region where the resources should be created | `string` | n/a | yes |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group | `string` | n/a | yes |
| <a name="input_service_plan_name"></a> [service\_plan\_name](#input\_service\_plan\_name) | Name of the service plan | `string` | n/a | yes |
Expand Down
2 changes: 1 addition & 1 deletion examples/advanced/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.69.0"
version = ">= 3.102.0"
}
}
backend "local" {}
Expand Down
24 changes: 24 additions & 0 deletions examples/advanced/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,30 @@ variable "key_vault_name" {
description = "Name of the key vault"
}

variable "vnet_name" {
type = string
default = "vnet-scepman"
description = "Name of the VNET created for internal communication"
}

variable "vnet_address_space" {
type = list(any)
default = ["10.255.255.0/24"]
description = "Address-Space of the VNET"
}

variable "subnet_appservices_name" {
type = string
default = "snet-scepman-appservices"
description = "Name of the subnet created for integrating the App Services"
}

variable "subnet_endpoints_name" {
type = string
default = "snet-scepman-endpoints"
description = "Name of the subnet created for the other endpoints"
}

variable "tags" {
type = map(string)
default = {}
Expand Down
127 changes: 117 additions & 10 deletions main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,110 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
source = "hashicorp/azurerm"
version = ">= 3.102.0"
}
}
required_version = ">= 1.3"
}

data "azurerm_client_config" "current" {}

# vnet and subnet for internal communication
resource "azurerm_virtual_network" "vnet-scepman" {
name = var.vnet_name
resource_group_name = var.resource_group_name
location = var.location
address_space = var.vnet_address_space
}

resource "azurerm_subnet" "subnet-endpoints" {
name = var.subnet_endpoints_name
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet-scepman.name
address_prefixes = [cidrsubnet(var.vnet_address_space[0], 1, 1)]
}

resource "azurerm_subnet" "subnet-appservices" {
name = var.subnet_appservices_name
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet-scepman.name
address_prefixes = [cidrsubnet(var.vnet_address_space[0], 1, 0)]
delegation {
name = "delegation"
service_delegation {
actions = ["Microsoft.Network/virtualNetworks/subnets/action", ]
name = "Microsoft.Web/serverFarms"
}
}
}

resource "azurerm_private_dns_zone" "dnsprivatezone-kv" {
name = "privatelink.vaultcore.azure.net"
resource_group_name = var.resource_group_name
}

resource "azurerm_private_dns_zone_virtual_network_link" "dnszonelink-kv" {
name = "dnszonelink-kv"
resource_group_name = var.resource_group_name
private_dns_zone_name = azurerm_private_dns_zone.dnsprivatezone-kv.name
virtual_network_id = azurerm_virtual_network.vnet-scepman.id
}

resource "azurerm_private_dns_zone" "dnsprivatezone-sts" {
name = "privatelink.table.core.windows.net"
resource_group_name = var.resource_group_name
}

resource "azurerm_private_dns_zone_virtual_network_link" "dnszonelink-sts" {
name = "dnszonelink-sts"
resource_group_name = var.resource_group_name
private_dns_zone_name = azurerm_private_dns_zone.dnsprivatezone-sts.name
virtual_network_id = azurerm_virtual_network.vnet-scepman.id
}

# Storage Account

resource "azurerm_storage_account" "storage" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location

public_network_access_enabled = true

network_rules {
default_action = "Deny"
ip_rules = []
virtual_network_subnet_ids = []
bypass = ["None"]
}

account_tier = "Standard"
account_replication_type = "LRS"

tags = var.tags
}

# Private Endpoint for Storage Account
resource "azurerm_private_endpoint" "storage_pe" {
name = "pep-sts-scepman"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = azurerm_subnet.subnet-endpoints.id

private_dns_zone_group {
name = "privatednszonegroup"
private_dns_zone_ids = [azurerm_private_dns_zone.dnsprivatezone-sts.id]
}

private_service_connection {
name = "storageconnection"
private_connection_resource_id = azurerm_storage_account.storage.id
subresource_names = ["table"]
is_manual_connection = false
}
}

# Key Vault

resource "azurerm_key_vault" "vault" {
Expand All @@ -37,12 +120,34 @@ resource "azurerm_key_vault" "vault" {
enabled_for_deployment = false
enabled_for_template_deployment = false

public_network_access_enabled = false

soft_delete_retention_days = 7
purge_protection_enabled = true

tags = var.tags
}

# Private Endpoint for Key Vault
resource "azurerm_private_endpoint" "key_vault_pe" {
name = "pep-kv-scepman"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = azurerm_subnet.subnet-endpoints.id

private_dns_zone_group {
name = "privatednszonegroup"
private_dns_zone_ids = [azurerm_private_dns_zone.dnsprivatezone-kv.id]
}

private_service_connection {
name = "keyvaultconnection"
private_connection_resource_id = azurerm_key_vault.vault.id
subresource_names = ["vault"]
is_manual_connection = false
}
}


# Log Analytics Workspace

Expand Down Expand Up @@ -162,10 +267,11 @@ locals {
}

resource "azurerm_windows_web_app" "app" {
name = var.app_service_name_primary
resource_group_name = var.resource_group_name
location = var.location
https_only = false
name = var.app_service_name_primary
resource_group_name = var.resource_group_name
location = var.location
https_only = false
virtual_network_subnet_id = azurerm_subnet.subnet-appservices.id

service_plan_id = local.service_plan_resource_id

Expand All @@ -178,7 +284,7 @@ resource "azurerm_windows_web_app" "app" {
use_32_bit_worker = false
application_stack {
current_stack = "dotnet"
dotnet_version = "v6.0"
dotnet_version = "v8.0"
}
}

Expand Down Expand Up @@ -258,9 +364,10 @@ locals {
}

resource "azurerm_windows_web_app" "app_cm" {
name = var.app_service_name_certificate_master
resource_group_name = var.resource_group_name
location = var.location
name = var.app_service_name_certificate_master
resource_group_name = var.resource_group_name
location = var.location
virtual_network_subnet_id = azurerm_subnet.subnet-appservices.id

service_plan_id = local.service_plan_resource_id

Expand All @@ -273,7 +380,7 @@ resource "azurerm_windows_web_app" "app_cm" {
use_32_bit_worker = false
application_stack {
current_stack = "dotnet"
dotnet_version = "v6.0"
dotnet_version = "v8.0"
}
}

Expand Down
24 changes: 24 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,30 @@ variable "key_vault_name" {
description = "Name of the key vault"
}

variable "vnet_name" {
type = string
default = "vnet-scepman"
description = "Name of the VNET created for internal communication"
}

variable "vnet_address_space" {
type = list(any)
default = ["10.255.255.0/24"]
description = "Address-Space of the VNET"
}

variable "subnet_appservices_name" {
type = string
default = "snet-scepman-appservices"
description = "Name of the subnet created for integrating the App Services"
}

variable "subnet_endpoints_name" {
type = string
default = "snet-scepman-endpoints"
description = "Name of the subnet created for the other endpoints"
}

variable "tags" {
type = map(string)
default = {}
Expand Down

0 comments on commit 2428e05

Please sign in to comment.