This Terraform module deploys a Virtual Network in Azure with a subnet or a set of subnets passed in as input parameters.
The module does not create nor expose a security group. You could use https://github.com/Azure/terraform-azurerm-vnet to assign network security group to the subnets.
In v5.0.0, we would make var.use_for_each a required variable so the users must set the value explicitly. For whom are maintaining the existing infrastructure that was created with count should use false, for those who are creating a new stack, we encourage them to use true.
V5.0.0 is a major version upgrade. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident.
Running the terraform plan first to inspect the plan is strongly advised.
We've added a CI pipeline for this module to speed up our code review and to enforce a high code quality standard, if you want to contribute by submitting a pull request, please read Pre-Commit & Pr-Check & Test section, or your pull request might be rejected by CI pipeline.
A pull request will be reviewed when it has passed Pre Pull Request Check in the pipeline, and will be merged when it has passed the acceptance tests. Once the ci Pipeline failed, please read the pipeline's output, thanks for your cooperation.
V4.0.0 is a major version upgrade. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident.
Running the terraform plan first to inspect the plan is strongly advised.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "my-resources"
location = "West Europe"
}
module "network" {
source = "Azure/network/azurerm"
resource_group_name = azurerm_resource_group.example.name
address_spaces = ["10.0.0.0/16", "10.2.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]
subnet_service_endpoints = {
"subnet1" : ["Microsoft.Sql"],
"subnet2" : ["Microsoft.Sql"],
"subnet3" : ["Microsoft.Sql"]
}
use_for_each = true
tags = {
environment = "dev"
costcenter = "it"
}
depends_on = [azurerm_resource_group.example]
}We're using BridgeCrew Yor and yorbox to help manage tags consistently across infrastructure as code (IaC) frameworks. In this module you might see tags like:
resource "azurerm_resource_group" "rg" {
location = "eastus"
name = random_pet.name
tags = merge(var.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
avm_git_commit = "3077cc6d0b70e29b6e106b3ab98cee6740c916f6"
avm_git_file = "main.tf"
avm_git_last_modified_at = "2023-05-05 08:57:54"
avm_git_org = "lonegunmanb"
avm_git_repo = "terraform-yor-tag-test-module"
avm_yor_trace = "a0425718-c57d-401c-a7d5-f3d88b2551a4"
} /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))
}To enable tracing tags, set the variable to true:
module "example" {
source = <module_source>
...
tracing_tags_enabled = true
}The tracing_tags_enabled is default to false.
To customize the prefix for your tracing tags, set the tracing_tags_prefix variable value in your Terraform configuration:
module "example" {
source = <module_source>
...
tracing_tags_prefix = "custom_prefix_"
}The actual applied tags would be:
{
custom_prefix_git_commit = "3077cc6d0b70e29b6e106b3ab98cee6740c916f6"
custom_prefix_git_file = "main.tf"
custom_prefix_git_last_modified_at = "2023-05-05 08:57:54"
custom_prefix_git_org = "lonegunmanb"
custom_prefix_git_repo = "terraform-yor-tag-test-module"
custom_prefix_yor_trace = "a0425718-c57d-401c-a7d5-f3d88b2551a4"
}
Thanks for your contribution! This module was created before Terraform introduce for_each, and according to the document:
If your instances are almost identical,
countis appropriate. If some of their arguments need distinct values that can't be directly derived from an integer, it's safer to usefor_each.
This module contains resources with count meta-argument, but if we change count to for_each directly, it would require heavily manually state move operations with extremely caution, or the users who are maintaining existing infrastructure would face potential breaking change.
This module replicated a new azurerm_subnet which used for_each, and we provide a new toggle variable named use_for_each, this toggle is a switcher between count set and for_each set. Now user can set var.use_for_each to true to use for_each, and users who're maintaining existing resources could keep this toggle false to avoid potential breaking change. If you'd like to make changes to subnet resource, make sure that you've change both resource blocks. Thanks for your cooperation.
We assumed that you have setup service principal's credentials in your environment variables like below:
export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"On Windows Powershell:
$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest
To run the pre-commit task, we can run the following command:
$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commitOn Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commitIn pre-commit task, we will:
- Run
terraform fmt -recursivecommand for your Terraform code. - Run
terrafmt fmt -fcommand for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted. - Run
go mod tidyandgo mod vendorfor test folder to ensure that all the dependencies have been synced. - Run
gofmtfor all go code files. - Run
gofumptfor all go code files. - Run
terraform-docsonREADME.mdfile, then runmarkdown-table-formatterto format markdown tables inREADME.md.
Then we can run the pr-check task to check whether our code meets our pipeline's requirement(We strongly recommend you run the following command before you commit):
$ docker run --rm -v $(pwd):/src -w /src -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-checkOn Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-checkTo run the e2e-test, we can run the following command:
docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
Originally created by Eugene Chuvyrov
| Name | Version |
|---|---|
| terraform | >= 1.3 |
| azurerm | >= 3.0, < 4.0 |
| Name | Version |
|---|---|
| azurerm | >= 3.0, < 4.0 |
No modules.
| Name | Type |
|---|---|
| azurerm_subnet.subnet_count | resource |
| azurerm_subnet.subnet_for_each | resource |
| azurerm_virtual_network.vnet | resource |
| azurerm_resource_group.network | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| address_space | The address space that is used by the virtual network. | string |
"10.0.0.0/16" |
no |
| address_spaces | The list of the address spaces that is used by the virtual network. | list(string) |
[] |
no |
| dns_servers | The DNS servers to be used with vNet. | list(string) |
[] |
no |
| resource_group_location | The location/region where the virtual network is created. Changing this forces a new resource to be created. | string |
null |
no |
| resource_group_name | The name of an existing resource group to be imported. | string |
n/a | yes |
| subnet_delegation | service_delegation blocks for azurerm_subnet resource, subnet names as keys, list of delegation blocks as value, more details about delegation block could be found at the document. |
map(list(object({ |
{} |
no |
| subnet_enforce_private_link_endpoint_network_policies | A map with key (string) subnet name, value (bool) true or false to indicate enable or disable network policies for the private link endpoint on the subnet. Default value is false. |
map(bool) |
{} |
no |
| subnet_names | A list of public subnets inside the vNet. | list(string) |
[ |
no |
| subnet_prefixes | The address prefix to use for the subnet. | list(string) |
[ |
no |
| subnet_service_endpoints | A map with key (string) subnet name, value (list(string)) to indicate enabled service endpoints on the subnet. Default value is []. |
map(list(string)) |
{} |
no |
| tags | The tags to associate with your network and subnets. | map(string) |
{ |
no |
| tracing_tags_enabled | Whether enable tracing tags that generated by BridgeCrew Yor. | bool |
false |
no |
| tracing_tags_prefix | Default prefix for generated tracing tags | string |
"avm_" |
no |
| use_for_each | Use for_each instead of count to create multiple resource instances. |
bool |
n/a | yes |
| vnet_name | Name of the vnet to create. | string |
"acctvnet" |
no |
| Name | Description |
|---|---|
| vnet_address_space | The address space of the newly created vNet |
| vnet_id | The id of the newly created vNet |
| vnet_location | The location of the newly created vNet |
| vnet_name | The name of the newly created vNet |
| vnet_subnets | The ids of subnets created inside the newly created vNet |