Skip to content

README.md

Latest commit

 

History

History
93 lines (71 loc) · 5.81 KB

README.md

File metadata and controls

93 lines (71 loc) · 5.81 KB

Azure VNET Module

Reusable Terraform module for provisioning an Azure Virtual Network with subnets, Network Security Groups, and optional DDoS protection.

Features

  • Configurable address space and DNS servers
  • Dynamic subnet creation with per-subnet NSG rules
  • Service endpoint support per subnet
  • Subnet delegation support (e.g., for App Service, Container Instances)
  • Optional DDoS Protection Plan
  • Consistent tagging across all resources

Documentation

This README is auto-generated using terraform-docs. Run make docs or terraform-docs markdown table modules/vnet --output-file README.md --output-mode inject to regenerate.

Usage

module "vnet" {
  source = "../../modules/vnet"

  vnet_name           = "my-vnet"
  resource_group_name = "my-rg"
  location            = "eastus"
  address_space       = ["10.0.0.0/16"]

  subnets = {
    web = {
      address_prefixes = ["10.0.1.0/24"]
      nsg_rules        = []
    }
  }

  tags = {
    environment = "dev"
  }
}

Requirements

Name Version
terraform >= 1.5.0
azurerm >= 3.80.0, < 5.0.0

Providers

Name Version
azurerm >= 3.80.0, < 5.0.0

Resources

Name Type
azurerm_network_ddos_protection_plan.this resource
azurerm_network_security_group.this resource
azurerm_subnet.this resource
azurerm_subnet_network_security_group_association.this resource
azurerm_virtual_network.this resource

Inputs

Name Description Type Default Required
address_space List of address spaces (CIDR blocks) for the VNET. list(string) n/a yes
location Azure region for the VNET (e.g., eastus, westeurope). string n/a yes
resource_group_name Name of the resource group where the VNET will be created. string n/a yes
vnet_name Name of the Virtual Network. string n/a yes
dns_servers Custom DNS servers for the VNET. Empty list uses Azure-provided DNS. list(string) [] no
enable_ddos_protection Enable DDoS Protection Plan for the VNET. Incurs additional cost. bool false no
subnets Map of subnet configurations. Each subnet supports:
- address_prefixes: list of CIDR blocks
- nsg_rules: optional list of NSG rules (priority, direction, access, protocol, source/dest port ranges, source/dest address prefixes)
- service_endpoints: optional list of service endpoints (e.g., Microsoft.Storage)
- delegation: optional service delegation block		 
map(object({
    address_prefixes  = list(string)
    service_endpoints = optional(list(string), [])
    delegation = optional(object({
      name = string
      service_delegation = object({
        name    = string
        actions = list(string)
      })
    }), null)
    nsg_rules = optional(list(object({
      name                       = string
      priority                   = number
      direction                  = string
      access                     = string
      protocol                   = string
      source_port_range          = string
      destination_port_range     = string
      source_address_prefix      = string
      destination_address_prefix = string
    })), [])
  }))
 {} no
tags Map of tags to apply to all resources created by this module. map(string) {} no

Outputs

Name Description
ddos_protection_plan_id The ID of the DDoS Protection Plan, if enabled.
nsg_ids Map of subnet names to their NSG IDs. Useful for adding additional rules or diagnostics.
subnet_address_prefixes Map of subnet names to their address prefixes.
subnet_ids Map of subnet names to their IDs. Used to attach VMs, private endpoints, and other resources to specific subnets.
vnet_address_space The address space of the Virtual Network.
vnet_id The ID of the Virtual Network. Used to reference the VNET in peering, private endpoints, and other resources.
vnet_name The name of the Virtual Network.