diff --git a/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.input.tf b/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.input.tf new file mode 100644 index 0000000..fd248be --- /dev/null +++ b/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.input.tf @@ -0,0 +1,25 @@ +variable "resource_group_name" { + type = string + description = "Azure resource group name" +} + +variable "location" { + type = string + description = "Resource location (eastus / northeurope)" +} + +variable "shortname" { + type = string + description = "Short name of the resource's location (use / eun)" +} + +variable "zones" { + type = list(string) + description = "Short name of the resource's location (use / eun)" + default = ["1", "2", "3"] +} + +variable "network_interfaces" { + type = list(string) + description = "list of network interfaces to associate with the deployed network" +} \ No newline at end of file diff --git a/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.output.tf b/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.output.tf new file mode 100644 index 0000000..4065c14 --- /dev/null +++ b/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.output.tf @@ -0,0 +1,10 @@ +output "all" { + value = { + lb = azurerm_lb.lb + be_pool = azurerm_lb_backend_address_pool.be_pool + nsg = azurerm_network_security_group.vm-nsg + xref = azurerm_network_interface_backend_address_pool_association.be-pool-xref + vm_nsg_assoc = azurerm_network_interface_security_group_association.vm_nsg_assoc + ssh = azurerm_network_security_rule.nsrule-allow-ssh + } +} diff --git a/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.plan.tf b/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.plan.tf new file mode 100644 index 0000000..6cc1043 --- /dev/null +++ b/src/ASSIGNMENT-03/_tf/modules/deployed_net/network.plan.tf @@ -0,0 +1,51 @@ +resource "azurerm_lb" "lb" { + location = var.location + name = "${var.shortname}-lb" + resource_group_name = var.resource_group_name + sku = "Standard" + frontend_ip_configuration { + name = "${var.shortname}-fe-ip-conf" + } +} + +resource "azurerm_lb_backend_address_pool" "be_pool" { + loadbalancer_id = azurerm_lb.lb.id + name = "${var.shortname}-be-pool" +} + +resource "azurerm_network_security_group" "vm-nsg" { + location = var.location + name = "${var.location}-nsg" + resource_group_name = var.resource_group_name +} + +resource "azurerm_network_interface_backend_address_pool_association" "be-pool-xref" { + for_each = { for k, v in var.network_interfaces: k => v } + + network_interface_id = each.value + backend_address_pool_id = azurerm_lb_backend_address_pool.be_pool.id + ip_configuration_name = "ipconfig1" # each.value.host. +} + +resource "azurerm_network_interface_security_group_association" "vm_nsg_assoc" { + for_each = { for k, v in var.network_interfaces: k => v } + + network_interface_id = each.value + network_security_group_id = azurerm_network_security_group.vm-nsg.id +} + +resource "azurerm_network_security_rule" "nsrule-allow-ssh" { + for_each = { for k, v in azurerm_network_interface_security_group_association.vm_nsg_assoc: k => v } + + access = "Allow" + destination_address_prefix = "*" + destination_port_range = "22" + direction = "Inbound" + name = "SSH-${each.key}" + network_security_group_name = each.key + priority = 300 + protocol = "Tcp" + resource_group_name = var.resource_group_name + source_address_prefix = "*" + source_port_range = "*" +} \ No newline at end of file diff --git a/src/ASSIGNMENT-03/_tf/plan.tf b/src/ASSIGNMENT-03/_tf/plan.tf index 61c2ffe..6be2772 100644 --- a/src/ASSIGNMENT-03/_tf/plan.tf +++ b/src/ASSIGNMENT-03/_tf/plan.tf @@ -60,6 +60,19 @@ module "deployed_host" { local_subnet_cidr = each.value.subnet_cidr } +module "deployed_network" { + source = "./modules/deployed_net" + + for_each = local.locations + + resource_group_name = local.resource_group_name + location = each.key + shortname = each.value.shortname + network_interfaces = [for h in module.deployed_host : + h.resources.nic.id if h.resources.host.location == each.key + ] +} + # output "debug" { # value = [ for o in module.deployed_host : o.resources.host.name ] # }