Refactor hub & spoke into separate modules

.gitignore

@@ -1,6 +1,10 @@
+# ignore lock and tf subdirs everywhere
+.terraform.lock.hcl
+.terraform/
+
 /terraform/azure.conf
 /terraform/out.plan
-/terraform/.terraform.lock.hcl
-/terraform/.terraform/
 /terraform/terraform.tfvars
 .talismanrc
+.*.sw?
+

terraform/example.auto.tfvars

@@ -0,0 +1,2 @@
+vm_user_ssh        = "ssh-rsa ....."
+allowed_ip_address = "1.2.3.4"

terraform/hub/dns.tf

@@ -0,0 +1,17 @@
+
+resource "azurerm_private_dns_zone_virtual_network_link" "hub_vnet_dns" {
+  name                  = "hub-vnet-dns"
+  resource_group_name   = azurerm_resource_group.hub_rg.name
+  private_dns_zone_name = var.dns_zone_name
+  virtual_network_id    = azurerm_virtual_network.hub_vnet.id
+}
+
+resource "azurerm_private_dns_a_record" "hub-vm-dns" {
+  name                = "hub-vm"
+  zone_name           = var.dns_zone_name
+  resource_group_name = azurerm_resource_group.hub_rg.name
+  ttl                 = 300
+  records             = [azurerm_linux_virtual_machine.hub-vm.private_ip_address]
+}
+
+

terraform/hub/gateway.tf

@@ -0,0 +1,50 @@
+## Please be aware that provisioning a Virtual Network Gateway takes a long time (between 30 minutes and 1 hour)
+#
+#resource "azurerm_virtual_network_gateway" "hub-vnet-gateway" {
+#  name                = "hub-vpn-gateway1"
+#  location            = azurerm_resource_group.hub_rg.location
+#  resource_group_name = azurerm_resource_group.hub_rg.name
+#
+#  type     = "Vpn"
+#  vpn_type = "RouteBased"
+#
+#  active_active = false
+#  enable_bgp    = false
+#  sku           = "VpnGw1"
+#
+#  ip_configuration {
+#    name                          = "vnetGatewayConfig"
+#    public_ip_address_id          = azurerm_public_ip.hub_pip.id
+#    private_ip_address_allocation = "Dynamic"
+#    subnet_id                     = azurerm_subnet.hub-vnet-subnet.id
+#  }
+#  depends_on = [azurerm_public_ip.hub_pip]
+#}
+#
+#resource "azurerm_virtual_network_gateway_connection" "hub-onprem-conn" {
+#  name                = "hub-onprem-conn"
+#  location            = azurerm_resource_group.hub_rg.location
+#  resource_group_name = azurerm_resource_group.hub_rg.name
+#
+#  type           = "Vnet2Vnet"
+#  routing_weight = 1
+#
+#  virtual_network_gateway_id      = azurerm_virtual_network_gateway.hub-vnet-gateway.id
+#  peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id
+#
+#  shared_key = local.shared-key
+#}
+#
+#resource "azurerm_virtual_network_gateway_connection" "onprem-hub-conn" {
+#  name                = "onprem-hub-conn"
+#  location            = azurerm_resource_group.onprem-vnet-rg.location
+#  resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
+#  type                            = "Vnet2Vnet"
+#  routing_weight = 1
+#  virtual_network_gateway_id      = azurerm_virtual_network_gateway.onprem-vpn-gateway.id
+#  peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id
+#
+#  shared_key = local.shared-key
+#}
+
+

terraform/hub/outputs.tf

@@ -0,0 +1,11 @@
+output "rg_name" {
+  value = azurerm_resource_group.hub_rg.name
+  }
+#  hub_vnet_id = module.hub.vnet_id
+
+output "vnet_id" {
+  value = azurerm_virtual_network.hub_vnet.id
+}
+output "vnet_name" {
+  value = azurerm_virtual_network.hub_vnet.name
+}

terraform/hub/rg.tf

@@ -0,0 +1,13 @@
+resource "azurerm_resource_group" "hub_rg" {
+  name     = join("-", [local.full_rg_name, "hub"])
+  location = var.location
+
+  tags = {
+    Environment     = terraform.workspace
+    Owner           = var.tag_owner
+    ApplicationName = var.tag_application_name
+    CostCenter      = var.tag_costcenter
+    DR              = var.tag_dr
+  }
+}
+

terraform/hub/variables.tf

@@ -0,0 +1,54 @@
+#############################################################################
+# GENERAL VARIABLES
+#############################################################################
+
+variable "location" {
+  type    = string
+  default = "West Europe"
+}
+
+variable "resource_group_name" {
+  type    = string
+  default = "rg-vnetdemo-kstjj-001"
+}
+locals {
+  full_rg_name = join("-", [terraform.workspace, var.resource_group_name])
+}
+
+#############################################################################
+# SPECIFIC VARIABLES
+#############################################################################
+
+variable "spoke_count" {
+  default = 2
+}
+
+variable "dns_zone_name" {}
+
+variable "vm_user_ssh" {}
+
+variable "allowed_ip_address" {}
+
+#############################################################################
+# TAGS
+#
+# tag_environment = terraform.workspace
+#
+#############################################################################
+
+variable "tag_owner" {
+  default = "[email protected]"
+}
+
+variable "tag_application_name" {
+  default = "vnetdemo"
+}
+
+variable "tag_costcenter" {
+  default = "jj"
+}
+variable "tag_dr" {
+  default = "essential"
+}
+
+

terraform/hub/vm.tf

@@ -0,0 +1,39 @@
+resource "azurerm_linux_virtual_machine" "hub-vm" {
+  name                  = "hub-vm"
+  location              = azurerm_resource_group.hub_rg.location
+  resource_group_name   = azurerm_resource_group.hub_rg.name
+  network_interface_ids = [azurerm_network_interface.hub-nic.id]
+  size                  = "Standard_B1ls" # smallest you can get, linux only: https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable
+
+  os_disk {
+    name                 = "myOsDisk"
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "18.04-LTS"
+    version   = "latest"
+  }
+
+  computer_name                   = "hub-vm"
+  admin_username                  = "azureuser"
+  disable_password_authentication = true
+
+  admin_ssh_key {
+    username   = "azureuser"
+    public_key = var.vm_user_ssh
+  }
+
+  tags = {
+    Environment     = terraform.workspace
+    Owner           = var.tag_owner
+    ApplicationName = var.tag_application_name
+    CostCenter      = var.tag_costcenter
+    DR              = var.tag_dr
+  }
+
+}
+

terraform/hub/vnet.tf

@@ -0,0 +1,95 @@
+resource "azurerm_public_ip" "hub_pip" {
+  name                = "hub-pip"
+  location            = azurerm_resource_group.hub_rg.location
+  resource_group_name = azurerm_resource_group.hub_rg.name
+  allocation_method   = "Dynamic"
+
+  tags = {
+    Environment     = terraform.workspace
+    Owner           = var.tag_owner
+    ApplicationName = var.tag_application_name
+    CostCenter      = var.tag_costcenter
+    DR              = var.tag_dr
+  }
+}
+
+
+resource "azurerm_network_security_group" "hub_nsg" {
+  name                = "hub-nsg"
+  location            = azurerm_resource_group.hub_rg.location
+  resource_group_name = azurerm_resource_group.hub_rg.name
+
+  security_rule {
+    name                       = "ssh"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = var.allowed_ip_address
+    destination_address_prefix = "*"
+  }
+
+  tags = {
+    Environment     = terraform.workspace
+    Owner           = var.tag_owner
+    ApplicationName = var.tag_application_name
+    CostCenter      = var.tag_costcenter
+    DR              = var.tag_dr
+  }
+}
+
+
+resource "azurerm_virtual_network" "hub_vnet" {
+  name                = join("-", [local.full_rg_name, "hub"])
+  location            = azurerm_resource_group.hub_rg.location
+  resource_group_name = azurerm_resource_group.hub_rg.name
+  address_space       = ["10.0.0.0/16"]
+
+  tags = {
+    Environment     = terraform.workspace
+    Owner           = var.tag_owner
+    ApplicationName = var.tag_application_name
+    CostCenter      = var.tag_costcenter
+    DR              = var.tag_dr
+  }
+}
+
+
+resource "azurerm_subnet" "hub_vnet_subnet" {
+  name                 = join("-", [local.full_rg_name, "hub", "subnet"])
+  resource_group_name  = azurerm_resource_group.hub_rg.name
+  virtual_network_name = azurerm_virtual_network.hub_vnet.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_subnet_network_security_group_association" "subnet1internal" {
+  subnet_id                 = azurerm_subnet.hub_vnet_subnet.id
+  network_security_group_id = azurerm_network_security_group.hub_nsg.id
+  depends_on                = [azurerm_subnet.hub_vnet_subnet, azurerm_network_security_group.hub_nsg]
+}
+
+resource "azurerm_network_interface" "hub-nic" {
+  name                 = join("-", [local.full_rg_name, "hub", "nic"])
+  location             = azurerm_resource_group.hub_rg.location
+  resource_group_name  = azurerm_resource_group.hub_rg.name
+  enable_ip_forwarding = true
+
+  ip_configuration {
+    name                          = "hub-ip"
+    subnet_id                     = azurerm_subnet.hub_vnet_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.hub_pip.id
+  }
+
+  tags = {
+    Environment     = terraform.workspace
+    Owner           = var.tag_owner
+    ApplicationName = var.tag_application_name
+    CostCenter      = var.tag_costcenter
+    DR              = var.tag_dr
+  }
+}
+
+