-
-
Notifications
You must be signed in to change notification settings - Fork 16
/
main.tf
75 lines (67 loc) · 3.18 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#----------------------------------------------------------
# Resource Group, VNet, Subnet selection & Random Resources
#----------------------------------------------------------
data "azurerm_resource_group" "rg" {
name = var.resource_group_name
}
data "azurerm_virtual_network" "vnet" {
name = var.virtual_network_name
resource_group_name = data.azurerm_resource_group.rg.name
}
resource "random_string" "str" {
length = 6
special = false
upper = false
keepers = {
domain_name_label = var.azure_bastion_service_name
}
}
#-----------------------------------------------------------------------
# Subnets Creation for Azure Bastion Service - at least /27 or larger.
#-----------------------------------------------------------------------
resource "azurerm_subnet" "abs_snet" {
count = var.azure_bastion_subnet_address_prefix != null ? 1 : 0
name = "AzureBastionSubnet"
resource_group_name = data.azurerm_resource_group.rg.name
virtual_network_name = data.azurerm_virtual_network.vnet.name
address_prefixes = var.azure_bastion_subnet_address_prefix
}
#---------------------------------------------
# Public IP for Azure Bastion Service
#---------------------------------------------
resource "azurerm_public_ip" "pip" {
name = lower("${var.azure_bastion_service_name}-${data.azurerm_resource_group.rg.location}-pip")
location = data.azurerm_resource_group.rg.location
resource_group_name = data.azurerm_resource_group.rg.name
allocation_method = var.public_ip_allocation_method
sku = var.public_ip_sku
domain_name_label = var.domain_name_label != null ? var.domain_name_label : format("gw%s%s", lower(replace(var.azure_bastion_service_name, "/[[:^alnum:]]/", "")), random_string.str.result)
tags = merge({ "ResourceName" = lower("${var.azure_bastion_service_name}-${data.azurerm_resource_group.rg.location}-pip") }, var.tags, )
lifecycle {
ignore_changes = [
tags,
ip_tags,
]
}
}
#---------------------------------------------
# Azure Bastion Service host
#---------------------------------------------
resource "azurerm_bastion_host" "main" {
name = lower(var.azure_bastion_service_name)
location = data.azurerm_resource_group.rg.location
resource_group_name = data.azurerm_resource_group.rg.name
copy_paste_enabled = var.enable_copy_paste
file_copy_enabled = var.bastion_host_sku == "Standard" ? var.enable_file_copy : null
sku = var.bastion_host_sku
ip_connect_enabled = var.enable_ip_connect
scale_units = var.bastion_host_sku == "Standard" ? var.scale_units : 2
shareable_link_enabled = var.bastion_host_sku == "Standard" ? var.enable_shareable_link : null
tunneling_enabled = var.bastion_host_sku == "Standard" ? var.enable_tunneling : null
tags = merge({ "ResourceName" = lower(var.azure_bastion_service_name) }, var.tags, )
ip_configuration {
name = "${lower(var.azure_bastion_service_name)}-network"
subnet_id = azurerm_subnet.abs_snet.0.id
public_ip_address_id = azurerm_public_ip.pip.id
}
}