From de5420776c6a1555bd03d0f0345cde04c614c8bf Mon Sep 17 00:00:00 2001 From: Stu Date: Thu, 27 Jun 2024 18:06:25 +1200 Subject: [PATCH] add default outbound attribute & linting fixes (#10) * fix: exposed default_outbound_access_enabled in variables (#9) * chore: linting & docs update --------- Co-authored-by: Timur Khadimullin <148298411+timur-khadimullin@users.noreply.github.com> --- README.md | 98 ++++++++++++++++++++++----------------- variables.nsgs.tf | 58 ++++++++++++----------- variables.route_tables.tf | 38 ++++++++------- variables.subnets.tf | 76 ++++++++++++++++-------------- 4 files changed, 150 insertions(+), 120 deletions(-) diff --git a/README.md b/README.md index 54dbe6d..3669e10 100644 --- a/README.md +++ b/README.md @@ -106,12 +106,14 @@ Default: `null` ### [network\_security\_groups](#input\_network\_security\_groups) -Description: - `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created. +Description: +- `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created. - `resource_group_name` - (Required) The name of the resource group in which to create the network security group. Changing this forces a new resource to be created. - `tags` - (Optional) A mapping of tags to assign to the resource. --- `security_rule` block supports the following: + - `access` - (Required) Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. - `description` - (Optional) A description for this rule. Restricted to 140 characters. - `destination_address_prefix` - (Optional) CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `destination_address_prefixes` is not specified. @@ -131,6 +133,7 @@ Description: - `name` - (Required) Specifies the name of the network security gr --- `timeouts` block supports the following: + - `create` - (Defaults to 30 minutes) Used when creating the Network Security Group. - `delete` - (Defaults to 30 minutes) Used when deleting the Network Security Group. - `read` - (Defaults to 5 minutes) Used when retrieving the Network Security Group. @@ -181,7 +184,8 @@ Default: `null` ### [route\_tables](#input\_route\_tables) -Description: - `disable_bgp_route_propagation` - (Optional) Boolean flag which controls propagation of routes learned by BGP on that route table. True means disable. +Description: +- `disable_bgp_route_propagation` - (Optional) Boolean flag which controls propagation of routes learned by BGP on that route table. True means disable. - `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. - `name` - (Required) The name of the route table. Changing this forces a new resource to be created. - `resource_group_name` - (Required) The name of the resource group in which to create the route table. Changing this forces a new resource to be created. @@ -189,6 +193,7 @@ Description: - `disable_bgp_route_propagation` - (Optional) Boolean flag which c --- `route` block supports the following: + - `address_prefix` - (Required) The destination to which the route applies. Can be CIDR (such as `10.1.0.0/16`) or [Azure Service Tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview) (such as `ApiManagement`, `AzureBackup` or `AzureMonitor`) format. - `name` - (Required) The name of the route table. Changing this forces a new resource to be created. - `next_hop_in_ip_address` - (Optional) Contains the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is `VirtualAppliance`. @@ -196,6 +201,7 @@ Description: - `disable_bgp_route_propagation` - (Optional) Boolean flag which c --- `timeouts` block supports the following: + - `create` - (Defaults to 30 minutes) Used when creating the Route Table. - `delete` - (Defaults to 30 minutes) Used when deleting the Route Table. - `read` - (Defaults to 5 minutes) Used when retrieving the Route Table. @@ -229,51 +235,59 @@ Default: `{}` Description: A map of subnets to create - - `address_prefixes` - (Required) The address prefixes to use for the subnet. - - `enforce_private_link_endpoint_network_policies` - - - `enforce_private_link_service_network_policies` - - - `name` - (Required) The name of the subnet. Changing this forces a new resource to be created. - - `private_endpoint_network_policies` - (Optional) Enable or Disable network policies for the private endpoint on the subnet. Possible values are `Disabled`, `Enabled`, `NetworkSecurityGroupEnabled` and `RouteTableEnabled`. Defaults to `Enabled`. - - `private_link_service_network_policies_enabled` - (Optional) Enable or Disable network policies for the private link service on the subnet. Setting this to `true` will **Enable** the policy and setting this to `false` will **Disable** the policy. Defaults to `true`. - - `resource_group_name` - (Required) The name of the resource group in which to create the subnet. This must be the resource group that the virtual network resides in. Changing this forces a new resource to be created. - - `service_endpoint_policy_ids` - (Optional) The list of IDs of Service Endpoint Policies to associate with the subnet. - - `service_endpoints` - (Optional) The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage`, `Microsoft.Storage.Global` and `Microsoft.Web`. - - `virtual_network_name` - (Required) The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. - - --- - `delegation` block supports the following: - - `name` - (Required) A name for this delegation. - - --- - `nat_gateway` block supports the following: - - `id` - (Optional) The ID of the NAT Gateway which should be associated with the Subnet. Changing this forces a new resource to be created. - - --- - `network_security_group` block supports the following: - - `id` - (Optional) The ID of the Network Security Group which should be associated with the Subnet. Changing this forces a new association to be created. - - --- - `route_table` block supports the following: - - `id` - (Optional) The ID of the Route Table which should be associated with the Subnet. Changing this forces a new association to be created. - - --- - `service_delegation` block supports the following: - - `actions` - (Optional) A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are `Microsoft.Network/networkinterfaces/*`, `Microsoft.Network/publicIPAddresses/join/action`, `Microsoft.Network/publicIPAddresses/read`, `Microsoft.Network/virtualNetworks/read`, `Microsoft.Network/virtualNetworks/subnets/action`, `Microsoft.Network/virtualNetworks/subnets/join/action`, `Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action`, and `Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action`. - - `name` - (Required) The name of service to delegate to. Possible values are `GitHub.Network/networkSettings`, `Microsoft.ApiManagement/service`, `Microsoft.Apollo/npu`, `Microsoft.App/environments`, `Microsoft.App/testClients`, `Microsoft.AVS/PrivateClouds`, `Microsoft.AzureCosmosDB/clusters`, `Microsoft.BareMetal/AzureHostedService`, `Microsoft.BareMetal/AzureHPC`, `Microsoft.BareMetal/AzurePaymentHSM`, `Microsoft.BareMetal/AzureVMware`, `Microsoft.BareMetal/CrayServers`, `Microsoft.BareMetal/MonitoringServers`, `Microsoft.Batch/batchAccounts`, `Microsoft.CloudTest/hostedpools`, `Microsoft.CloudTest/images`, `Microsoft.CloudTest/pools`, `Microsoft.Codespaces/plans`, `Microsoft.ContainerInstance/containerGroups`, `Microsoft.ContainerService/managedClusters`, `Microsoft.ContainerService/TestClients`, `Microsoft.Databricks/workspaces`, `Microsoft.DBforMySQL/flexibleServers`, `Microsoft.DBforMySQL/servers`, `Microsoft.DBforMySQL/serversv2`, `Microsoft.DBforPostgreSQL/flexibleServers`, `Microsoft.DBforPostgreSQL/serversv2`, `Microsoft.DBforPostgreSQL/singleServers`, `Microsoft.DelegatedNetwork/controller`, `Microsoft.DevCenter/networkConnection`, `Microsoft.DocumentDB/cassandraClusters`, `Microsoft.Fidalgo/networkSettings`, `Microsoft.HardwareSecurityModules/dedicatedHSMs`, `Microsoft.Kusto/clusters`, `Microsoft.LabServices/labplans`, `Microsoft.Logic/integrationServiceEnvironments`, `Microsoft.MachineLearningServices/workspaces`, `Microsoft.Netapp/volumes`, `Microsoft.Network/dnsResolvers`, `Microsoft.Network/managedResolvers`, `Microsoft.Network/fpgaNetworkInterfaces`, `Microsoft.Network/networkWatchers.`, `Microsoft.Network/virtualNetworkGateways`, `Microsoft.Orbital/orbitalGateways`, `Microsoft.PowerPlatform/enterprisePolicies`, `Microsoft.PowerPlatform/vnetaccesslinks`, `Microsoft.ServiceFabricMesh/networks`, `Microsoft.ServiceNetworking/trafficControllers`, `Microsoft.Singularity/accounts/networks`, `Microsoft.Singularity/accounts/npu`, `Microsoft.Sql/managedInstances`, `Microsoft.Sql/managedInstancesOnebox`, `Microsoft.Sql/managedInstancesStage`, `Microsoft.Sql/managedInstancesTest`, `Microsoft.Sql/servers`, `Microsoft.StoragePool/diskPools`, `Microsoft.StreamAnalytics/streamingJobs`, `Microsoft.Synapse/workspaces`, `Microsoft.Web/hostingEnvironments`, `Microsoft.Web/serverFarms`, `NGINX.NGINXPLUS/nginxDeployments`, `PaloAltoNetworks.Cloudngfw/firewalls`, `Qumulo.Storage/fileSystems`, and `Oracle.Database/networkAttachments`. - - --- - `timeouts` block supports the following: - - `create` - (Defaults to 30 minutes) Used when creating the Subnet. - - `delete` - (Defaults to 30 minutes) Used when deleting the Subnet. - - `read` - (Defaults to 5 minutes) Used when retrieving the Subnet. - - `update` - (Defaults to 30 minutes) Used when updating the Subnet. +- `address_prefixes` - (Required) The address prefixes to use for the subnet. +- `default_outbound_access_enabled` - (Optional) Whether to allow default outbound access from the subnet. Defaults to `false`. +- `enforce_private_link_endpoint_network_policies` - +- `enforce_private_link_service_network_policies` - +- `name` - (Required) The name of the subnet. Changing this forces a new resource to be created. +- `private_endpoint_network_policies` - (Optional) Enable or Disable network policies for the private endpoint on the subnet. Possible values are `Disabled`, `Enabled`, `NetworkSecurityGroupEnabled` and `RouteTableEnabled`. Defaults to `Enabled`. +- `private_link_service_network_policies_enabled` - (Optional) Enable or Disable network policies for the private link service on the subnet. Setting this to `true` will **Enable** the policy and setting this to `false` will **Disable** the policy. Defaults to `true`. +- `resource_group_name` - (Required) The name of the resource group in which to create the subnet. This must be the resource group that the virtual network resides in. Changing this forces a new resource to be created. +- `service_endpoint_policy_ids` - (Optional) The list of IDs of Service Endpoint Policies to associate with the subnet. +- `service_endpoints` - (Optional) The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage`, `Microsoft.Storage.Global` and `Microsoft.Web`. +- `virtual_network_name` - (Required) The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created. + +--- +`delegation` block supports the following: + +- `name` - (Required) A name for this delegation. + +--- +`nat_gateway` block supports the following: + +- `id` - (Optional) The ID of the NAT Gateway which should be associated with the Subnet. Changing this forces a new resource to be created. + +--- +`network_security_group` block supports the following: + +- `id` - (Optional) The ID of the Network Security Group which should be associated with the Subnet. Changing this forces a new association to be created. + +--- +`route_table` block supports the following: + +- `id` - (Optional) The ID of the Route Table which should be associated with the Subnet. Changing this forces a new association to be created. + +--- +`service_delegation` block supports the following: + +- `actions` - (Optional) A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are `Microsoft.Network/networkinterfaces/*`, `Microsoft.Network/publicIPAddresses/join/action`, `Microsoft.Network/publicIPAddresses/read`, `Microsoft.Network/virtualNetworks/read`, `Microsoft.Network/virtualNetworks/subnets/action`, `Microsoft.Network/virtualNetworks/subnets/join/action`, `Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action`, and `Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action`. +- `name` - (Required) The name of service to delegate to. Possible values are `GitHub.Network/networkSettings`, `Microsoft.ApiManagement/service`, `Microsoft.Apollo/npu`, `Microsoft.App/environments`, `Microsoft.App/testClients`, `Microsoft.AVS/PrivateClouds`, `Microsoft.AzureCosmosDB/clusters`, `Microsoft.BareMetal/AzureHostedService`, `Microsoft.BareMetal/AzureHPC`, `Microsoft.BareMetal/AzurePaymentHSM`, `Microsoft.BareMetal/AzureVMware`, `Microsoft.BareMetal/CrayServers`, `Microsoft.BareMetal/MonitoringServers`, `Microsoft.Batch/batchAccounts`, `Microsoft.CloudTest/hostedpools`, `Microsoft.CloudTest/images`, `Microsoft.CloudTest/pools`, `Microsoft.Codespaces/plans`, `Microsoft.ContainerInstance/containerGroups`, `Microsoft.ContainerService/managedClusters`, `Microsoft.ContainerService/TestClients`, `Microsoft.Databricks/workspaces`, `Microsoft.DBforMySQL/flexibleServers`, `Microsoft.DBforMySQL/servers`, `Microsoft.DBforMySQL/serversv2`, `Microsoft.DBforPostgreSQL/flexibleServers`, `Microsoft.DBforPostgreSQL/serversv2`, `Microsoft.DBforPostgreSQL/singleServers`, `Microsoft.DelegatedNetwork/controller`, `Microsoft.DevCenter/networkConnection`, `Microsoft.DocumentDB/cassandraClusters`, `Microsoft.Fidalgo/networkSettings`, `Microsoft.HardwareSecurityModules/dedicatedHSMs`, `Microsoft.Kusto/clusters`, `Microsoft.LabServices/labplans`, `Microsoft.Logic/integrationServiceEnvironments`, `Microsoft.MachineLearningServices/workspaces`, `Microsoft.Netapp/volumes`, `Microsoft.Network/dnsResolvers`, `Microsoft.Network/managedResolvers`, `Microsoft.Network/fpgaNetworkInterfaces`, `Microsoft.Network/networkWatchers.`, `Microsoft.Network/virtualNetworkGateways`, `Microsoft.Orbital/orbitalGateways`, `Microsoft.PowerPlatform/enterprisePolicies`, `Microsoft.PowerPlatform/vnetaccesslinks`, `Microsoft.ServiceFabricMesh/networks`, `Microsoft.ServiceNetworking/trafficControllers`, `Microsoft.Singularity/accounts/networks`, `Microsoft.Singularity/accounts/npu`, `Microsoft.Sql/managedInstances`, `Microsoft.Sql/managedInstancesOnebox`, `Microsoft.Sql/managedInstancesStage`, `Microsoft.Sql/managedInstancesTest`, `Microsoft.Sql/servers`, `Microsoft.StoragePool/diskPools`, `Microsoft.StreamAnalytics/streamingJobs`, `Microsoft.Synapse/workspaces`, `Microsoft.Web/hostingEnvironments`, `Microsoft.Web/serverFarms`, `NGINX.NGINXPLUS/nginxDeployments`, `PaloAltoNetworks.Cloudngfw/firewalls`, `Qumulo.Storage/fileSystems`, and `Oracle.Database/networkAttachments`. + +--- +`timeouts` block supports the following: + +- `create` - (Defaults to 30 minutes) Used when creating the Subnet. +- `delete` - (Defaults to 30 minutes) Used when deleting the Subnet. +- `read` - (Defaults to 5 minutes) Used when retrieving the Subnet. +- `update` - (Defaults to 30 minutes) Used when updating the Subnet. Type: ```hcl map(object({ - address_prefixes = list(string) - name = string + address_prefixes = list(string) + name = string + default_outbound_access_enabled = optional(bool, false) nat_gateway = optional(object({ id = string })) diff --git a/variables.nsgs.tf b/variables.nsgs.tf index 453c407..9a81c5c 100644 --- a/variables.nsgs.tf +++ b/variables.nsgs.tf @@ -28,35 +28,39 @@ variable "network_security_groups" { })) })) description = <<-DESCRIPTION - - `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created. - - `resource_group_name` - (Required) The name of the resource group in which to create the network security group. Changing this forces a new resource to be created. - - `tags` - (Optional) A mapping of tags to assign to the resource. - --- - `security_rule` block supports the following: - - `access` - (Required) Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. - - `description` - (Optional) A description for this rule. Restricted to 140 characters. - - `destination_address_prefix` - (Optional) CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `destination_address_prefixes` is not specified. - - `destination_address_prefixes` - (Optional) List of destination address prefixes. Tags may not be used. This is required if `destination_address_prefix` is not specified. - - `destination_application_security_group_ids` - (Optional) A List of destination Application Security Group IDs - - `destination_port_range` - (Optional) Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `destination_port_ranges` is not specified. - - `destination_port_ranges` - (Optional) List of destination ports or port ranges. This is required if `destination_port_range` is not specified. - - `direction` - (Required) The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`. - - `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created. - - `priority` - (Required) Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. - - `protocol` - (Required) Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, `Esp`, `Ah` or `*` (which matches all). - - `source_address_prefix` - (Optional) CIDR or source IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `source_address_prefixes` is not specified. - - `source_address_prefixes` - (Optional) List of source address prefixes. Tags may not be used. This is required if `source_address_prefix` is not specified. - - `source_application_security_group_ids` - (Optional) A List of source Application Security Group IDs - - `source_port_range` - (Optional) Source Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `source_port_ranges` is not specified. - - `source_port_ranges` - (Optional) List of source ports or port ranges. This is required if `source_port_range` is not specified. +- `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created. +- `resource_group_name` - (Required) The name of the resource group in which to create the network security group. Changing this forces a new resource to be created. +- `tags` - (Optional) A mapping of tags to assign to the resource. + +--- +`security_rule` block supports the following: + +- `access` - (Required) Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. +- `description` - (Optional) A description for this rule. Restricted to 140 characters. +- `destination_address_prefix` - (Optional) CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `destination_address_prefixes` is not specified. +- `destination_address_prefixes` - (Optional) List of destination address prefixes. Tags may not be used. This is required if `destination_address_prefix` is not specified. +- `destination_application_security_group_ids` - (Optional) A List of destination Application Security Group IDs +- `destination_port_range` - (Optional) Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `destination_port_ranges` is not specified. +- `destination_port_ranges` - (Optional) List of destination ports or port ranges. This is required if `destination_port_range` is not specified. +- `direction` - (Required) The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`. +- `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created. +- `priority` - (Required) Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. +- `protocol` - (Required) Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, `Esp`, `Ah` or `*` (which matches all). +- `source_address_prefix` - (Optional) CIDR or source IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `source_address_prefixes` is not specified. +- `source_address_prefixes` - (Optional) List of source address prefixes. Tags may not be used. This is required if `source_address_prefix` is not specified. +- `source_application_security_group_ids` - (Optional) A List of source Application Security Group IDs +- `source_port_range` - (Optional) Source Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `source_port_ranges` is not specified. +- `source_port_ranges` - (Optional) List of source ports or port ranges. This is required if `source_port_range` is not specified. + +--- +`timeouts` block supports the following: + +- `create` - (Defaults to 30 minutes) Used when creating the Network Security Group. +- `delete` - (Defaults to 30 minutes) Used when deleting the Network Security Group. +- `read` - (Defaults to 5 minutes) Used when retrieving the Network Security Group. +- `update` - (Defaults to 30 minutes) Used when updating the Network Security Group. - --- - `timeouts` block supports the following: - - `create` - (Defaults to 30 minutes) Used when creating the Network Security Group. - - `delete` - (Defaults to 30 minutes) Used when deleting the Network Security Group. - - `read` - (Defaults to 5 minutes) Used when retrieving the Network Security Group. - - `update` - (Defaults to 30 minutes) Used when updating the Network Security Group. DESCRIPTION default = {} nullable = false diff --git a/variables.route_tables.tf b/variables.route_tables.tf index b3c84e4..89b20c1 100644 --- a/variables.route_tables.tf +++ b/variables.route_tables.tf @@ -18,25 +18,29 @@ variable "route_tables" { })) })) description = <<-DESCRIPTION - - `disable_bgp_route_propagation` - (Optional) Boolean flag which controls propagation of routes learned by BGP on that route table. True means disable. - - `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. - - `name` - (Required) The name of the route table. Changing this forces a new resource to be created. - - `resource_group_name` - (Required) The name of the resource group in which to create the route table. Changing this forces a new resource to be created. - - `tags` - (Optional) A mapping of tags to assign to the resource. - --- - `route` block supports the following: - - `address_prefix` - (Required) The destination to which the route applies. Can be CIDR (such as `10.1.0.0/16`) or [Azure Service Tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview) (such as `ApiManagement`, `AzureBackup` or `AzureMonitor`) format. - - `name` - (Required) The name of the route table. Changing this forces a new resource to be created. - - `next_hop_in_ip_address` - (Optional) Contains the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is `VirtualAppliance`. - - `next_hop_type` - (Required) The type of Azure hop the packet should be sent to. Possible values are `VirtualNetworkGateway`, `VnetLocal`, `Internet`, `VirtualAppliance` and `None`. +- `disable_bgp_route_propagation` - (Optional) Boolean flag which controls propagation of routes learned by BGP on that route table. True means disable. +- `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. +- `name` - (Required) The name of the route table. Changing this forces a new resource to be created. +- `resource_group_name` - (Required) The name of the resource group in which to create the route table. Changing this forces a new resource to be created. +- `tags` - (Optional) A mapping of tags to assign to the resource. + +--- +`route` block supports the following: + +- `address_prefix` - (Required) The destination to which the route applies. Can be CIDR (such as `10.1.0.0/16`) or [Azure Service Tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview) (such as `ApiManagement`, `AzureBackup` or `AzureMonitor`) format. +- `name` - (Required) The name of the route table. Changing this forces a new resource to be created. +- `next_hop_in_ip_address` - (Optional) Contains the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is `VirtualAppliance`. +- `next_hop_type` - (Required) The type of Azure hop the packet should be sent to. Possible values are `VirtualNetworkGateway`, `VnetLocal`, `Internet`, `VirtualAppliance` and `None`. + +--- +`timeouts` block supports the following: + +- `create` - (Defaults to 30 minutes) Used when creating the Route Table. +- `delete` - (Defaults to 30 minutes) Used when deleting the Route Table. +- `read` - (Defaults to 5 minutes) Used when retrieving the Route Table. +- `update` - (Defaults to 30 minutes) Used when updating the Route Table. - --- - `timeouts` block supports the following: - - `create` - (Defaults to 30 minutes) Used when creating the Route Table. - - `delete` - (Defaults to 30 minutes) Used when deleting the Route Table. - - `read` - (Defaults to 5 minutes) Used when retrieving the Route Table. - - `update` - (Defaults to 30 minutes) Used when updating the Route Table. DESCRIPTION default = {} nullable = false diff --git a/variables.subnets.tf b/variables.subnets.tf index 84a59a8..289722a 100644 --- a/variables.subnets.tf +++ b/variables.subnets.tf @@ -1,7 +1,8 @@ variable "subnets" { type = map(object({ - address_prefixes = list(string) - name = string + address_prefixes = list(string) + name = string + default_outbound_access_enabled = optional(bool, false) nat_gateway = optional(object({ id = string })) @@ -34,44 +35,51 @@ variable "subnets" { description = <