dodevops/terraform-azure-vpn

Highly opinionated VPN management in Azure

Azure VPN management

Introduction

This module manages VPN connectivity in Azure.

Usage

Instantiate the module by calling it from Terraform like this:

module "azure-vpn" {
  source  = "dodevops/vpn/azure"
  version = "<version>"
}

Requirements

No requirements.

Providers

The following providers are used by this module:

• azurerm

Modules

No modules.

Resources

The following resources are used by this module:

• azurerm_local_network_gateway.local (resource)
• azurerm_public_ip.publicip (resource)
• azurerm_subnet.gateway (resource)
• azurerm_virtual_network.vpnnet (resource)
• azurerm_virtual_network_gateway.vnetgw (resource)
• azurerm_virtual_network_gateway_connection.connection (resource)
• azurerm_virtual_network_peering.peeringvpn (resource)
• azurerm_virtual_network_peering.peeringvpnrev (resource)

Required Inputs

The following input variables are required:

gatewaynet

Description: IP network to use for the gateway

Type: string

local_gateway_ip

Description: IP of the local (on-prem) vpn gateway

Type: string

local_nets

Description: A list of local (on-prem) IP adress ranges to connect

Type: list(string)

location

Description: The azure location used for azure

Type: string

project

Description: Three letter project key

Type: string

resource_group

Description: Azure Resource Group to use

Type: string

shared_key

Description: The preshared key of the connection

Type: string

stage

Description: Stage for this ressource group

Type: string

target_vnet

Description: ID and name of the target vnet to connect the VPN vnet to

Type:

object({
    id   = string
    name = string
  })

Optional Inputs

The following input variables are optional (have default values):

ipsec_policy

Description: IPSec policy to use with the VPN. See the Microsoft documentation
for details

Type:

list(object({
    dh_group         = string
    ike_encryption   = string
    ike_integrity    = string
    ipsec_encryption = string
    ipsec_integrity  = string
    pfs_group        = string
    sa_lifetime      = number
  }))

Default:

[
  {
    "dh_group": "DHGroup2",
    "ike_encryption": "AES256",
    "ike_integrity": "SHA256",
    "ipsec_encryption": "AES256",
    "ipsec_integrity": "SHA256",
    "pfs_group": "None",
    "sa_lifetime": 27000
  }
]

suffix

Description: Additional suffix for this vpn

Type: string

Default: ""

use_remote_gateways

Description: Use the remote gateway for the peering

Type: bool

Default: true

vnetgwsku

Description: SKU to use for the virtual network gateway

Type: string

Default: "VpnGw1"

Outputs

The following outputs are exported:

vpn_ip

Description: n/a

Development

Use terraform-docs to generate the API documentation by running

terraform fmt .
terraform-docs .