This Terraform module deploys a 3 NIC standalone F5 Application Delivery Controller.
The following security controls can be met through configuration of this template:
- AC-1, AC-10, AC-11, AC-11(1), AC-12, AC-14, AC-16, AC-17, AC-18, AC-18(4), AC-2 , AC-2(5), AC-20(1) , AC-20(3), AC-20(4), AC-24(1), AC-24(11), AC-3, AC-3 , AC-3(1), AC-3(3), AC-3(9), AC-4, AC-4(14), AC-6, AC-6, AC-6(1), AC-6(10), AC-6(11), AC-7, AC-8, AC-8, AC-9, AC-9(1), AI-16, AU-2, AU-3, AU-3(1), AU-3(2), AU-4, AU-5, AU-5(3), AU-8(1), AU-9, CM-10, CM-11(2), CM-2(2), CM-2(4), CM-3, CM-3(1), CM-3(6), CM-5(1), CM-6, CM-6, CM-7, CM-7, IA-1, IA-2, IA-3, IA-4(1), IA-4(4), IA-5, IA-5, IA-5(1), IA-5(13), IA-5(1c), IA-5(6), IA-5(7), IA-9, SC-10, SC-13, SC-15, SC-18(4), SC-2, SC-2, SC-23, SC-28, SC-30(5), SC-5, SC-7, SC-7(10), SC-7(16), SC-7(8), SC-8, SC-8(1), SC-8(4), SI-14, SI-2(1), SI-3
- Resource Groups
- Keyvault
- VNET-Subnet
module "f5adc" {
source = "github.com/steveh565/terraform-azurerm-f5-standalone-3nic"
name = "someName"
resourcegroup_name = "someRGName"
vm_size = "Standard_DS3_v2"
admin_username = "F5admin"
admin_password = "MySecurePassword!"
vnet_name = "someVnetName"
vnet_resourcegroup_name = "someVnetName"
subnet1_name = "someName"
subnet2_name = "someName"
subnet3_name = "someName"
nic1_private_ip_address = ["10.10.10.6", "10.10.10.7"]
nic1_public_ip = false
nic2_private_ip_address = ["10.10.10.69", "10.10.10.70"]
nic3_private_ip_address = ["10.10.10.134", "10.10.10.135"]
keyvault = {
name = "somekeyvault.name"
resource_group_name = "someKVRGName"
}
tags = "someTags"
}| Name | Type | Required | Value |
|---|---|---|---|
| name | string | yes | Name for the F5 resource |
| resource_group_name | string | yes | Name of the resourcegroup that will contain the F5 resources |
| admin_username | string | yes | Name of the VM admin account |
| secretPasswordName | string | yes | Name of the Keyvault secret containing the VM admin account password |
| custom_data | string | yes | some base F5 config code to apply. Eg: "F5config/F5config-lic.conf" |
| vnetName | string | yes | Name of the VNET the subnet is part of |
| vnet_resourcegroup_name | string | yes | Name of the resourcegroup containing the VNET |
| subnet1Name | string | yes | Name of the subnet where NIC1 will connect to |
| subnet2Name | string | yes | Name of the subnet where NIC2 will connect to |
| subnet3Name | string | yes | Name of the subnet where NIC3 will connect to |
| keyvault | object | yes | Object containing keyvault resource configuration. - keyvault |
| tags | object | yes | Object containing a tag values - tags pairs |
| nic1_private_ip_address | list | yes | List of private IP for the NIC1 - Eg: for two IP: ["10.10.10.10", "10.10.10.11"] |
| nic2_private_ip_address | list | yes | List of private IP for the NIC2 - Eg: for one IP: ["10.10.20.10"] |
| nic3_private_ip_address | list | yes | List of private IP for the NIC3 - Eg: for one IP: ["10.10.30.10"] |
| storage_image_reference | object | no | Specify the storage image used to create the VM. Default is 2016-Datacenter. - storage image |
| plan | object | no | Specify the plan used to create the VM. - plan |
| custom_data | string | no | some custom ps1 code to execute. Eg: ${file("serverconfig/jumpbox-init.ps1")} |
| nic1_public_ip | bool | no | Does the F5 require public IP(s). true or false. Default: true |
| location | string | no | Azure location for resources. Default: canadacentral |
| vm_size | string | no | Specifies the desired size of the Virtual Machine. Default: Standard_DS3_v2 |
| vm_depends_on | list | no | List of terraform dependancies that need to be deployed before the F5 deployment can start. Default: null |
Example tag variable:
tags = {
"tag1name" = "somevalue"
"tag2name" = "someothervalue"
.
.
.
"tagXname" = "some other value"
}| Name | Type | Required | Value |
|---|---|---|---|
| publisher | string | yes | The image publisher. |
| offer | string | yes | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
| sku | string | yes | The image SKU. |
| version | string yes | The image version. |
Example variable:
storage_image_reference = {
publisher = "f5-networks"
offer = "f5-big-ip-byol"
sku = "f5-big-all-1slot-byol"
version = "14.1.200000"
}| Name | Type | Required | Value |
|---|---|---|---|
| name | string | yes | The image SKU. |
| publisher | string | yes | The image publisher. |
| product | string | yes | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
Example variable:
plan = {
name = "f5-big-all-1slot-byol"
publisher = "f5-networks"
product = "f5-big-ip-byol"
}| Name | Type | Required | Value |
|---|---|---|---|
| name | string | yes | Name of the keyvault resource |
| resource_group_name | string | yes | Name of the resource group where the keyvault is located |
Example variable:
keyvault = {
name = "some-keyvault-name"
resource_group_name = "some-resource-group-name"
}| Name | Type | Required | Value |
|---|---|---|---|
| resource | string | yes | A resource that has to have been created |
| ... | ... | ... | ...d |
| resource | string | yes | A resource that has to have been created |
Example variable:
vm_depends_on = ["${module.F5ADC01.f5adc}", "${module.F5MGMT01.f5adc}", "${azurerm_public_ip.pip}"]| Date | Release | Change |
|---|---|---|
| 20191001 | 20191001.1 | Initial Commit |