/az-hub-spoke-private-endpoint

Proof of concept for a Hub & Spoke topology using private endpoints on Azure

Primary LanguageHCL

Azure Hub & Spoke using Private Endpoints

Build Bicep Build Terraform

Proof of concept for a Hub & Spoke topology using private endpoints on Azure

alt text

To Do

  • Add Spoke with Private Link Service and Load Balancer pointing to the VM

Prerequisites

  • Azure Subscription
  • Azure CLI (or Terraform, tbd)

Deployment

# Change Directoy
cd arm

# Create parameters.json
cat <<EOF > parameters.json
{
    "vmPassword": { "value": "A$(openssl rand -hex 6)#" },
    "sqlPassword": { "value": "A$(openssl rand -hex 6)#" }
}
EOF

# Create resource group
LOCATION=westeurope
RG_NAME=rg-hub-spoke

az group create --name $RG_NAME --location $LOCATION

# Deploy infrastructure
az deployment group create \
  -g $RG_NAME \
  -n hub-spoke \
  --template-file main.bicep \
  --parameters parameters.json
# Change Directoy
cd terraform

# Set passwords in main.tf
sed -i '' "s/<PW_PLACEHOLDER>/A$(openssl rand -hex 6)#/g" main.tf

# Terraform init (only once)
terraform init

# Terraform validate (optional)
terraform validate

# Terraform plan
terraform plan -out main.tfplan

# Terraform apply
terraform apply main.tfplan

Verify Deployment

  • Connect to VM in Spoke 1 or 2 via Bastion
    DB_HOST=SQL_SERVER_NAME.database.windows.net
    DB_USER=sqluser
    DB_PASSWORD=INSERT_PASSWORD_HERE
    # Test Connection and print SQL Server Version
    sqlcmd -S tcp:$DB_HOST,1433 -d db -U $DB_USER -P $DB_PASSWORD -Q "SELECT @@VERSION"
    
    # Result should be similar to:
    Microsoft SQL Azure (RTM) - 12.0.2000.8 
    Jul  8 2023 12:00:47 
    Copyright (C) 2022 Microsoft Corporation