Fixes and updates

Azure · Sep 24, 2024 · 23c93c6 · 23c93c6
1 parent 3aa7536
commit 23c93c6
Show file tree

Hide file tree

Showing 9 changed files with 83 additions and 48 deletions.
diff --git a/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml b/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml
@@ -25,7 +25,6 @@ management_groups: # `caf-enterprise-scale` module, add inputs as listed on the
   deploy_management_resources: true
   deploy_connectivity_resources: false # We are using the AVM patterns for connectivity
   deploy_identity_resources: true
-  disable_telemetry: false
 
   # Management resource settings
   configure_management_resources:
@@ -65,7 +64,7 @@ management_groups: # `caf-enterprise-scale` module, add inputs as listed on the
             name: rg-management-${starter_location_01}
         azurerm_log_analytics_workspace:
           management:
-            name: log-management-${starter_location_01}
+            name: law-management-${starter_location_01}
         azurerm_automation_account:
           management:
             name: aa-management-${starter_location_01}
@@ -83,7 +82,6 @@ management_groups: # `caf-enterprise-scale` module, add inputs as listed on the
             ${starter_location_01}:
               name: rg-dns-${starter_location_01}    
 
-
 # Connectivity settings
 connectivity:
   hub_and_spoke_vnet: # `avm-ptn-hubnetworking` module, add inputs as listed on the module registry where necessary.
@@ -101,18 +99,23 @@ connectivity:
           sku_tier: Standard
           subnet_address_prefix: 10.0.1.0/24
           zones: ${starter_location_01_availability_zones}
+          firewall_policy:
+            name: fwp-hub-${starter_location_01}
+            dns:
+              proxy_enabled: true
           default_ip_configuration:
             public_ip_config:
               zones: ${starter_location_01_availability_zones}
-              name: pip-hub-${starter_location_01}
+              name: pip-hub-fw-${starter_location_01}
               ip_version: "IPv4"
         virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary.
           name: vgw-hub-${starter_location_01}
           subnet_address_prefix: 10.0.2.0/24
           ip_configurations:
-            ipconfig1:
-              name: ipconfig1
+            default:
+              name: default
               public_ip:  
+                name: pip-hub-vgw-${starter_location_01}
                 zones: ${starter_location_01_availability_zones}
 
       # Secondary hub
@@ -128,10 +131,14 @@ connectivity:
           sku_tier: Standard
           subnet_address_prefix: 10.1.1.0/24
           zones: ${starter_location_02_availability_zones}
+          firewall_policy:
+            name: fwp-hub-${starter_location_02}
+            dns:
+              proxy_enabled: true
           default_ip_configuration:
             public_ip_config:
               zones: ${starter_location_02_availability_zones}
-              name: pip-hub-${starter_location_02}
+              name: pip-hub-fw-${starter_location_02}
               ip_version: "IPv4"
         virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary.
           name: vgw-hub-${starter_location_02}
@@ -140,10 +147,14 @@ connectivity:
             ipconfig1:
               name: ipconfig1
               public_ip: 
+                name: pip-hub-vgw-${starter_location_02}
                 zones: ${starter_location_02_availability_zones}
 
   private_dns: 
     location: ${starter_location_01}
     secondary_locations: 
       - ${starter_location_02}
     resource_group_name: rg-dns-${starter_location_01}
+
+# Configure root module settings
+enable_telemetry: false
diff --git a/templates/complete_multi_region/data.tf b/templates/complete_multi_region/data.tf
@@ -10,8 +10,8 @@ data "azapi_resource_action" "locations" {
 
 locals {
   regions = { for region in jsondecode(data.azapi_resource_action.locations.output).value : region.name => {
-      display_name = region.displayName
-      zones = try([ for zone in region.availabilityZoneMappings : zone.logicalZone ], [])
+    display_name = region.displayName
+    zones        = try([for zone in region.availabilityZoneMappings : zone.logicalZone], [])
     } if region.metadata.regionType == "Physical"
   }
 }
diff --git a/templates/complete_multi_region/locals-config.tf b/templates/complete_multi_region/locals-config.tf
@@ -5,24 +5,24 @@ locals {
   const_yaml            = "yaml"
   const_yml             = "yml"
 
-  is_yaml = local.config_file_extension == local.const_yaml || local.config_file_extension == local.const_yml
+  is_yaml             = local.config_file_extension == local.const_yaml || local.config_file_extension == local.const_yml
   config_file_content = templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables)
   config = (local.is_yaml ?
     yamldecode(local.config_file_content) :
     jsondecode(local.config_file_content)
   )
 
   config_template_file_variables = {
-    starter_location_01             = var.starter_locations[0]
-    starter_location_02             = try(var.starter_locations[1], null)
-    starter_location_03             = try(var.starter_locations[2], null)
-    starter_location_04             = try(var.starter_locations[3], null)
-    starter_location_05             = try(var.starter_locations[4], null)
-    starter_location_06             = try(var.starter_locations[5], null)
-    starter_location_07             = try(var.starter_locations[6], null)
-    starter_location_08             = try(var.starter_locations[7], null)
-    starter_location_09             = try(var.starter_locations[8], null)
-    starter_location_10             = try(var.starter_locations[9], null)
+    starter_location_01                    = var.starter_locations[0]
+    starter_location_02                    = try(var.starter_locations[1], null)
+    starter_location_03                    = try(var.starter_locations[2], null)
+    starter_location_04                    = try(var.starter_locations[3], null)
+    starter_location_05                    = try(var.starter_locations[4], null)
+    starter_location_06                    = try(var.starter_locations[5], null)
+    starter_location_07                    = try(var.starter_locations[6], null)
+    starter_location_08                    = try(var.starter_locations[7], null)
+    starter_location_09                    = try(var.starter_locations[8], null)
+    starter_location_10                    = try(var.starter_locations[9], null)
     starter_location_01_availability_zones = jsonencode(local.regions[var.starter_locations[0]].zones)
     starter_location_02_availability_zones = jsonencode(try(local.regions[var.starter_locations[1]].zones, null))
     starter_location_03_availability_zones = jsonencode(try(local.regions[var.starter_locations[2]].zones, null))
@@ -33,10 +33,10 @@ locals {
     starter_location_08_availability_zones = jsonencode(try(local.regions[var.starter_locations[7]].zones, null))
     starter_location_09_availability_zones = jsonencode(try(local.regions[var.starter_locations[8]].zones, null))
     starter_location_10_availability_zones = jsonencode(try(local.regions[var.starter_locations[9]].zones, null))
-    default_postfix                 = var.default_postfix
-    root_parent_management_group_id = var.root_parent_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_parent_management_group_id
-    subscription_id_connectivity    = var.subscription_id_connectivity
-    subscription_id_identity        = var.subscription_id_identity
-    subscription_id_management      = var.subscription_id_management
+    default_postfix                        = var.default_postfix
+    root_parent_management_group_id        = var.root_parent_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_parent_management_group_id
+    subscription_id_connectivity           = var.subscription_id_connectivity
+    subscription_id_identity               = var.subscription_id_identity
+    subscription_id_management             = var.subscription_id_management
   }
 }
diff --git a/templates/complete_multi_region/locals-private-dns.tf b/templates/complete_multi_region/locals-private-dns.tf
@@ -1,13 +1,13 @@
 locals {
-  private_dns_virtual_networks_hub_and_spoke_vnet = (local.hub_networking_enabled ? 
-      { for virtual_network_key, virtual_network in module.hub_and_spoke_vnet[0].virtual_networks : virtual_network_key => { vnet_resource_id = virtual_network.id } } :
-      {}
+  private_dns_virtual_networks_hub_and_spoke_vnet = (local.hub_networking_enabled ?
+    { for virtual_network_key, virtual_network in module.hub_and_spoke_vnet[0].virtual_networks : virtual_network_key => { vnet_resource_id = virtual_network.id } } :
+    {}
   )
-  private_dns_virtual_networks_virtual_wan = (local.virtual_wan_enabled ? 
-      { "virtual_wan" = { vnet_resource_id = module.virtual_network_private_dns.resource_id} } :
-      {}
+  private_dns_virtual_networks_virtual_wan = (local.virtual_wan_enabled ?
+    { "virtual_wan" = { vnet_resource_id = module.virtual_network_private_dns.resource_id } } :
+    {}
   )
-  private_dns_virtual_networks = merge(local.private_dns_virtual_networks_hub_and_spoke_vnet, local.private_dns_virtual_networks_virtual_wan)
+  private_dns_virtual_networks    = merge(local.private_dns_virtual_networks_hub_and_spoke_vnet, local.private_dns_virtual_networks_virtual_wan)
   private_dns_secondary_locations = { for location in local.module_private_dns.secondary_locations : location => { is_primary = false } }
   private_dns_location_map = local.private_dns_enabled ? merge({
     try(local.module_private_dns.location, var.starter_locations[0]) = { is_primary = true }
@@ -31,5 +31,5 @@ locals {
     azure_backup = {
       zone_name = "privatelink.{regionCode}.backup.windowsazure.com"
     }
-  }      
+  }
 }
diff --git a/templates/complete_multi_region/locals.tf b/templates/complete_multi_region/locals.tf
@@ -1,3 +1,7 @@
+locals {
+  enable_telemetry = try(local.config.enable_telemetry, true)
+}
+
 locals {
   management_groups = try(merge(local.config.management_groups, {}), {})
 }
@@ -33,7 +37,7 @@ locals {
 
 locals {
   management_groups_enabled = length(local.management_groups) > 0
-  hub_networking_enabled = length(local.module_hub_and_spoke_vnet) > 0
-  virtual_wan_enabled   = length(local.module_virtual_wan) > 0
-  private_dns_enabled   = length(local.module_private_dns) > 0
+  hub_networking_enabled    = length(local.module_hub_and_spoke_vnet) > 0
+  virtual_wan_enabled       = length(local.module_virtual_wan) > 0
+  private_dns_enabled       = length(local.module_private_dns) > 0
 }
diff --git a/templates/complete_multi_region/management-groups.tf b/templates/complete_multi_region/management-groups.tf
@@ -4,7 +4,7 @@ module "management_groups" {
 
   count = length(local.management_groups) > 0 ? 1 : 0
 
-  disable_telemetry                                       = try(local.management_groups.disable_telemetry, true)
+  disable_telemetry                                       = try(local.management_groups.disable_telemetry, !local.enable_telemetry)
   default_location                                        = try(local.management_groups.default_location, var.starter_locations[0])
   root_parent_id                                          = try(local.management_groups.root_parent_id, data.azurerm_client_config.current.tenant_id)
   archetype_config_overrides                              = try(local.management_groups.archetype_config_overrides, {})

diff --git a/templates/complete_multi_region/networking-hub-and-spoke-vnet.tf b/templates/complete_multi_region/networking-hub-and-spoke-vnet.tf
@@ -5,6 +5,7 @@ module "hub_and_spoke_vnet" {
   count = length(local.hub_virtual_networks) > 0 ? 1 : 0
 
   hub_virtual_networks = local.module_hub_and_spoke_vnet.hub_virtual_networks
+  enable_telemetry     = try(local.module_hub_and_spoke_vnet.enable_telemetry, local.enable_telemetry)
 
   providers = {
     azurerm = azurerm.connectivity
@@ -29,7 +30,6 @@ module "virtual_network_gateway" {
   default_tags                              = try(each.value.default_tags, null)
   subnet_creation_enabled                   = try(each.value.subnet_creation_enabled, null)
   edge_zone                                 = try(each.value.edge_zone, null)
-  enable_telemetry                          = false
   express_route_circuits                    = try(each.value.express_route_circuits, null)
   ip_configurations                         = try(each.value.ip_configurations, null)
   local_network_gateways                    = try(each.value.local_network_gateways, null)
@@ -46,6 +46,7 @@ module "virtual_network_gateway" {
   route_table_creation_enabled              = try(each.value.route_table_creation_enabled, null)
   route_table_name                          = try(each.value.route_table_name, null)
   route_table_tags                          = try(each.value.route_table_tags, null)
+  enable_telemetry                          = try(each.value.enable_telemetry, local.enable_telemetry)
 
   providers = {
     azurerm = azurerm.connectivity

diff --git a/templates/complete_multi_region/networking-private-dns.tf b/templates/complete_multi_region/networking-private-dns.tf
@@ -1,14 +1,32 @@
+module "private_dns_zones_resource_group" {
+  source  = "Azure/avm-res-resources-resourcegroup/azurerm"
+  version = "0.1.0"
+
+  count = local.private_dns_enabled ? 1 : 0
+
+  name             = try(local.module_private_dns.resource_group_name, "rg-dns-${var.starter_locations[0]}")
+  location         = try(local.module_private_dns.location, var.starter_locations[0])
+  enable_telemetry = try(local.module_private_dns.enable_telemetry, local.enable_telemetry)
+
+  providers = {
+    azurerm = azurerm.connectivity
+  }
+}
+
 module "private_dns_zones" {
   source  = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
   version = "0.4.0"
- 
+
   for_each = local.private_dns_location_map
 
-  location = each.key
-  resource_group_name = try(local.module_private_dns.resource_group_name, null)
-  resource_group_creation_enabled  = try(local.module_private_dns.resource_group_creation_enabled, true)
+  location                                = each.key
+  resource_group_name                     = module.private_dns_zones_resource_group[0].name
+  resource_group_creation_enabled         = false
   virtual_network_resource_ids_to_link_to = local.private_dns_virtual_networks
-  private_link_private_dns_zones = each.value.is_primary ? null : local.private_dns_secondary_zones
+  private_link_private_dns_zones          = each.value.is_primary ? null : local.private_dns_secondary_zones
+  enable_telemetry                        = try(local.module_private_dns.enable_telemetry, local.enable_telemetry)
+
+  depends_on = [module.private_dns_zones_resource_group]
 
   providers = {
     azurerm = azurerm.connectivity

diff --git a/templates/complete_multi_region/networking-virtual-wan.tf b/templates/complete_multi_region/networking-virtual-wan.tf
@@ -7,7 +7,6 @@ module "virtual_wan" {
   allow_branch_to_branch_traffic        = try(local.module_virtual_wan.allow_branch_to_branch_traffic, null)
   create_resource_group                 = try(local.module_virtual_wan.create_resource_group, null)
   disable_vpn_encryption                = try(local.module_virtual_wan.disable_vpn_encryption, null)
-  enable_telemetry                      = try(local.module_virtual_wan.enable_telemetry, null)
   er_circuit_connections                = try(local.module_virtual_wan.er_circuit_connections, null)
   expressroute_gateways                 = try(local.module_virtual_wan.expressroute_gateways, null)
   firewalls                             = try(local.module_virtual_wan.firewalls, null)
@@ -27,6 +26,7 @@ module "virtual_wan" {
   vpn_site_connections                  = try(local.module_virtual_wan.vpn_site_connections, null)
   vpn_sites                             = try(local.module_virtual_wan.vpn_sites, null)
   tags                                  = try(local.module_virtual_wan.tags, null)
+  enable_telemetry                      = try(local.module_virtual_wan.enable_telemetry, local.enable_telemetry)
 
   providers = {
     azurerm = azurerm.connectivity
@@ -42,9 +42,10 @@ module "virtual_network_private_dns" {
   version = "0.4.0"
 
   count = local.virtual_wan_enabled ? 1 : 0
- 
-  address_space = [ try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_address_space, null) ]
-  location = try(local.module_virtual_wan.private_dns_location, var.starter_locations[0])
-  name = try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_name, "vnet-private-dns")
+
+  address_space       = [try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_address_space, null)]
+  location            = try(local.module_virtual_wan.private_dns_location, var.starter_locations[0])
+  name                = try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_name, "vnet-private-dns")
   resource_group_name = try(local.module_virtual_wan.resource_group_name, null)
+  enable_telemetry    = try(local.module_virtual_wan.enable_telemetry, local.enable_telemetry)
 }