diff --git a/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml b/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml index fcdc4f85..ecd72529 100644 --- a/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml +++ b/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml @@ -25,7 +25,6 @@ management_groups: # `caf-enterprise-scale` module, add inputs as listed on the deploy_management_resources: true deploy_connectivity_resources: false # We are using the AVM patterns for connectivity deploy_identity_resources: true - disable_telemetry: false # Management resource settings configure_management_resources: @@ -65,7 +64,7 @@ management_groups: # `caf-enterprise-scale` module, add inputs as listed on the name: rg-management-${starter_location_01} azurerm_log_analytics_workspace: management: - name: log-management-${starter_location_01} + name: law-management-${starter_location_01} azurerm_automation_account: management: name: aa-management-${starter_location_01} @@ -83,7 +82,6 @@ management_groups: # `caf-enterprise-scale` module, add inputs as listed on the ${starter_location_01}: name: rg-dns-${starter_location_01} - # Connectivity settings connectivity: hub_and_spoke_vnet: # `avm-ptn-hubnetworking` module, add inputs as listed on the module registry where necessary. @@ -101,18 +99,23 @@ connectivity: sku_tier: Standard subnet_address_prefix: 10.0.1.0/24 zones: ${starter_location_01_availability_zones} + firewall_policy: + name: fwp-hub-${starter_location_01} + dns: + proxy_enabled: true default_ip_configuration: public_ip_config: zones: ${starter_location_01_availability_zones} - name: pip-hub-${starter_location_01} + name: pip-hub-fw-${starter_location_01} ip_version: "IPv4" virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary. name: vgw-hub-${starter_location_01} subnet_address_prefix: 10.0.2.0/24 ip_configurations: - ipconfig1: - name: ipconfig1 + default: + name: default public_ip: + name: pip-hub-vgw-${starter_location_01} zones: ${starter_location_01_availability_zones} # Secondary hub @@ -128,10 +131,14 @@ connectivity: sku_tier: Standard subnet_address_prefix: 10.1.1.0/24 zones: ${starter_location_02_availability_zones} + firewall_policy: + name: fwp-hub-${starter_location_02} + dns: + proxy_enabled: true default_ip_configuration: public_ip_config: zones: ${starter_location_02_availability_zones} - name: pip-hub-${starter_location_02} + name: pip-hub-fw-${starter_location_02} ip_version: "IPv4" virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary. name: vgw-hub-${starter_location_02} @@ -140,6 +147,7 @@ connectivity: ipconfig1: name: ipconfig1 public_ip: + name: pip-hub-vgw-${starter_location_02} zones: ${starter_location_02_availability_zones} private_dns: @@ -147,3 +155,6 @@ connectivity: secondary_locations: - ${starter_location_02} resource_group_name: rg-dns-${starter_location_01} + +# Configure root module settings +enable_telemetry: false diff --git a/templates/complete_multi_region/data.tf b/templates/complete_multi_region/data.tf index acdd5560..c4bced6b 100644 --- a/templates/complete_multi_region/data.tf +++ b/templates/complete_multi_region/data.tf @@ -10,8 +10,8 @@ data "azapi_resource_action" "locations" { locals { regions = { for region in jsondecode(data.azapi_resource_action.locations.output).value : region.name => { - display_name = region.displayName - zones = try([ for zone in region.availabilityZoneMappings : zone.logicalZone ], []) + display_name = region.displayName + zones = try([for zone in region.availabilityZoneMappings : zone.logicalZone], []) } if region.metadata.regionType == "Physical" } } \ No newline at end of file diff --git a/templates/complete_multi_region/locals-config.tf b/templates/complete_multi_region/locals-config.tf index 9a195880..df121d29 100644 --- a/templates/complete_multi_region/locals-config.tf +++ b/templates/complete_multi_region/locals-config.tf @@ -5,7 +5,7 @@ locals { const_yaml = "yaml" const_yml = "yml" - is_yaml = local.config_file_extension == local.const_yaml || local.config_file_extension == local.const_yml + is_yaml = local.config_file_extension == local.const_yaml || local.config_file_extension == local.const_yml config_file_content = templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables) config = (local.is_yaml ? yamldecode(local.config_file_content) : @@ -13,16 +13,16 @@ locals { ) config_template_file_variables = { - starter_location_01 = var.starter_locations[0] - starter_location_02 = try(var.starter_locations[1], null) - starter_location_03 = try(var.starter_locations[2], null) - starter_location_04 = try(var.starter_locations[3], null) - starter_location_05 = try(var.starter_locations[4], null) - starter_location_06 = try(var.starter_locations[5], null) - starter_location_07 = try(var.starter_locations[6], null) - starter_location_08 = try(var.starter_locations[7], null) - starter_location_09 = try(var.starter_locations[8], null) - starter_location_10 = try(var.starter_locations[9], null) + starter_location_01 = var.starter_locations[0] + starter_location_02 = try(var.starter_locations[1], null) + starter_location_03 = try(var.starter_locations[2], null) + starter_location_04 = try(var.starter_locations[3], null) + starter_location_05 = try(var.starter_locations[4], null) + starter_location_06 = try(var.starter_locations[5], null) + starter_location_07 = try(var.starter_locations[6], null) + starter_location_08 = try(var.starter_locations[7], null) + starter_location_09 = try(var.starter_locations[8], null) + starter_location_10 = try(var.starter_locations[9], null) starter_location_01_availability_zones = jsonencode(local.regions[var.starter_locations[0]].zones) starter_location_02_availability_zones = jsonencode(try(local.regions[var.starter_locations[1]].zones, null)) starter_location_03_availability_zones = jsonencode(try(local.regions[var.starter_locations[2]].zones, null)) @@ -33,10 +33,10 @@ locals { starter_location_08_availability_zones = jsonencode(try(local.regions[var.starter_locations[7]].zones, null)) starter_location_09_availability_zones = jsonencode(try(local.regions[var.starter_locations[8]].zones, null)) starter_location_10_availability_zones = jsonencode(try(local.regions[var.starter_locations[9]].zones, null)) - default_postfix = var.default_postfix - root_parent_management_group_id = var.root_parent_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_parent_management_group_id - subscription_id_connectivity = var.subscription_id_connectivity - subscription_id_identity = var.subscription_id_identity - subscription_id_management = var.subscription_id_management + default_postfix = var.default_postfix + root_parent_management_group_id = var.root_parent_management_group_id == "" ? data.azurerm_client_config.current.tenant_id : var.root_parent_management_group_id + subscription_id_connectivity = var.subscription_id_connectivity + subscription_id_identity = var.subscription_id_identity + subscription_id_management = var.subscription_id_management } } diff --git a/templates/complete_multi_region/locals-private-dns.tf b/templates/complete_multi_region/locals-private-dns.tf index c2c2e9cc..7887c3a0 100644 --- a/templates/complete_multi_region/locals-private-dns.tf +++ b/templates/complete_multi_region/locals-private-dns.tf @@ -1,13 +1,13 @@ locals { - private_dns_virtual_networks_hub_and_spoke_vnet = (local.hub_networking_enabled ? - { for virtual_network_key, virtual_network in module.hub_and_spoke_vnet[0].virtual_networks : virtual_network_key => { vnet_resource_id = virtual_network.id } } : - {} + private_dns_virtual_networks_hub_and_spoke_vnet = (local.hub_networking_enabled ? + { for virtual_network_key, virtual_network in module.hub_and_spoke_vnet[0].virtual_networks : virtual_network_key => { vnet_resource_id = virtual_network.id } } : + {} ) - private_dns_virtual_networks_virtual_wan = (local.virtual_wan_enabled ? - { "virtual_wan" = { vnet_resource_id = module.virtual_network_private_dns.resource_id} } : - {} + private_dns_virtual_networks_virtual_wan = (local.virtual_wan_enabled ? + { "virtual_wan" = { vnet_resource_id = module.virtual_network_private_dns.resource_id } } : + {} ) - private_dns_virtual_networks = merge(local.private_dns_virtual_networks_hub_and_spoke_vnet, local.private_dns_virtual_networks_virtual_wan) + private_dns_virtual_networks = merge(local.private_dns_virtual_networks_hub_and_spoke_vnet, local.private_dns_virtual_networks_virtual_wan) private_dns_secondary_locations = { for location in local.module_private_dns.secondary_locations : location => { is_primary = false } } private_dns_location_map = local.private_dns_enabled ? merge({ try(local.module_private_dns.location, var.starter_locations[0]) = { is_primary = true } @@ -31,5 +31,5 @@ locals { azure_backup = { zone_name = "privatelink.{regionCode}.backup.windowsazure.com" } - } + } } \ No newline at end of file diff --git a/templates/complete_multi_region/locals.tf b/templates/complete_multi_region/locals.tf index 51c4ab6d..4f962798 100644 --- a/templates/complete_multi_region/locals.tf +++ b/templates/complete_multi_region/locals.tf @@ -1,3 +1,7 @@ +locals { + enable_telemetry = try(local.config.enable_telemetry, true) +} + locals { management_groups = try(merge(local.config.management_groups, {}), {}) } @@ -33,7 +37,7 @@ locals { locals { management_groups_enabled = length(local.management_groups) > 0 - hub_networking_enabled = length(local.module_hub_and_spoke_vnet) > 0 - virtual_wan_enabled = length(local.module_virtual_wan) > 0 - private_dns_enabled = length(local.module_private_dns) > 0 + hub_networking_enabled = length(local.module_hub_and_spoke_vnet) > 0 + virtual_wan_enabled = length(local.module_virtual_wan) > 0 + private_dns_enabled = length(local.module_private_dns) > 0 } diff --git a/templates/complete_multi_region/management-groups.tf b/templates/complete_multi_region/management-groups.tf index 63b40473..4d0f255b 100644 --- a/templates/complete_multi_region/management-groups.tf +++ b/templates/complete_multi_region/management-groups.tf @@ -4,7 +4,7 @@ module "management_groups" { count = length(local.management_groups) > 0 ? 1 : 0 - disable_telemetry = try(local.management_groups.disable_telemetry, true) + disable_telemetry = try(local.management_groups.disable_telemetry, !local.enable_telemetry) default_location = try(local.management_groups.default_location, var.starter_locations[0]) root_parent_id = try(local.management_groups.root_parent_id, data.azurerm_client_config.current.tenant_id) archetype_config_overrides = try(local.management_groups.archetype_config_overrides, {}) diff --git a/templates/complete_multi_region/networking-hub-and-spoke-vnet.tf b/templates/complete_multi_region/networking-hub-and-spoke-vnet.tf index dc057825..69254dff 100644 --- a/templates/complete_multi_region/networking-hub-and-spoke-vnet.tf +++ b/templates/complete_multi_region/networking-hub-and-spoke-vnet.tf @@ -5,6 +5,7 @@ module "hub_and_spoke_vnet" { count = length(local.hub_virtual_networks) > 0 ? 1 : 0 hub_virtual_networks = local.module_hub_and_spoke_vnet.hub_virtual_networks + enable_telemetry = try(local.module_hub_and_spoke_vnet.enable_telemetry, local.enable_telemetry) providers = { azurerm = azurerm.connectivity @@ -29,7 +30,6 @@ module "virtual_network_gateway" { default_tags = try(each.value.default_tags, null) subnet_creation_enabled = try(each.value.subnet_creation_enabled, null) edge_zone = try(each.value.edge_zone, null) - enable_telemetry = false express_route_circuits = try(each.value.express_route_circuits, null) ip_configurations = try(each.value.ip_configurations, null) local_network_gateways = try(each.value.local_network_gateways, null) @@ -46,6 +46,7 @@ module "virtual_network_gateway" { route_table_creation_enabled = try(each.value.route_table_creation_enabled, null) route_table_name = try(each.value.route_table_name, null) route_table_tags = try(each.value.route_table_tags, null) + enable_telemetry = try(each.value.enable_telemetry, local.enable_telemetry) providers = { azurerm = azurerm.connectivity diff --git a/templates/complete_multi_region/networking-private-dns.tf b/templates/complete_multi_region/networking-private-dns.tf index 0626a100..f9a4fb09 100644 --- a/templates/complete_multi_region/networking-private-dns.tf +++ b/templates/complete_multi_region/networking-private-dns.tf @@ -1,14 +1,32 @@ +module "private_dns_zones_resource_group" { + source = "Azure/avm-res-resources-resourcegroup/azurerm" + version = "0.1.0" + + count = local.private_dns_enabled ? 1 : 0 + + name = try(local.module_private_dns.resource_group_name, "rg-dns-${var.starter_locations[0]}") + location = try(local.module_private_dns.location, var.starter_locations[0]) + enable_telemetry = try(local.module_private_dns.enable_telemetry, local.enable_telemetry) + + providers = { + azurerm = azurerm.connectivity + } +} + module "private_dns_zones" { source = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm" version = "0.4.0" - + for_each = local.private_dns_location_map - location = each.key - resource_group_name = try(local.module_private_dns.resource_group_name, null) - resource_group_creation_enabled = try(local.module_private_dns.resource_group_creation_enabled, true) + location = each.key + resource_group_name = module.private_dns_zones_resource_group[0].name + resource_group_creation_enabled = false virtual_network_resource_ids_to_link_to = local.private_dns_virtual_networks - private_link_private_dns_zones = each.value.is_primary ? null : local.private_dns_secondary_zones + private_link_private_dns_zones = each.value.is_primary ? null : local.private_dns_secondary_zones + enable_telemetry = try(local.module_private_dns.enable_telemetry, local.enable_telemetry) + + depends_on = [module.private_dns_zones_resource_group] providers = { azurerm = azurerm.connectivity diff --git a/templates/complete_multi_region/networking-virtual-wan.tf b/templates/complete_multi_region/networking-virtual-wan.tf index 74e6ffd9..eef02c49 100644 --- a/templates/complete_multi_region/networking-virtual-wan.tf +++ b/templates/complete_multi_region/networking-virtual-wan.tf @@ -7,7 +7,6 @@ module "virtual_wan" { allow_branch_to_branch_traffic = try(local.module_virtual_wan.allow_branch_to_branch_traffic, null) create_resource_group = try(local.module_virtual_wan.create_resource_group, null) disable_vpn_encryption = try(local.module_virtual_wan.disable_vpn_encryption, null) - enable_telemetry = try(local.module_virtual_wan.enable_telemetry, null) er_circuit_connections = try(local.module_virtual_wan.er_circuit_connections, null) expressroute_gateways = try(local.module_virtual_wan.expressroute_gateways, null) firewalls = try(local.module_virtual_wan.firewalls, null) @@ -27,6 +26,7 @@ module "virtual_wan" { vpn_site_connections = try(local.module_virtual_wan.vpn_site_connections, null) vpn_sites = try(local.module_virtual_wan.vpn_sites, null) tags = try(local.module_virtual_wan.tags, null) + enable_telemetry = try(local.module_virtual_wan.enable_telemetry, local.enable_telemetry) providers = { azurerm = azurerm.connectivity @@ -42,9 +42,10 @@ module "virtual_network_private_dns" { version = "0.4.0" count = local.virtual_wan_enabled ? 1 : 0 - - address_space = [ try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_address_space, null) ] - location = try(local.module_virtual_wan.private_dns_location, var.starter_locations[0]) - name = try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_name, "vnet-private-dns") + + address_space = [try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_address_space, null)] + location = try(local.module_virtual_wan.private_dns_location, var.starter_locations[0]) + name = try(local.module_hub_and_spoke_vnet.private_dns_virtual_network_name, "vnet-private-dns") resource_group_name = try(local.module_virtual_wan.resource_group_name, null) + enable_telemetry = try(local.module_virtual_wan.enable_telemetry, local.enable_telemetry) } \ No newline at end of file