feat: upgrade modules and add resiliency by default (#130)

## Overview/Summary Replace this with a brief description of what this Pull Request fixes, changes, etc. ## This PR fixes/adds/changes/removes 1. *Replace me* 2. *Replace me* 3. *Replace me* ### Breaking Changes 1. *Replace me* 2. *Replace me* ## Testing Evidence Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate). ## As part of this Pull Request I have - [ ] Checked for duplicate [Pull Requests](https://github.com/Azure/alz-terraform-accelerator/pulls) - [ ] Associated it with relevant [issues](https://github.com/Azure/alz-terraform-accelerator/issues), for tracking and closure. - [ ] Ensured my code/branch is up-to-date with the latest changes in the `main` [branch](https://github.com/Azure/alz-terraform-accelerator/tree/main) - [ ] Performed testing and provided evidence. - [ ] Updated relevant and associated documentation.
Azure · Apr 14, 2024 · c08edf4 · c08edf4
1 parent be0284d
commit c08edf4
Show file tree

Hide file tree

Showing 15 changed files with 312 additions and 187 deletions.
diff --git a/docs/wiki/[User-Guide]-Starter-Module-Complete.md b/docs/wiki/[User-Guide]-Starter-Module-Complete.md
@@ -3,10 +3,11 @@ The `complete` starter module provides full customization of the Azure Landing Z
 A custom `config.yaml` file can be passed to the `additional_files` argument of the ALZ PowerShell Module. This allows you to firstly design your Azure Landing Zone, and then deploy it.
 If not specified, the default `config.yaml` file will be used, which is as follows:
 
-  ```yaml
+```yaml
 # This file contains templated variables to avoid repeating the same hard-coded values.
 # Templated variables are denoted by the dollar curly braces token. The following details each templated variable that you can use:
 # `default_location`: This is an Azure location sourced from the `default_location` variable. This can be used to set the location of resources.
+# `default_postfix`: This is a string sourced from the variable `default_postfix`. This can be used to append to resource names for consistency.
 # `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under.
 # `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`.
 # `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`.
@@ -15,7 +16,6 @@ If not specified, the default `config.yaml` file will be used, which is as follo
 archetypes: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
   root_name: es
   root_id: Enterprise-Scale
-
   subscription_id_connectivity: ${subscription_id_connectivity}
   subscription_id_identity: ${subscription_id_identity}
   subscription_id_management: ${subscription_id_management}
@@ -57,13 +57,17 @@ connectivity:
           sku_name: AZFW_VNet
           sku_tier: Standard
           subnet_address_prefix: 10.0.1.0/24
-        virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
+          zones: ["1", "2", "3"]
+          default_ip_configuration:
+            public_ip_config:
+              zones: ["1", "2", "3"]
+              name: "pip-hub"
+        virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary.
           name: vgw-hub
-          sku: VpnGw1
-          type: Vpn
           subnet_address_prefix: 10.0.2.0/24
+  vwan: # `avm-ptn-vwan` module, add inputs as listed on the module registry where necessary.
 
-  ```
+```
 
 The `config.yaml` file also comes with helpful templated variables such as `default_location` and `root_parent_management_group_id` which get prompted for during the ALZ PowerShell Module run. Alternatively, you can opt to not use the templated variables and hard-code the values in the `config.yaml` file.
 
@@ -90,6 +94,10 @@ This module can be extended to deploy multiple Virtual Networks at scale, Route
 
 The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. Further configuration can be added (depending on requirements) to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways, and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway).
 
+### `avm-ptn-vwan`
+
+The `avm-ptn-vwan` module is used to deploy a Virtual WAN. Further configuration can be added (depending on requirements) to deploy VPN Sites, configure VPN Connections, and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vwan).
+
 ## Inputs
 
 - `default_location`: The default location to deploy resources to.

diff --git a/docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md b/docs/wiki/[User-Guide]-Starter-Module-HubNetworking.md
@@ -18,7 +18,7 @@ The `hubnetworking` module is used to deploy connectivity resources such as Virt
 
 ### `avm-ptn-vnetgateway`
 
-The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. By default, the resources of the module will not be deployed unless `virtual_network_gateway_creation_enabled` is set to true, if so, the module will deploy a VPN Gateway with SKU VpnGw1.
+The `avm-ptn-vnetgateway` module is used to deploy a Virtual Network Gateway inside your Virtual Network. By default, the resources of the module will not be deployed unless `virtual_network_gateway_creation_enabled` is set to true, if so, the module will deploy a ExpressRoute Gateway with SKU ErGw1AZ.
  Further configuration can be added depending on requirements to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways and more. Additional information on the module can be found [here](https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway).
 
 ## Inputs

diff --git a/docs/wiki/[User-Guide]-YAML-Schema-Reference.md b/docs/wiki/[User-Guide]-YAML-Schema-Reference.md
@@ -133,11 +133,11 @@ connectivity:
         resource_group_name: # string
         location: # string
         address_space: # list
-        virtual_network_gateway: # Arguments from https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway/blob/v0.2.0/variables.tf converted to YAML.
+        virtual_network_gateway: # Arguments from https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway/blob/v0.3.0/variables.tf converted to YAML.
           name: # string
           sku: # string
           subnet_address_prefix: # string
-          subnet_id: # string
+          subnet_creation_enabled: # boolean
           type: # string
           default_tags: # object
           edge_zone: # string
@@ -151,6 +151,11 @@ connectivity:
           vpn_generation: # string
           vpn_point_to_site: # object
           vpn_type: # string
+          vpn_private_ip_address_enabled: # boolean
+          route_table_bgp_route_propagation_enabled: # boolean
+          route_table_creation_enabled: # boolean
+          route_table_name: # string
+          route_table_tags: # object
 
 ```
 
@@ -178,6 +183,40 @@ connectivity:
           subnet_address_prefix: 10.0.2.0/24
 ```
 
+## `connectivity.vwan`
+
+Specifies the hub networking configuration to be used from the `terraform-azurerm-avm-ptn-virtualwan` module.
+
+```yaml
+
+connectivity:
+  vwan: # Arguments from https://github.com/Azure/terraform-azurerm-avm-ptn-virtualwan/blob/v0.4.0/variables.tf converted to YAML.
+    allow_branch_to_branch_traffic: # boolean
+    create_resource_group: # boolean
+    disable_vpn_encryption: # boolean
+    enable_telemetry: # boolean
+    er_circuit_connections: # object
+    expressroute_gateways: # object
+    firewalls: # object
+    location: # string
+    office365_local_breakout_category
+    p2s_gateway_vpn_server_configurations: # object
+    p2s_gateways: # object
+    resource_group_name: # string
+    resource_group_tags: # object
+    routing_intents: # object
+    telemetry_resource_group_name: # string
+    type: # string
+    virtual_hubs: # object
+    virtual_network_connections: # object
+    virtual_wan_name: # string
+    virtual_wan_tags: # object
+    vpn_gateways: # object
+    vpn_site_connections: # object
+    vpn_sites: # object
+    tags: # object
+```
+
  [//]: # (************************)
  [//]: # (INSERT LINK LABELS BELOW)
  [//]: # (************************)
diff --git a/templates/basic/main.tf b/templates/basic/main.tf
@@ -1,6 +1,6 @@
 module "enterprise_scale" {
   source  = "Azure/caf-enterprise-scale/azurerm"
-  version = "4.2.0"
+  version = "~> 5.2.0"
 
   disable_telemetry = true
 

diff --git a/templates/basic/variables.tf b/templates/basic/variables.tf
@@ -1,37 +1,37 @@
 variable "default_location" {
-  description = "The location for Azure resources. (e.g 'uksouth')|1|azure_location"
-  type        = string
-}
-
-variable "root_parent_management_group_id" {
-  description = "The parent management group id. Defaults to `Tenant Root Group` if not supplied.|2"
   type        = string
-  default     = ""
+  description = "The location for Azure resources. (e.g 'uksouth')|1|azure_location"
 }
 
 variable "subscription_id_connectivity" {
-  description = "The identifier of the Connectivity Subscription. (e.g '00000000-0000-0000-0000-000000000000')|3|azure_subscription_id"
   type        = string
+  description = "The identifier of the Connectivity Subscription. (e.g '00000000-0000-0000-0000-000000000000')|3|azure_subscription_id"
 }
 
 variable "subscription_id_identity" {
-  description = "The identifier of the Identity Subscription. (e.g '00000000-0000-0000-0000-000000000000')|4|azure_subscription_id"
   type        = string
+  description = "The identifier of the Identity Subscription. (e.g '00000000-0000-0000-0000-000000000000')|4|azure_subscription_id"
 }
 
 variable "subscription_id_management" {
-  description = "The identifier of the Management Subscription. (e.g 00000000-0000-0000-0000-000000000000)|5|azure_subscription_id"
   type        = string
+  description = "The identifier of the Management Subscription. (e.g 00000000-0000-0000-0000-000000000000)|5|azure_subscription_id"
 }
 
 variable "root_id" {
-  description = "The root id is the identity for the root management group and a prefix applied to all management group identities|6|azure_name"
   type        = string
   default     = "es"
+  description = "The root id is the identity for the root management group and a prefix applied to all management group identities|6|azure_name"
 }
 
 variable "root_name" {
-  description = "The display name for the root management group|7|azure_name"
   type        = string
   default     = "Enterprise-Scale"
+  description = "The display name for the root management group|7|azure_name"
+}
+
+variable "root_parent_management_group_id" {
+  type        = string
+  default     = ""
+  description = "The parent management group id. Defaults to `Tenant Root Group` if not supplied.|2"
 }
diff --git a/templates/complete/config.yaml b/templates/complete/config.yaml
@@ -7,7 +7,7 @@
 # `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`.
 # `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`.
 ---
-archetypes:  # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
+archetypes: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
   root_name: es
   root_id: Enterprise-Scale
   subscription_id_connectivity: ${subscription_id_connectivity}
@@ -38,7 +38,7 @@ archetypes:  # `caf-enterprise-scale` module, add inputs as listed on the module
           management:
             name: aa-management
 connectivity:
-  hubnetworking:  # `hubnetworking` module, add inputs as listed on the module registry where necessary.
+  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
     hub_virtual_networks:
       primary:
         name: vnet-hub
@@ -51,8 +51,12 @@ connectivity:
           sku_name: AZFW_VNet
           sku_tier: Standard
           subnet_address_prefix: 10.0.1.0/24
-        virtual_network_gateway:  # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
+          zones: ["1", "2", "3"]
+          default_ip_configuration:
+            public_ip_config:
+              zones: ["1", "2", "3"]
+              name: "pip-hub"
+        virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary.
           name: vgw-hub
-          sku: VpnGw1
-          type: Vpn
           subnet_address_prefix: 10.0.2.0/24
+  vwan: # `avm-ptn-virtualwan` module, add inputs as listed on the module registry where necessary.
diff --git a/templates/complete/locals.tf b/templates/complete/locals.tf
@@ -1,12 +1,15 @@
 locals {
-  const_yaml = "yaml"
-  const_yml  = "yml"
-
+  config_file_extension = replace(lower(element(local.config_file_split, length(local.config_file_split) - 1)), local.const_yml, local.const_yaml)
   config_file_name      = var.configuration_file_path == "" ? "config.yaml" : basename(var.configuration_file_path)
   config_file_split     = split(".", local.config_file_name)
-  config_file_extension = replace(lower(element(local.config_file_split, length(local.config_file_split) - 1)), local.const_yml, local.const_yaml)
+  const_yaml            = "yaml"
+  const_yml             = "yml"
 }
 locals {
+  config = (local.config_file_extension == local.const_yaml ?
+    yamldecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables)) :
+    jsondecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables))
+  )
   config_template_file_variables = {
     default_location                = var.default_location
     default_postfix                 = var.default_postfix
@@ -15,11 +18,6 @@ locals {
     subscription_id_identity        = var.subscription_id_identity
     subscription_id_management      = var.subscription_id_management
   }
-
-  config = (local.config_file_extension == local.const_yaml ?
-    yamldecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables)) :
-    jsondecode(templatefile("${path.module}/${local.config_file_name}", local.config_template_file_variables))
-  )
 }
 locals {
   archetypes = try(merge(local.config.archetypes, {}), {})
@@ -37,11 +35,13 @@ locals {
     for key, hub_virtual_network in local.hub_virtual_networks : key => merge(
       hub_virtual_network.virtual_network_gateway,
       {
-        location                            = hub_virtual_network.location
-        virtual_network_name                = hub_virtual_network.name
-        virtual_network_resource_group_name = hub_virtual_network.resource_group_name
+        location           = hub_virtual_network.location
+        virtual_network_id = module.hubnetworking[0].virtual_networks[key].id
       }
     )
     if can(hub_virtual_network.virtual_network_gateway)
   }
 }
+locals {
+  module_vwan = try(merge(local.config.connectivity.vwan, {}), {})
+}