Explore the diagrams Β»
Report a Bug Β· Request a Feature Β· Ask a Question
Table of Contents
Creates Hub & Spoke network architecture in Microsoft Azure. Supports common lifecycle patterns for soft and hard deletion/removal. Disabled all public access by default. -- Part of stackx.
βΉοΈ Architecture Diagrams
| Placeholder | Rover |
|---|---|
 |
 |
- AWS credentials
- Terraform
To get started, clone the projects, check all configurable Inputs and deploy everything with make.
git clone https://github.com/ventx/terraform-azurerm-stackx-network.git
make all # init, validate, plan, applyYou can run this module in conjunction with other stackx components (recommended) or as single-use (build your own).
Deployment time: around 1 minute
This is just a bare minimum example of how to use the module. See all available stackx modules here: https://github.com/ventx
module "azure-network" {
source = "ventx/stackx-network/azurerm"
version = "0.1.0" // Pinned and tested version, generated by {x-release-please-version}
} module "azure-network" {
source = "ventx/stackx-network/azurerm"
version = "0.1.0" // Pinned and tested version, generated by {x-release-please-version}
rg_group = "my-resource-group"
}- Simple and easy to use, just the bare minimum
- Control-Plan logs ingested to CloudWatch via KMS encryption
- IAM OIDC provider to be used with EKS IRSA
- EKS
- IAM OIDC provider
- SecurityGroup
- SecurityGroup rules
- KMS Key
- KMS Key Alias
Our Terraform modules are are highly opionated:
- Keep modules small, focused, simple and easy to understand
- Prefer simple code over complex code
- Prefer KISS > DRY
- Set some sane default values for variables, but do not set a default value if user input is strictly required
These opinions can be seen as some "soft" rules but which are not strictly required.
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| azurerm | >= 3.3.0 |
| Name | Version |
|---|---|
| azurerm | 3.77.0 |
No modules.
| Name | Type |
|---|---|
| azurerm_nat_gateway.natgw | resource |
| azurerm_nat_gateway_public_ip_association.assing | resource |
| azurerm_nat_gateway_public_ip_prefix_association.assign | resource |
| azurerm_public_ip.natgw | resource |
| azurerm_public_ip_prefix.prefix | resource |
| azurerm_route_table.rt | resource |
| azurerm_subnet.aks | resource |
| azurerm_subnet.ingress | resource |
| azurerm_subnet.natgw | resource |
| azurerm_subnet_nat_gateway_association.attach | resource |
| azurerm_subnet_route_table_association.rtassoc | resource |
| azurerm_virtual_network.hub1_natgwvnet | resource |
| azurerm_virtual_network.spoke1_kubevnet | resource |
| azurerm_virtual_network_peering.HubToSpoke1 | resource |
| azurerm_virtual_network_peering.Spoke1ToHub | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Base Name for all resources (preferably generated by terraform-null-label) | string |
"stackx-network" |
no |
| region | AKS region (e.g. West Europe) -> az account list-locations --output table |
string |
"East US" |
no |
| rg_name | Name of Azure Resource Group | string |
n/a | yes |
| single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | bool |
false |
no |
| tags | User specific Tags / Labels to attach to resources (will be merged with module tags) | map(string) |
{ |
no |
| vpc_cidr_hub | hub1-firewalvnet Azure Virtual Network VPC CIDR network block (e.g. 10.1.0.0/16) |
string |
"10.20.0.0/16" |
no |
| vpc_cidr_kubevnet | spoke1-kubevnet Azure Virtual Network VPC CIDR network block (e.g. 10.1.0.0/16) |
string |
"10.10.0.0/16" |
no |
| Name | Description |
|---|---|
| aks_subnet_address_prefixes | Subnet 2 - AKS address prefixes |
| aks_subnet_id | Subnet 2 - AKS Subnet ID |
| hub1_natgwvnet_address_space | n/a |
| hub1_natgwvnet_network_name | n/a |
| hub1_natgwvnet_vpc_cidr | n/a |
| ingress_subnet_address_prefixes | Subnet 1 - Ingress address prefixes |
| ingress_subnet_id | Subnet 1 - Ingress Subnet ID |
| natgw_public_ip_address | natgw - Public IP address |
| natgw_public_ip_prefix | natgw - Public IP Prefix |
| natgw_subnet_address_prefixes | natgw Subnet address prefixes |
| natgw_subnet_id | natgw (NAT Gatway) - Ingress Subnet ID |
| spoke1_kubevnet_address_space | n/a |
| spoke1_kubevnet_network_name | n/a |
| spoke1_kubevnet_vpc_cidr | n/a |
If you need professional support directly by the maintainers of the project, don't hesitate to contact us:
- GitHub issues
- Contact options listed on this GitHub profile
If you want to say thank you or/and support active development of terraform-azurerm-stackx-network:
- Add a GitHub Star to the project.
- Tweet about the terraform-azurerm-stackx-network.
- Write interesting articles about the project on Dev.to, Medium or your personal blog.
Together, we can make terraform-azurerm-stackx-network better!
First off, thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody else and are greatly appreciated.
Please read our contribution guidelines, and thank you for being involved!
terraform-azurerm-stackx-network follows good practices of security, but 100% security cannot be assured. terraform-azurerm-stackx-network is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the Apache 2.0 license.
See LICENSE for more information.
- All open source contributors who made this possible
See the open issues for a list of proposed features (and known issues).
- Top Feature Requests (Add your votes using the π reaction)
- Top Bugs (Add your votes using the π reaction)
- Newest Bugs