natgateway configuraiton

Author: kumarvna

.gitignore

@@ -4,6 +4,7 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
+*.terraform.lock.hcl
 
 # Crash log files
 crash.log

examples/complete/main.tf

@@ -0,0 +1,48 @@
+# Azurerm Provider configuration
+provider "azurerm" {
+  features {}
+}
+
+module "nat-gateway" {
+  // source  = "kumarvna/nat-gateway/azurerm"
+  // version = "1.0.0"
+  source = "../../"
+
+  # By default, this module will not create a resource group. Location will be same as existing RG.
+  # proivde a name to use an existing resource group, specify the existing resource group name, 
+  # set the argument to `create_resource_group = true` to create new resrouce group.
+  #   # The Subnet must have the name `AzureFirewallSubnet` and the subnet mask must be at least a /26
+  resource_group_name = "rg-shared-westeurope-01"
+  location            = "westeurope"
+
+  nat_gateway = {
+    testnatgateway1 = {
+      availability_zone       = ["1"]
+      public_ip_prefix_length = 30
+      idle_timeout_in_minutes = 10
+      subnet_id = [
+        "/subscriptions/1e3f0eeb-2235-44cd-b3a3-dcded0861d06/resourceGroups/rg-shared-westeurope-01/providers/Microsoft.Network/virtualNetworks/vnet-shared-hub-westeurope-001/subnets/snet-management",
+        "/subscriptions/1e3f0eeb-2235-44cd-b3a3-dcded0861d06/resourceGroups/rg-shared-westeurope-01/providers/Microsoft.Network/virtualNetworks/vnet-shared-hub-westeurope-001/subnets/snet-testnetwork1"
+      ]
+    },
+    testnatgateway-zone2 = {
+      availability_zone       = ["2"]
+      public_ip_prefix_length = 30
+      idle_timeout_in_minutes = 10
+      subnet_id               = ["/subscriptions/1e3f0eeb-2235-44cd-b3a3-dcded0861d06/resourceGroups/rg-shared-westeurope-01/providers/Microsoft.Network/virtualNetworks/vnet-shared-hub-westeurope-001/subnets/snet-appgateway"]
+    }
+  }
+
+  # (Optional) To enable Azure Monitoring for Azure MySQL database
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  #log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Adding TAG's to your Azure resources 
+  tags = {
+    ProjectName  = "demo-internal"
+    Env          = "dev"
+    Owner        = "user@example.com"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}

main.tf

@@ -0,0 +1,100 @@
+#---------------------------------
+# Local declarations
+#---------------------------------
+locals {
+  resource_group_name = element(coalescelist(data.azurerm_resource_group.rgrp.*.name, azurerm_resource_group.rg.*.name, [""]), 0)
+  location            = element(coalescelist(data.azurerm_resource_group.rgrp.*.location, azurerm_resource_group.rg.*.location, [""]), 0)
+  nat_gateway_zones   = { for zone in var.nat_gateway_zones : zone => true }
+}
+
+#---------------------------------------------------------
+# Resource Group Creation or selection - Default is "true"
+#----------------------------------------------------------
+data "azurerm_resource_group" "rgrp" {
+  count = var.create_resource_group == false ? 1 : 0
+  name  = var.resource_group_name
+}
+
+resource "azurerm_resource_group" "rg" {
+  count    = var.create_resource_group ? 1 : 0
+  name     = lower(var.resource_group_name)
+  location = var.location
+  tags     = merge({ "ResourceName" = format("%s", var.resource_group_name) }, var.tags, )
+}
+
+data "azurerm_log_analytics_workspace" "logws" {
+  count               = var.log_analytics_workspace_name != null ? 1 : 0
+  name                = var.log_analytics_workspace_name
+  resource_group_name = local.resource_group_name
+}
+
+data "azurerm_storage_account" "storeacc" {
+  count               = var.storage_account_name != null ? 1 : 0
+  name                = var.storage_account_name
+  resource_group_name = local.resource_group_name
+}
+
+#--------------------------------------------
+# Public IP resources for Azure NAT Gateway
+#--------------------------------------------
+resource "azurerm_public_ip_prefix" "ng-pref" {
+  for_each            = var.nat_gateway
+  name                = lower("${each.key}-pip-prefix")
+  resource_group_name = local.resource_group_name
+  location            = local.location
+  prefix_length       = lookup(each.value, "public_ip_prefix_length", 30)
+  availability_zone   = element(coalescelist(each.value["availability_zone"], [""]), 0)
+  tags                = merge({ "ResourceName" = lower("${each.key}-pip-prefix") }, var.tags, )
+}
+
+resource "azurerm_public_ip" "ng-pip" {
+  for_each            = var.nat_gateway
+  name                = lower("${each.key}-nat-gateway-pip")
+  location            = local.location
+  resource_group_name = local.resource_group_name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+  availability_zone   = element(coalescelist(each.value["availability_zone"], [""]), 0)
+  tags                = merge({ "ResourceName" = lower("${each.key}-nat-gateway-pip") }, var.tags, )
+}
+
+#--------------------------------------------
+# Azure NAT Gateway configuration 
+#--------------------------------------------
+resource "azurerm_nat_gateway" "main" {
+  for_each                = var.nat_gateway
+  name                    = format("%s", each.key)
+  resource_group_name     = local.resource_group_name
+  location                = local.location
+  idle_timeout_in_minutes = lookup(each.value, "idle_timeout_in_minutes", 4)
+  sku_name                = "Standard"
+  zones                   = each.value["availability_zone"]
+  tags                    = merge({ "ResourceName" = format("%s", each.key) }, var.tags, )
+}
+
+#-----------------------------------------------------
+# Association between a Nat Gateway and a Public IP.
+#-----------------------------------------------------
+resource "azurerm_nat_gateway_public_ip_association" "main" {
+  for_each             = var.nat_gateway
+  nat_gateway_id       = azurerm_nat_gateway.main[each.key].id
+  public_ip_address_id = azurerm_public_ip.ng-pip[each.key].id
+}
+
+#-----------------------------------------------------------
+# Association between a Nat Gateway and a Public IP Prefix.
+#-----------------------------------------------------------
+resource "azurerm_nat_gateway_public_ip_prefix_association" "main" {
+  for_each            = var.nat_gateway
+  nat_gateway_id      = azurerm_nat_gateway.main[each.key].id
+  public_ip_prefix_id = azurerm_public_ip_prefix.ng-pref[each.key].id
+}
+
+#-----------------------------------------------------------
+# Association between a Nat Gateway and a Public IP Prefix.
+#-----------------------------------------------------------
+resource "azurerm_subnet_nat_gateway_association" "main" {
+  for_each       = var.nat_gateway
+  nat_gateway_id = azurerm_nat_gateway.main[each.key].id
+  subnet_id      = each.value
+}

output.tf

@@ -0,0 +1,56 @@
+variable "create_resource_group" {
+  description = "Whether to create resource group and use it for all networking resources"
+  default     = false
+}
+
+variable "resource_group_name" {
+  description = "A container that holds related resources for an Azure solution"
+  default     = ""
+}
+
+variable "location" {
+  description = "The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table'"
+  default     = ""
+}
+
+variable "nat_gateway_zones" {
+  description = "Public ips is a list of ip names that are connected to the firewall. At least one is required."
+  type        = list(string)
+  default     = [1]
+}
+
+variable "public_ip_prefix_length" {
+  description = "Specifies the number of bits of the prefix. The value can be set between 0 (4,294,967,296 addresses) and 31 (2 addresses)."
+  default     = 30
+}
+
+variable "nat_gateway_name" {
+  description = "Specifies the name of the NAT Gateway."
+  default     = ""
+}
+
+variable "log_analytics_workspace_name" {
+  description = "The name of log analytics workspace name"
+  default     = null
+}
+
+variable "storage_account_name" {
+  description = "The name of the hub storage account to store logs"
+  default     = null
+}
+
+variable "nat_gateway" {
+  description = "value"
+  type = map(object({
+    public_ip_prefix_length = number
+    availability_zone       = optional(list(string))
+    idle_timeout_in_minutes = optional(number)
+    subnet_id               = optional(list(string))
+  }))
+}
+
+variable "tags" {
+  description = "A map of tags to add to all resources"
+  type        = map(string)
+  default     = {}
+}

variables.tf

@@ -0,0 +1,10 @@
+terraform {
+  experiments = [module_variable_optional_attrs]
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 2.59.0"
+    }
+  }
+  required_version = ">= 0.13"
+}