Merge pull request #10 from Ontotext-AD/TES-347_Bastion

Added Bastion Module

main.tf

@@ -122,6 +122,24 @@ module "graphdb_image" {
   graphdb_image_id = var.graphdb_image_id
 }
 
+module "bastion" {
+  count = var.deploy_bastion ? 1 : 0
+
+  source = "./modules/bastion"
+
+  resource_group_name           = azurerm_resource_group.graphdb.name
+  virtual_network_name          = azurerm_virtual_network.graphdb.name
+  resource_name_prefix          = var.resource_name_prefix
+  bastion_subnet_address_prefix = var.bastion_subnet_address_prefix
+
+  tags = local.tags
+
+  depends_on = [
+    azurerm_resource_group.graphdb,
+    azurerm_virtual_network.graphdb
+  ]
+}
+
 # Creates a VM scale set for GraphDB and GraphDB cluster proxies
 module "vm" {
   source = "./modules/vm"

modules/bastion/main.tf

@@ -0,0 +1,37 @@
+data "azurerm_resource_group" "graphdb" {
+  name = var.resource_group_name
+}
+
+data "azurerm_virtual_network" "graphdb" {
+  name                = var.virtual_network_name
+  resource_group_name = data.azurerm_resource_group.graphdb.name
+}
+
+resource "azurerm_subnet" "subnet" {
+  name                 = "AzureBastionSubnet"
+  resource_group_name  = data.azurerm_resource_group.graphdb.name
+  virtual_network_name = data.azurerm_virtual_network.graphdb.name
+  address_prefixes     = var.bastion_subnet_address_prefix
+}
+
+resource "azurerm_public_ip" "publicIP" {
+  name                = "${var.resource_name_prefix}_bastion_publicIP"
+  location            = data.azurerm_resource_group.graphdb.location
+  resource_group_name = data.azurerm_resource_group.graphdb.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+  tags                = var.tags
+}
+
+resource "azurerm_bastion_host" "bastionHost" {
+  name                = "${var.resource_name_prefix}_bastion"
+  location            = data.azurerm_resource_group.graphdb.location
+  resource_group_name = data.azurerm_resource_group.graphdb.name
+  tags                = var.tags
+
+  ip_configuration {
+    name                 = "configuration"
+    subnet_id            = azurerm_subnet.subnet.id
+    public_ip_address_id = azurerm_public_ip.publicIP.id
+  }
+}

modules/bastion/variables.tf

@@ -0,0 +1,30 @@
+# Common configurations
+
+variable "resource_group_name" {
+  description = "Name of the resource group where Bastion will be deployed."
+  type        = string
+}
+
+variable "resource_name_prefix" {
+  description = "Resource name prefix"
+  type        = string
+}
+
+variable "tags" {
+  description = "Common resource tags."
+  type        = map(string)
+  default     = {}
+}
+
+# Networking
+
+variable "virtual_network_name" {
+  description = "Virtual network where Bastion will be deployed"
+  type        = string
+}
+
+variable "bastion_subnet_address_prefix" {
+  description = "Bastion subnet address prefix"
+  type        = list(string)
+  default     = ["10.0.3.0/27"]
+}

modules/bastion/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3.1"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.71.0"
+    }
+  }
+}

variables.tf

@@ -123,3 +123,15 @@ variable "data_disk_performance_tier" {
   type        = string
   default     = "P40"
 }
+
+variable "deploy_bastion" {
+  description = "Deploy bastion module"
+  type        = bool
+  default     = false
+}
+
+variable "bastion_subnet_address_prefix" {
+  description = "Bastion subnet address prefix"
+  type        = list(string)
+  default     = ["10.0.3.0/27"]
+}