diff --git a/main.tf b/main.tf index 3247a07..7db510a 100644 --- a/main.tf +++ b/main.tf @@ -122,6 +122,24 @@ module "graphdb_image" { graphdb_image_id = var.graphdb_image_id } +module "bastion" { + count = var.deploy_bastion ? 1 : 0 + + source = "./modules/bastion" + + resource_group_name = azurerm_resource_group.graphdb.name + virtual_network_name = azurerm_virtual_network.graphdb.name + resource_name_prefix = var.resource_name_prefix + bastion_subnet_address_prefix = var.bastion_subnet_address_prefix + + tags = local.tags + + depends_on = [ + azurerm_resource_group.graphdb, + azurerm_virtual_network.graphdb + ] +} + # Creates a VM scale set for GraphDB and GraphDB cluster proxies module "vm" { source = "./modules/vm" diff --git a/modules/bastion/main.tf b/modules/bastion/main.tf new file mode 100644 index 0000000..5ac6051 --- /dev/null +++ b/modules/bastion/main.tf @@ -0,0 +1,37 @@ +data "azurerm_resource_group" "graphdb" { + name = var.resource_group_name +} + +data "azurerm_virtual_network" "graphdb" { + name = var.virtual_network_name + resource_group_name = data.azurerm_resource_group.graphdb.name +} + +resource "azurerm_subnet" "subnet" { + name = "AzureBastionSubnet" + resource_group_name = data.azurerm_resource_group.graphdb.name + virtual_network_name = data.azurerm_virtual_network.graphdb.name + address_prefixes = var.bastion_subnet_address_prefix +} + +resource "azurerm_public_ip" "publicIP" { + name = "${var.resource_name_prefix}_bastion_publicIP" + location = data.azurerm_resource_group.graphdb.location + resource_group_name = data.azurerm_resource_group.graphdb.name + allocation_method = "Static" + sku = "Standard" + tags = var.tags +} + +resource "azurerm_bastion_host" "bastionHost" { + name = "${var.resource_name_prefix}_bastion" + location = data.azurerm_resource_group.graphdb.location + resource_group_name = data.azurerm_resource_group.graphdb.name + tags = var.tags + + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.subnet.id + public_ip_address_id = azurerm_public_ip.publicIP.id + } +} diff --git a/modules/bastion/variables.tf b/modules/bastion/variables.tf new file mode 100644 index 0000000..35c4b8a --- /dev/null +++ b/modules/bastion/variables.tf @@ -0,0 +1,30 @@ +# Common configurations + +variable "resource_group_name" { + description = "Name of the resource group where Bastion will be deployed." + type = string +} + +variable "resource_name_prefix" { + description = "Resource name prefix" + type = string +} + +variable "tags" { + description = "Common resource tags." + type = map(string) + default = {} +} + +# Networking + +variable "virtual_network_name" { + description = "Virtual network where Bastion will be deployed" + type = string +} + +variable "bastion_subnet_address_prefix" { + description = "Bastion subnet address prefix" + type = list(string) + default = ["10.0.3.0/27"] +} diff --git a/modules/bastion/versions.tf b/modules/bastion/versions.tf new file mode 100644 index 0000000..4811298 --- /dev/null +++ b/modules/bastion/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.1" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.71.0" + } + } +} diff --git a/variables.tf b/variables.tf index b6d4be2..aef62b1 100644 --- a/variables.tf +++ b/variables.tf @@ -123,3 +123,15 @@ variable "data_disk_performance_tier" { type = string default = "P40" } + +variable "deploy_bastion" { + description = "Deploy bastion module" + type = bool + default = false +} + +variable "bastion_subnet_address_prefix" { + description = "Bastion subnet address prefix" + type = list(string) + default = ["10.0.3.0/27"] +}