Merge pull request #1270 from robgil-dds/169163334-ssl-vpn

169163334 - Adds Virtual Network Gateway for VPN

terraform/modules/vpc/main.tf

@@ -37,7 +37,7 @@ resource "azurerm_subnet" "subnet" {
 
   # See https://github.com/terraform-providers/terraform-provider-azurerm/issues/3471
   lifecycle {
-     ignore_changes = [route_table_id]
+    ignore_changes = [route_table_id]
   }
   #delegation {
   #  name = "acctestdelegation"
@@ -57,16 +57,58 @@ resource "azurerm_route_table" "route_table" {
 }
 
 resource "azurerm_subnet_route_table_association" "route_table" {
-  for_each      = var.networks
+  for_each       = var.networks
-  subnet_id     = azurerm_subnet.subnet[each.key].id
+  subnet_id      = azurerm_subnet.subnet[each.key].id
   route_table_id = azurerm_route_table.route_table[each.key].id
 }
 
 resource "azurerm_route" "route" {
-  for_each      = var.route_tables
+  for_each            = var.route_tables
-  name          = "${var.name}-${var.environment}-default" 
+  name                = "${var.name}-${var.environment}-default"
   resource_group_name = azurerm_resource_group.vpc.name
-  route_table_name = azurerm_route_table.route_table[each.key].name
+  route_table_name    = azurerm_route_table.route_table[each.key].name
   address_prefix      = "0.0.0.0/0"
   next_hop_type       = each.value
 }
+
+# Required for the gateway
+resource "azurerm_subnet" "gateway" {
+  name                 = "GatewaySubnet"
+  resource_group_name  = azurerm_resource_group.vpc.name
+  virtual_network_name = azurerm_virtual_network.vpc.name
+  address_prefix       = var.gateway_subnet
+}
+
+
+resource "azurerm_public_ip" "vpn_ip" {
+  name                = "test"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+
+  allocation_method = "Dynamic"
+}
+
+resource "azurerm_virtual_network_gateway" "vnet_gateway" {
+  name                = "test"
+  location            = azurerm_resource_group.vpc.location
+  resource_group_name = azurerm_resource_group.vpc.name
+
+  type     = "Vpn"
+  vpn_type = "RouteBased"
+
+  active_active = false
+  enable_bgp    = false
+  sku           = "Standard"
+
+  ip_configuration {
+    name                          = "vnetGatewayConfig"
+    public_ip_address_id          = azurerm_public_ip.vpn_ip.id
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = azurerm_subnet.gateway.id
+  }
+
+  vpn_client_configuration {
+    address_space        = ["172.16.1.0/24"]
+    vpn_client_protocols = ["OpenVPN"]
+  }
+}

terraform/modules/vpc/variables.tf

@@ -41,3 +41,8 @@ variable "route_tables" {
   type        = map
   description = "A map with the route tables to create"
 }
+
+variable "gateway_subnet" {
+  type        = string
+  description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'"
+}

terraform/providers/dev/variables.tf

@@ -36,6 +36,12 @@ variable "networks" {
   }
 }
 
+variable "gateway_subnet" {
+  type    = string
+  default = "10.1.20.0/24"
+}
+
+
 variable "route_tables" {
   description = "Route tables and their default routes"
   type        = map

terraform/providers/dev/vpc.tf

@@ -4,6 +4,7 @@ module "vpc" {
   region          = var.region
   virtual_network = var.virtual_network
   networks        = var.networks
+  gateway_subnet  = var.gateway_subnet
   route_tables    = var.route_tables
   owner           = var.owner
   name            = var.name