From 0900c01d88dbfba77f4c90169b66577832991a72 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Mon, 27 Jan 2020 12:43:46 -0500 Subject: [PATCH 01/11] Adds log_analytics module and workspace --- terraform/modules/log_analytics/main.tf | 15 +++++++++++++++ terraform/modules/log_analytics/outputs.tf | 3 +++ terraform/modules/log_analytics/variables.tf | 19 +++++++++++++++++++ terraform/providers/dev/logs.tf | 8 ++++++++ 4 files changed, 45 insertions(+) create mode 100644 terraform/modules/log_analytics/main.tf create mode 100644 terraform/modules/log_analytics/outputs.tf create mode 100644 terraform/modules/log_analytics/variables.tf create mode 100644 terraform/providers/dev/logs.tf diff --git a/terraform/modules/log_analytics/main.tf b/terraform/modules/log_analytics/main.tf new file mode 100644 index 00000000..9bd8a353 --- /dev/null +++ b/terraform/modules/log_analytics/main.tf @@ -0,0 +1,15 @@ +resource "azurerm_resource_group" "log_workspace" { + name = "${var.name}-${var.environment}-log-workspace" + location = var.region +} + +resource "azurerm_log_analytics_workspace" "log_workspace" { + name = "${var.name}-${var.environment}-log-workspace" + location = azurerm_resource_group.log_workspace.location + resource_group_name = azurerm_resource_group.log_workspace.name + sku = "Premium" + tags = { + environment = var.environment + owner = var.owner + } +} diff --git a/terraform/modules/log_analytics/outputs.tf b/terraform/modules/log_analytics/outputs.tf new file mode 100644 index 00000000..da9abb5b --- /dev/null +++ b/terraform/modules/log_analytics/outputs.tf @@ -0,0 +1,3 @@ +output "workspace_id" { + value = azurerm_log_analytics_workspace.log_workspace.id +} diff --git a/terraform/modules/log_analytics/variables.tf b/terraform/modules/log_analytics/variables.tf new file mode 100644 index 00000000..4721a46a --- /dev/null +++ b/terraform/modules/log_analytics/variables.tf @@ -0,0 +1,19 @@ +variable "region" { + type = string + description = "Region this module and resources will be created in" +} + +variable "name" { + type = string + description = "Unique name for the services in this module" +} + +variable "environment" { + type = string + description = "Environment these resources reside (prod, dev, staging, etc)" +} + +variable "owner" { + type = string + description = "Owner of the environment and resources created in this module" +} diff --git a/terraform/providers/dev/logs.tf b/terraform/providers/dev/logs.tf new file mode 100644 index 00000000..23227066 --- /dev/null +++ b/terraform/providers/dev/logs.tf @@ -0,0 +1,8 @@ +module "logs" { + source = "../../modules/log_analytics" + owner = var.owner + environment = var.environment + region = var.region + name = var.name +} + From 3e4244fc6d887812ffe44e2919e97564cf197433 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Mon, 27 Jan 2020 12:44:08 -0500 Subject: [PATCH 02/11] Configures container registry to log to a log analytics workspace --- terraform/modules/container_registry/main.tf | 28 +++++++++++++++++-- .../modules/container_registry/variables.tf | 5 ++++ terraform/providers/dev/container_registry.tf | 3 +- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/terraform/modules/container_registry/main.tf b/terraform/modules/container_registry/main.tf index 30b2b1cc..48b9789d 100644 --- a/terraform/modules/container_registry/main.tf +++ b/terraform/modules/container_registry/main.tf @@ -36,8 +36,32 @@ resource "azurerm_container_registry" "acr" { virtual_network = [ for subnet in var.subnet_ids : { action = "Allow" - subnet_id = subnet.value + subnet_id = subnet } ] } -} \ No newline at end of file +} + +resource "azurerm_monitor_diagnostic_setting" "acr_diagnostic" { + name = "${var.name}-${var.environment}-acr-diag" + target_resource_id = azurerm_container_registry.acr.id + log_analytics_workspace_id = var.workspace_id + log { + category = "ContainerRegistryRepositoryEvents" + retention_policy { + enabled = true + } + } + log { + category = "ContainerRegistryLoginEvents" + retention_policy { + enabled = true + } + } + metric { + category = "AllMetrics" + retention_policy { + enabled = true + } + } +} diff --git a/terraform/modules/container_registry/variables.tf b/terraform/modules/container_registry/variables.tf index 48fbb64a..aa0ff23a 100644 --- a/terraform/modules/container_registry/variables.tf +++ b/terraform/modules/container_registry/variables.tf @@ -52,3 +52,8 @@ variable "whitelist" { description = "A map of whitelisted IPs and CIDR ranges. For single IPs, Azure expects just the IP, NOT a /32." default = {} } + +variable "workspace_id" { + description = "The Log Analytics Workspace ID" + type = string +} \ No newline at end of file diff --git a/terraform/providers/dev/container_registry.tf b/terraform/providers/dev/container_registry.tf index 805ef3e8..a6b76654 100644 --- a/terraform/providers/dev/container_registry.tf +++ b/terraform/providers/dev/container_registry.tf @@ -6,6 +6,7 @@ module "container_registry" { owner = var.owner backup_region = var.backup_region policy = "Deny" - subnet_ids = [] + subnet_ids = [module.vpc.subnet_list["private"].id] whitelist = var.admin_user_whitelist + workspace_id = module.logs.workspace_id } From b61bb6a4c46be3112d873646793b89be94508e9c Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Mon, 27 Jan 2020 12:44:28 -0500 Subject: [PATCH 03/11] Configures KeyVault to log to a log analytics workspace --- terraform/modules/keyvault/main.tf | 24 +++++++++++++++++++++++- terraform/modules/keyvault/variables.tf | 8 +++++++- terraform/providers/dev/keyvault.tf | 1 + terraform/providers/dev/secrets.tf | 1 + 4 files changed, 32 insertions(+), 2 deletions(-) diff --git a/terraform/modules/keyvault/main.tf b/terraform/modules/keyvault/main.tf index 1df84367..185c5b7d 100644 --- a/terraform/modules/keyvault/main.tf +++ b/terraform/modules/keyvault/main.tf @@ -76,4 +76,26 @@ resource "azurerm_key_vault_access_policy" "keyvault_admin_policy" { "backup", "update", ] -} \ No newline at end of file +} + +resource "azurerm_monitor_diagnostic_setting" "keyvault_diagnostic" { + name = "${var.name}-${var.environment}-keyvault-diag" + target_resource_id = azurerm_key_vault.keyvault.id + log_analytics_workspace_id = var.workspace_id + + log { + category = "AuditEvent" + enabled = true + + retention_policy { + enabled = true + } + } + metric { + category = "AllMetrics" + + retention_policy { + enabled = true + } + } +} diff --git a/terraform/modules/keyvault/variables.tf b/terraform/modules/keyvault/variables.tf index 56e7cc13..ebaabf83 100644 --- a/terraform/modules/keyvault/variables.tf +++ b/terraform/modules/keyvault/variables.tf @@ -48,4 +48,10 @@ variable "whitelist" { type = map description = "A map of whitelisted IPs and CIDR ranges. For single IPs, Azure expects just the IP, NOT a /32." default = {} -} \ No newline at end of file +} + +variable "workspace_id" { + description = "Log Analytics Workspace ID for sending logs generated by this resource" + type = string + +} diff --git a/terraform/providers/dev/keyvault.tf b/terraform/providers/dev/keyvault.tf index 4d35fa0f..fe749ba1 100644 --- a/terraform/providers/dev/keyvault.tf +++ b/terraform/providers/dev/keyvault.tf @@ -10,5 +10,6 @@ module "keyvault" { policy = "Deny" subnet_ids = [module.vpc.subnets] whitelist = var.admin_user_whitelist + workspace_id = module.logs.workspace_id } diff --git a/terraform/providers/dev/secrets.tf b/terraform/providers/dev/secrets.tf index 7a67205e..b7a97b0b 100644 --- a/terraform/providers/dev/secrets.tf +++ b/terraform/providers/dev/secrets.tf @@ -10,4 +10,5 @@ module "operator_keyvault" { policy = "Deny" subnet_ids = [module.vpc.subnets] whitelist = var.admin_user_whitelist + workspace_id = module.logs.workspace_id } From 8856d0f44810fb657c77b890de42d05d0360a5fe Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Mon, 27 Jan 2020 12:46:41 -0500 Subject: [PATCH 04/11] Log FMT --- terraform/providers/dev/logs.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/providers/dev/logs.tf b/terraform/providers/dev/logs.tf index 23227066..eec9df78 100644 --- a/terraform/providers/dev/logs.tf +++ b/terraform/providers/dev/logs.tf @@ -1,8 +1,8 @@ module "logs" { - source = "../../modules/log_analytics" - owner = var.owner + source = "../../modules/log_analytics" + owner = var.owner environment = var.environment - region = var.region - name = var.name + region = var.region + name = var.name } From 27f30965933f7d1ffaedf3a3e186c1f2b6d297b9 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Thu, 30 Jan 2020 14:43:52 -0500 Subject: [PATCH 05/11] Adds log analytics configuration to postgres --- terraform/modules/postgres/main.tf | 30 +++++++++++++++++++++++++ terraform/modules/postgres/variables.tf | 5 +++++ terraform/providers/dev/postgres.tf | 3 ++- 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/terraform/modules/postgres/main.tf b/terraform/modules/postgres/main.tf index 29b6cc53..7b659d4e 100644 --- a/terraform/modules/postgres/main.tf +++ b/terraform/modules/postgres/main.tf @@ -35,3 +35,33 @@ resource "azurerm_postgresql_virtual_network_rule" "sql" { subnet_id = var.subnet_id ignore_missing_vnet_service_endpoint = true } + +resource "azurerm_postgresql_database" "db" { + name = "${var.name}-${var.environment}-atat" + resource_group_name = azurerm_resource_group.sql.name + server_name = azurerm_postgresql_server.sql.name + charset = "UTF8" + collation = "en-US" +} + +resource "azurerm_monitor_diagnostic_setting" "postgresql_diagnostic" { + name = "${var.name}-${var.environment}-postgresql-diag" + target_resource_id = azurerm_postgresql_server.sql.id + log_analytics_workspace_id = var.workspace_id + + log { + category = "PostgreSQLLogs" + enabled = true + + retention_policy { + enabled = true + } + } + metric { + category = "AllMetrics" + + retention_policy { + enabled = true + } + } +} diff --git a/terraform/modules/postgres/variables.tf b/terraform/modules/postgres/variables.tf index f3366cdb..ea4a2dea 100644 --- a/terraform/modules/postgres/variables.tf +++ b/terraform/modules/postgres/variables.tf @@ -93,3 +93,8 @@ variable "ssl_enforcement" { description = "Enforce SSL (Enabled/Disable)" default = "Enabled" } + +variable "workspace_id" { + description = "Log Analytics workspace for this resource to log to" + type = string +} diff --git a/terraform/providers/dev/postgres.tf b/terraform/providers/dev/postgres.tf index 53031f85..c2120012 100644 --- a/terraform/providers/dev/postgres.tf +++ b/terraform/providers/dev/postgres.tf @@ -14,7 +14,8 @@ module "sql" { owner = var.owner environment = var.environment region = var.region - subnet_id = module.vpc.subnets # FIXME - Should be a map of subnets and specify private + subnet_id = module.vpc.subnet_list["private"].id administrator_login = data.azurerm_key_vault_secret.postgres_username.value administrator_login_password = data.azurerm_key_vault_secret.postgres_password.value + workspace_id = module.logs.workspace_id } From 8475b519ce9186e2a14645b5c1c75942b28e0a0d Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 29 Jan 2020 11:17:47 -0500 Subject: [PATCH 06/11] Adds log analytics logging for k8s --- terraform/modules/k8s/main.tf | 42 ++++++++++++++++++++++++++++++ terraform/modules/k8s/variables.tf | 5 ++++ terraform/providers/dev/k8s.tf | 1 + 3 files changed, 48 insertions(+) diff --git a/terraform/modules/k8s/main.tf b/terraform/modules/k8s/main.tf index 060d50b8..8ecbb4cd 100644 --- a/terraform/modules/k8s/main.tf +++ b/terraform/modules/k8s/main.tf @@ -39,3 +39,45 @@ resource "azurerm_kubernetes_cluster" "k8s" { owner = var.owner } } + +resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" { + name = "${var.name}-${var.environment}-k8s-diag" + target_resource_id = azurerm_kubernetes_cluster.k8s.id + log_analytics_workspace_id = var.workspace_id + log { + category = "kube-apiserver" + retention_policy { + enabled = true + } + } + log { + category = "kube-controller-manager" + retention_policy { + enabled = true + } + } + log { + category = "kube-scheduler" + retention_policy { + enabled = true + } + } + log { + category = "kube-audit" + retention_policy { + enabled = true + } + } + log { + category = "cluster-autoscaler" + retention_policy { + enabled = true + } + } + metric { + category = "AllMetrics" + retention_policy { + enabled = true + } + } +} diff --git a/terraform/modules/k8s/variables.tf b/terraform/modules/k8s/variables.tf index e8ca5a27..79bac3de 100644 --- a/terraform/modules/k8s/variables.tf +++ b/terraform/modules/k8s/variables.tf @@ -62,3 +62,8 @@ variable "client_secret" { type = string description = "The client secret for the Service Principal associated with the AKS cluster." } + +variable "workspace_id" { + description = "Log Analytics workspace for this resource to log to" + type = string +} \ No newline at end of file diff --git a/terraform/providers/dev/k8s.tf b/terraform/providers/dev/k8s.tf index 7d415c9c..fe3dac18 100644 --- a/terraform/providers/dev/k8s.tf +++ b/terraform/providers/dev/k8s.tf @@ -22,6 +22,7 @@ module "k8s" { min_count = 3 client_id = data.azurerm_key_vault_secret.k8s_client_id.value client_secret = data.azurerm_key_vault_secret.k8s_client_secret.value + workspace_id = module.logs.workspace_id } #module "main_lb" { From 308ea6a8612901fe85045139e9817f9997db8b40 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 29 Jan 2020 11:30:07 -0500 Subject: [PATCH 07/11] Enables logging for storage account buckets There are bugs in the latest version of the azurerm provider which do not account for all the log types. We had to use a local-exec here. --- terraform/modules/bucket/main.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/terraform/modules/bucket/main.tf b/terraform/modules/bucket/main.tf index e2f91f58..eeab6490 100644 --- a/terraform/modules/bucket/main.tf +++ b/terraform/modules/bucket/main.tf @@ -30,3 +30,11 @@ resource "azurerm_storage_container" "bucket" { storage_account_name = azurerm_storage_account.bucket.name container_access_type = var.container_access_type } + +# Added until requisite TF bugs are fixed. Typically this would be configured in the +# storage_account resource +resource "null_resource" "retention" { + provisioner "local-exec" { + command = "az storage logging update --account-name ${azurerm_storage_account.bucket.name} --log rwd --services bqt --retention 90" + } +} \ No newline at end of file From ffb29d45fc72d9c50a560e7d0da02979b0b06333 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 29 Jan 2020 11:31:21 -0500 Subject: [PATCH 08/11] Adds Redis logging to log analytics --- terraform/providers/dev/redis.tf | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/terraform/providers/dev/redis.tf b/terraform/providers/dev/redis.tf index 8c89dc92..a9d0fa89 100644 --- a/terraform/providers/dev/redis.tf +++ b/terraform/providers/dev/redis.tf @@ -1,10 +1,11 @@ module "redis" { - source = "../../modules/redis" - owner = var.owner - environment = var.environment - region = var.region - name = var.name - subnet_id = module.vpc.subnet_list["redis"].id - sku_name = "Premium" - family = "P" + source = "../../modules/redis" + owner = var.owner + environment = var.environment + region = var.region + name = var.name + subnet_id = module.vpc.subnet_list["redis"].id + sku_name = "Premium" + family = "P" + workspace_id = module.logs.workspace_id } From 211a9e7875491134084bc51d305c993e2d1d615d Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 29 Jan 2020 11:34:45 -0500 Subject: [PATCH 09/11] Adds log analytics logging to cdn module --- terraform/modules/cdn/main.tf | 12 ++++++++++++ terraform/modules/cdn/variables.tf | 4 ++++ terraform/providers/dev/cdn.tf | 1 + 3 files changed, 17 insertions(+) diff --git a/terraform/modules/cdn/main.tf b/terraform/modules/cdn/main.tf index 5debd443..d6be6a94 100644 --- a/terraform/modules/cdn/main.tf +++ b/terraform/modules/cdn/main.tf @@ -29,3 +29,15 @@ resource "azurerm_cdn_endpoint" "cdn" { host_name = var.origin_host_name } } + +resource "azurerm_monitor_diagnostic_setting" "acr_diagnostic" { + name = "${var.name}-${var.environment}-acr-diag" + target_resource_id = azurerm_cdn_endpoint.cdn.id + log_analytics_workspace_id = var.workspace_id + log { + category = "CoreAnalytics" + retention_policy { + enabled = true + } + } +} diff --git a/terraform/modules/cdn/variables.tf b/terraform/modules/cdn/variables.tf index 3abe4851..ae26c2d2 100644 --- a/terraform/modules/cdn/variables.tf +++ b/terraform/modules/cdn/variables.tf @@ -29,3 +29,7 @@ variable "origin_host_name" { description = "Subdomain to use for the origin in requests to the CDN" } +variable "workspace_id" { + description = "Log Analytics Workspace ID for sending logs generated by this resource" + type = string +} \ No newline at end of file diff --git a/terraform/providers/dev/cdn.tf b/terraform/providers/dev/cdn.tf index 02c17e3d..aa7c5f9a 100644 --- a/terraform/providers/dev/cdn.tf +++ b/terraform/providers/dev/cdn.tf @@ -5,4 +5,5 @@ module "cdn" { environment = var.environment name = var.name region = var.region + workspace_id = module.logs.workspace_id } From b0a73e59447acbcd0711f0e5f9ea407eed4b0ad3 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 29 Jan 2020 11:35:09 -0500 Subject: [PATCH 10/11] Adds log analytics logging to redis module --- terraform/modules/redis/main.tf | 13 +++++++++++++ terraform/modules/redis/variables.tf | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/terraform/modules/redis/main.tf b/terraform/modules/redis/main.tf index b12bf92d..3e7f33eb 100644 --- a/terraform/modules/redis/main.tf +++ b/terraform/modules/redis/main.tf @@ -23,3 +23,16 @@ resource "azurerm_redis_cache" "redis" { owner = var.owner } } + +resource "azurerm_monitor_diagnostic_setting" "redis_diagnostic" { + name = "${var.name}-${var.environment}-redis-diag" + target_resource_id = azurerm_redis_cache.redis.id + log_analytics_workspace_id = var.workspace_id + metric { + category = "AllMetrics" + + retention_policy { + enabled = true + } + } +} diff --git a/terraform/modules/redis/variables.tf b/terraform/modules/redis/variables.tf index 06ddd36d..bb99ebd0 100644 --- a/terraform/modules/redis/variables.tf +++ b/terraform/modules/redis/variables.tf @@ -58,3 +58,8 @@ variable "subnet_id" { type = string description = "Subnet ID that the service_endpoint should reside" } + +variable "workspace_id" { + description = "Log Analytics workspace for this resource to log to" + type = string +} \ No newline at end of file From 181d0155b786c477f2e35bb0b59dd4274556d902 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 29 Jan 2020 12:04:20 -0500 Subject: [PATCH 11/11] Removes the vnet gateway since we're no longer going to use Azure VPN services --- terraform/modules/vpc/main.tf | 42 ---------------------------- terraform/modules/vpc/variables.tf | 12 -------- terraform/providers/dev/variables.tf | 12 +++----- terraform/providers/dev/vpc.tf | 3 -- 4 files changed, 4 insertions(+), 65 deletions(-) diff --git a/terraform/modules/vpc/main.tf b/terraform/modules/vpc/main.tf index d0ea9a2a..65fadc61 100644 --- a/terraform/modules/vpc/main.tf +++ b/terraform/modules/vpc/main.tf @@ -72,45 +72,3 @@ resource "azurerm_route" "route" { address_prefix = "0.0.0.0/0" next_hop_type = each.value } - -# Required for the gateway -resource "azurerm_subnet" "gateway" { - name = "GatewaySubnet" - resource_group_name = azurerm_resource_group.vpc.name - virtual_network_name = azurerm_virtual_network.vpc.name - address_prefix = var.gateway_subnet -} - - -resource "azurerm_public_ip" "vpn_ip" { - name = "${var.name}-${var.environment}-vpn-ip" - location = azurerm_resource_group.vpc.location - resource_group_name = azurerm_resource_group.vpc.name - - allocation_method = "Dynamic" -} - -resource "azurerm_virtual_network_gateway" "vnet_gateway" { - name = "${var.name}-${var.environment}-gateway" - location = azurerm_resource_group.vpc.location - resource_group_name = azurerm_resource_group.vpc.name - - type = "Vpn" - vpn_type = "RouteBased" - - active_active = false - enable_bgp = false - sku = "Standard" - - ip_configuration { - name = "vnetGatewayConfig" - public_ip_address_id = azurerm_public_ip.vpn_ip.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurerm_subnet.gateway.id - } - - vpn_client_configuration { - address_space = var.vpn_client_cidr - vpn_client_protocols = ["OpenVPN"] - } -} \ No newline at end of file diff --git a/terraform/modules/vpc/variables.tf b/terraform/modules/vpc/variables.tf index aae7ef45..1c72cca7 100644 --- a/terraform/modules/vpc/variables.tf +++ b/terraform/modules/vpc/variables.tf @@ -34,7 +34,6 @@ variable "networks" { variable "dns_servers" { description = "DNS Server IPs for internal and public DNS lookups (must be on a defined subnet)" type = list - } variable "route_tables" { @@ -42,19 +41,8 @@ variable "route_tables" { description = "A map with the route tables to create" } -variable "gateway_subnet" { - type = string - description = "The Subnet CIDR that we'll use for the virtual_network_gateway 'GatewaySubnet'" -} - variable "service_endpoints" { type = map description = "A map of the service endpoints and its mapping to subnets" } - -variable "vpn_client_cidr" { - type = list - description = "The CIDR range used for clients on the VPN" - default = ["172.16.0.0/16"] -} diff --git a/terraform/providers/dev/variables.tf b/terraform/providers/dev/variables.tf index b13c0d57..1a19fc77 100644 --- a/terraform/providers/dev/variables.tf +++ b/terraform/providers/dev/variables.tf @@ -34,6 +34,7 @@ variable "networks" { public = "10.1.1.0/24,public" # LBs private = "10.1.2.0/24,private" # k8s, postgres, keyvault redis = "10.1.3.0/24,private" # Redis + apps = "10.1.4.0/24,private" # Redis } } @@ -43,23 +44,18 @@ variable "service_endpoints" { public = "Microsoft.ContainerRegistry" # Not necessary but added to avoid infinite state loop private = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql" redis = "Microsoft.Storage,Microsoft.Sql" # FIXME: There is no Microsoft.Redis + apps = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql" } } -variable "gateway_subnet" { - type = string - default = "10.1.20.0/24" -} - - variable "route_tables" { description = "Route tables and their default routes" type = map default = { public = "Internet" - private = "Internet" + private = "Internet" # TODO: Switch to FW redis = "VnetLocal" - #private = "VnetLocal" + apps = "Internet" # TODO: Switch to FW } } diff --git a/terraform/providers/dev/vpc.tf b/terraform/providers/dev/vpc.tf index 8d43a82f..c33e281c 100644 --- a/terraform/providers/dev/vpc.tf +++ b/terraform/providers/dev/vpc.tf @@ -4,12 +4,9 @@ module "vpc" { region = var.region virtual_network = var.virtual_network networks = var.networks - gateway_subnet = var.gateway_subnet route_tables = var.route_tables owner = var.owner name = var.name dns_servers = var.dns_servers service_endpoints = var.service_endpoints - vpn_client_cidr = var.vpn_client_cidr } -