Azure TF Templates | Updated vmss-existing-vnet template

CheckPointSW · Jun 19, 2024 · b2df1e2 · b2df1e2
1 parent 0204d54
commit b2df1e2
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/terraform/azure/vmss-existing-vnet/README.md b/terraform/azure/vmss-existing-vnet/README.md
@@ -151,6 +151,8 @@ This solution uses the following modules:
  |  |  |  |  |  |
  | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here  | string | | n/a 
  |  |  |  |  |  |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ |  |  |  |  |  |
  | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true; <br/>false; |  false
  |  |  |  |  |  |
  | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
@@ -201,6 +203,7 @@ enable_custom_metrics = true
     admin_shell                     = "/etc/cli.sh"
     serial_console_password_hash    = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 	maintenance_mode_password_hash  = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+    nsg_id                          = ""
     add_storage_account_ip_rules    = false
     storage_account_additional_ips  = []
 

diff --git a/terraform/azure/vmss-existing-vnet/terraform.tfvars b/terraform/azure/vmss-existing-vnet/terraform.tfvars
@@ -39,4 +39,5 @@ admin_shell                     = "PLEASE ENTER ADMIN SHELL"
 serial_console_password_hash    = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH"                            # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 maintenance_mode_password_hash  = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH"                          # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 add_storage_account_ip_rules    = "PLEASE ENTER true or false"                                           # false
-storage_account_additional_ips  = "PLEASE ENTER A LIST OF VALID IPS/CIDRS"                               # []
+storage_account_additional_ips  = "PLEASE ENTER A LIST OF VALID IPS/CIDRS"                               # []
+nsg_id                          = "PLEASE ENTER NETWORK SECURITY GROUP ID"                               # ""
diff --git a/terraform/azure/vmss-existing-vnet/variables.tf b/terraform/azure/vmss-existing-vnet/variables.tf
@@ -394,3 +394,8 @@ variable "enable_floating_ip" {
   type = bool
   default = false
 }
+
+variable "nsg_id" {
+  description = "NSG ID - Optional - if empty use default NSG"
+  default = ""
+}