diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml new file mode 100644 index 0000000..6915ed4 --- /dev/null +++ b/.github/workflows/documentation.yml @@ -0,0 +1,27 @@ +name: Generate terraform docs +on: + workflow_dispatch: + pull_request: + branches: + - main + - master + push: + branches: + - main + - master + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.7 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.2.0 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" \ No newline at end of file diff --git a/ESLZ/front-door.tf b/ESLZ/front-door.tf new file mode 100644 index 0000000..bcc9e81 --- /dev/null +++ b/ESLZ/front-door.tf @@ -0,0 +1,18 @@ +variable "front_doors" { + type = any + default = {} + description = "Value for run books. This is a collection of values as defined in runbook.tfvars" +} + +module "front_door" { + for_each = var.front_doors + source = "github.com/canada-ca-terraform-modules/terraform-azurerm-caf-front-door.git" + env = var.env + group = var.group + project = var.project + userDefinedString = each.key + front_door= each.value + resource_groups = local.resource_groups_all + zones = local.zones + origin_host_name = "example2.example.com" +} \ No newline at end of file diff --git a/ESLZ/front-door.tfvars b/ESLZ/front-door.tfvars new file mode 100644 index 0000000..468de21 --- /dev/null +++ b/ESLZ/front-door.tfvars @@ -0,0 +1,345 @@ +front_doors ={ + website = { + # Resource Group and Location + resource_group = "Project" + location = "global" # Front Door location should be set to "global" + + # Front Door Profile Configuration + profile_name = "example-frontdoor-profile" + profile_sku = "Premium_AzureFrontDoor" # Options: Standard_AzureFrontDoor, Premium_AzureFrontDoor + + + # Front Door Origin Groups + origin_group = { + + session_affinity_enabled = true + restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10 + health_probe_interval_in_seconds = 240 + health_probe_path = "/healthProbe" + health_probe_protocol = "Https" + health_probe_request_type = "HEAD" + load_balancing_additional_latency_in_milliseconds = 0 + load_balancing_sample_size = 16 + load_balancing_successful_samples_required = 3 + backends = ["origin1", "origin2"] # Reference to origin names defined in the `origins` map + + } + + # Front Door Origins + + origin = { + http_port = 80 + https_port = 443 + certificate_name_check_enabled = false + enabled = true + priority = 2 + weight = 50 + use_private_link = { + enable = false + request_message = "Request access for Private Link Origin CDN Frontdoor" + target_type = "blob" + location = "canadacentral" # location of storage account + private_link_target_id = "" #id of storage acccount /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/example-rg/providers/Microsoft.Storage/storageAccounts/example-storage-account + } + use_private_link_service = { + enable = false + request_message = "Request access for Private Link Origin CDN Frontdoor" + location = "canadacentral" # location of resource group + private_link_target_id = "" #id of private link service + } + } + + + + + # Front Door Custom Domains + custom_domains = { + custom-domain1 = { + host_name = "custom.example.com" + internale_dns_record = false + internal_dsn_zone_name = null + certificate_type = "ManagedCertificate" + minimum_tls_version = "TLS12" + } + custom-domain2 = { + host_name = "www.custom.example.com" + internale_dns_record = true + internal_dsn_zone_name = "zone1" + certificate_type = "ManagedCertificate" + minimum_tls_version = "TLS12" + } + } + + # Front Door Routes + + route = { + supported_protocols = ["Https", "Http"] + patterns_to_match = ["/*"] + forwarding_protocol = "MatchRequest" + enabled = true + cache ={ + enabled = false + query_string_caching_behavior = "IgnoreQueryString" + query_strings=[] + compression_enabled = false + content_types_to_compress = ["text/html"] + } + } + + + # Front Door Rule Sets + rules = { + + rule1= { + order = 1 + conditions = [ + { + type = "request_uri_condition" + operator = "Equal" + negate = false + match_values = ["/example-path"] + selector = "" + transforms = ["Lowercase"] + } + ] + actions = [ + { + action_type = "route_configuration_override_action" + forwarding_protocol = "HttpsOnly" + #cache_duration = "364.23:59:59" #cache_duration' field must not be set if the 'cache_behavior' is 'HonorOrigin' + cache_behavior = "HonorOrigin" #cache_behavior to be one of ["HonorOrigin" "OverrideAlways" "OverrideIfOriginMissing" "Disabled"] + query_string_caching_behavior = "IgnoreQueryString" # be one of ["IgnoreQueryString" "UseQueryString" "IgnoreSpecifiedQueryStrings" "IncludeSpecifiedQueryStrings"] + } + ] + } + + rule2= { + + order = 2 + conditions = [ + { + type = "request_header_condition" + header_name = "User-Agent" + operator = "Equal" + negate_condition = false + match_values = ["Chrome"] + transforms = [] + } + ] + actions = [ + { + action_type = "request_header_action" + header_action = "Overwrite" + header_name = "X-Custom-Header" + header_value = "CustomValue" + cache_behavior = "" + cache_duration = "" + redirect_type = "" + destination_protocol = "" + destination_host = "" + destination_path = "" + destination_query_string = "" + preserve_unmatched_path = false + } + ] + } + + rule3= { + order = 3 + conditions = [ + { + type = "remote_address_condition" + operator = "IPMatch" + negate = false + match_values = ["192.168.0.0/24"] + selector = "" + transforms = [] + } + ] + actions = [ + { + action_type = "response_header_action" + header_action = "Overwrite" + header_name = "X-Powered-By" + header_value = "Terraform" + cache_behavior = "" + cache_duration = "" + redirect_type = "" + destination_protocol = "" + destination_host = "" + destination_path = "" + destination_query_string = "" + preserve_unmatched_path = false + } + ] + } + + rule4= { + order = 4 + conditions = [ + { + type = "query_string_condition" + operator = "Equal" + negate = false + match_values = ["id=123"] + selector = "id" + transforms = [] + } + ] + actions = [ + { + action_type = "url_redirect_action" + redirect_type = "Found" + redirect_protocol = "Https" + destination_hostname = "www.example.com" + destination_path = "/new-path" + query_string = "id=123" + destination_fragment = " " + } + ] + } + + rule5= { + order = 5 + conditions = [ + { + type = "request_method_condition" + operator = "Equal" + negate = false + match_values = ["GET"] + selector = "" + transforms = [] + } + ] + actions = [ + { + action_type = "url_rewrite_action" + source_pattern = "/old-path/*" + destination = "/new-path/" + preserve_unmatched_path = false + header_name = "" + header_value = "" + cache_behavior = "" + cache_duration = "" + redirect_type = "" + destination_protocol = "" + destination_host = "" + destination_query_string = "" + } + ] + } + + + } + + firewall_policy ={ + enabled = true + mode = "Prevention" + redirect_url = "https://www.microsoft.com" + custom_block_response_status_code = 403 + custom_block_response_body = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + custom_rules ={ + rule1 ={ + enabled = true + priority = 1 + rate_limit_duration_in_minutes = 1 + rate_limit_threshold = 10 + type = "MatchRule" + action = "Block" + match_variable = "RemoteAddr" + operator = "IPMatch" + negation_condition = false + match_values = ["10.0.1.0/24", "10.0.0.0/24"] + } + + rule2={ + enabled = true + priority = 2 + rate_limit_duration_in_minutes = 1 + rate_limit_threshold = 10 + type = "MatchRule" + action = "Block" + match_variable = "RemoteAddr" + operator = "IPMatch" + negation_condition = false + match_values = ["192.168.1.0/24"] + } + } + managed_rules ={ + rule1 = { + type = "Microsoft_BotManagerRuleSet" + version = "1.0" + action = "Log" + } + rule2 = { + type = "DefaultRuleSet" + version = "1.0" + action = "Allow" + exclusions = { + exclusion1 = { + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "not_suspicious" + } + } + overrides = { + override1 = { + rule_group_name = "PHP" + rules = { + rule_1 = { + rule_id = "933100" + enabled = false + action = "Block" + } + } + + } + override2 = { + rule_group_name = "SQLI" + exclusions = { + exclusion ={ + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "really_not_suspicious" + } + } + + rules = { + rule_2 ={ + rule_id = "942200" + action = "Block" + + exclusion ={ + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "innocent" + } + } + } + + } + } + } + } + + } + # Front Door Security Policies + security_policy = { + patterns_to_match = ["/*"] + } + + # Front Door Secret + # secret = { + # key_vault_certificate_id = "" # required. kevault certificate id + # } + + # Tags for All Resources + tags = { + environment = "dev" + project = "example-project" + owner = "team-azure" + } + } + + +} diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..0983220 --- /dev/null +++ b/locals.tf @@ -0,0 +1,3 @@ +locals { + resource_group_name = strcontains(var.front_door.resource_group, "/resourceGroups/") ? regex("[^\\/]+$", var.front_door.resource_group) : var.resource_groups[var.front_door.resource_group].name +} \ No newline at end of file diff --git a/module.tf b/module.tf new file mode 100644 index 0000000..0adb590 --- /dev/null +++ b/module.tf @@ -0,0 +1,411 @@ + +locals { + custom_domain_ids = values(azurerm_cdn_frontdoor_custom_domain.custom_domain)[*].id +} + + +# Azure Front Door Profile +resource "azurerm_cdn_frontdoor_profile" "frontdoor_profile" { + name = local.front-door-name + resource_group_name = local.resource_group_name + sku_name = var.front_door.profile_sku + tags = var.tags +} + +# Azure Front Door Endpoint +resource "azurerm_cdn_frontdoor_endpoint" "endpoint" { + name = "${local.front-door-name}-endpoint" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.frontdoor_profile.id + tags = var.tags +} + +# Azure Front Door Origin Groups +resource "azurerm_cdn_frontdoor_origin_group" "origin_group" { + session_affinity_enabled = var.front_door.origin_group.session_affinity_enabled + name = "${local.front-door-name}-og" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.frontdoor_profile.id + restore_traffic_time_to_healed_or_new_endpoint_in_minutes = var.front_door.origin_group.restore_traffic_time_to_healed_or_new_endpoint_in_minutes + + health_probe { + interval_in_seconds = var.front_door.origin_group.health_probe_interval_in_seconds + path = var.front_door.origin_group.health_probe_path + protocol = var.front_door.origin_group.health_probe_protocol + request_type = var.front_door.origin_group.health_probe_request_type + } + + load_balancing { + additional_latency_in_milliseconds = var.front_door.origin_group.load_balancing_additional_latency_in_milliseconds + sample_size = var.front_door.origin_group.load_balancing_sample_size + successful_samples_required = var.front_door.origin_group.load_balancing_successful_samples_required + } +} + +# Azure Front Door Origins +resource "azurerm_cdn_frontdoor_origin" "frontdoor_origin" { + name = "${local.front-door-name}-origin" + cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.origin_group.id + certificate_name_check_enabled = var.front_door.origin.certificate_name_check_enabled + host_name = var.origin_host_name + http_port = var.front_door.origin.http_port + https_port = var.front_door.origin.https_port + origin_host_header = var.origin_host_name + enabled = var.front_door.origin.enabled + priority = var.front_door.origin.priority + weight = var.front_door.origin.weight + dynamic "private_link" { + for_each = try(var.front_door.origin.use_private_link.enable, false) != false ? [1] : [] + content { + request_message = var.front_door.origin.use_private_link.request_message + target_type = var.front_door.origin.use_private_link.target_type + location = var.front_door.origin.use_private_link.location + private_link_target_id = var.front_door.origin.use_private_link.private_link_target_id + } + } + dynamic "private_link" { + for_each = try(var.front_door.origin.use_private_link_service.enable, false) != false ? [1] : [] + content { + request_message = var.front_door.origin.use_private_link.request_message + location = var.front_door.origin.use_private_link.location + private_link_target_id = var.front_door.origin.use_private_link.private_link_target_id + } + } +} + +# Azure Front Door Routes +resource "azurerm_cdn_frontdoor_route" "route" { + name = "${local.front-door-name}-route" + cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.origin_group.id + cdn_frontdoor_endpoint_id = azurerm_cdn_frontdoor_endpoint.endpoint.id + cdn_frontdoor_origin_ids = [azurerm_cdn_frontdoor_origin.frontdoor_origin.id] + cdn_frontdoor_custom_domain_ids = local.custom_domain_ids + cdn_frontdoor_rule_set_ids = [azurerm_cdn_frontdoor_rule_set.rule_set.id] + link_to_default_domain = false + https_redirect_enabled = true + supported_protocols = var.front_door.route.supported_protocols + patterns_to_match = var.front_door.route.patterns_to_match + forwarding_protocol = var.front_door.route.forwarding_protocol + enabled = var.front_door.route.enabled + dynamic "cache" { + for_each = try(var.front_door.route.cache.enable, false) != false ? [1] : [] + content { + query_string_caching_behavior = var.front_door.route.cache.query_string_caching_behavior + query_strings=var.front_door.route.cache.query_strings + compression_enabled = var.front_door.route.cache.compression_enabled + content_types_to_compress = var.front_door.route.cache.content_types_to_compress + } + } + +} + +# Azure Front Door Custom Domains +resource "azurerm_cdn_frontdoor_custom_domain" "custom_domain" { + for_each = var.front_door.custom_domains + name = "${local.front-door-name}-${each.key}" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.frontdoor_profile.id + host_name = each.value.host_name + tls { + certificate_type = each.value.certificate_type + minimum_tls_version = each.value.minimum_tls_version + } +} + +# Azure Front Door Custom Domain Association +resource "azurerm_cdn_frontdoor_custom_domain_association" "domain_association" { + for_each = var.front_door.custom_domains + cdn_frontdoor_custom_domain_id = azurerm_cdn_frontdoor_custom_domain.custom_domain[each.key].id + cdn_frontdoor_route_ids = [azurerm_cdn_frontdoor_route.route.id] +} + +resource "azurerm_dns_cname_record" "cname_record" { + for_each = { + for key, value in var.front_door.custom_domains : key => value + if value.internale_dns_record == true + } + depends_on = [azurerm_cdn_frontdoor_route.route, azurerm_cdn_frontdoor_security_policy.fd_security_policy] + + name = each.value.host_name + zone_name = var.zones[each.value.internal_dsn_zone_name].name + resource_group_name = var.resource_groups["DNS"].name + ttl = 3600 + record = azurerm_cdn_frontdoor_endpoint.endpoint.host_name +} + +resource "azurerm_dns_txt_record" "txt_record" { + for_each = { + for key, value in var.front_door.custom_domains : key => value + if value.internale_dns_record == true + } + name = join(".", ["_dnsauth", "${each.value.host_name}"]) + zone_name = var.zones[each.value.internal_dsn_zone_name].name + resource_group_name = var.resource_groups["DNS"].name + ttl = 3600 + + record { + value = azurerm_cdn_frontdoor_custom_domain.custom_domain[each.key].validation_token + } +} + + +# Azure Front Door Rule Sets +resource "azurerm_cdn_frontdoor_rule_set" "rule_set" { + name = "${local.rule_set-name}" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.frontdoor_profile.id +} + + +# # Azure Front Door Rules +resource "azurerm_cdn_frontdoor_rule" "rules" { + depends_on = [azurerm_cdn_frontdoor_origin_group.origin_group, azurerm_cdn_frontdoor_origin.frontdoor_origin] + for_each = try(var.front_door.rules, {}) + + name = each.key + cdn_frontdoor_rule_set_id = azurerm_cdn_frontdoor_rule_set.rule_set.id + order = each.value.order + + # Conditions + dynamic "conditions" { + for_each = each.value.conditions + + content { + # Request URI Condition + dynamic "request_uri_condition" { + for_each = [for cond in each.value.conditions : cond if lookup(cond, "type", null) == "request_uri_condition"] + + content { + operator = request_uri_condition.value.operator + negate_condition = request_uri_condition.value.negate + match_values = request_uri_condition.value.match_values + transforms = request_uri_condition.value.transforms + } + } + + # Request Header Condition + dynamic "request_header_condition" { + for_each = [for cond in each.value.conditions : cond if lookup(cond, "type", null) == "request_header_condition"] + + content { + header_name = request_header_condition.value.header_name + operator = request_header_condition.value.operator + negate_condition = request_header_condition.value.negate_condition + match_values = request_header_condition.value.match_values + transforms = request_header_condition.value.transforms + } + } + + # Remote Address Condition + dynamic "remote_address_condition" { + for_each = [for cond in each.value.conditions : cond if lookup(cond, "type", null) == "remote_address_condition"] + + content { + operator = remote_address_condition.value.operator + negate_condition = remote_address_condition.value.negate + match_values = remote_address_condition.value.match_values + } + } + + # Query String Condition + dynamic "query_string_condition" { + for_each = [for cond in each.value.conditions : cond if lookup(cond, "type", null) == "query_string_condition"] + + content { + operator = query_string_condition.value.operator + negate_condition = query_string_condition.value.negate + match_values = query_string_condition.value.match_values + transforms = query_string_condition.value.transforms + } + } + + # Request Method Condition + dynamic "request_method_condition" { + for_each = [for cond in each.value.conditions : cond if lookup(cond, "type", null) == "request_method_condition"] + + content { + match_values = request_method_condition.value.match_values + } + } + } + } + + # Actions + dynamic "actions" { + for_each = each.value.actions + + content { + # Cache Expiration Action + dynamic "route_configuration_override_action" { + for_each = [for act in each.value.actions : act if lookup(act, "action_type", null) == "route_configuration_override_action"] + + content { + forwarding_protocol = route_configuration_override_action.value.forwarding_protocol + cache_duration = try(route_configuration_override_action.value.cache_duration, null) + cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.origin_group.id + cache_behavior = route_configuration_override_action.value.cache_behavior + query_string_caching_behavior = route_configuration_override_action.value.query_string_caching_behavior + } + } + + # Request Header Action + dynamic "request_header_action" { + for_each = [for act in each.value.actions : act if lookup(act, "action_type", null) == "request_header_action"] + + content { + header_action = request_header_action.value.header_action + header_name = request_header_action.value.header_name + value = request_header_action.value.header_value + } + } + + # Response Header Action + dynamic "response_header_action" { + for_each = [for act in each.value.actions : act if lookup(act, "action_type", null) == "response_header_action"] + + content { + header_action = response_header_action.value.header_action + header_name = response_header_action.value.header_name + value = response_header_action.value.header_value + } + } + + # URL Redirect Action + dynamic "url_redirect_action" { + for_each = [for act in each.value.actions : act if lookup(act, "action_type", null) == "url_redirect_action"] + + content { + redirect_type = url_redirect_action.value.redirect_type + redirect_protocol = url_redirect_action.value.redirect_protocol + destination_hostname = url_redirect_action.value.destination_hostname + destination_path = url_redirect_action.value.destination_path + query_string = url_redirect_action.value.query_string + destination_fragment = url_redirect_action.value.destination_fragment + } + } + + # URL Rewrite Action + dynamic "url_rewrite_action" { + for_each = [for act in each.value.actions : act if lookup(act, "action_type", null) == "url_rewrite_action"] + + content { + source_pattern = url_rewrite_action.value.source_pattern + destination = url_rewrite_action.value.destination + preserve_unmatched_path = url_rewrite_action.value.preserve_unmatched_path + } + } + } + } +} + + +resource "azurerm_cdn_frontdoor_firewall_policy" "fd_firewall_policy" { + name = "${local.rule_set-name}firewall" + resource_group_name = local.resource_group_name + sku_name = azurerm_cdn_frontdoor_profile.frontdoor_profile.sku_name + dynamic "custom_rule" { + for_each = try(var.front_door.firewall_policy.custom_rules, {}) + + content { + name = custom_rule.key + type = custom_rule.value.type + priority = custom_rule.value.priority + enabled = custom_rule.value.enabled + rate_limit_duration_in_minutes = custom_rule.value.rate_limit_duration_in_minutes + rate_limit_threshold = custom_rule.value.rate_limit_threshold + action = custom_rule.value.action + match_condition { + match_variable = custom_rule.value.match_variable + operator = custom_rule.value.operator + negation_condition = custom_rule.value.negation_condition + match_values = custom_rule.value.match_values + } + } + } + + dynamic "managed_rule" { + + for_each =try(var.front_door.firewall_policy.managed_rules, {}) + content { + type = managed_rule.value.type + version = managed_rule.value.version + action = try(managed_rule.value.action,null) + + dynamic "exclusion" { + for_each = try(managed_rule.value.exclusions, {}) + content { + match_variable = exclusion.value.match_variable + operator = exclusion.value.operator + selector = exclusion.value.selector + } + } + + dynamic "override" { + + for_each = try(managed_rule.value.overrides, {}) + content { + rule_group_name = override.value.rule_group_name + + dynamic "rule" { + for_each = try(override.value.rule,null) != null ? override.value.rule : {} + + content { + rule_id = rule.value.rule_id + enabled = rule.value.enabled + action = rule.value.action + + dynamic "exclusion" { + for_each = try(rule.value.exclusion,{}) + + content { + match_variable = exclusion.value.match_variable + operator = exclusion.value.operator + selector = exclusion.value.selector + } + } + } + } + } + } + } + } + + enabled = var.front_door.firewall_policy.enabled + mode = var.front_door.firewall_policy.mode + redirect_url = var.front_door.firewall_policy.redirect_url + custom_block_response_status_code = var.front_door.firewall_policy.custom_block_response_status_code + custom_block_response_body = var.front_door.firewall_policy.custom_block_response_body +} + + + +resource "azurerm_cdn_frontdoor_security_policy" "fd_security_policy" { + name = "${local.rule_set-name}securitypolicy" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.frontdoor_profile.id + + security_policies { + firewall { + cdn_frontdoor_firewall_policy_id = azurerm_cdn_frontdoor_firewall_policy.fd_firewall_policy.id + + association { + dynamic "domain" { + for_each = var.front_door.custom_domains + content { + cdn_frontdoor_domain_id = azurerm_cdn_frontdoor_custom_domain.custom_domain[domain.key].id + } + } + patterns_to_match = var.front_door.security_policy.patterns_to_match + } + } + } +} + +resource "azurerm_cdn_frontdoor_secret" "fd_secret" { + count = try(var.front_door.secret,null) == null ? 0 : 1 + name = "${local.front-door-name}-fd-secret" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.frontdoor_profile.id + + secret { + customer_certificate { + key_vault_certificate_id = var.front_door.secret.key_vault_certificate_id + } + } +} + + diff --git a/name.tf b/name.tf new file mode 100644 index 0000000..7010f6f --- /dev/null +++ b/name.tf @@ -0,0 +1,8 @@ +locals { + name_regex = "/[//\"'\\[\\]:|<>+=;,?*@&]/" # Can't include those characters name: \/"'[]:|<>+=;,?*@& + env_4 = substr(var.env, 0, 4) + userDefinedString_7 = substr(var.userDefinedString, 0, 7) + front-door-name = replace("${local.env_4}-${local.userDefinedString_7}", local.name_regex, "") + rule_set-name = replace("${local.front-door-name}", "-", "") + +} \ No newline at end of file diff --git a/output.tf b/output.tf new file mode 100644 index 0000000..b28b04f --- /dev/null +++ b/output.tf @@ -0,0 +1,3 @@ + + + diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..42d02c5 --- /dev/null +++ b/variables.tf @@ -0,0 +1,65 @@ +variable "location" { + description = "Azure location for the VM" + type = string + default = "canadacentral" +} + +variable "tags" { + description = "Tags that will be applied to every associated VM resource" + type = map(string) + default = {} +} + +variable "env" { + description = "(Required) 4 character string defining the environment name prefix for the VM" + type = string + default = "dev" +} + +variable "group" { + description = "(Required) Character string defining the group for the target subscription" + type = string + default = "test" +} + +variable "project" { + description = "(Required) Character string defining the project for the target subscription" + type = string + default = "test" +} + +variable "userDefinedString" { + description = "(Required) User defined portion value for the name of the VM." + type = string + default= "test" +} + + + + +variable "front_door" { + description = "(Required) front door configuration." + type = any + default = null +} + +variable "resource_groups" { + description = "(Required) Resource group object for the front door" + type = any + default = {} +} + +variable "zones" { + description = "(Required) Resource DNS zone object for the front door" + type = any + default = {} +} + +variable "origin_host_name" { + description = "(Required) Host name of origin for the front door" + type = string +} + + + +