본문 바로가기
Work/Terraform for Azure

Terraform vnet.tf

Flyyunha 2024. 1. 3. 12:24

:: Azure 에서 Network 를 사용하기 위한 vnet 생성 https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network

:: vnet 생성 ( dkkim-vnet1, dkkim-vnet2 )

:: subnet 생성 ( dkkim-vnet1-subnet1, dkkim-vnet2-subnet1, dkkim-vnet2-subnet2 )

:: vnet 간 peering 설정

 

#vim vnet.tf
#resource group 1 : DKKIM
resource "azurerm_resource_group" "DKKIM" {
   name            = "DKKIM"
   location        = "korea central"
   tags = {
       environment = "management:dkkim"
   }
}

#resource group 2 : DKKIM-test
resource "azurerm_resource_group" "dkkim-rg" {
    name            = "DKKIM-test"
    location        = "koreacentral"
    tags = {
        environment = "management:dkkim"
    }
}

#vnet1 : dkkim-vnet1
resource "azurerm_virtual_network" "dkkim-vnet" {
    name                    = "dkkim-vnet1"
    address_space           = ["1.0.0.0/16"]
    location                = azurerm_resource_group.DKKIM.location  
    resource_group_name     = azurerm_resource_group.DKKIM.name  
    #dns_servers             = ["10.0.0.4, 10.0.0.5"]

    tags = {
        environment = "management:dkkim"
    }

}

resource "azurerm_subnet" "dkkim-vnet-subnet" {   
        name                    = "dkkim-vnet1-subnet1"
        resource_group_name     = azurerm_resource_group.DKKIM.name
        virtual_network_name    = azurerm_virtual_network.dkkim-vnet.name
        address_prefixes          = ["1.0.0.0/24"]
}


#vnet2 : dkkim-vent2
resource "azurerm_virtual_network" "dkkim-vnet2" {
    name                    = "dkkim-vnet2"
    address_space           = ["2.0.0.0/16"]
    location                = azurerm_resource_group.dkkim-rg.location  
    resource_group_name     = azurerm_resource_group.dkkim-rg.name
    #dns_servers             = ["10.0.0.4, 10.0.0.5"]
        tags = {
        environment = "management:dkkim"
    }
}

resource "azurerm_subnet" "dkkim-vnet2-subnet" {   
        name                    = "dkkim-vnet2-subnet1"
        resource_group_name     = azurerm_resource_group.dkkim-rg.name
        virtual_network_name    = azurerm_virtual_network.dkkim-vnet2.name
        address_prefixes          = ["2.0.0.0/24"]
}

resource "azurerm_subnet" "dkkim-vnet2-subnet2" {   
        name                    = "dkkim-vnet2-subnet2"
        resource_group_name     = azurerm_resource_group.dkkim-rg.name
        virtual_network_name    = azurerm_virtual_network.dkkim-vnet2.name
        address_prefixes          = ["2.0.1.0/24"]
}


# vnet peering 설정 
# 아래 2개의 설정이 set 임

# allow_forwarded_traffic 옵션은 원격 가상 네트워크에서 전달 된 트래픽 허용 옵션 
# portal 에서 설정시 기본값 허용, terraform 에서 해당 옵션이 없으면 차단 default

# allow_gateway_transit 옵션은 vpn gateway 또는 ExpressRoute 사용시 사용가능한 옵션
# 주의 !! 일반 vnet 에서 사용 (true 설정시) 옵션이 check 되지 않는 상태로 구성됨

resource "azurerm_virtual_network_peering" "dkkim-vnet1_to_dkkim-vnet2" {
    name                       = "dkkim-vnet1_to_dkkim-vnet2"
    resource_group_name        = azurerm_resource_group.DKKIM.name
    virtual_network_name       = azurerm_virtual_network.dkkim-vnet.name
    remote_virtual_network_id  = azurerm_virtual_network.dkkim-vnet2.id
    allow_forwarded_traffic    = true
    #allow_gateway_transit      = false
}

resource "azurerm_virtual_network_peering" "dkkim-vnet2_to_dkkim-vnet1" {
    name                       = "dkkim-vnet2_to_dkkim-vnet1"
    resource_group_name        = azurerm_resource_group.dkkim-rg.name
    virtual_network_name       = azurerm_virtual_network.dkkim-vnet2.name
    remote_virtual_network_id  = azurerm_virtual_network.dkkim-vnet.id
    allow_forwarded_traffic    = true
    #allow_gateway_transit      = false
}



############################################################################################################################################################################
#Example Normal-VNET to VPN-VNET
# 리소스 그룹명은 variable.tf 파일의 선언된 변수로 사용
resource "azurerm_virtual_network_peering" "Normal-VNET-to-VPN-VNET" {
    name                       = "Normal-VNET-to-VPN-VNET"
    resource_group_name        = "${var.resource_group_1}"
    virtual_network_name       = azurerm_virtual_network.Normal-VNET.name
    remote_virtual_network_id  = azurerm_virtual_network.VPN-VNET.id
    allow_forwarded_traffic    = true
    #allow_gateway_transit      = true
    use_remote_gateways        = true                          # 일반 Vnet to VPN Gateway VNET Peering 시 #원격 가상 네트워크의 게이트웨이 또는 Route Server 사용
}

resource "azurerm_virtual_network_peering" "VPN-VNET-to-Normal-VNET" {
    name                       = "VPN-VNET-to-Normal-VNET"
    resource_group_name        = "${var.resource_group_1}"
    virtual_network_name       = azurerm_virtual_network.VPN-VNET.name
    remote_virtual_network_id  = azurerm_virtual_network.Normal-VNET.id
    allow_forwarded_traffic    = true
    allow_gateway_transit      = true                          # VPN Gateway Vnet to 일반 Vnet peering 시 #이 가상 네트워크 게이트웨이 또는 Route Server 사용
}

 

 

 

'Work > Terraform for Azure' 카테고리의 다른 글

Terraform vm.tf  (0) 2024.01.04
Terraform Public_ip.tf  (0) 2024.01.04
Terraform resourcegroup.tf  (0) 2024.01.03
Terraform main.tf  (1) 2024.01.03
Linux 환경(CentOS)에서 Terraform 환경 설정 for Azure  (0) 2024.01.02

'Work/Terraform for Azure' Related Articles

티스토리툴바