AZURE HUB - Day 18

Configure your environment

• Azure subscription: If you don't have an Azure subscription, create a?free account?before you begin.
• Configure Terraform:?If you haven't already done so, configure Terraform using one of the following options:
• Configure Terraform in Azure Cloud Shell with Bash
• Configure Terraform in Azure Cloud Shell with PowerShell
• Configure Terraform in Windows with Bash
• Configure Terraform in Windows with PowerShell
• Create a hub-and-spoke hybrid network topology with Terraform in Azure.
• Create an on-premises virtual network with Terraform in Azure.

Implement the Terraform code

The hub network consists of the following components:

• A hub virtual network
• A hub virtual network gateway
• Hub gateway connections

1. Make the example directory created in the first article of this series the current directory.
2. In the example directory, create a file named?network.tf.
3. Insert the following code:

locals {
? ? prefix-hub? ? ? ? ?= "hub"
? ? hub-location? ? ? ?= "eastus"
? ? hub-resource-group = "hub-vnet-rg"
? ? shared-key? ? ? ? ?= "4-v3ry-53cr37-1p53c-5h4r3d-k3y"
}


resource "azurerm_resource_group" "hub-vnet-rg" {
? ? name? ? ?= local.hub-resource-group
? ? location = local.hub-location
}


resource "azurerm_virtual_network" "hub-vnet" {
? ? name? ? ? ? ? ? ? ? = "${local.prefix-hub}-vnet"
? ? location? ? ? ? ? ? = azurerm_resource_group.hub-vnet-rg.location
? ? resource_group_name = azurerm_resource_group.hub-vnet-rg.name
? ? address_space? ? ? ?= ["10.0.0.0/16"]


? ? tags = {
? ? environment = "hub-spoke"
? ? }
}


resource "azurerm_subnet" "hub-gateway-subnet" {
? ? name? ? ? ? ? ? ? ? ?= "GatewaySubnet"
? ? resource_group_name? = azurerm_resource_group.hub-vnet-rg.name
? ? virtual_network_name = azurerm_virtual_network.hub-vnet.name
? ? address_prefixes? ? ?= ["10.0.255.224/27"]
}


resource "azurerm_subnet" "hub-mgmt" {
? ? name? ? ? ? ? ? ? ? ?= "mgmt"
? ? resource_group_name? = azurerm_resource_group.hub-vnet-rg.name
? ? virtual_network_name = azurerm_virtual_network.hub-vnet.name
? ? address_prefixes? ? ? ?= ["10.0.0.64/27"]
}


resource "azurerm_subnet" "hub-dmz" {
? ? name? ? ? ? ? ? ? ? ?= "dmz"
? ? resource_group_name? = azurerm_resource_group.hub-vnet-rg.name
? ? virtual_network_name = azurerm_virtual_network.hub-vnet.name
? ? address_prefixes? ? ? ?= ["10.0.0.32/27"]
}


resource "azurerm_network_interface" "hub-nic" {
? ? name? ? ? ? ? ? ? ? ?= "${local.prefix-hub}-nic"
? ? location? ? ? ? ? ? ?= azurerm_resource_group.hub-vnet-rg.location
? ? resource_group_name? = azurerm_resource_group.hub-vnet-rg.name
? ? enable_ip_forwarding = true


? ? ip_configuration {
? ? name? ? ? ? ? ? ? ? ? ? ? ? ? = local.prefix-hub
? ? subnet_id? ? ? ? ? ? ? ? ? ? ?= azurerm_subnet.hub-mgmt.id
? ? private_ip_address_allocation = "Dynamic"
? ? }


? ? tags = {
? ? environment = local.prefix-hub
? ? }
}

        

create virtual-machine.tf

resource "azurerm_virtual_machine" "hub-vm" {
? ? name? ? ? ? ? ? ? ? ? = "${local.prefix-hub}-vm"
? ? location? ? ? ? ? ? ? = azurerm_resource_group.hub-vnet-rg.location
? ? resource_group_name? ?= azurerm_resource_group.hub-vnet-rg.name
? ? network_interface_ids = [azurerm_network_interface.hub-nic.id]
? ? vm_size? ? ? ? ? ? ? ?= var.vmsize


? ? storage_image_reference {
? ? publisher = "Canonical"
? ? offer? ? ?= "UbuntuServer"
? ? sku? ? ? ?= "16.04-LTS"
? ? version? ?= "latest"
? ? }


? ? storage_os_disk {
? ? name? ? ? ? ? ? ? = "myosdisk1"
? ? caching? ? ? ? ? ?= "ReadWrite"
? ? create_option? ? ?= "FromImage"
? ? managed_disk_type = "Standard_LRS"
? ? }


? ? os_profile {
? ? computer_name? = "${local.prefix-hub}-vm"
? ? admin_username = var.username
? ? admin_password = var.password
? ? }


? ? os_profile_linux_config {
? ? disable_password_authentication = false
? ? }


? ? tags = {
? ? environment = local.prefix-hub
? ? }
}
        

create virtual-network.tf

# Virtual Network Gateway
resource "azurerm_public_ip" "hub-vpn-gateway1-pip" {
? ? name? ? ? ? ? ? ? ? = "hub-vpn-gateway1-pip"
? ? location? ? ? ? ? ? = azurerm_resource_group.hub-vnet-rg.location
? ? resource_group_name = azurerm_resource_group.hub-vnet-rg.name


? ? allocation_method = "Dynamic"
}


resource "azurerm_virtual_network_gateway" "hub-vnet-gateway" {
? ? name? ? ? ? ? ? ? ? = "hub-vpn-gateway1"
? ? location? ? ? ? ? ? = azurerm_resource_group.hub-vnet-rg.location
? ? resource_group_name = azurerm_resource_group.hub-vnet-rg.name


? ? type? ? ?= "Vpn"
? ? vpn_type = "RouteBased"


? ? active_active = false
? ? enable_bgp? ? = false
? ? sku? ? ? ? ? ?= "VpnGw1"


? ? ip_configuration {
? ? name? ? ? ? ? ? ? ? ? ? ? ? ? = "vnetGatewayConfig"
? ? public_ip_address_id? ? ? ? ? = azurerm_public_ip.hub-vpn-gateway1-pip.id
? ? private_ip_address_allocation = "Dynamic"
? ? subnet_id? ? ? ? ? ? ? ? ? ? ?= azurerm_subnet.hub-gateway-subnet.id
? ? }
? ? depends_on = [azurerm_public_ip.hub-vpn-gateway1-pip]
}


resource "azurerm_virtual_network_gateway_connection" "hub-onprem-conn" {
? ? name? ? ? ? ? ? ? ? = "hub-onprem-conn"
? ? location? ? ? ? ? ? = azurerm_resource_group.hub-vnet-rg.location
? ? resource_group_name = azurerm_resource_group.hub-vnet-rg.name


? ? type? ? ? ? ? ?= "Vnet2Vnet"
? ? routing_weight = 1


? ? virtual_network_gateway_id? ? ? = azurerm_virtual_network_gateway.hub-vnet-gateway.id
? ? peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id


? ? shared_key = local.shared-key
}


resource "azurerm_virtual_network_gateway_connection" "onprem-hub-conn" {
? ? name? ? ? ? ? ? ? ? = "onprem-hub-conn"
? ? location? ? ? ? ? ? = azurerm_resource_group.onprem-vnet-rg.location
? ? resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
? ? type? ? ? ? ? ? ? ? ? ? ? ? ? ? = "Vnet2Vnet"
? ? routing_weight = 1
? ? virtual_network_gateway_id? ? ? = azurerm_virtual_network_gateway.onprem-vpn-gateway.id
? ? peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id


? ? shared_key = local.shared-key
}        

I hope this helps! Let me know if you have any questions.

We post regularly on social media about the free live hands-on learning opportunities, Opensource Proof Of Concepts, Solutions Architecture Reviews, Automation live hands-on, Live career Q&A Sessions, and promotions. Do follow and support us via the following links. ??

LinkedIn?|?Twitter?|??LinkedIn Group??|?YouTube

Want to Join Every week Free Terraform Cloud Automation Handson Training?

Feel free to add me in your LinkedIn connection and send me message for more steps.

"Aiming to create 1000 leaders every year with more confidence"

Are you looking for some life confidence. Feel free to reach me out?Vijayabalan Balakrishnan?not just learning.