DEV - AZURE INTEGRATION
=== apim
# resource "azurerm_resource_group" "rg" {
# name = ""
# location = "east us 2"
# }
# resource "azurerm_api_management" "example" {
# name = "apimDevNeogenomics"
# location = azurerm_resource_group.example.location
# resource_group_name = azurerm_resource_group.example.name
# publisher_name = "name"
# publisher_email = "email"
# sku_name = "Developer_1"
# }
# resource "random_pet" "rg_name" {
# prefix = var.resource_group_name_prefix
# }
# resource "azurerm_resource_group" "rg" {
# name = random_pet.rg_name.id
# location = var.resource_group_location
# }
# resource "random_string" "azurerm_api_management_name" {
# length = 13
# lower = true
# numeric = false
# special = false
# upper = false
# }
data "azurerm_subnet" "apim_subnet" {
name = var.apim_subnet_name
virtual_network_name = var.vnet_name_1
resource_group_name = var.resource_group_name_vnet
}
resource "azurerm_api_management" "api" {
name = ""
location = var.resource_group_location
resource_group_name = var.resource_group_name
publisher_email = var.publisher_email
publisher_name = var.publisher_name
sku_name = var.sku_name
tags = var.tags
}
=== apim Variables.tf
variable "resource_group_location" {
type = string
default = "eastus2"
description = "Location for all resources."
}
variable "resource_group_name_prefix" {
type = string
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "publisher_email" {
default = ""
description = "The email address of the owner of the service"
type = string
validation {
condition = length(var.publisher_email) > 0
error_message = "The publisher_email must contain at least one character."
}
}
variable "publisher_name" {
default = "publisher"
description = "The name of the owner of the service"
type = string
validation {
condition = length(var.publisher_name) > 0
error_message = "The publisher_name must contain at least one character."
}
}
# variable "sku" {
# description = "The pricing tier of this API Management service"
# default = "Developer"
# type = string
# validation {
# condition = contains(["Developer_1", "Standard", "Premium"], var.sku)
# error_message = "The sku must be one of the following: Developer, Standard, Premium."
# }
# }
# variable "sku_count" {
# description = "The instance size of this API Management service."
# default = 1
# type = number
# validation {
# condition = contains([1, 2], var.sku_count)
# error_message = "The sku_count must be one of the following: 1, 2."
# }
# }
# variable "resource_group_name" {
# description = "The instance size of this API Management service."
# default = ""
# type = number
# }
variable "apim_name" {
type = string
#default =
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "sku_name" {
type = string
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "resource_group_name" {
type = string
default = ""
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "resource_group_name_vnet" {
type = string
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
default = ""
}
variable "apim_subnet_name" {
type = string
description = "APIM subnet"
default = ""
}
variable "tags" {
description = "Tags to be applied to resources."
type = map(string)
default = {
environment: ""
purpose: ""
owner: ""
Created_by: "Terraform IaC"
}
}
variable "vnet_name_1" {
description = "The name of the existing Virtual Network."
type = string
default = ""
}
==================================================================
==================================================================
variable "resource_group_name_vnet" {
description = "Vnet Resource Group"
type = string
default = "NET-EUS2-DEV-RG"
}
variable "apim_resource_group_name_private" {
description = "Vnet Resource Group"
type = string
default = "NET-EUS2-PROD-RG"
}
variable "location" {
description = "The location/region where the resources will be created."
type = string
default = "EAST US 2"
}
variable "resource_group_name" {
description = "The name of the resource group."
type = string
default = "rg-esp-dev"
}
variable "vnet_name" {
description = "The name of the existing Virtual Network."
type = string
default = "VNET-Dev-10.117.128.0-17"
}
variable "subnet_name" {
description = "The name of the existing Subnet."
type = string
default = "PrivateEndpointDev-Subnet"
}
variable "apim_subnet_name" {
description = "The name of the existing Subnet."
type = string
default = "APIM-Dev-Subnet"
}
variable "apim_name_1" {
description = "The name of the API Management instance."
type = string
default = "apim-esp-dev-01"
}
variable "publisher_name_1" {
description = "The name of the publisher of the API Management instance."
type = string
default = "apim-esp-dev-publisher"
}
variable "publisher_email_1" {
description = "The email of the publisher of the API Management instance."
type = string
default = "michael.million@neogenomics.com"
}
variable "apim_sku_1" {
description = "The SKU of the API Management instance."
type = string
default = "Developer_1"
}
variable "apim_private_dns_zone_name" {
description = "The SKU of the API Management instance."
type = string
default = "azure-api.net"
}
variable "tags" {
description = "Tags to be applied to resources."
type = map(string)
default = {
environment: "Dev"
purpose: "ESP"
owner: "Apandeep Singh"
Created_by: "Terraform IaC"
}
}
## Provider configuration
provider "azurerm" {
alias = "primary"
subscription_id = "" # Primary subscription for APIM
features {}
}
provider "azurerm" {
alias = "secondary"
subscription_id = "" # Secondary subscription for Private DNS Zone, Private Link, and Private Endpoint
features {}
skip_provider_registration = true
}
## Data Sources for Existing Resources
# Data source to fetch details about the existing resource group for APIM
data "azurerm_resource_group" "apim_rg" {
name = ""
provider = azurerm.primary
}
# Data source to fetch details about the existing virtual network
data "azurerm_virtual_network" "vnet" {
name = ""
resource_group_name = ""
provider = azurerm.primary
}
# Data source to fetch details about the existing subnet within the virtual network
data "azurerm_subnet" "subnet" {
name = ""
virtual_network_name = data.azurerm_virtual_network.vnet.name
resource_group_name = ""
provider = azurerm.primary
}
# Data source to fetch details about the existing resource group for private resources
data "azurerm_resource_group" "private_rg" {
name = "NET-EUS2-PROD-RG"
provider = azurerm.secondary
}
# Data source to fetch details about the existing Private DNS Zone
data "azurerm_private_dns_zone" "private_dns_zone" {
name = "azure-api.net"
resource_group_name = "NET-EUS2-PROD-RG"
provider = azurerm.secondary
}
## APIM Resource Definition
resource "azurerm_api_management" "apim" {
name = ""
location = "East US 2"
resource_group_name = data.azurerm_resource_group.apim_rg.name
publisher_name = ""
publisher_email = ""
sku_name = "Developer_1"
identity {
type = "SystemAssigned"
}
tags = {
environment = ""
purpose = ""
owner = ""
created_by = ""
}
#subnet_id = data.azurerm_subnet.subnet.id # Place APIM in the desired subnet
}
## Private DNS Zone Link and Private Endpoint Resources
# Resource for linking the existing Private DNS Zone with a virtual network
resource "azurerm_private_dns_zone_virtual_network_link" "dns_vnet_link" {
name = "apim-link-dns-vnet"
resource_group_name = data.azurerm_resource_group.private_rg.name
private_dns_zone_name = data.azurerm_private_dns_zone.private_dns_zone.name
virtual_network_id = data.azurerm_virtual_network.vnet.id
provider = azurerm.secondary
}
# Resource for creating a Private Endpoint
resource "azurerm_private_endpoint" "private_endpoint" {
name = "apim-private-endpoint"
location = data.azurerm_resource_group.private_rg.location
resource_group_name = data.azurerm_resource_group.private_rg.name
subnet_id = data.azurerm_subnet.subnet.id
provider = azurerm.secondary
private_service_connection {
name = "apim-private-connection"
private_connection_resource_id = azurerm_api_management.apim.id
subresource_names = ["Gateway"]
is_manual_connection = false
}
}
# Resource for creating a DNS A record in the Private DNS Zone
resource "azurerm_private_dns_a_record" "dns_a_record" {
name = azurerm_api_management.apim.name
zone_name = data.azurerm_private_dns_zone.private_dns_zone.name
resource_group_name = data.azurerm_resource_group.private_rg.name
ttl = 300
records = [azurerm_private_endpoint.private_endpoint.private_service_connection[0].private_ip_address]
tags = {
environment = ""
purpose = ""
owner = ""
created_by = ""
}
provider = azurerm.secondary
}
apim - variable.tf
variable "resource_group_name_vnet" {
description = "Vnet Resource Group"
type = string
default = ""
}
variable "apim_resource_group_name_private" {
description = "Vnet Resource Group"
type = string
default = ""
}
variable "location" {
description = "The location/region where the resources will be created."
type = string
default = "EAST US 2"
}
variable "resource_group_name" {
description = "The name of the resource group."
type = string
default = ""
}
variable "vnet_name" {
description = "The name of the existing Virtual Network."
type = string
default = ""
}
variable "subnet_name" {
description = "The name of the existing Subnet."
type = string
default = ""
}
variable "apim_subnet_name" {
description = "The name of the existing Subnet."
type = string
default = ""
}
variable "apim_name_1" {
description = "The name of the API Management instance."
type = string
default = ""
}
variable "publisher_name_1" {
description = "The name of the publisher of the API Management instance."
type = string
default = ""
}
variable "publisher_email_1" {
description = "The email of the publisher of the API Management instance."
type = string
default = ""
}
variable "apim_sku_1" {
description = "The SKU of the API Management instance."
type = string
default = "Developer_1"
}
variable "apim_private_dns_zone_name" {
description = "The SKU of the API Management instance."
type = string
default = ""
}
variable "tags" {
description = "Tags to be applied to resources."
type = map(string)
default = {
environment: ""
purpose: ""
owner: ""
Created_by: ""
}
}
======
Service Bus -- without private endpoints
provider "azurerm" {
features {}
}
# resource "azurerm_resource_group" "rg" {
# name = ""
# location = "East US 2"
# }
resource "azurerm_servicebus_namespace" "sb-catwalk" {
name = var.namespace_name # ""
resource_group_name = var.resource_group_name
location = var.resource_group_location
sku = var.sku
tags = var.tags
capacity = var.capacity
premium_messaging_partitions = var.premium_messaging_partitions
}
resource "azurerm_servicebus_topic" "topic-catwalk" {
name = ""
namespace_id = azurerm_servicebus_namespace.sb-neogen.id
enable_partitioning = true
}
resource "azurerm_servicebus_subscription" "subscription" {
name = ""
max_delivery_count = 10 # Example value for max_delivery_count
topic_id = azurerm_servicebus_topic.topic-neogen.id # Corrected reference to topic ID
}
service bus -- variables.tf
variable "resource_group_name" {
description = "The name of the resource group."
default = ""
}
variable "resource_group_location" {
description = "The location for the resource group."
default = "East US 2"
}
variable "namespace_name" {
description = "The name of the Service Bus namespace."
default = ""
}
variable "topic_name" {
description = "The name of the Service Bus topic."
default = ""
}
variable "subscription_name" {
description = "The name of the Service Bus subscription."
default = ""
}
variable "max_delivery_count" {
description = "The maximum number of times a message is delivered before being dead-lettered."
default = 10
}
variable "apim_name" {
type = string
#default = apim-dev-catwalk
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "vnet_name" {
type = string
default = ""
description = "Prefix of the reso"
}
variable "subnet_name" {
type = string
default = ""
description = "Prefix of the reso"
}
variable "resource_group_name_vnet" {
type = string
default = ""
description = "Prefix of the reso"
}
variable "sku" {
type = string
default = "Premium"
description = "Sku"
}
variable "capacity" {
type = number
default = 1
description = "Capacity"
}
variable "premium_messaging_partitions" {
type = number
default = 1
description = "Messageing Partitions"
}
variable "tags" {
description = "Tags to be applied to resources."
type = map(string)
default = {
environment: ""
purpose: ""
owner: ""
Created_by: "Terraform IaC"
}
}
keyVault main.tf
# Configure the Azure provider
provider "azurerm" {
features {}
}
data "azurerm_key_vault" "keyvault-dev" {
name = ""
resource_group_name = ""
}
# Data source to fetch current client configuration
data "azurerm_client_config" "current" {}
# Data source to fetch the existing Virtual Network
data "azurerm_virtual_network" "existing_vnet" {
name = ""
resource_group_name = var.resource_group_name_vnet
}
# Define a data source for the existing resource group
data "azurerm_resource_group" "dev_catwalk_rg" {
name = var.resource_group_name
}
# Data source to fetch the existing Subnet
data "azurerm_subnet" "existing-subnet" {
name = ""
virtual_network_name = data.azurerm_virtual_network.existing_vnet.name
resource_group_name = var.resource_group_name_vnet
}
# Create the Key Vault
resource "azurerm_key_vault" "keyvault-dev" {
name = ""
location = var.location
resource_group_name = var.resource_group_name
sku_name = var.key_vault_sku
tenant_id = var.tenant_id
tags = var.tags
purge_protection_enabled = false
soft_delete_retention_days = 7
enabled_for_disk_encryption = true
enabled_for_template_deployment = true
enabled_for_deployment = true
enable_rbac_authorization = true
public_network_access_enabled = false
# network_acls {
# default_action = "Deny"
# bypass = "AzureServices"
# ip_rules = [
# "10.117.128.0/17"
# ]
# timeouts {
# create = "1h"
# update = "1h"
# read = "1h"
# delete = "1h"
# }
}
# Create a Private Endpoint for the Key Vault
# resource "azurerm_private_endpoint" "kv-esp-endpoint" {
# name = "kv-esp-dev-private-endpoint"
# location = var.location
# resource_group_name = var.resource_group_name
# subnet_id = data.azurerm_subnet.existing-subnet.id
# private_service_connection {
# name = "kv-esp-dev-privateserviceconnection"
# is_manual_connection = false
# private_connection_resource_id = azurerm_key_vault.keyvault-dev.id
# subresource_names = ["vault"]
# }
# }
# Create a Private DNS Zone
# resource "azurerm_private_dns_zone" "kv-esp-dev-privatedns-zone" {
# name = "privatelink.esp.dev.vaultcore.azure.net"
# resource_group_name = var.resource_group_name
# }
# Link the DNS Zone to the Virtual Network
# resource "azurerm_private_dns_zone_virtual_network_link" "kv-esp-dev-network-link" {
# name = "kv-esp-dev-dnszone-vnet-link"
# resource_group_name = var.resource_group_name
# private_dns_zone_name = azurerm_private_dns_zone.kv-esp-dev-privatedns-zone.name
# virtual_network_id = data.azurerm_virtual_network.existing_vnet.id
# }
# Create DNS A record for the Private Endpoint
# resource "azurerm_private_dns_a_record" "kv-dns-a-record" {
# name = "kv-esp-dev-dns-a-record"
# zone_name = azurerm_private_dns_zone.kv-esp-dev-privatedns-zone.name
# resource_group_name = var.resource_group_name
# ttl = 300
# records = [azurerm_private_endpoint.kv-esp-endpoint.private_service_connection[0].private_ip_address]
# }
# Define a custom role
# resource "azurerm_role_definition" "custom_role" {
# #role_definition_id = "/subscriptions/e5090f19-cf39-4d4d-8ac9-5f8bf17b1cc7/resourceGroups/rg-esp-dev/providers/Microsoft.Authorization/roleDefinitions/7c13fe9f-15f7-4f98-b995-68f5599c4178"
# role_definition_id = "7c13fe9f-15f7-4f98-b995-68f5599c4178"
# #role_definition_id = "/subscriptions/e5090f19-cf39-4d4d-8ac9-5f8bf17b1cc7/providers/Microsoft.Authorization/roleDefinitions/7c13fe9f-15f7-4f98-b995-68f5599c4178"
# name = "ESP-DEV Developer"
# description = "KV Secrets Officer, Automation Contrib, Service Bus Data Owner, Logic App Contrib, Log Analytics Contrib, Monitoring Contrib, Workbook Contrib, Api Mgmt Contributor, Logic App Std Developer scoped to Neo-Dev / rg-esp-dev"
# scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
# permissions {
# actions = [
# "Microsoft.AlertsManagement/actionRules/*",
# "Microsoft.AlertsManagement/alerts/*",
# "Microsoft.AlertsManagement/alertsSummary/*",
# "Microsoft.AlertsManagement/investigations/*",
# "Microsoft.AlertsManagement/migrateFromSmartDetection/*",
# "Microsoft.AlertsManagement/smartDetectorAlertRules/*",
# "Microsoft.AlertsManagement/smartGroups/*",
# "Microsoft.ApiManagement/service/*",
# "Microsoft.Authorization/*/read",
# "Microsoft.Automation/automationAccounts/*",
# "Microsoft.ClassicCompute/virtualMachines/extensions/*",
# "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
# "Microsoft.ClassicStorage/storageAccounts/read",
# "Microsoft.Compute/virtualMachines/extensions/*",
# "Microsoft.HybridCompute/machines/extensions/write",
# "Microsoft.Insights/ActionGroups/*",
# "Microsoft.Insights/ActivityLogAlerts/*",
# "Microsoft.Insights/alertRules/*",
# "Microsoft.Insights/alertRules/*/read",
# "Microsoft.Insights/components/*",
# "Microsoft.Insights/createNotifications/*",
# "Microsoft.Insights/dataCollectionEndpoints/*",
# "Microsoft.Insights/dataCollectionRuleAssociations/*",
# "Microsoft.Insights/dataCollectionRules/*",
# "Microsoft.Insights/diagnosticSettings/*",
# "Microsoft.Insights/eventtypes/*",
# "Microsoft.Insights/logdefinitions/*",
# "Microsoft.Insights/LogDefinitions/*",
# "Microsoft.Insights/MetricAlerts/*",
# "Microsoft.Insights/metricAlerts/*/read",
# "Microsoft.Insights/MetricDefinitions/*",
# "Microsoft.Insights/metricDefinitions/*/read",
# "Microsoft.Insights/Metrics/*",
# "Microsoft.Insights/notificationStatus/*",
# "Microsoft.Insights/privateLinkScopeOperationStatuses/*",
# "Microsoft.Insights/privateLinkScopes/*",
# "Microsoft.Insights/Register/Action",
# "Microsoft.Insights/scheduledqueryrules/*",
# "Microsoft.Insights/ScheduledQueryRules/*",
# "Microsoft.Insights/webtests/*",
# "Microsoft.Insights/workbooks/*",
# "Microsoft.Insights/workbooks/revisions/read",
# "Microsoft.Insights/workbooks/write",
# "Microsoft.Insights/workbooktemplates/*",
# "Microsoft.Insights/workbooktemplates/delete",
# "Microsoft.Insights/workbooktemplates/read",
# "Microsoft.Insights/workbooktemplates/write",
# "Microsoft.KeyVault/checkNameAvailability/read",
# "Microsoft.KeyVault/checkNameAvailability/read",
# "Microsoft.KeyVault/deletedVaults/read",
# "Microsoft.KeyVault/deletedVaults/read",
# "Microsoft.KeyVault/locations/*/read",
# "Microsoft.KeyVault/operations/read",
# "Microsoft.KeyVault/vaults/*/read",
# "Microsoft.Logic/*",
# "Microsoft.Logic/workflows/disable/action",
# "Microsoft.Logic/workflows/enable/action",
# "Microsoft.Logic/workflows/validate/action",
# "Microsoft.Monitor/investigations/*",
# "Microsoft.OperationalInsights/*",
# "Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
# "Microsoft.OperationalInsights/workspaces/savedSearches/*",
# "Microsoft.OperationalInsights/workspaces/search/action",
# "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
# "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
# "Microsoft.OperationalInsights/workspaces/write",
# "Microsoft.OperationsManagement/*",
# "Microsoft.ResourceHealth/availabilityStatuses/read",
# "Microsoft.Resources/deployments/*",
# "Microsoft.Resources/subscriptions/operationresults/read",
# "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
# "Microsoft.Resources/subscriptions/resourceGroups/read",
# "Microsoft.ServiceBus/*",
# "Microsoft.Storage/storageAccounts/listKeys/action",
# "Microsoft.Storage/storageAccounts/read",
# "Microsoft.Storage/storageAccounts/write",
# "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
# "Microsoft.Storage/storageAccounts/blobServices/containers/read",
# "Microsoft.Storage/storageAccounts/blobServices/containers/write",
# "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action",
# "Microsoft.Web/*/read",
# "Microsoft.Web/connectionGateways/*",
# "Microsoft.Web/connections/*",
# "Microsoft.Web/customApis/*",
# "Microsoft.Web/serverFarms/join/action",
# "Microsoft.Web/serverFarms/read",
# "Microsoft.Web/ServerFarms/write",
# "Microsoft.Web/sites/config/list/Action",
# "microsoft.web/sites/config/Write",
# "microsoft.web/sites/config/web/appsettings/delete",
# "microsoft.web/sites/config/web/appsettings/write",
# "microsoft.web/sites/deployWorkflowArtifacts/action",
# "microsoft.web/sites/hostruntime/*",
# "microsoft.web/sites/listworkflowsconnections/action",
# "Microsoft.Web/sites/publish/Action",
# "microsoft.web/sites/slots/config/appsettings/write",
# "Microsoft.Web/sites/slots/config/list/Action",
# "microsoft.web/sites/slots/config/web/appsettings/delete",
# "microsoft.web/sites/slots/deployWorkflowArtifacts/action",
# "microsoft.web/sites/slots/listworkflowsconnections/action",
# "Microsoft.Web/sites/slots/publish/Action",
# "microsoft.web/sites/workflows/*",
# "microsoft.web/sites/workflowsconfiguration/*",
# "Microsoft.Web/sites/basicPublishingCredentialsPolicies/write",
# "Microsoft.Web/sites/functions/listSecrets/action",
# "Microsoft.Web/Sites/write",
# "Microsoft.Web/serverFarms/read"
# ]
# data_actions = [
# "Microsoft.KeyVault/vaults/keys/*",
# "Microsoft.KeyVault/vaults/keyrotationpolicies/*",
# "Microsoft.ServiceBus/*",
# "Microsoft.KeyVault/vaults/secrets/*",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
# ]
# not_actions = []
# not_data_actions = []
# }
# assignable_scopes = [
# "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
# ]
# }
# # Assign the custom role to the user or group
# resource "azurerm_role_assignment" "kv_role_assignment" {
# scope = azurerm_key_vault.keyvault-dev.id
# role_definition_id = azurerm_role_definition.custom_role.role_definition_id
# principal_id = var.object_id
# }
variables.tf
variable "location" {
description = "The location/region where the resources will be created."
type = string
default = "East US 2"
}
variable "resource_group_name" {
description = "The name of the resource group."
type = string
default = ""
}
variable "key_vault_name" {
description = "The name of the Key Vault."
type = string
default = ""
}
variable "key_vault_sku" {
description = "The SKU of the Key Vault. Possible values are 'standard' and 'premium'."
type = string
default = "premium"
}
variable "purge_protection_enabled" {
description = "Enable purge protection for the Key Vault."
type = bool
default = true
}
variable "soft_delete_retention_days" {
description = "The number of days to retain soft-deleted vaults."
type = number
default = 7
}
variable "tenant_id" {
description = "The number of days to retain soft-deleted vaults."
type = string
default = ""
}
variable "subscription_id" {
description = "The number of days to retain soft-deleted vaults."
type = string
default = ""
}
variable "object_id" {
description = "The number of days to retain soft-deleted vaults."
type = string
default = ""
}
variable "resource_group_name_vnet" {
description = "Vnet Resource Group"
type = string
default = ""
}
variable "tags" {
description = "Tags to be applied to resources."
type = map(string)
default = {
environment: ""
purpose: ""
owner: ""
Created_by: "Terraform IaC"
}
}
========================================================================================================
/dev/main.tf
data "azurerm_client_config" "current" {}
data "azurerm_storage_account" "dev_logicapp_storage_account" {
name = azurerm_storage_account.dev_logicapp_storage_account.name
#name = data.azurerm_storage_account.dev_logicapp_storage_account
resource_group_name = var.resource_group_name
}
#Module for Azure API Management
# module "apim" {
# source = "../modules/apim"
# # Pass any required variables to the APIM module
# apim_name = var.apim_name
# resource_group_name = var.resource_group_name
# publisher_email = var.publisher_email
# publisher_name = var.publisher_name
# sku_name = var.sku_name
# resource_group_name_prefix = var.resource_group_name_prefix
# resource_group_name_vnet = var.resource_group_name_vnet
# apim_subnet_name = var.apim_subnet_name
# resource_group_location = var.resource_group_location
# tags = var.tags
# # Add any other required variables here
# }
# module "apim_1" {
# source = "../modules/apim_1"
# location = var.location
# resource_group_name = var.resource_group_name_vnet
# vnet_name = var.vnet_name
# subnet_name = var.apim_subnet_name
# apim_name_1 = var.apim_name_1
# publisher_name_1 = var.publisher_name_1
# publisher_email_1 = var.publisher_email_1
# apim_sku_1 = var.apim_sku_1
# tags = var.tags
# }
# module "apim_1" {
# source = "../modules/apim_1" # Path to the directory containing the apim module
# resource_group_name = var.resource_group_name
# apim_resource_group_name_private = var.apim_resource_group_name_private
# location = var.location
# vnet_name = var.vnet_name
# apim_subnet_name = var.apim_subnet_name
# apim_private_dns_zone_name = var.apim_private_dns_zone_name
# apim_name_1 = var.apim_name_1
# publisher_name_1 = var.publisher_name_1
# publisher_email_1 = var.publisher_email_1
# apim_sku_1 = var.apim_sku_1
# tags = var.tags
# }
module "serviceBus" {
source = "../modules/serviceBus" # Specify the path to your module directory
# Pass variables to the module
resource_group_name = var.resource_group_name
resource_group_location = var.resource_group_location
namespace_name = var.namespace_name
sku = var.sku
resource_group_name_vnet = var.vnet_name
apim_name = var.apim_name
premium_messaging_partitions = var.premium_messaging_partitions
capacity = var.capacity
tags = var.tags
}
module "logic_app_module" {
source = "../modules/logicApps"
location = var.location
resource_group_name = var.resource_group_name
#logicapp_storage_account_name = var.logicapp_storage_account_name
logicapp_storage_account_name = data.azurerm_storage_account.dev_logicapp_storage_account.name
app_service_plan_name = var.app_service_plan_name
logic_app_name = var.logic_app_name
number_of_logic_apps = var.number_of_logic_apps
logic_app_name_prefix = var.logic_app_name_prefix
storage_account_name_prefix = var.storage_account_name_prefix
vnet_name = var.vnet_name
subnet_name = var.subnet_name
tags = var.tags
resource_group_name_vnet = var.resource_group_name_vnet
}
# module "service_bus_1" {
# source = "../modules/serviceBus_1"
# location = var.resource_group_location
# resource_group_name = var.resource_group_name
# namespace_name_1 = var.namespace_name_1
# sku_1 = var.sku_1
# vnet_name_1 = var.vnet_name_1
# subnet_name_1 = var.subnet_name_1
# tags = var.tags
# }
module "azureKeyVault" {
source = "../modules/azureKeyVault"
location = var.location
resource_group_name = var.resource_group_name
key_vault_name = var.key_vault_name
key_vault_sku = var.key_vault_sku
tenant_id = var.tenant_id
object_id = var.object_id
soft_delete_retention_days = var.soft_delete_retention_days
tags = var.tags
}
# resource "azurerm_storage_account" "st-logic-app" {
# name = ""
# resource_group_name = var.resource_group_name
# location = var.region
# account_tier = "Standard"
# account_replication_type = "LRS"
# }
# data "azurerm_storage_account" "st-logic-app" {
# name = ""
# resource_group_name = ""
# }
# module "logicApps" {
# source = "../modules/logicApps"
# logicapp_name = ["dev-01", "dev-02", "dev-03"]
# location = var.location
# resource_group_name = var.resource_group_name
# logicapp_storage_account_name = var.logicapp_storage_account_name
# app_service_plan_name = var.app_service_plan_name
# logic_app_name_prefix = var.logic_app_name_prefix
# number_of_logic_apps = var.number_of_logic_apps
# storage_account_name_prefix = var.storage_account_name_prefix
# vnet_name = var.vnet_name
# subnet_name = var.subnet_name
# #storage_account_access_key = azurerm_storage_account.st-logic-app.primary_access_key
# }
# data "azurerm_storage_account" "tf_state" {
# name = "" # Replace with your actual VNet name
# resource_group_name = var.resource_group_name
# }
# Define a data source for the existing virtual network
data "azurerm_virtual_network" "" {
name = "" # Replace with your actual VNet name
resource_group_name = var.resource_group_name_vnet
}
# Define a data source for the existing resource group
data "azurerm_resource_group" "dev_neogenomics_rg" {
name = var.resource_group_name
}
# Define a data source for the existing subnet within the virtual network
data "azurerm_subnet" "dev_subnet" {
name = ""
virtual_network_name = data.azurerm_virtual_network.devs_rg_vnet.name # Access the name attribute
resource_group_name = var.resource_group_name_vnet
}
#Create a single Storage Account
resource "azurerm_storage_account" "dev_logicapp_storage_account" {
name = "${var.storage_account_name_prefix}esplogappdev001"
resource_group_name = var.resource_group_name
location = var.location
account_tier = "Standard"
account_replication_type = "LRS"
}
# Example resource within the existing subnet
# resource "azurerm_network_interface" "dev-network-nic" {
# name = "dev--nic"
# location = data.azurerm_resource_group.dev__rg.location
# resource_group_name = data.azurerm_resource_group.dev_rg.name
# ip_configuration {
# name = "internal"
# subnet_id = data.azurerm_subnet.dev_subnet.id
# private_ip_address_allocation = "Dynamic"
# }
# }
#####Key Vault
data "azurerm_key_vault" "keyvault-dev" {
name = ""
resource_group_name = ""
}
output "key_vault_name" {
value = data.azurerm_key_vault.keyvault-dev.id
}
data "azurerm_role_definition" "custom_role" {
name = ""
scope = ""
}
# Create the Key Vault
# resource "azurerm_key_vault" "keyvault-dev" {
# name = "kvespdev-001"
# location = var.location
# resource_group_name = var.resource_group_name
# sku_name = var.key_vault_sku
# tenant_id = var.tenant_id
# tags = var.tags
# purge_protection_enabled = false
# soft_delete_retention_days = 7
# enabled_for_disk_encryption = true
# enabled_for_template_deployment = true
# enabled_for_deployment = true
# enable_rbac_authorization = true
# public_network_access_enabled = false
# }
# resource "azurerm_role_definition" "custom_role" {
# role_definition_id = ""
# #role_definition_id = ""
# #role_definition_id = ""
# name = ""
# description = "KV Secrets Officer, Automation Contrib, Service Bus Data Owner, Logic App Contrib, Log Analytics Contrib, Monitoring Contrib, Workbook Contrib, Api Mgmt Contributor, Logic App Std Developer scoped to Neo-Dev / rg-esp-dev"
# scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
# permissions {
# actions = [
# "Microsoft.AlertsManagement/actionRules/*",
# "Microsoft.AlertsManagement/alerts/*",
# "Microsoft.AlertsManagement/alertsSummary/*",
# "Microsoft.AlertsManagement/investigations/*",
# "Microsoft.AlertsManagement/migrateFromSmartDetection/*",
# "Microsoft.AlertsManagement/smartDetectorAlertRules/*",
# "Microsoft.AlertsManagement/smartGroups/*",
# "Microsoft.ApiManagement/service/*",
# "Microsoft.Authorization/*/read",
# "Microsoft.Automation/automationAccounts/*",
# "Microsoft.ClassicCompute/virtualMachines/extensions/*",
# "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
# "Microsoft.ClassicStorage/storageAccounts/read",
# "Microsoft.Compute/virtualMachines/extensions/*",
# "Microsoft.HybridCompute/machines/extensions/write",
# "Microsoft.Insights/ActionGroups/*",
# "Microsoft.Insights/ActivityLogAlerts/*",
# "Microsoft.Insights/alertRules/*",
# "Microsoft.Insights/alertRules/*/read",
# "Microsoft.Insights/components/*",
# "Microsoft.Insights/createNotifications/*",
# "Microsoft.Insights/dataCollectionEndpoints/*",
# "Microsoft.Insights/dataCollectionRuleAssociations/*",
# "Microsoft.Insights/dataCollectionRules/*",
# "Microsoft.Insights/diagnosticSettings/*",
# "Microsoft.Insights/eventtypes/*",
# "Microsoft.Insights/logdefinitions/*",
# "Microsoft.Insights/LogDefinitions/*",
# "Microsoft.Insights/MetricAlerts/*",
# "Microsoft.Insights/metricAlerts/*/read",
# "Microsoft.Insights/MetricDefinitions/*",
# "Microsoft.Insights/metricDefinitions/*/read",
# "Microsoft.Insights/Metrics/*",
# "Microsoft.Insights/notificationStatus/*",
# "Microsoft.Insights/privateLinkScopeOperationStatuses/*",
# "Microsoft.Insights/privateLinkScopes/*",
# "Microsoft.Insights/Register/Action",
# "Microsoft.Insights/scheduledqueryrules/*",
# "Microsoft.Insights/ScheduledQueryRules/*",
# "Microsoft.Insights/webtests/*",
# "Microsoft.Insights/workbooks/*",
# "Microsoft.Insights/workbooks/revisions/read",
# "Microsoft.Insights/workbooks/write",
# "Microsoft.Insights/workbooktemplates/*",
# "Microsoft.Insights/workbooktemplates/delete",
# "Microsoft.Insights/workbooktemplates/read",
# "Microsoft.Insights/workbooktemplates/write",
# "Microsoft.KeyVault/checkNameAvailability/read",
# "Microsoft.KeyVault/checkNameAvailability/read",
# "Microsoft.KeyVault/deletedVaults/read",
# "Microsoft.KeyVault/deletedVaults/read",
# "Microsoft.KeyVault/locations/*/read",
# "Microsoft.KeyVault/operations/read",
# "Microsoft.KeyVault/vaults/*/read",
# "Microsoft.Logic/*",
# "Microsoft.Logic/workflows/disable/action",
# "Microsoft.Logic/workflows/enable/action",
# "Microsoft.Logic/workflows/validate/action",
# "Microsoft.Monitor/investigations/*",
# "Microsoft.OperationalInsights/*",
# "Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
# "Microsoft.OperationalInsights/workspaces/savedSearches/*",
# "Microsoft.OperationalInsights/workspaces/search/action",
# "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
# "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
# "Microsoft.OperationalInsights/workspaces/write",
# "Microsoft.OperationsManagement/*",
# "Microsoft.ResourceHealth/availabilityStatuses/read",
# "Microsoft.Resources/deployments/*",
# "Microsoft.Resources/subscriptions/operationresults/read",
# "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
# "Microsoft.Resources/subscriptions/resourceGroups/read",
# "Microsoft.ServiceBus/*",
# "Microsoft.Storage/storageAccounts/listKeys/action",
# "Microsoft.Storage/storageAccounts/read",
# "Microsoft.Storage/storageAccounts/write",
# "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
# "Microsoft.Storage/storageAccounts/blobServices/containers/read",
# "Microsoft.Storage/storageAccounts/blobServices/containers/write",
# "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action",
# "Microsoft.Web/*/read",
# "Microsoft.Web/connectionGateways/*",
# "Microsoft.Web/connections/*",
# "Microsoft.Web/customApis/*",
# "Microsoft.Web/serverFarms/join/action",
# "Microsoft.Web/serverFarms/read",
# "Microsoft.Web/ServerFarms/write",
# "Microsoft.Web/sites/config/list/Action",
# "microsoft.web/sites/config/Write",
# "microsoft.web/sites/config/web/appsettings/delete",
# "microsoft.web/sites/config/web/appsettings/write",
# "microsoft.web/sites/deployWorkflowArtifacts/action",
# "microsoft.web/sites/hostruntime/*",
# "microsoft.web/sites/listworkflowsconnections/action",
# "Microsoft.Web/sites/publish/Action",
# "microsoft.web/sites/slots/config/appsettings/write",
# "Microsoft.Web/sites/slots/config/list/Action",
# "microsoft.web/sites/slots/config/web/appsettings/delete",
# "microsoft.web/sites/slots/deployWorkflowArtifacts/action",
# "microsoft.web/sites/slots/listworkflowsconnections/action",
# "Microsoft.Web/sites/slots/publish/Action",
# "microsoft.web/sites/workflows/*",
# "microsoft.web/sites/workflowsconfiguration/*",
# "Microsoft.Web/sites/basicPublishingCredentialsPolicies/write",
# "Microsoft.Web/sites/functions/listSecrets/action",
# "Microsoft.Web/Sites/write",
# "Microsoft.Web/serverFarms/read"
# ]
# data_actions = [
# "Microsoft.KeyVault/vaults/keys/*",
# "Microsoft.KeyVault/vaults/keyrotationpolicies/*",
# "Microsoft.ServiceBus/*",
# "Microsoft.KeyVault/vaults/secrets/*",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
# "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
# ]
# not_actions = []
# not_data_actions = []
# }
# assignable_scopes = [
# "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
# ]
# }
# # Assign the custom role to the user or group
# resource "azurerm_role_assignment" "kv_role_assignment" {
# #scope = azurerm_key_vault.kves001.id
# #scope = data.azurerm_key_vault.keyvault-dev.id
# scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
# #role_definition_id = azurerm_role_definition.custom_role.role_definition_id
# role_definition_id = "/subscriptions/${var.subscription_id}/providers/Microsoft.Authorization/roleDefinitions/${data.azurerm_role_definition.example.id}"
# #principal_id = var.object_id
# principal_id = "${azuread_service_principal.example.id}"
# }
Comments
Post a Comment