sample template for vpn gateway

brown9804 · web-flow · commit cff98d6f8d13 · 2025-06-12T18:03:01.000-06:00
diff --git a/3_networking/vpn-gateway/main.tf b/3_networking/vpn-gateway/main.tf
@@ -0,0 +1,52 @@
+# main.tf
+# This file contains the main configuration for creating an Azure VPN Gateway and its supporting resources.
+
+# Resource Group
+resource "azurerm_resource_group" "vpngw" {
+  name     = var.resource_group_name
+  location = var.location
+}
+
+# Virtual Network for VPN Gateway
+resource "azurerm_virtual_network" "vpngw" {
+  name                = "vpngw-vnet"
+  address_space       = ["10.10.0.0/16"]
+  location            = azurerm_resource_group.vpngw.location
+  resource_group_name = azurerm_resource_group.vpngw.name
+}
+
+# GatewaySubnet (required name and at least /27)
+resource "azurerm_subnet" "gateway" {
+  name                 = "GatewaySubnet"
+  resource_group_name  = azurerm_resource_group.vpngw.name
+  virtual_network_name = azurerm_virtual_network.vpngw.name
+  address_prefixes     = ["10.10.1.0/27"]
+}
+
+# Public IP for VPN Gateway
+resource "azurerm_public_ip" "vpngw" {
+  name                = var.public_ip_name
+  location            = azurerm_resource_group.vpngw.location
+  resource_group_name = azurerm_resource_group.vpngw.name
+  allocation_method   = "Static" # <-- Must be Static for Standard SKU
+  sku                 = "Standard"
+}
+
+# VPN Gateway
+resource "azurerm_virtual_network_gateway" "vpngw" {
+  name                = var.vpn_gateway_name
+  location            = azurerm_resource_group.vpngw.location
+  resource_group_name = azurerm_resource_group.vpngw.name
+  type                = "Vpn"
+  vpn_type            = "RouteBased"
+  active_active       = false
+  enable_bgp          = false
+  sku                 = var.vpn_gateway_sku
+
+  ip_configuration {
+    name                          = "vnetGatewayConfig"
+    public_ip_address_id          = azurerm_public_ip.vpngw.id
+    subnet_id                     = azurerm_subnet.gateway.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
diff --git a/3_networking/vpn-gateway/outputs.tf b/3_networking/vpn-gateway/outputs.tf
@@ -0,0 +1,12 @@
+# outputs.tf
+# This file defines the outputs for the VPN Gateway configuration.
+
+output "vpn_gateway_id" {
+  description = "The ID of the VPN Gateway"
+  value       = azurerm_virtual_network_gateway.vpngw.id
+}
+
+output "vpn_gateway_public_ip" {
+  description = "The public IP address of the VPN Gateway"
+  value       = azurerm_public_ip.vpngw.ip_address
+}
diff --git a/3_networking/vpn-gateway/provider.tf b/3_networking/vpn-gateway/provider.tf
@@ -0,0 +1,19 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+  required_version = ">= 1.8, < 2.0"
+  # Specify the required provider and its version
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"  # Source of the AzureRM provider
+      version = "~> 4.16.0"          # Version of the AzureRM provider
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}                        # Enable all features for the AzureRM provider
+  subscription_id = var.subscription_id  # Use the subscription ID variable
+}
diff --git a/3_networking/vpn-gateway/terraform.tfvars b/3_networking/vpn-gateway/terraform.tfvars
@@ -0,0 +1,15 @@
+# terraform.tfvars
+# This file provides default values for the variables defined in variables.tf.
+# These values can be overridden by specifying different values during Terraform execution.
+
+# Azure Subscription
+subscription_id = "" # "your-subscription-id"
+
+# Resource Group
+resource_group_name = "RG-vpn-gateway-test"
+location            = "eastus"
+
+# VPN Gateway Configuration
+public_ip_name     = "my-vpngw-pip"
+vpn_gateway_name   = "my-vpngw"
+vpn_gateway_sku    = "VpnGw1"
diff --git a/3_networking/vpn-gateway/variables.tf b/3_networking/vpn-gateway/variables.tf
@@ -0,0 +1,33 @@
+# variables.tf
+# This file defines the input variables used in the Terraform configuration.
+
+variable "subscription_id" {
+  description = "The Azure subscription ID"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of the resource group"
+  type        = string
+}
+
+variable "location" {
+  description = "The Azure region to deploy resources"
+  type        = string
+}
+
+variable "public_ip_name" {
+  description = "The name of the public IP address for the VPN Gateway"
+  type        = string
+}
+
+variable "vpn_gateway_name" {
+  description = "The name of the VPN Gateway"
+  type        = string
+}
+
+variable "vpn_gateway_sku" {
+  description = "The SKU for the VPN Gateway (e.g., VpnGw1, VpnGw2)"
+  type        = string
+  default     = "VpnGw1"
+}
