VNet Terraform

Vamos a crear una VNet usando Terraform

La idea es separar todo el ambiente de redes en un único resource group y usar esa infraestructura en otros escenarios.

Estructura del Proyecto

El proyecto será compuesto por archivos .tf, que puedes organizar así:

terraform/ ├── main.tf ├── variables.tf └── outputs.tf

provider "azurerm" {
  features = {}
}

# Crear el Resource Group
resource "azurerm_resource_group" "rg" {
  name     = "myResourceGroup"
  location = "East US"
}

# Crear la VNet
resource "azurerm_virtual_network" "vnet" {
  name                = "myVnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
}

# Subnet Pública
resource "azurerm_subnet" "public_subnet" {
  name                 = "public-subnet"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]

  service_endpoints = ["Microsoft.Storage"]
}

# Subnet Privada
resource "azurerm_subnet" "private_subnet" {
  name                 = "private-subnet"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.2.0/20"]

  service_endpoints = ["Microsoft.Storage"]
}

# Subnet Interna
resource "azurerm_subnet" "internal_subnet" {
  name                 = "internal-subnet"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.3.0/24"]

  service_endpoints = ["Microsoft.Storage"]
}

# Crear el Gateway para la Subnet Privada
resource "azurerm_public_ip" "private_ip" {
  name                = "private-gateway-ip"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  allocation_method   = "Dynamic"
}

resource "azurerm_virtual_network_gateway" "private_gateway" {
  name                = "private-gateway"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  type                = "Vpn"
  vpn_type            = "RouteBased"

  ip_configuration {
    name                          = "vnetGatewayConfig"
    public_ip_address_id          = azurerm_public_ip.private_ip.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.private_subnet.id
  }

  sku {
    name     = "Basic"
    tier     = "Basic"
    capacity = 2
  }
}

# Crear el Gateway para la Subnet Interna
resource "azurerm_public_ip" "internal_ip" {
  name                = "internal-gateway-ip"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  allocation_method   = "Dynamic"
}

resource "azurerm_virtual_network_gateway" "internal_gateway" {
  name                = "internal-gateway"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  type                = "Vpn"
  vpn_type            = "RouteBased"

  ip_configuration {
    name                          = "vnetGatewayConfig"
    public_ip_address_id          = azurerm_public_ip.internal_ip.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.internal_subnet.id
  }

  sku {
    name     = "Basic"
    tier     = "Basic"
    capacity = 2
  }
}

Estructura del Proyecto​

Estructura del Proyecto