azure-vpn/main.tf

50 lines
1.7 KiB
HCL

resource "azurerm_resource_group" "azure_vpn" {
name = "azure-vpn-rg"
location = var.location
}
resource "azurerm_virtual_wan" "azure_vpn" {
name = "azure-vpn-vwan"
resource_group_name = azurerm_resource_group.azure_vpn.name
location = azurerm_resource_group.azure_vpn.location
}
resource "azurerm_virtual_hub" "azure_vpn" {
name = "azure-vpn-virtualhub"
resource_group_name = azurerm_resource_group.azure_vpn.name
location = azurerm_resource_group.azure_vpn.location
virtual_wan_id = azurerm_virtual_wan.azure_vpn.id
address_prefix = "172.22.20.0/22"
}
resource "azurerm_vpn_server_configuration" "azure_vpn" {
name = "azure-vpn-config"
resource_group_name = azurerm_resource_group.azure_vpn.name
location = azurerm_resource_group.azure_vpn.location
vpn_authentication_types = ["AAD"]
azure_active_directory_authentication {
audience = "41b23e61-6c1e-4545-b367-cd054e0ed4b4"
issuer = "https://sts.windows.net/${var.tenantid}/"
tenant = "https://login.microsoftonline.com/${var.tenantid}"
}
}
resource "azurerm_point_to_site_vpn_gateway" "azure_vpn" {
name = "azure-vpn-gateway"
location = azurerm_resource_group.azure_vpn.location
resource_group_name = azurerm_resource_group.azure_vpn.name
virtual_hub_id = azurerm_virtual_hub.azure_vpn.id
vpn_server_configuration_id = azurerm_vpn_server_configuration.azure_vpn.id
scale_unit = 1
connection_configuration {
name = "azure-vpn-config"
vpn_client_address_pool {
address_prefixes = [
"172.22.22.0/24"
]
}
}
}