Skip to content

Commit

Permalink
adds keyvault w/ PE
Browse files Browse the repository at this point in the history
  • Loading branch information
@deniscep
deniscep committed May 7, 2021
1 parent 7ff3195 commit 8b3f2d4
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 1 deletion.
2 changes: 1 addition & 1 deletion templates/core/terraform/api-webapp/api-webapp.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ resource "azurerm_private_endpoint" "management_api_private_endpoint" {
subnet_id = var.shared_subnet
private_service_connection {
private_connection_resource_id = azurerm_app_service.management_api.id
name = "pe-webapp-management-api"
name = "psc-api-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
subresource_names = ["sites"]
is_manual_connection = false
}
Expand Down
39 changes: 39 additions & 0 deletions templates/core/terraform/keyvault/keyvault.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
resource "azurerm_key_vault" "kv" {
name = "kv-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
location = var.location
resource_group_name = var.resource_group_name
sku_name = "standard"
purge_protection_enabled = true
tenant_id = var.tenant_id
}

resource "azurerm_private_dns_zone" "vaultcore" {
name = "privatelink.vaultcore.azure.net"
resource_group_name = var.resource_group_name
}

resource "azurerm_private_dns_zone_virtual_network_link" "vaultcorelink" {
name = "vaultcorelink"
resource_group_name = var.resource_group_name
private_dns_zone_name = azurerm_private_dns_zone.vaultcore.name
virtual_network_id = var.core_vnet
}

resource "azurerm_private_endpoint" "kvpe" {
name = "pe-kv-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = var.shared_subnet

private_dns_zone_group {
name = "private-dns-zone-group"
private_dns_zone_ids = [azurerm_private_dns_zone.vaultcore.id]
}

private_service_connection {
name = "psc-kv-${var.resource_name_prefix}-${var.environment}-${var.tre_id}"
private_connection_resource_id = azurerm_key_vault.kv.id
is_manual_connection = false
subresource_names = ["Vault"]
}
}
8 changes: 8 additions & 0 deletions templates/core/terraform/keyvault/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
variable "resource_name_prefix" {}
variable "environment" {}
variable "tre_id" {}
variable "location" {}
variable "resource_group_name" {}
variable "core_vnet" {}
variable "shared_subnet" {}
variable "tenant_id" {}
12 changes: 12 additions & 0 deletions templates/core/terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,15 @@ module "api-webapp" {
core_vnet = module.network.core
log_analytics_workspace_id = azurerm_log_analytics_workspace.tre.id
}

module "keyvault" {
source = "./keyvault"
resource_name_prefix = var.resource_name_prefix
environment = var.environment
tre_id = local.tre_id
location = var.location
resource_group_name = azurerm_resource_group.core.name
shared_subnet = module.network.shared
core_vnet = module.network.core
tenant_id = data.azurerm_client_config.current.tenant_id
}

0 comments on commit 8b3f2d4

Please sign in to comment.