docs(readme): update module usage

schubergphilis · Dec 4, 2024 · c7a0a9b · c7a0a9b
1 parent 29f6047
commit c7a0a9b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_vnet_name"></a> [vnet\_name](#input\_vnet\_name) | The name of the virtual network. | `string` | n/a | yes |
 | <a name="input_azure_bastion_security_rules"></a> [azure\_bastion\_security\_rules](#input\_azure\_bastion\_security\_rules) | A map of security rules to be created in the AzureBastionSubnet Network Security Group. The key of the map is the name of the security rule.<br>  This Map contains the required rules for the Azure Bastion Subnet. These rules are required for the Azure Bastion service to work properly.<br>  This map is merged with the default rules and security rules to create the final set of rules for the Azure Bastion Subnet.<pre>hcl<br>subnets = {<br>  "AzureBastionSubnet" = {<br>    address_prefixes                = ["100.0.5.0/24"]<br>  }</pre>hcl | <pre>map(object({<br>    name                                       = string<br>    access                                     = string<br>    direction                                  = string<br>    priority                                   = number<br>    protocol                                   = string<br>    description                                = optional(string)<br>    destination_address_prefix                 = optional(string, null)<br>    destination_address_prefixes               = optional(set(string), null)<br>    destination_application_security_group_ids = optional(set(string), null)<br>    destination_port_range                     = optional(string, null)<br>    destination_port_ranges                    = optional(set(string), null)<br>    source_address_prefix                      = optional(string, null)<br>    source_address_prefixes                    = optional(set(string), null)<br>    source_application_security_group_ids      = optional(set(string), null)<br>    source_port_range                          = optional(string, null)<br>    source_port_ranges                         = optional(set(string), null)<br>    timeouts = optional(object({<br>      create = optional(string, "30")<br>      delete = optional(string, "30")<br>      read   = optional(string, "5")<br>      update = optional(string, "30")<br>    }))<br>  }))</pre> | <pre>{<br>  "Allow-DataPlane-in-from-VirtualNetwork": {<br>    "access": "Allow",<br>    "description": "Allow DataPlane traffic from the VirtualNetwork",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "8080",<br>    "direction": "Inbound",<br>    "name": "Allow-DataPlane-in-from-VirtualNetwork",<br>    "priority": 4042,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "VirtualNetwork",<br>    "source_port_range": "*"<br>  },<br>  "Allow-DataPlane-in-from-VirtualNetwork-5701": {<br>    "access": "Allow",<br>    "description": "Allow DataPlane traffic from the VirtualNetwork on port 5701",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "5701",<br>    "direction": "Inbound",<br>    "name": "Allow-DataPlane-in-from-VirtualNetwork-5701",<br>    "priority": 4043,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "VirtualNetwork",<br>    "source_port_range": "*"<br>  },<br>  "Allow-DataPlane-out-to-VirtualNetwork-5701": {<br>    "access": "Allow",<br>    "description": "Allow DataPlane traffic to the VirtualNetwork on port 5701",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "5701",<br>    "direction": "Outbound",<br>    "name": "Allow-DataPlane-out-to-VirtualNetwork-5701",<br>    "priority": 4043,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  },<br>  "Allow-DataPlane-out-to-VirtualNetwork-8080": {<br>    "access": "Allow",<br>    "description": "Allow DataPlane traffic to the VirtualNetwork on port 8080",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "8080",<br>    "direction": "Outbound",<br>    "name": "Allow-DataPlane-out-to-VirtualNetwork-8080",<br>    "priority": 4042,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Http-out-to-Internet": {<br>    "access": "Allow",<br>    "description": "Allow HTTP traffic to the Internet",<br>    "destination_address_prefix": "Internet",<br>    "destination_port_range": "80",<br>    "direction": "Outbound",<br>    "name": "Allow-Http-out-to-Internet",<br>    "priority": 4045,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Https-in-from-AzureLoadBalancer": {<br>    "access": "Allow",<br>    "description": "Allow HTTPS traffic from the AzureLoadBalancer",<br>    "destination_address_prefix": "*",<br>    "destination_port_range": "443",<br>    "direction": "Inbound",<br>    "name": "Allow-Https-in-from-AzureLoadBalancer",<br>    "priority": 4044,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "AzureLoadBalancer",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Https-in-from-GatewayManager": {<br>    "access": "Allow",<br>    "description": "Allow HTTPS traffic from the GatewayManager",<br>    "destination_address_prefix": "*",<br>    "destination_port_range": "443",<br>    "direction": "Inbound",<br>    "name": "Allow-Https-in-from-GatewayManager",<br>    "priority": 4041,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "GatewayManager",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Https-in-from-Internet": {<br>    "access": "Allow",<br>    "description": "Allow HTTPS traffic from the Internet",<br>    "destination_address_prefix": "*",<br>    "destination_port_range": "443",<br>    "direction": "Inbound",<br>    "name": "Allow-Https-in-from-Internet",<br>    "priority": 4040,<br>    "protocol": "Tcp",<br>    "source_address_prefix": null,<br>    "source_address_prefixes": null,<br>    "source_port_range": "*"<br>  },<br>  "Allow-Https-out-to-AzureCloud": {<br>    "access": "Allow",<br>    "description": "Allow HTTPS traffic to the AzureCloud",<br>    "destination_address_prefix": "AzureCloud",<br>    "destination_port_range": "443",<br>    "direction": "Outbound",<br>    "name": "Allow-Https-out-to-AzureCloud",<br>    "priority": 4044,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Rdp-out-to-VirtualNetwork": {<br>    "access": "Allow",<br>    "description": "Allow RDP traffic to the VirtualNetwork",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "3389",<br>    "direction": "Outbound",<br>    "name": "Allow-Rdp-out-to-VirtualNetwork",<br>    "priority": 4040,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Ssh-out-to-VirtualNetwork": {<br>    "access": "Allow",<br>    "description": "Allow SSH traffic to the VirtualNetwork",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "22",<br>    "direction": "Outbound",<br>    "name": "Allow-Ssh-out-to-VirtualNetwork",<br>    "priority": 4041,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  }<br>}</pre> | no |
-| <a name="input_azure_bastion_source_ip_prefixes"></a> [azure\_bastion\_source\_ip\_prefixes](#input\_azure\_bastion\_source\_ip\_prefixes) | The source IP prefixes that can access the Azure Bastion service, recommendation is not to use the default! | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_azure_bastion_source_ip_prefixes"></a> [azure\_bastion\_source\_ip\_prefixes](#input\_azure\_bastion\_source\_ip\_prefixes) | The source IP prefixes that can access the Azure Bastion service, recommendation is not to use the default! | `set(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_default_rules"></a> [default\_rules](#input\_default\_rules) | A map of default security rules to be created in **every** Network Security Group, except if you specificy "network\_security\_group\_config -> Azure default" in the subnet configuration.<br>  but of course, you can override these defaults by specifying the same rule in a new `default_rules` map.<br>  This map is merged with the security rules map to create the final set of rules for the Network Security Group.<pre>hcl<br>subnets = {<br>  "ToolingSubnet" = {<br>    address_prefixes                = ["100.0.3.0/24"]<br>    default_outbound_access_enabled = false<br>    create_network_security_group   = true<br>    network_security_group_config = {<br>      azure_default = true<br>    }<br>  }</pre>hcl | <pre>map(object({<br>    name                                       = string<br>    access                                     = string<br>    direction                                  = string<br>    priority                                   = number<br>    protocol                                   = string<br>    description                                = optional(string)<br>    destination_address_prefix                 = optional(string, null)<br>    destination_address_prefixes               = optional(set(string), null)<br>    destination_application_security_group_ids = optional(set(string), null)<br>    destination_port_range                     = optional(string, null)<br>    destination_port_ranges                    = optional(set(string), null)<br>    source_address_prefix                      = optional(string, null)<br>    source_address_prefixes                    = optional(set(string), null)<br>    source_application_security_group_ids      = optional(set(string), null)<br>    source_port_range                          = optional(string, null)<br>    source_port_ranges                         = optional(set(string), null)<br>    timeouts = optional(object({<br>      create = optional(string, "30")<br>      delete = optional(string, "30")<br>      read   = optional(string, "5")<br>      update = optional(string, "30")<br>    }))<br>  }))</pre> | <pre>{<br>  "Allow-Https-in-from-vnets": {<br>    "access": "Allow",<br>    "description": "Allow HTTPS traffic from VNets",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "443",<br>    "direction": "Inbound",<br>    "name": "Allow-Https-in-from-vnets",<br>    "priority": 4095,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "VirtualNetwork",<br>    "source_port_range": "*"<br>  },<br>  "Allow-Https-out-to-vnets": {<br>    "access": "Allow",<br>    "description": "Allow HTTPS traffic to VNets",<br>    "destination_address_prefix": "VirtualNetwork",<br>    "destination_port_range": "443",<br>    "direction": "Outbound",<br>    "name": "Allow-Https-out-to-vnets",<br>    "priority": 4095,<br>    "protocol": "Tcp",<br>    "source_address_prefix": "VirtualNetwork",<br>    "source_port_range": "*"<br>  },<br>  "Deny-Any-Any-Any-In": {<br>    "access": "Deny",<br>    "description": "Deny all inbound traffic",<br>    "destination_address_prefix": "*",<br>    "destination_port_range": "*",<br>    "direction": "Inbound",<br>    "name": "Deny-Any-Any-Any-In",<br>    "priority": 4096,<br>    "protocol": "*",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  },<br>  "Deny-Any-Any-Any-Out": {<br>    "access": "Deny",<br>    "description": "Deny all outbound traffic",<br>    "destination_address_prefix": "*",<br>    "destination_port_range": "*",<br>    "direction": "Outbound",<br>    "name": "Deny-Any-Any-Any-Out",<br>    "priority": 4096,<br>    "protocol": "*",<br>    "source_address_prefix": "*",<br>    "source_port_range": "*"<br>  }<br>}</pre> | no |
 | <a name="input_natgateway"></a> [natgateway](#input\_natgateway) | This object describes the public IP configuration when creating Nat Gateway's with a public IP.  If creating more than one public IP, then these values will be used for all public IPs.<br><br>- `allocation_method`       = (Required) - Defines the allocation method for this IP address. Possible values are Static or Dynamic.<br>- `ddos_protection_mode`    = (Optional) - The DDoS protection mode of the public IP. Possible values are Disabled, Enabled, and VirtualNetworkInherited. Defaults to VirtualNetworkInherited.<br>- `ddos_protection_plan_id` = (Optional) - The ID of DDoS protection plan associated with the public IP. ddos\_protection\_plan\_id can only be set when ddos\_protection\_mode is Enabled<br>- `domain_name_label`       = (Optional) - Label for the Domain Name. Will be used to make up the FQDN. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system.<br>- `idle_timeout_in_minutes` = (Optional) - Specifies the timeout for the TCP idle connection. The value can be set between 4 and 30 minutes.<br>- `inherit_tags`            = (Optional) - Defaults to false.  Set this to false if only the tags defined on this resource should be applied. - Future functionality leaving in.<br>- `ip_version`              = (Optional) - The IP Version to use, IPv6 or IPv4. Changing this forces a new resource to be created. Only static IP address allocation is supported for IPv6.<br>- `lock_level`              = (Optional) - Set this value to override the resource level lock value.  Possible values are `None`, `CanNotDelete`, and `ReadOnly`.<br>- `name`                    = (Optional) - The name of the Nat gateway. Changing this forces a new resource to be created.<br>- `sku`                     = (Optional) - The SKU of the Public IP. Accepted values are Basic and Standard. Defaults to Standard to support zones by default. Changing this forces a new resource to be created. When sku\_tier is set to Global, sku must be set to Standard.<br>- `sku_tier`                = (Optional) - The SKU tier of the Public IP. Accepted values are Global and Regional. Defaults to Regional<br>- `zones`                   = (Optional) - A list of zones where this public IP should be deployed. Defaults to no zone. if you prefer, you can set other values for the zones ["1","2","3"]. Changing this forces a new resource to be created.<br><br>  Example Inputs:<pre>hcl<br>  natgateway = {<br>    name = "my-nat-gw"<br>  }</pre>hcl | <pre>object({<br>    name                    = optional(string, null)<br>    allocation_method       = optional(string, "Static")<br>    ddos_protection_mode    = optional(string, "VirtualNetworkInherited")<br>    ddos_protection_plan_id = optional(string, null)<br>    domain_name_label       = optional(string, null)<br>    idle_timeout_in_minutes = optional(number, 4)<br>    inherit_tags            = optional(bool, true)<br>    ip_version              = optional(string, "IPv4")<br>    lock_level              = optional(string, null)<br>    sku                     = optional(string, "Standard")<br>    sku_tier                = optional(string, "Regional")<br>    zones                   = optional(list(string))<br>  })</pre> | `null` | no |
 | <a name="input_private_dns"></a> [private\_dns](#input\_private\_dns) | This object describes the private DNS configuration for the virtual network.<br><br>- `zone_name`           = (Required) - The name of the private DNS zone.<br>- `zone_link_enabled`   = (Optional) - Whether to link the private DNS zone to the virtual network. Defaults to true.<br>- `zone_link_name`      = (Optional) - The name of the private DNS zone link. Changing this forces a new resource to be created.<br>- `resource_group_name` = (Optional) - The name of the resource group to link the private DNS zone to. Changing this forces a new resource to be created.<br><br>  Example Inputs:<pre>hcl<br>private_dns = {<br>  "keyvault" = {<br>    zone_name = "privatelink.vaultcore.azure.net"<br>  }<br>  "blob" = {<br>    zone_name = "privatelink.blob.core.windows.net"<br>  }<br>  "azurecr" = {<br>    zone_name = "privatelink.azurecr.io"<br>  }<br>}</pre>hcl | <pre>map(object({<br>    zone_name           = string<br>    zone_link_enabled   = optional(bool, true)<br>    zone_link_name      = optional(string)<br>    resource_group_name = optional(string)<br>  }))</pre> | `null` | no |