diff --git a/samples/function-app-service-bus/dotnet/bicep/main.bicep b/samples/function-app-service-bus/dotnet/bicep/main.bicep index 60f3b54..3e74e86 100644 --- a/samples/function-app-service-bus/dotnet/bicep/main.bicep +++ b/samples/function-app-service-bus/dotnet/bicep/main.bicep @@ -354,7 +354,7 @@ module network 'modules/virtual-network.bicep' = { functionAppSubnetName: functionAppSubnetName functionAppSubnetAddressPrefix: functionAppSubnetAddressPrefix functionAppSubnetNsgName: empty(functionAppSubnetNsgName) - ? toLower('${prefix}-webapp-subnet-nsg-${suffix}') + ? toLower('${prefix}-func-subnet-nsg-${suffix}') : functionAppSubnetNsgName peSubnetName: peSubnetName peSubnetAddressPrefix: peSubnetAddressPrefix diff --git a/samples/function-app-service-bus/dotnet/terraform/main.tf b/samples/function-app-service-bus/dotnet/terraform/main.tf index 7d0c309..1ef5979 100644 --- a/samples/function-app-service-bus/dotnet/terraform/main.tf +++ b/samples/function-app-service-bus/dotnet/terraform/main.tf @@ -11,10 +11,11 @@ locals { blob_storage_private_endpoint_name = "${local.prefix}-blob-storage-pe-${local.suffix}" queue_storage_private_endpoint_name = "${local.prefix}-queue-storage-pe-${local.suffix}" table_storage_private_endpoint_name = "${local.prefix}-table-storage-pe-${local.suffix}" - network_security_group_name = "${local.prefix}-default-nsg-${local.suffix}" + func_subnet_nsg_name = "${local.prefix}-func-subnet-nsg-${local.suffix}" + pe_subnet_nsg_name = "${local.prefix}-pe-subnet-nsg-${local.suffix}" cosmosdb_account_name = "${local.prefix}-mongodb-${local.suffix}" service_bus_namespace_name = "${local.prefix}-service-bus-${local.suffix}" - app_service_plan_name = "${local.prefix}-app-service-plan-${local.suffix}" + app_service_plan_name = "${local.prefix}-plan-${local.suffix}" function_app_name = "${local.prefix}-func-${local.suffix}" application_insights_name = "${local.prefix}-func-${local.suffix}" managed_identity_name = "${local.prefix}-identity-${local.suffix}" @@ -53,8 +54,8 @@ module "virtual_network" { subnets = [ { - name : var.webapp_subnet_name - address_prefixes : var.webapp_subnet_address_prefix + name : var.func_subnet_name + address_prefixes : var.func_subnet_address_prefix private_endpoint_network_policies : "Enabled" private_link_service_network_policies_enabled : false delegation : "Microsoft.Web/serverFarms" @@ -64,24 +65,34 @@ module "virtual_network" { address_prefixes : var.pe_subnet_address_prefix private_endpoint_network_policies : "Enabled" private_link_service_network_policies_enabled : false - delegation : null } ] } -# Create a network security group and associate it with both subnets -module "network_security_group" { +# Create a network security group and associate it with the function app subnet +module "func_subnet_network_security_group" { source = "./modules/network_security_group" - name = local.network_security_group_name + name = local.func_subnet_nsg_name resource_group_name = azurerm_resource_group.example.name location = var.location log_analytics_workspace_id = module.log_analytics_workspace.id tags = var.tags subnet_ids = { - (var.webapp_subnet_name) = module.virtual_network.subnet_ids[var.webapp_subnet_name] - (var.pe_subnet_name) = module.virtual_network.subnet_ids[var.pe_subnet_name] + (var.func_subnet_name) = module.virtual_network.subnet_ids[var.func_subnet_name] } +} +# Create a network security group and associate it with the private endpoint subnet +module "pe_subnet_network_security_group" { + source = "./modules/network_security_group" + name = local.pe_subnet_nsg_name + resource_group_name = azurerm_resource_group.example.name + location = var.location + log_analytics_workspace_id = module.log_analytics_workspace.id + tags = var.tags + subnet_ids = { + (var.pe_subnet_name) = module.virtual_network.subnet_ids[var.pe_subnet_name] + } } # Create a NAT gateway and associate it with the default subnet @@ -94,7 +105,7 @@ module "nat_gateway" { idle_timeout_in_minutes = var.nat_gateway_idle_timeout_in_minutes zones = var.nat_gateway_zones subnet_ids = { - (var.webapp_subnet_name) = module.virtual_network.subnet_ids[var.webapp_subnet_name] + (var.func_subnet_name) = module.virtual_network.subnet_ids[var.func_subnet_name] } tags = var.tags } @@ -306,7 +317,7 @@ module "function_app" { storage_account_name = module.storage_account.name storage_account_access_key = module.storage_account.primary_access_key https_only = var.https_only - virtual_network_subnet_id = module.virtual_network.subnet_ids[var.webapp_subnet_name] + virtual_network_subnet_id = module.virtual_network.subnet_ids[var.func_subnet_name] vnet_route_all_enabled = true public_network_access_enabled = var.public_network_access_enabled always_on = var.always_on diff --git a/samples/function-app-service-bus/dotnet/terraform/modules/virtual_network/variables.tf b/samples/function-app-service-bus/dotnet/terraform/modules/virtual_network/variables.tf index f8c0b0e..10e1972 100644 --- a/samples/function-app-service-bus/dotnet/terraform/modules/virtual_network/variables.tf +++ b/samples/function-app-service-bus/dotnet/terraform/modules/virtual_network/variables.tf @@ -25,7 +25,7 @@ variable "subnets" { address_prefixes = list(string) private_endpoint_network_policies = string private_link_service_network_policies_enabled = bool - delegation = string + delegation = optional(string) })) } diff --git a/samples/function-app-service-bus/dotnet/terraform/variables.tf b/samples/function-app-service-bus/dotnet/terraform/variables.tf index cee2bed..3edba4e 100644 --- a/samples/function-app-service-bus/dotnet/terraform/variables.tf +++ b/samples/function-app-service-bus/dotnet/terraform/variables.tf @@ -273,13 +273,13 @@ variable "vnet_address_space" { type = list(string) } -variable "webapp_subnet_name" { +variable "func_subnet_name" { description = "Specifies the name of the web app subnet." default = "app-subnet" type = string } -variable "webapp_subnet_address_prefix" { +variable "func_subnet_address_prefix" { description = "Specifies the address prefix of the web app subnet." default = ["10.0.0.0/24"] type = list(string)