Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
The internet_security_enabled argument for azurerm_virtual_hub_connection allows you to enable default route propagation from the hub to the connection. At the moment in the module this isn't a configurable option, it'd be great if this was customisable per connection.
Is your feature request related to a problem?
We're trying to integrate Bastion into our Virtual WAN deployment, which requires creating a new spoke vnet for Bastion, then disabling the "Propagate Default Route" (or "internet_security_enabled" through Terraform), as the default 0.0.0.0/0 route prevents Bastion from running correctly.
Describe the solution you'd like
Add a custom setting to specify which connections you want to disable the setting for:
Community Note
Description
The internet_security_enabled argument for azurerm_virtual_hub_connection allows you to enable default route propagation from the hub to the connection. At the moment in the module this isn't a configurable option, it'd be great if this was customisable per connection.
Is your feature request related to a problem?
We're trying to integrate Bastion into our Virtual WAN deployment, which requires creating a new spoke vnet for Bastion, then disabling the "Propagate Default Route" (or "internet_security_enabled" through Terraform), as the default 0.0.0.0/0 route prevents Bastion from running correctly.
Describe the solution you'd like
Add a custom setting to specify which connections you want to disable the setting for:
secure_spoke_virtual_network_resource_ids = [module.example_vnet1.id, module.bastion_vnet.id] disable_internet_security_spoke_vnet_ids = [module.bastion_vnet.id]