search

azurenoops / terraform-azurerm-overlays-workload-spoke

Terraform module overlay to create SCCA compliant Workload Spoke based on the Microsoft Azure Hub-Spoke Architecture using with Azure NoOps.
MIT License
0 stars 0 forks source link

Allow for creation of Spoke without RouteTable #39

Closed sstjean closed 1 year ago

sstjean commented 1 year ago

Is there an existing issue for this?

Description

The Workload spoke has a switch to turn on Force Tunnelling. This is done by adding a route to a route table attached to the subnets. The route table is always created and associated with the subnets regardless of forced tunnelling being enabled or not.

I propose that if Forced Tunnelling is not enabled then the route table should not be created. This will allow for other configurations or separate route tables for each subnet if needed. This behavior is needed for the Encrypted Transport DMZ deployment.

In the user wants to mix forced tunnelling and additional routes into separate route tables for each subnet, then they can create their own route tables and routes (including forced tunnelling) and associate them with the subnets created.

The implementation for this behavior can be done without breaking existing functionality by adding the count function to all of the Route Table resources instead of just the forced tunnel route resource.

New or Affected Resource(s)/Data Source(s)

route table, routes, route table association

Potential Terraform Configuration

enable_forced_tunneling_on_route_table = false

References

No response

sstjean commented 1 year ago

Discussed with @jrspinella and we concluded that the Encrypted Transport needs to have it's own DMZ Spoke module rather than continuing to change the Workload Spoke.

Closing