Skip to content

[v2.0.0] Add `Virtual WAN` and more
Compare
Choose a tag to compare
@matt-FFFFFF matt-FFFFFF released this 27 Apr 10:19
· 210 commits to main since this release
v2.0.0
a0801f9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

The v2.0.0 release marks another significant milestone in development of the Azure landing zones Terraform module (formerly Terraform Module for Cloud Adoption Framework Enterprise-scale).
The re-branding of this module reflects adoption of Enterprise-scale as the recommended architecture for Azure landing zones.

This release provides the ability to deploy and configure Virtual WAN resources as part of the connectivity capability of the module.
We have also included a number of fixes for other issues, and extended the existing connectivity capabilities for customers creating Hub and Spoke networks.

New features

  • Added support to create hub networks using Azure Virtual WAN in the connectivity Subscription
  • Updated the policies included within the module based on those in the upstream Enterprise-scale repository
  • Improved Wiki documentation, providing more examples and clearer guidance
  • Added module telemetry to help us better understand where to focus development efforts and improve customer experience
  • Update branding from Enterprise-scale to Azure landing zones (further work required to complete this transition)
  • Added Azure Firewall Policy resources to enable the DNS Proxy settings for Azure Firewall and simplify the configuration experience
  • Extended configuration options for the Virtual Network Gateway resources used for hub and spoke networks
  • The threat_intel_mode value for azurerm_firewall resources is now explicitly set with a default value of Alert to support the latest provider versions. This matches the previous "default" value of the old provider.
  • Added new variable asc_export_resource_group_name to fix #342
  • Added logic to automatically configure the generation value for VPN gateways without using the advanced object to fix #333
  • Added input variables and logic to simplify configuring active-active mode for VPN gateways without using the advanced object to fix #232
  • Added logic to suppress creation of Public IP resource(s) when a custom ip_configuration input is specified via the advanced block for the following resource types:
    • azurerm_virtual_network_gateway (ExpressRoute and VPN)
    • azurerm_firewall
  • Added input variables for BGP configuration settings without using the advanced object to fix #334
  • Added missing vpn_auth_types attribute for the vpn_client_configuration block on Virtual Network Gateway resources
  • Updated Wiki docs to reflect the included changes where covered in documentation
  • Updated test framework to provide coverage of the included fixes
  • Updated test strategy to ensure working versions are included from v0.15.1 (new minimum required to fix Error: Output refers to sensitive values) to latest v1.1.x

Fixed issues

  • Fix #226 (Add capability for "Virtual WAN Networking" resources - Connectivity Subscription)
  • Fix #232 (can't create active-active vpngw)
  • Fix #254 (Create Wiki docs page for custom policy definition, set definition (initiative) and assignment)
  • Fix #264 (Update Policies For v1.2.0 Release From Upstream)
  • Fix #266 (Adding a new policy assignment forces the existing policy role assignments to be recreated)
  • Fix #271 (Error: deleting Azure Firewall)
  • Fix #272 (Argument management_group_name deprecated in favour of management_group_id)
  • Fix #273 (azurerm_role_assignment.policy_assignment resources outputs missing)
  • Fix #274 (Add Firewall Policy resources for the Azure Firewall resources deployed by the module)
  • Fix #293 (Move FabricBot to Config-as-Code)
  • Fix #295 (Missing data policies)
  • Fix #305 (Add vwan settings to outputs)
  • Fix #309 (Bug Report - AzureRM provider 3.0.0 availability zones error)
  • Fix #319 (azurerm_public_ip prevents support of azurerm provider >= 3.0.0)
  • Fix #333 (VPN Gateway Generations)
  • Fix #334 (BGP configuration on VPN gateways)
  • Fix #336 (Feature Request - Add AZ Support for Azure Firewall in Secure vHub Model)
  • Fix #340 (Call to function "coalesce" failed: all arguments must have the same type.)
  • Fix #342 (Ability to rename ASC export resource group name)
  • Work towards #227 (Replace try() with lookup() where possible)

Breaking changes

  • ⚠️ Updated the minimum supported Terraform version to 0.15.1

  • ⚠️ Updated the minimum supported azurerm provider version to 3.0.2

  • ⚠️ Updated the required attributes for the configure_management_resources input variable to reflect recent policy updates for Microsoft Defender for Cloud

  • ⚠️ Extended the required attributes for the configure_connectivity_resources input variable to enable new functionality

    This will result in an error at plan until users update the input for configure_connectivity_resources.
    Longer term objective is to reduce the number of mandatory attributes within the schema using the optional() type wrapper once released as GA.

  • ⚠️ Updated preference to Generation2 for supported VPN gateway SKUs, so some customers may have their VPN gateway redeployed to the new version. Instructions for how to override this added below.

IMPORTANT: If you are using the advanced input for configure_connectivity_resources please take extra care to note the changes listed in PR: Fix multiple issues #345.

For more information

Please refer to the Upgrade from v1.1.4 to v2.0.0 page on our Wiki.

Assets 2
Loading