diff --git a/README.md b/README.md index aebbb5b..aeb7eb0 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,12 @@ module "network" { subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] subnet_names = ["subnet1", "subnet2", "subnet3"] + subnet_service_endpoints = { + "subnet1" : ["Microsoft.Sql"], + "subnet2" : ["Microsoft.Sql"], + "subnet3" : ["Microsoft.Sql"] + } + tags = { environment = "dev" costcenter = "it" @@ -57,6 +63,12 @@ module "network" { "subnet1" : true } + subnet_service_endpoints = { + "subnet1" : ["Microsoft.Sql"], + "subnet2" : ["Microsoft.Sql"], + "subnet3" : ["Microsoft.Sql"] + } + tags = { environment = "dev" costcenter = "it" diff --git a/main.tf b/main.tf index b667aae..1de1819 100644 --- a/main.tf +++ b/main.tf @@ -19,4 +19,5 @@ resource "azurerm_subnet" "subnet" { address_prefixes = [var.subnet_prefixes[count.index]] virtual_network_name = azurerm_virtual_network.vnet.name enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false) + service_endpoints = lookup(var.subnet_service_endpoints, var.subnet_names[count.index], []) } diff --git a/test/fixture/main.tf b/test/fixture/main.tf index be63f6a..29b7a64 100644 --- a/test/fixture/main.tf +++ b/test/fixture/main.tf @@ -22,6 +22,10 @@ module "network" { "subnet1" : true } + subnet_service_endpoints = { + "subnet1" : ["Microsoft.Sql"] + } + tags = { environment = "dev" costcenter = "it" diff --git a/variables.tf b/variables.tf index 1cf0c61..99d8802 100644 --- a/variables.tf +++ b/variables.tf @@ -54,3 +54,9 @@ variable "subnet_enforce_private_link_endpoint_network_policies" { type = map(bool) default = {} } + +variable "subnet_service_endpoints" { + description = "A map with key (string) `subnet name`, value (list(string)) to indicate enabled service endpoints on the subnet. Default value is []." + type = map(list(string)) + default = {} +}