A clean, deployable Hub & Spoke foundation for Azure. Establishes isolated Spoke VNets connected via bidirectional VNet peering to a central Hub — ready for workload deployment in minutes.
What’s included
- Central Hub VNet for shared services (Firewall, DNS, Bastion)
- Two pre-configured Spoke VNets with bidirectional peering
allow_forwarded_trafficenabled for Hub-routed flows- Clean variable structure — customize via
terraform.tfvars
Limitations (Base Edition)
No NSGs, no Azure Firewall, no Private DNS Zones. The Enterprise Edition adds zero-trust NSGs, centralized Private DNS, and DINE-policy bypass logic.