feat: Added support for existing ddos protection plan

_example/exmaple.tf

@@ -0,0 +1,35 @@
+provider "azurerm" {
+  features {}
+}
+
+locals {
+  name        = "app"
+  environment = "test"
+  label_order = ["name", "environment"]
+}
+
+##----------------------------------------------------------------------------- 
+## Resource Group module call
+## Resource group in which all resources will be deployed.
+##-----------------------------------------------------------------------------
+module "resource_group" {
+  source      = "clouddrove/resource-group/azure"
+  version     = "1.0.2"
+  name        = local.name
+  environment = local.environment
+  label_order = local.label_order
+  location    = "North Europe"
+}
+
+##----------------------------------------------------------------------------- 
+## Virtual Network module call.
+##-----------------------------------------------------------------------------
+module "vnet" {
+  source                 = "../"
+  name                   = local.name
+  environment            = local.environment
+  resource_group_name    = module.resource_group.resource_group_name
+  location               = module.resource_group.resource_group_location
+  address_space          = "10.0.0.0/16"
+  enable_network_watcher = false # To be set true when network security group flow logs are to be tracked and network watcher with specific name is to be deployed. 
+}

main.tf

@@ -1,7 +1,13 @@
+##----------------------------------------------------------------------------- 
+## Locals declaration for determining the id of ddos protection plan.    
+##-----------------------------------------------------------------------------
 locals {
-  ddos_pp_id = var.enable_ddos_pp ? azurerm_network_ddos_protection_plan.example[0].id : ""
+  ddos_pp_id = var.enable_ddos_pp && var.existing_ddos_pp != null ? var.existing_ddos_pp : var.enable_ddos_pp && var.existing_ddos_pp == null ? azurerm_network_ddos_protection_plan.example[0].id : null
 }
 
+##----------------------------------------------------------------------------- 
+## Labels module callled that will be used for naming and tags.   
+##-----------------------------------------------------------------------------
 module "labels" {
 
   source  = "clouddrove/labels/azure"
@@ -14,6 +20,9 @@ module "labels" {
   repository  = var.repository
 }
 
+##----------------------------------------------------------------------------- 
+## Below resource will deploy virtual network in your azure environment.    
+##-----------------------------------------------------------------------------
 resource "azurerm_virtual_network" "vnet" {
   count                   = var.enable == true ? 1 : 0
   name                    = format("%s-vnet", module.labels.id)
@@ -25,7 +34,7 @@ resource "azurerm_virtual_network" "vnet" {
   edge_zone               = var.edge_zone
   flow_timeout_in_minutes = var.flow_timeout_in_minutes
   dynamic "ddos_protection_plan" {
-    for_each = local.ddos_pp_id != "" ? ["ddos_protection_plan"] : []
+    for_each = local.ddos_pp_id != null ? ["ddos_protection_plan"] : []
     content {
       id     = local.ddos_pp_id
       enable = true
@@ -34,6 +43,9 @@ resource "azurerm_virtual_network" "vnet" {
   tags = module.labels.tags
 }
 
+##----------------------------------------------------------------------------- 
+## Below resource will deploy ddos protection plan for virtual network.   
+##-----------------------------------------------------------------------------
 resource "azurerm_network_ddos_protection_plan" "example" {
   count               = var.enable_ddos_pp && var.enable == true ? 1 : 0
   name                = format("%s-ddospp", module.labels.id)
@@ -42,8 +54,13 @@ resource "azurerm_network_ddos_protection_plan" "example" {
   tags                = module.labels.tags
 }
 
+##-----------------------------------------------------------------------------
+## Below resource will deploy network watcher resource group in azure.
+## To be deployed when flow logs for network security group is to be tracked. 
+## By default azure deploys network wather on its own, but if in azure infrastructure deployment you need network watcher with specific name than set 'enable_network_watcher' variable to true. 
+##-----------------------------------------------------------------------------
 resource "azurerm_network_watcher" "flow_log_nw" {
-  count               = var.enable_network_watcher ? 1 : 0
+  count               = var.enable && var.enable_network_watcher ? 1 : 0
   name                = format("%s-network_watcher", module.labels.id)
   location            = var.location
   resource_group_name = var.resource_group_name

outputs.tf

@@ -33,6 +33,6 @@ output "ddos_protection_plan_id" {
   description = "The ID of the DDoS Protection Plan"
 }
 output "network_watcher_id" {
-  value       = join("", azurerm_network_watcher.test.*.id)
+  value       = join("", azurerm_network_watcher.flow_log_nw.*.id)
   description = "The ID of the Network Watcher."
 }

variables.tf

@@ -106,13 +106,18 @@ variable "dns_servers" {
   description = "The DNS servers to be used with vNet."
 }
 
-
 variable "enable_ddos_pp" {
   type        = bool
   default     = false
   description = "Flag to control the resource creation"
 }
 
+variable "existing_ddos_pp" {
+  type        = string
+  default     = null
+  description = "ID of an existing DDOPS plan defined in the same subscription"
+}
+
 variable "enable_network_watcher" {
   type        = bool
   default     = false
@@ -154,6 +159,7 @@ variable "enable_traffic_analytics" {
   default     = true
   description = "Flag to control creation of traffic analytics."
 }
+
 variable "retention_policy_enabled" {
   type        = bool
   default     = true