diff --git a/azurerm/modules/azurerm-kv/README.md b/azurerm/modules/azurerm-kv/README.md
index 231a1f91..2b9cd6e2 100644
--- a/azurerm/modules/azurerm-kv/README.md
+++ b/azurerm/modules/azurerm-kv/README.md
@@ -99,6 +99,7 @@ No modules.
| [network\_acl\_default\_action](#input\_network\_acl\_default\_action) | he Name of the SKU used for this Key Vault. Possible values are standard and premium | `string` | `"Deny"` | no |
| [network\_acls\_bypass](#input\_network\_acls\_bypass) | Specifies which traffic can bypass the network rules. Possible values are AzureServices and None | `string` | `"AzureServices"` | no |
| [network\_acls\_ip\_rules](#input\_network\_acls\_ip\_rules) | The Default Action to use when no rules match from ip\_rules / virtual\_network\_subnet\_ids. Possible values are Allow and Deny | `list(string)` | `[]` | no |
+| [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Allow public network access to Key Vault. Set as true or false. | `bool` | `true` | no |
| [purge\_protection\_enabled](#input\_purge\_protection\_enabled) | Is Purge Protection enabled for this Key Vault | `bool` | `false` | no |
| [reader\_object\_ids](#input\_reader\_object\_ids) | A list of Azure active directory user,group or application object ID's that will have reader role to the key vault | `list(string)` | `[]` | no |
| [resource\_group\_location](#input\_resource\_group\_location) | Location of Resource group | `string` | `"uksouth"` | no |
diff --git a/azurerm/modules/azurerm-kv/main.tf b/azurerm/modules/azurerm-kv/main.tf
index df99ce0d..3483dad9 100644
--- a/azurerm/modules/azurerm-kv/main.tf
+++ b/azurerm/modules/azurerm-kv/main.tf
@@ -16,7 +16,7 @@ resource "azurerm_key_vault" "example" {
enabled_for_template_deployment = var.enabled_for_template_deployment
enable_rbac_authorization = var.enable_rbac_authorization
sku_name = var.sku_name
-
+ public_network_access_enabled = var.public_network_access_enabled
dynamic "network_acls" {
for_each = var.create_kv_networkacl == false ? toset([]) : toset([1])
diff --git a/azurerm/modules/azurerm-kv/vars.tf b/azurerm/modules/azurerm-kv/vars.tf
index 37f6d11a..e70bde3d 100644
--- a/azurerm/modules/azurerm-kv/vars.tf
+++ b/azurerm/modules/azurerm-kv/vars.tf
@@ -147,3 +147,9 @@ variable "reader_object_ids" {
type = list(string)
default = []
}
+
+variable "public_network_access_enabled" {
+ type = bool
+ default = true
+ description = "Allow public network access to Key Vault. Set as true or false."
+}
\ No newline at end of file
diff --git a/azurerm/modules/azurerm-sql/main.tf b/azurerm/modules/azurerm-sql/main.tf
index cb38082a..1f82f540 100644
--- a/azurerm/modules/azurerm-sql/main.tf
+++ b/azurerm/modules/azurerm-sql/main.tf
@@ -37,16 +37,16 @@ resource "azurerm_mssql_firewall_rule" "example_fw_rule" {
}
resource "azurerm_mssql_database" "example-db" {
- for_each = toset(var.sql_db_names)
- name = each.key
- server_id = azurerm_mssql_server.example.id
- create_mode = var.create_mode
- sample_name = var.sample_name
- collation = var.collation
- license_type = var.license_type
- sku_name = var.sku_name
- zone_redundant = var.zone_redundant
+ for_each = toset(var.sql_db_names)
+ name = each.key
+ server_id = azurerm_mssql_server.example.id
+ create_mode = var.create_mode
+ sample_name = var.sample_name
+ collation = var.collation
+ license_type = var.license_type
+ sku_name = var.sku_name
+ zone_redundant = var.zone_redundant
auto_pause_delay_in_minutes = var.auto_pause_delay_in_minutes
- tags = var.resource_tags
+ tags = var.resource_tags
}
diff --git a/azurerm/modules/azurerm-sql/vars.tf b/azurerm/modules/azurerm-sql/vars.tf
index 968d9164..66753a1b 100644
--- a/azurerm/modules/azurerm-sql/vars.tf
+++ b/azurerm/modules/azurerm-sql/vars.tf
@@ -85,7 +85,7 @@ variable "azuread_administrator" {
object_id = string
}))
description = "Specifies whether only AD Users and administrators (like azuread_administrator.0.login_username) can be used to login, or also local database users (like administrator_login). When true, the administrator_login and administrator_login_password properties can be omitted."
- default = []
+ default = []
}