feat(module/vmss): allow VMSS reference backend address pools of application gateways

modules/vmss/README.md

@@ -54,6 +54,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_accelerated_networking"></a> [accelerated\_networking](#input\_accelerated\_networking) | If true, enable Azure accelerated networking (SR-IOV) for all dataplane network interfaces. [Requires](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/virtualization-features/support-for-azure-accelerated-networking-sriov) PAN-OS 9.0 or higher. The PAN-OS management interface (nic0) is never accelerated, whether this variable is true or false. | `bool` | `true` | no |
 | <a name="input_app_insights_settings"></a> [app\_insights\_settings](#input\_app\_insights\_settings) | A map of the Application Insights related parameters. Full configuration description available under [vmseries/README.md](../../modules/vmseries/README.md#input\_app\_insights\_settings)<br><br>NOTICE. Even if you keep this property set to `null` but set up the `autoscale_metrics` property Application Insights will be created as it is required to gather Palo Alto's autoscaling specific metrics.<pre></pre> | `map(any)` | `null` | no |
+| <a name="input_appgw_backend_pool_id"></a> [appgw\_backend\_pool\_id](#input\_appgw\_backend\_pool\_id) | Identifier of the Application Gateway's backend pool to associate with the public interface of each VM-Series firewall. | `string` | `null` | no |
 | <a name="input_autoscale_count_default"></a> [autoscale\_count\_default](#input\_autoscale\_count\_default) | The minimum number of instances that should be present in the scale set when the autoscaling engine cannot read the metrics or is otherwise unable to compare the metrics to the thresholds. | `number` | `2` | no |
 | <a name="input_autoscale_count_maximum"></a> [autoscale\_count\_maximum](#input\_autoscale\_count\_maximum) | The maximum number of instances that should be present in the scale set. | `number` | `5` | no |
 | <a name="input_autoscale_count_minimum"></a> [autoscale\_count\_minimum](#input\_autoscale\_count\_minimum) | The minimum number of instances that should be present in the scale set. | `number` | `2` | no |

modules/vmss/main.tf

@@ -95,10 +95,11 @@ resource "azurerm_linux_virtual_machine_scale_set" "this" {
       enable_accelerated_networking = var.accelerated_networking
 
       ip_configuration {
-        name                                   = "${var.name_prefix}${var.name_public_nic_ip}"
-        primary                                = true
-        subnet_id                              = var.subnet_public.id
-        load_balancer_backend_address_pool_ids = var.public_backend_pool_id != null ? [var.public_backend_pool_id] : []
+        name                                         = "${var.name_prefix}${var.name_public_nic_ip}"
+        primary                                      = true
+        subnet_id                                    = var.subnet_public.id
+        load_balancer_backend_address_pool_ids       = var.public_backend_pool_id != null ? [var.public_backend_pool_id] : []
+        application_gateway_backend_address_pool_ids = var.appgw_backend_pool_id != null ? [var.appgw_backend_pool_id] : []
 
         dynamic "public_ip_address" {
           for_each = var.create_public_pip ? ["one"] : []

modules/vmss/variables.tf

@@ -201,6 +201,12 @@ variable "public_backend_pool_id" {
   default     = null
 }
 
+variable "appgw_backend_pool_id" {
+  description = "Identifier of the Application Gateway's backend pool to associate with the public interface of each VM-Series firewall."
+  type        = string
+  default     = null
+}
+
 variable "create_public_interface" {
   description = "If true, create the third network interface for virtual machines."
   default     = true