Last active
May 11, 2018 13:01
-
-
Save proffalken/39c958b04a5a71c6465e to your computer and use it in GitHub Desktop.
Terraforming with Azure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "azure_hosted_service" "azure_test_nat" { | |
| name = "azure_test_nat" | |
| location = "North Europe" | |
| ephemeral_contents = false | |
| description = "Nat Gateway Hosted service created by Terraform." | |
| label = "azure_test_nat" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "azure_instance" "nat" { | |
| name = "${azure_virtual_network.azure_test.id}-nat" | |
| hosted_service_name = "${azure_hosted_service.azure_test_nat.name}" | |
| image = "Ubuntu Server 14.04 LTS" | |
| size = "Basic_A1" | |
| storage_service_name = "${azure_storage_service.azure_test_storage.name}" | |
| location = "North Europe" | |
| virtual_network = "${azure_virtual_network.azure_test.id}" | |
| subnet = "public" | |
| username = "terraform" | |
| password = "${var.ssh_user_password}" | |
| security_group = "${azure_security_group.public_ssh.name}" | |
| endpoint { | |
| name = "SSH" | |
| protocol = "tcp" | |
| public_port = 22 | |
| private_port = 22 | |
| } | |
| connection { | |
| user = "terraform" | |
| password = "${var.ssh_user_password}" | |
| } | |
| provisioner "remote-exec" { | |
| inline = [ | |
| "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", | |
| "echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null", | |
| ] | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configure the Azure Provider | |
| provider "azure" { | |
| settings_file = "${var.azure_settings_file}" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "azure_security_group" "public_ssh" { | |
| name = "public_ssh" | |
| location = "North Europe" | |
| } | |
| resource "azure_security_group" "private_ssh" { | |
| name = "private_ssh" | |
| location = "North Europe" | |
| } | |
| resource "azure_security_group_rule" "public_ssh_access" { | |
| name = "ssh-access-rule" | |
| security_group_names = ["${azure_security_group.public_ssh.name}"] | |
| type = "Inbound" | |
| action = "Allow" | |
| priority = 200 | |
| source_address_prefix = "*" | |
| source_port_range = "*" | |
| destination_address_prefix = "10.128.2.0/24" | |
| destination_port_range = "22" | |
| protocol = "TCP" | |
| } | |
| resource "azure_security_group_rule" "private_ssh_access" { | |
| name = "private_ssh-access-rule" | |
| security_group_names = ["${azure_security_group.private_ssh.name}"] | |
| type = "Inbound" | |
| action = "Allow" | |
| priority = 200 | |
| source_address_prefix = "10.128.2.0/24" | |
| source_port_range = "*" | |
| destination_address_prefix = "10.128.1.0/24" | |
| destination_port_range = "22" | |
| protocol = "TCP" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "azure_storage_service" "azure_test_storage" { | |
| name = "azure_test_storage" | |
| location = "North Europe" | |
| description = "Made by Terraform." | |
| account_type = "Standard_LRS" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "azure_settings_file" { | |
| description = "The settings file available from https://manage.windowsazure.com/publishsettings" | |
| } | |
| variable "ssh_user_password" { | |
| description = "The password for the SSH User" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "azure_virtual_network" "azure_test" { | |
| name = "azure_test" | |
| address_space = ["10.128.0.0/16"] | |
| location = "North Europe" | |
| subnet { | |
| name = "private" | |
| address_prefix = "10.128.1.0/24" | |
| } | |
| subnet { | |
| name = "public" | |
| address_prefix = "10.128.2.0/24" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for sharing this documentation. I need one help from your end. I want to access my two private web VM's(same configuation they have) from outside network. I want to run joomla website on my private VMs which is accessible only port 80 from outside and also want to add loadbalncer. So for that I need terraform code of security group for azure. So can you assist me How can I do using terraform. Please reply with the terraform code.