github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/examples/azure/terraform-azure-nsg-example/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # DEPLOY AN AZURE VM ALONG WITH AN EXAMPLE NETWORK SECURITY GROUP (NSG) 3 # This is an example of how to deploy an NSG along with the minimum networking resources 4 # to support a basic virtual machine. 5 # --------------------------------------------------------------------------------------------------------------------- 6 # See test/azure/terraform_azure_nsg_example_test.go for how to write automated tests for this code. 7 # --------------------------------------------------------------------------------------------------------------------- 8 9 provider "azurerm" { 10 version = "~>2.20" 11 features {} 12 } 13 14 # --------------------------------------------------------------------------------------------------------------------- 15 # PIN TERRAFORM VERSION TO >= 0.12 16 # The examples have been upgraded to 0.12 syntax 17 # --------------------------------------------------------------------------------------------------------------------- 18 19 terraform { 20 required_version = ">= 0.12" 21 } 22 23 # --------------------------------------------------------------------------------------------------------------------- 24 # DEPLOY A RESOURCE GROUP 25 # See test/terraform_azure_nsg_example_test.go for how to write automated tests for this code. 26 # --------------------------------------------------------------------------------------------------------------------- 27 28 resource "azurerm_resource_group" "nsg_rg" { 29 name = "${var.resource_group_name}-${var.postfix}" 30 location = var.location 31 } 32 33 # --------------------------------------------------------------------------------------------------------------------- 34 # DEPLOY VIRTUAL NETWORK RESOURCES 35 # --------------------------------------------------------------------------------------------------------------------- 36 37 resource "azurerm_virtual_network" "vnet" { 38 name = "${var.vnet_name}-${var.postfix}" 39 address_space = ["10.0.0.0/16"] 40 location = azurerm_resource_group.nsg_rg.location 41 resource_group_name = azurerm_resource_group.nsg_rg.name 42 } 43 44 resource "azurerm_subnet" "internal" { 45 name = "${var.subnet_name}-${var.postfix}" 46 resource_group_name = azurerm_resource_group.nsg_rg.name 47 virtual_network_name = azurerm_virtual_network.vnet.name 48 address_prefixes = ["10.0.17.0/24"] 49 } 50 51 resource "azurerm_network_interface" "main" { 52 name = "${var.vm_nic_name}-${var.postfix}" 53 location = azurerm_resource_group.nsg_rg.location 54 resource_group_name = azurerm_resource_group.nsg_rg.name 55 56 ip_configuration { 57 name = "${var.vm_nic_ip_config_name}-${var.postfix}" 58 subnet_id = azurerm_subnet.internal.id 59 private_ip_address_allocation = "Dynamic" 60 } 61 } 62 63 resource "azurerm_network_security_group" "nsg_example" { 64 name = "${var.nsg_name}-${var.postfix}" 65 location = azurerm_resource_group.nsg_rg.location 66 resource_group_name = azurerm_resource_group.nsg_rg.name 67 } 68 69 resource "azurerm_network_interface_security_group_association" "main" { 70 network_interface_id = azurerm_network_interface.main.id 71 network_security_group_id = azurerm_network_security_group.nsg_example.id 72 } 73 74 resource "azurerm_network_security_rule" "allow_ssh" { 75 name = "${var.nsg_ssh_rule_name}-${var.postfix}" 76 description = "${var.nsg_ssh_rule_name}-${var.postfix}" 77 priority = 100 78 direction = "Inbound" 79 access = "Allow" 80 protocol = "Tcp" 81 source_port_range = "*" 82 destination_port_range = 22 83 source_address_prefix = "*" 84 destination_address_prefix = "*" 85 resource_group_name = azurerm_resource_group.nsg_rg.name 86 network_security_group_name = azurerm_network_security_group.nsg_example.name 87 } 88 89 resource "azurerm_network_security_rule" "block_http" { 90 name = "${var.nsg_http_rule_name}-${var.postfix}" 91 description = "${var.nsg_http_rule_name}-${var.postfix}" 92 priority = 200 93 direction = "Inbound" 94 access = "Deny" 95 protocol = "Tcp" 96 source_port_range = "*" 97 destination_port_range = 80 98 source_address_prefix = "*" 99 destination_address_prefix = "*" 100 resource_group_name = azurerm_resource_group.nsg_rg.name 101 network_security_group_name = azurerm_network_security_group.nsg_example.name 102 } 103 104 # --------------------------------------------------------------------------------------------------------------------- 105 # DEPLOY A VIRTUAL MACHINE RUNNING UBUNTU 106 # This VM does not actually do anything and is the smallest size VM available with an Ubuntu image 107 # --------------------------------------------------------------------------------------------------------------------- 108 109 resource "azurerm_virtual_machine" "vm_example" { 110 name = "${var.vm_name}-${var.postfix}" 111 location = azurerm_resource_group.nsg_rg.location 112 resource_group_name = azurerm_resource_group.nsg_rg.name 113 network_interface_ids = [azurerm_network_interface.main.id] 114 vm_size = var.vm_size 115 delete_os_disk_on_termination = true 116 delete_data_disks_on_termination = true 117 118 storage_image_reference { 119 publisher = "Canonical" 120 offer = "UbuntuServer" 121 sku = "16.04-LTS" 122 version = "latest" 123 } 124 125 storage_os_disk { 126 name = "${var.os_disk_name}-${var.postfix}" 127 caching = "ReadWrite" 128 create_option = "FromImage" 129 managed_disk_type = "Standard_LRS" 130 } 131 132 os_profile { 133 computer_name = var.hostname 134 admin_username = var.username 135 admin_password = random_password.nsg.result 136 } 137 138 os_profile_linux_config { 139 disable_password_authentication = false 140 } 141 142 # Correctly setup the dependencies to make sure resources are correctly destroyed. 143 depends_on = [ 144 azurerm_network_interface_security_group_association.main 145 ] 146 } 147 148 resource "random_password" "nsg" { 149 length = 16 150 override_special = "-_%@" 151 min_upper = "1" 152 min_lower = "1" 153 min_numeric = "1" 154 min_special = "1" 155 } 156