torumakabe/main.tf

## main.tf
terraform {
  required_version = "~> 0.13"
}

provider "azurerm" {
  version = "~>2.25"
  features {}
}

data "azurerm_log_analytics_workspace" "sample" {
  name                = var.la_workspace_name
  resource_group_name = var.la_workspace_rg
}

resource "azurerm_resource_group" "sample" {
  name     = "rg-webapp-ob-fw"
  location = "japaneast"
}

resource "azurerm_virtual_network" "sample" {
  name                = "vnet-sample"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "integration" {
  name                 = "snet-integration"
  resource_group_name  = azurerm_resource_group.sample.name
  virtual_network_name = azurerm_virtual_network.sample.name
  address_prefixes     = ["10.0.1.0/24"]
  delegation {
    name = "delegation"
    service_delegation {
      name    = "Microsoft.Web/serverFarms"
      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
    }
  }
}

resource "azurerm_subnet" "firewall" {
  name                 = "AzureFirewallSubnet"
  resource_group_name  = azurerm_resource_group.sample.name
  virtual_network_name = azurerm_virtual_network.sample.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_public_ip" "firewall" {
  name                = "pip-firewall"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
  allocation_method   = "Static"
  sku                 = "Standard"
}

resource "azurerm_firewall" "sample" {
  name                = "fw-sample"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location

  ip_configuration {
    name                 = "configuration"
    subnet_id            = azurerm_subnet.firewall.id
    public_ip_address_id = azurerm_public_ip.firewall.id
  }
}

resource "azurerm_firewall_network_rule_collection" "allow_http" {
  name                = "Allow_HTTP"
  azure_firewall_name = azurerm_firewall.sample.name
  resource_group_name = azurerm_resource_group.sample.name
  priority            = 100
  action              = "Allow"

  rule {
    name = "Allow_HTTP"

    source_addresses = [
      "*",
    ]

    destination_ports = [
      "80", "443"
    ]

    destination_addresses = [
      "*",
    ]

    protocols = [
      "TCP",
    ]

  }
}

resource "azurerm_monitor_diagnostic_setting" "firewall" {
  name                       = "diag-log-firewall"
  target_resource_id         = azurerm_firewall.sample.id
  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.sample.id

  log {
    category = "AzureFirewallApplicationRule"
    enabled  = true

    retention_policy {
      days    = 0
      enabled = false
    }
  }

  log {
    category = "AzureFirewallNetworkRule"
    enabled  = true

    retention_policy {
      days    = 0
      enabled = false
    }
  }

  log {
    category = "AzureFirewallDnsProxy"
    enabled  = false

    retention_policy {
      days    = 0
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"
    enabled  = false

    retention_policy {
      days    = 0
      enabled = false
    }
  }

}

resource "azurerm_route_table" "sample" {
  name                = "routetable-sample"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
}

resource "azurerm_route" "default" {
  name                   = "route-default"
  resource_group_name    = azurerm_resource_group.sample.name
  route_table_name       = azurerm_route_table.sample.name
  address_prefix         = "0.0.0.0/0"
  next_hop_type          = "VirtualAppliance"
  next_hop_in_ip_address = azurerm_firewall.sample.ip_configuration[0].private_ip_address
}

resource "azurerm_subnet_route_table_association" "integration_sample" {
  subnet_id      = azurerm_subnet.integration.id
  route_table_id = azurerm_route_table.sample.id
}

resource "azurerm_subnet" "endpoint" {
  name                                           = "snet-endpoint"
  resource_group_name                            = azurerm_resource_group.sample.name
  virtual_network_name                           = azurerm_virtual_network.sample.name
  address_prefixes                               = ["10.0.3.0/24"]
}

resource "azurerm_app_service_plan" "sample" {
  name                = "plan-sample"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
  kind                = "Linux"
  reserved            = true


  sku {
    tier = "PremiumV2"
    size = "P1v2"
  }
}

resource "azurerm_app_service" "webapp" {
  depends_on          = [azurerm_firewall_network_rule_collection.allow_http]
  name                = "app-${var.prefix}-webapp"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
  app_service_plan_id = azurerm_app_service_plan.sample.id

  app_settings = {
    "WEBSITE_DNS_SERVER" : "168.63.129.16",
    "WEBSITE_VNET_ROUTE_ALL" : "1",
    "DJANGO_ENV" : "production",
    "DBHOST" : "${azurerm_postgresql_server.sample.fqdn}",
    "DBNAME" : "pollsdb",
    "DBUSER" : "${var.db_admin_name}@${azurerm_postgresql_server.sample.fqdn}",
    "DBPASS" : var.db_admin_pass
  }

  source_control {
    repo_url           = "https://github.com/Azure-Samples/djangoapp"
    branch             = "master"
    manual_integration = true
  }

  site_config {
    linux_fx_version = "PYTHON|3.8"
  }
}

resource "azurerm_app_service_virtual_network_swift_connection" "webapp_integration" {
  app_service_id = azurerm_app_service.webapp.id
  subnet_id      = azurerm_subnet.integration.id

  //Workaround
  provisioner "local-exec" {
    when    = destroy
    command = "sleep 30"
  }
}


resource "azurerm_postgresql_server" "sample" {
  name                = "psql-server-${var.prefix}"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
  sku_name            = "GP_Gen5_2"

  storage_mb                   = 5120
  backup_retention_days        = 7
  geo_redundant_backup_enabled = false
  auto_grow_enabled            = true

  administrator_login          = var.db_admin_name
  administrator_login_password = var.db_admin_pass
  version                      = "11"
  ssl_enforcement_enabled      = true
}

resource "azurerm_postgresql_database" "sample" {
  name                = "pollsdb"
  resource_group_name = azurerm_resource_group.sample.name
  server_name         = azurerm_postgresql_server.sample.name
  charset             = "UTF8"
  collation           = "English_United States.1252"
}

resource "azurerm_private_dns_zone" "sample" {
  name                = "privatelink.postgres.database.azure.com"
  resource_group_name = azurerm_resource_group.sample.name
}

resource "azurerm_private_dns_zone_virtual_network_link" "sample" {
  name                  = "dnszonelink-sample"
  resource_group_name   = azurerm_resource_group.sample.name
  private_dns_zone_name = azurerm_private_dns_zone.sample.name
  virtual_network_id    = azurerm_virtual_network.sample.id
}

resource "azurerm_private_endpoint" "sample" {
  name                = "private-endpoint-psql"
  resource_group_name = azurerm_resource_group.sample.name
  location            = azurerm_resource_group.sample.location
  subnet_id           = azurerm_subnet.endpoint.id

  private_dns_zone_group {
    name                 = "private-dnszone-group"
    private_dns_zone_ids = [azurerm_private_dns_zone.sample.id]
  }

  private_service_connection {
    name                           = "private-endpoint-connection-psql"
    private_connection_resource_id = azurerm_postgresql_server.sample.id
    subresource_names              = ["postgresqlServer"]
    is_manual_connection           = false
  }
}

## variables.tf
variable "prefix" {
  type    = string
  default = "your-prefix"
}

variable "db_admin_name" {
  type    = string
  default = "your-db-admin-name"
}

variable "db_admin_pass" {
  type    = string
  default = "your-db-admin-password"
}

variable "la_workspace_name" {
  type    = string
  default = "your-azure-monitor-log-analytics-workspace-name"
}

variable "la_workspace_rg" {
  type    = string
  default = "your-azure-monitor-log-analytics-workspace-resource-group-name"
}
	terraform {
	required_version = "~> 0.13"
	}

	provider "azurerm" {
	version = "~>2.25"
	features {}
	}

	data "azurerm_log_analytics_workspace" "sample" {
	name = var.la_workspace_name
	resource_group_name = var.la_workspace_rg
	}

	resource "azurerm_resource_group" "sample" {
	name = "rg-webapp-ob-fw"
	location = "japaneast"
	}

	resource "azurerm_virtual_network" "sample" {
	name = "vnet-sample"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	address_space = ["10.0.0.0/16"]
	}

	resource "azurerm_subnet" "integration" {
	name = "snet-integration"
	resource_group_name = azurerm_resource_group.sample.name
	virtual_network_name = azurerm_virtual_network.sample.name
	address_prefixes = ["10.0.1.0/24"]
	delegation {
	name = "delegation"
	service_delegation {
	name = "Microsoft.Web/serverFarms"
	actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
	}
	}
	}

	resource "azurerm_subnet" "firewall" {
	name = "AzureFirewallSubnet"
	resource_group_name = azurerm_resource_group.sample.name
	virtual_network_name = azurerm_virtual_network.sample.name
	address_prefixes = ["10.0.2.0/24"]
	}

	resource "azurerm_public_ip" "firewall" {
	name = "pip-firewall"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	allocation_method = "Static"
	sku = "Standard"
	}

	resource "azurerm_firewall" "sample" {
	name = "fw-sample"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location

	ip_configuration {
	name = "configuration"
	subnet_id = azurerm_subnet.firewall.id
	public_ip_address_id = azurerm_public_ip.firewall.id
	}
	}

	resource "azurerm_firewall_network_rule_collection" "allow_http" {
	name = "Allow_HTTP"
	azure_firewall_name = azurerm_firewall.sample.name
	resource_group_name = azurerm_resource_group.sample.name
	priority = 100
	action = "Allow"

	rule {
	name = "Allow_HTTP"

	source_addresses = [
	"*",
	]

	destination_ports = [
	"80", "443"
	]

	destination_addresses = [
	"*",
	]

	protocols = [
	"TCP",
	]

	}
	}

	resource "azurerm_monitor_diagnostic_setting" "firewall" {
	name = "diag-log-firewall"
	target_resource_id = azurerm_firewall.sample.id
	log_analytics_workspace_id = data.azurerm_log_analytics_workspace.sample.id

	log {
	category = "AzureFirewallApplicationRule"
	enabled = true

	retention_policy {
	days = 0
	enabled = false
	}
	}

	log {
	category = "AzureFirewallNetworkRule"
	enabled = true

	retention_policy {
	days = 0
	enabled = false
	}
	}

	log {
	category = "AzureFirewallDnsProxy"
	enabled = false

	retention_policy {
	days = 0
	enabled = false
	}
	}

	metric {
	category = "AllMetrics"
	enabled = false

	retention_policy {
	days = 0
	enabled = false
	}
	}

	}

	resource "azurerm_route_table" "sample" {
	name = "routetable-sample"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	}

	resource "azurerm_route" "default" {
	name = "route-default"
	resource_group_name = azurerm_resource_group.sample.name
	route_table_name = azurerm_route_table.sample.name
	address_prefix = "0.0.0.0/0"
	next_hop_type = "VirtualAppliance"
	next_hop_in_ip_address = azurerm_firewall.sample.ip_configuration[0].private_ip_address
	}

	resource "azurerm_subnet_route_table_association" "integration_sample" {
	subnet_id = azurerm_subnet.integration.id
	route_table_id = azurerm_route_table.sample.id
	}

	resource "azurerm_subnet" "endpoint" {
	name = "snet-endpoint"
	resource_group_name = azurerm_resource_group.sample.name
	virtual_network_name = azurerm_virtual_network.sample.name
	address_prefixes = ["10.0.3.0/24"]
	}

	resource "azurerm_app_service_plan" "sample" {
	name = "plan-sample"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	kind = "Linux"
	reserved = true


	sku {
	tier = "PremiumV2"
	size = "P1v2"
	}
	}

	resource "azurerm_app_service" "webapp" {
	depends_on = [azurerm_firewall_network_rule_collection.allow_http]
	name = "app-${var.prefix}-webapp"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	app_service_plan_id = azurerm_app_service_plan.sample.id

	app_settings = {
	"WEBSITE_DNS_SERVER" : "168.63.129.16",
	"WEBSITE_VNET_ROUTE_ALL" : "1",
	"DJANGO_ENV" : "production",
	"DBHOST" : "${azurerm_postgresql_server.sample.fqdn}",
	"DBNAME" : "pollsdb",
	"DBUSER" : "${var.db_admin_name}@${azurerm_postgresql_server.sample.fqdn}",
	"DBPASS" : var.db_admin_pass
	}

	source_control {
	repo_url = "https://github.com/Azure-Samples/djangoapp"
	branch = "master"
	manual_integration = true
	}

	site_config {
	linux_fx_version = "PYTHON\|3.8"
	}
	}

	resource "azurerm_app_service_virtual_network_swift_connection" "webapp_integration" {
	app_service_id = azurerm_app_service.webapp.id
	subnet_id = azurerm_subnet.integration.id

	//Workaround
	provisioner "local-exec" {
	when = destroy
	command = "sleep 30"
	}
	}


	resource "azurerm_postgresql_server" "sample" {
	name = "psql-server-${var.prefix}"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	sku_name = "GP_Gen5_2"

	storage_mb = 5120
	backup_retention_days = 7
	geo_redundant_backup_enabled = false
	auto_grow_enabled = true

	administrator_login = var.db_admin_name
	administrator_login_password = var.db_admin_pass
	version = "11"
	ssl_enforcement_enabled = true
	}

	resource "azurerm_postgresql_database" "sample" {
	name = "pollsdb"
	resource_group_name = azurerm_resource_group.sample.name
	server_name = azurerm_postgresql_server.sample.name
	charset = "UTF8"
	collation = "English_United States.1252"
	}

	resource "azurerm_private_dns_zone" "sample" {
	name = "privatelink.postgres.database.azure.com"
	resource_group_name = azurerm_resource_group.sample.name
	}

	resource "azurerm_private_dns_zone_virtual_network_link" "sample" {
	name = "dnszonelink-sample"
	resource_group_name = azurerm_resource_group.sample.name
	private_dns_zone_name = azurerm_private_dns_zone.sample.name
	virtual_network_id = azurerm_virtual_network.sample.id
	}

	resource "azurerm_private_endpoint" "sample" {
	name = "private-endpoint-psql"
	resource_group_name = azurerm_resource_group.sample.name
	location = azurerm_resource_group.sample.location
	subnet_id = azurerm_subnet.endpoint.id

	private_dns_zone_group {
	name = "private-dnszone-group"
	private_dns_zone_ids = [azurerm_private_dns_zone.sample.id]
	}

	private_service_connection {
	name = "private-endpoint-connection-psql"
	private_connection_resource_id = azurerm_postgresql_server.sample.id
	subresource_names = ["postgresqlServer"]
	is_manual_connection = false
	}
	}
	variable "prefix" {
	type = string
	default = "your-prefix"
	}

	variable "db_admin_name" {
	type = string
	default = "your-db-admin-name"
	}

	variable "db_admin_pass" {
	type = string
	default = "your-db-admin-password"
	}

	variable "la_workspace_name" {
	type = string
	default = "your-azure-monitor-log-analytics-workspace-name"
	}

	variable "la_workspace_rg" {
	type = string
	default = "your-azure-monitor-log-analytics-workspace-resource-group-name"
	}