Created
January 31, 2024 16:43
-
-
Save offbyone/3b3c2e61593e8144b18988ff836ff94e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
locals { | |
prefix = "bastion" | |
} | |
resource "azurerm_resource_group" "main" { | |
name = "${local.prefix}-resources" | |
location = var.azure_location | |
} | |
resource "azurerm_virtual_network" "main" { | |
name = "${local.prefix}-network" | |
address_space = ["10.1.0.0/16"] | |
location = azurerm_resource_group.main.location | |
resource_group_name = azurerm_resource_group.main.name | |
} | |
resource "azurerm_subnet" "internal" { | |
name = "internal" | |
resource_group_name = azurerm_resource_group.main.name | |
virtual_network_name = azurerm_virtual_network.main.name | |
address_prefixes = ["10.1.2.0/24"] | |
} | |
resource "azurerm_public_ip" "pip" { | |
name = "${local.prefix}-pip" | |
resource_group_name = azurerm_resource_group.main.name | |
location = azurerm_resource_group.main.location | |
allocation_method = "Dynamic" | |
} | |
resource "azurerm_network_interface" "main" { | |
name = "${local.prefix}-nic1" | |
resource_group_name = azurerm_resource_group.main.name | |
location = azurerm_resource_group.main.location | |
ip_configuration { | |
name = "primary" | |
subnet_id = azurerm_subnet.internal.id | |
private_ip_address_allocation = "Dynamic" | |
public_ip_address_id = azurerm_public_ip.pip.id | |
} | |
} | |
resource "azurerm_network_interface" "internal" { | |
name = "${local.prefix}-nic2" | |
resource_group_name = azurerm_resource_group.main.name | |
location = azurerm_resource_group.main.location | |
ip_configuration { | |
name = "internal" | |
subnet_id = azurerm_subnet.internal.id | |
private_ip_address_allocation = "Dynamic" | |
} | |
} | |
resource "azurerm_network_security_group" "webserver" { | |
name = "tls_webserver" | |
location = azurerm_resource_group.main.location | |
resource_group_name = azurerm_resource_group.main.name | |
security_rule { | |
access = "Allow" | |
direction = "Inbound" | |
name = "tls" | |
priority = 100 | |
protocol = "Tcp" | |
source_port_range = "*" | |
source_address_prefix = "*" | |
destination_port_range = "443" | |
destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
} | |
} | |
resource "azurerm_network_interface_security_group_association" "main" { | |
network_interface_id = azurerm_network_interface.internal.id | |
network_security_group_id = azurerm_network_security_group.webserver.id | |
} | |
resource "azurerm_network_security_group" "inbound" { | |
name = "tls_webserver_in" | |
location = azurerm_resource_group.main.location | |
resource_group_name = azurerm_resource_group.main.name | |
security_rule { | |
access = "Allow" | |
direction = "Inbound" | |
name = "tls" | |
priority = 100 | |
protocol = "Tcp" | |
source_port_range = "*" | |
source_address_prefix = "*" | |
destination_port_range = "443" | |
destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
} | |
security_rule { | |
access = "Allow" | |
direction = "Inbound" | |
name = "ssh" | |
priority = 102 | |
protocol = "Tcp" | |
source_port_range = "*" | |
source_address_prefix = "*" | |
destination_port_range = "22" | |
destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
} | |
security_rule { | |
access = "Allow" | |
direction = "Inbound" | |
name = "tailscale" | |
priority = 1010 | |
protocol = "Udp" | |
source_port_range = "*" | |
source_address_prefix = "*" | |
destination_port_range = "41641" | |
destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
} | |
} | |
resource "azurerm_network_interface_security_group_association" "inbound" { | |
network_interface_id = azurerm_network_interface.main.id | |
network_security_group_id = azurerm_network_security_group.inbound.id | |
} | |
resource "azurerm_linux_virtual_machine" "main" { | |
name = "${local.prefix}-vm" | |
resource_group_name = azurerm_resource_group.main.name | |
location = azurerm_resource_group.main.location | |
size = "Standard_A1_v2" | |
admin_username = "adminuser" | |
disable_password_authentication = true | |
network_interface_ids = [ | |
azurerm_network_interface.main.id, | |
azurerm_network_interface.internal.id, | |
] | |
admin_ssh_key { | |
username = "adminuser" | |
public_key = file("~/.ssh/id_rsa.pub") | |
} | |
source_image_reference { | |
publisher = "Canonical" | |
offer = "0001-com-ubuntu-server-jammy" | |
sku = "22_04-lts" | |
version = "latest" | |
} | |
os_disk { | |
storage_account_type = "Standard_LRS" | |
caching = "ReadWrite" | |
} | |
} | |
output "bastion_ip" { | |
value = azurerm_public_ip.pip.ip_address | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment