Created
January 31, 2024 16:43
-
-
Save offbyone/3b3c2e61593e8144b18988ff836ff94e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| prefix = "bastion" | |
| } | |
| resource "azurerm_resource_group" "main" { | |
| name = "${local.prefix}-resources" | |
| location = var.azure_location | |
| } | |
| resource "azurerm_virtual_network" "main" { | |
| name = "${local.prefix}-network" | |
| address_space = ["10.1.0.0/16"] | |
| location = azurerm_resource_group.main.location | |
| resource_group_name = azurerm_resource_group.main.name | |
| } | |
| resource "azurerm_subnet" "internal" { | |
| name = "internal" | |
| resource_group_name = azurerm_resource_group.main.name | |
| virtual_network_name = azurerm_virtual_network.main.name | |
| address_prefixes = ["10.1.2.0/24"] | |
| } | |
| resource "azurerm_public_ip" "pip" { | |
| name = "${local.prefix}-pip" | |
| resource_group_name = azurerm_resource_group.main.name | |
| location = azurerm_resource_group.main.location | |
| allocation_method = "Dynamic" | |
| } | |
| resource "azurerm_network_interface" "main" { | |
| name = "${local.prefix}-nic1" | |
| resource_group_name = azurerm_resource_group.main.name | |
| location = azurerm_resource_group.main.location | |
| ip_configuration { | |
| name = "primary" | |
| subnet_id = azurerm_subnet.internal.id | |
| private_ip_address_allocation = "Dynamic" | |
| public_ip_address_id = azurerm_public_ip.pip.id | |
| } | |
| } | |
| resource "azurerm_network_interface" "internal" { | |
| name = "${local.prefix}-nic2" | |
| resource_group_name = azurerm_resource_group.main.name | |
| location = azurerm_resource_group.main.location | |
| ip_configuration { | |
| name = "internal" | |
| subnet_id = azurerm_subnet.internal.id | |
| private_ip_address_allocation = "Dynamic" | |
| } | |
| } | |
| resource "azurerm_network_security_group" "webserver" { | |
| name = "tls_webserver" | |
| location = azurerm_resource_group.main.location | |
| resource_group_name = azurerm_resource_group.main.name | |
| security_rule { | |
| access = "Allow" | |
| direction = "Inbound" | |
| name = "tls" | |
| priority = 100 | |
| protocol = "Tcp" | |
| source_port_range = "*" | |
| source_address_prefix = "*" | |
| destination_port_range = "443" | |
| destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
| } | |
| } | |
| resource "azurerm_network_interface_security_group_association" "main" { | |
| network_interface_id = azurerm_network_interface.internal.id | |
| network_security_group_id = azurerm_network_security_group.webserver.id | |
| } | |
| resource "azurerm_network_security_group" "inbound" { | |
| name = "tls_webserver_in" | |
| location = azurerm_resource_group.main.location | |
| resource_group_name = azurerm_resource_group.main.name | |
| security_rule { | |
| access = "Allow" | |
| direction = "Inbound" | |
| name = "tls" | |
| priority = 100 | |
| protocol = "Tcp" | |
| source_port_range = "*" | |
| source_address_prefix = "*" | |
| destination_port_range = "443" | |
| destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
| } | |
| security_rule { | |
| access = "Allow" | |
| direction = "Inbound" | |
| name = "ssh" | |
| priority = 102 | |
| protocol = "Tcp" | |
| source_port_range = "*" | |
| source_address_prefix = "*" | |
| destination_port_range = "22" | |
| destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
| } | |
| security_rule { | |
| access = "Allow" | |
| direction = "Inbound" | |
| name = "tailscale" | |
| priority = 1010 | |
| protocol = "Udp" | |
| source_port_range = "*" | |
| source_address_prefix = "*" | |
| destination_port_range = "41641" | |
| destination_address_prefix = azurerm_network_interface.main.private_ip_address | |
| } | |
| } | |
| resource "azurerm_network_interface_security_group_association" "inbound" { | |
| network_interface_id = azurerm_network_interface.main.id | |
| network_security_group_id = azurerm_network_security_group.inbound.id | |
| } | |
| resource "azurerm_linux_virtual_machine" "main" { | |
| name = "${local.prefix}-vm" | |
| resource_group_name = azurerm_resource_group.main.name | |
| location = azurerm_resource_group.main.location | |
| size = "Standard_A1_v2" | |
| admin_username = "adminuser" | |
| disable_password_authentication = true | |
| network_interface_ids = [ | |
| azurerm_network_interface.main.id, | |
| azurerm_network_interface.internal.id, | |
| ] | |
| admin_ssh_key { | |
| username = "adminuser" | |
| public_key = file("~/.ssh/id_rsa.pub") | |
| } | |
| source_image_reference { | |
| publisher = "Canonical" | |
| offer = "0001-com-ubuntu-server-jammy" | |
| sku = "22_04-lts" | |
| version = "latest" | |
| } | |
| os_disk { | |
| storage_account_type = "Standard_LRS" | |
| caching = "ReadWrite" | |
| } | |
| } | |
| output "bastion_ip" { | |
| value = azurerm_public_ip.pip.ip_address | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment