Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraforming with Azure
resource "azure_hosted_service" "azure_test_nat" {
name = "azure_test_nat"
location = "North Europe"
ephemeral_contents = false
description = "Nat Gateway Hosted service created by Terraform."
label = "azure_test_nat"
}
resource "azure_instance" "nat" {
name = "${azure_virtual_network.azure_test.id}-nat"
hosted_service_name = "${azure_hosted_service.azure_test_nat.name}"
image = "Ubuntu Server 14.04 LTS"
size = "Basic_A1"
storage_service_name = "${azure_storage_service.azure_test_storage.name}"
location = "North Europe"
virtual_network = "${azure_virtual_network.azure_test.id}"
subnet = "public"
username = "terraform"
password = "${var.ssh_user_password}"
security_group = "${azure_security_group.public_ssh.name}"
endpoint {
name = "SSH"
protocol = "tcp"
public_port = 22
private_port = 22
}
connection {
user = "terraform"
password = "${var.ssh_user_password}"
}
provisioner "remote-exec" {
inline = [
"sudo iptables -t nat -A POSTROUTING -j MASQUERADE",
"echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null",
]
}
}
# Configure the Azure Provider
provider "azure" {
settings_file = "${var.azure_settings_file}"
}
resource "azure_security_group" "public_ssh" {
name = "public_ssh"
location = "North Europe"
}
resource "azure_security_group" "private_ssh" {
name = "private_ssh"
location = "North Europe"
}
resource "azure_security_group_rule" "public_ssh_access" {
name = "ssh-access-rule"
security_group_names = ["${azure_security_group.public_ssh.name}"]
type = "Inbound"
action = "Allow"
priority = 200
source_address_prefix = "*"
source_port_range = "*"
destination_address_prefix = "10.128.2.0/24"
destination_port_range = "22"
protocol = "TCP"
}
resource "azure_security_group_rule" "private_ssh_access" {
name = "private_ssh-access-rule"
security_group_names = ["${azure_security_group.private_ssh.name}"]
type = "Inbound"
action = "Allow"
priority = 200
source_address_prefix = "10.128.2.0/24"
source_port_range = "*"
destination_address_prefix = "10.128.1.0/24"
destination_port_range = "22"
protocol = "TCP"
}
resource "azure_storage_service" "azure_test_storage" {
name = "azure_test_storage"
location = "North Europe"
description = "Made by Terraform."
account_type = "Standard_LRS"
}
variable "azure_settings_file" {
description = "The settings file available from https://manage.windowsazure.com/publishsettings"
}
variable "ssh_user_password" {
description = "The password for the SSH User"
}
resource "azure_virtual_network" "azure_test" {
name = "azure_test"
address_space = ["10.128.0.0/16"]
location = "North Europe"
subnet {
name = "private"
address_prefix = "10.128.1.0/24"
}
subnet {
name = "public"
address_prefix = "10.128.2.0/24"
}
}
@vijay-thakur

This comment has been minimized.

Copy link

@vijay-thakur vijay-thakur commented Apr 20, 2016

Thanks for sharing this documentation. I need one help from your end. I want to access my two private web VM's(same configuation they have) from outside network. I want to run joomla website on my private VMs which is accessible only port 80 from outside and also want to add loadbalncer. So for that I need terraform code of security group for azure. So can you assist me How can I do using terraform. Please reply with the terraform code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.