Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraforming with Azure
resource "azure_hosted_service" "azure_test_nat" {
name = "azure_test_nat"
location = "North Europe"
ephemeral_contents = false
description = "Nat Gateway Hosted service created by Terraform."
label = "azure_test_nat"
}
resource "azure_instance" "nat" {
name = "${azure_virtual_network.azure_test.id}-nat"
hosted_service_name = "${azure_hosted_service.azure_test_nat.name}"
image = "Ubuntu Server 14.04 LTS"
size = "Basic_A1"
storage_service_name = "${azure_storage_service.azure_test_storage.name}"
location = "North Europe"
virtual_network = "${azure_virtual_network.azure_test.id}"
subnet = "public"
username = "terraform"
password = "${var.ssh_user_password}"
security_group = "${azure_security_group.public_ssh.name}"
endpoint {
name = "SSH"
protocol = "tcp"
public_port = 22
private_port = 22
}
connection {
user = "terraform"
password = "${var.ssh_user_password}"
}
provisioner "remote-exec" {
inline = [
"sudo iptables -t nat -A POSTROUTING -j MASQUERADE",
"echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null",
]
}
}
# Configure the Azure Provider
provider "azure" {
settings_file = "${var.azure_settings_file}"
}
resource "azure_security_group" "public_ssh" {
name = "public_ssh"
location = "North Europe"
}
resource "azure_security_group" "private_ssh" {
name = "private_ssh"
location = "North Europe"
}
resource "azure_security_group_rule" "public_ssh_access" {
name = "ssh-access-rule"
security_group_names = ["${azure_security_group.public_ssh.name}"]
type = "Inbound"
action = "Allow"
priority = 200
source_address_prefix = "*"
source_port_range = "*"
destination_address_prefix = "10.128.2.0/24"
destination_port_range = "22"
protocol = "TCP"
}
resource "azure_security_group_rule" "private_ssh_access" {
name = "private_ssh-access-rule"
security_group_names = ["${azure_security_group.private_ssh.name}"]
type = "Inbound"
action = "Allow"
priority = 200
source_address_prefix = "10.128.2.0/24"
source_port_range = "*"
destination_address_prefix = "10.128.1.0/24"
destination_port_range = "22"
protocol = "TCP"
}
resource "azure_storage_service" "azure_test_storage" {
name = "azure_test_storage"
location = "North Europe"
description = "Made by Terraform."
account_type = "Standard_LRS"
}
variable "azure_settings_file" {
description = "The settings file available from https://manage.windowsazure.com/publishsettings"
}
variable "ssh_user_password" {
description = "The password for the SSH User"
}
resource "azure_virtual_network" "azure_test" {
name = "azure_test"
address_space = ["10.128.0.0/16"]
location = "North Europe"
subnet {
name = "private"
address_prefix = "10.128.1.0/24"
}
subnet {
name = "public"
address_prefix = "10.128.2.0/24"
}
}
@vijay-thakur

This comment has been minimized.

Copy link

@vijay-thakur vijay-thakur commented Apr 20, 2016

Thanks for sharing this documentation. I need one help from your end. I want to access my two private web VM's(same configuation they have) from outside network. I want to run joomla website on my private VMs which is accessible only port 80 from outside and also want to add loadbalncer. So for that I need terraform code of security group for azure. So can you assist me How can I do using terraform. Please reply with the terraform code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment