Terraforming with Azure
resource "azure_hosted_service" "azure_test_nat" { | |
name = "azure_test_nat" | |
location = "North Europe" | |
ephemeral_contents = false | |
description = "Nat Gateway Hosted service created by Terraform." | |
label = "azure_test_nat" | |
} |
resource "azure_instance" "nat" { | |
name = "${azure_virtual_network.azure_test.id}-nat" | |
hosted_service_name = "${azure_hosted_service.azure_test_nat.name}" | |
image = "Ubuntu Server 14.04 LTS" | |
size = "Basic_A1" | |
storage_service_name = "${azure_storage_service.azure_test_storage.name}" | |
location = "North Europe" | |
virtual_network = "${azure_virtual_network.azure_test.id}" | |
subnet = "public" | |
username = "terraform" | |
password = "${var.ssh_user_password}" | |
security_group = "${azure_security_group.public_ssh.name}" | |
endpoint { | |
name = "SSH" | |
protocol = "tcp" | |
public_port = 22 | |
private_port = 22 | |
} | |
connection { | |
user = "terraform" | |
password = "${var.ssh_user_password}" | |
} | |
provisioner "remote-exec" { | |
inline = [ | |
"sudo iptables -t nat -A POSTROUTING -j MASQUERADE", | |
"echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null", | |
] | |
} | |
} |
# Configure the Azure Provider | |
provider "azure" { | |
settings_file = "${var.azure_settings_file}" | |
} |
resource "azure_security_group" "public_ssh" { | |
name = "public_ssh" | |
location = "North Europe" | |
} | |
resource "azure_security_group" "private_ssh" { | |
name = "private_ssh" | |
location = "North Europe" | |
} | |
resource "azure_security_group_rule" "public_ssh_access" { | |
name = "ssh-access-rule" | |
security_group_names = ["${azure_security_group.public_ssh.name}"] | |
type = "Inbound" | |
action = "Allow" | |
priority = 200 | |
source_address_prefix = "*" | |
source_port_range = "*" | |
destination_address_prefix = "10.128.2.0/24" | |
destination_port_range = "22" | |
protocol = "TCP" | |
} | |
resource "azure_security_group_rule" "private_ssh_access" { | |
name = "private_ssh-access-rule" | |
security_group_names = ["${azure_security_group.private_ssh.name}"] | |
type = "Inbound" | |
action = "Allow" | |
priority = 200 | |
source_address_prefix = "10.128.2.0/24" | |
source_port_range = "*" | |
destination_address_prefix = "10.128.1.0/24" | |
destination_port_range = "22" | |
protocol = "TCP" | |
} |
resource "azure_storage_service" "azure_test_storage" { | |
name = "azure_test_storage" | |
location = "North Europe" | |
description = "Made by Terraform." | |
account_type = "Standard_LRS" | |
} |
variable "azure_settings_file" { | |
description = "The settings file available from https://manage.windowsazure.com/publishsettings" | |
} | |
variable "ssh_user_password" { | |
description = "The password for the SSH User" | |
} |
resource "azure_virtual_network" "azure_test" { | |
name = "azure_test" | |
address_space = ["10.128.0.0/16"] | |
location = "North Europe" | |
subnet { | |
name = "private" | |
address_prefix = "10.128.1.0/24" | |
} | |
subnet { | |
name = "public" | |
address_prefix = "10.128.2.0/24" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Thanks for sharing this documentation. I need one help from your end. I want to access my two private web VM's(same configuation they have) from outside network. I want to run joomla website on my private VMs which is accessible only port 80 from outside and also want to add loadbalncer. So for that I need terraform code of security group for azure. So can you assist me How can I do using terraform. Please reply with the terraform code.