Terraforming with Azure
| resource "azure_hosted_service" "azure_test_nat" { | |
| name = "azure_test_nat" | |
| location = "North Europe" | |
| ephemeral_contents = false | |
| description = "Nat Gateway Hosted service created by Terraform." | |
| label = "azure_test_nat" | |
| } |
| resource "azure_instance" "nat" { | |
| name = "${azure_virtual_network.azure_test.id}-nat" | |
| hosted_service_name = "${azure_hosted_service.azure_test_nat.name}" | |
| image = "Ubuntu Server 14.04 LTS" | |
| size = "Basic_A1" | |
| storage_service_name = "${azure_storage_service.azure_test_storage.name}" | |
| location = "North Europe" | |
| virtual_network = "${azure_virtual_network.azure_test.id}" | |
| subnet = "public" | |
| username = "terraform" | |
| password = "${var.ssh_user_password}" | |
| security_group = "${azure_security_group.public_ssh.name}" | |
| endpoint { | |
| name = "SSH" | |
| protocol = "tcp" | |
| public_port = 22 | |
| private_port = 22 | |
| } | |
| connection { | |
| user = "terraform" | |
| password = "${var.ssh_user_password}" | |
| } | |
| provisioner "remote-exec" { | |
| inline = [ | |
| "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", | |
| "echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null", | |
| ] | |
| } | |
| } |
| # Configure the Azure Provider | |
| provider "azure" { | |
| settings_file = "${var.azure_settings_file}" | |
| } |
| resource "azure_security_group" "public_ssh" { | |
| name = "public_ssh" | |
| location = "North Europe" | |
| } | |
| resource "azure_security_group" "private_ssh" { | |
| name = "private_ssh" | |
| location = "North Europe" | |
| } | |
| resource "azure_security_group_rule" "public_ssh_access" { | |
| name = "ssh-access-rule" | |
| security_group_names = ["${azure_security_group.public_ssh.name}"] | |
| type = "Inbound" | |
| action = "Allow" | |
| priority = 200 | |
| source_address_prefix = "*" | |
| source_port_range = "*" | |
| destination_address_prefix = "10.128.2.0/24" | |
| destination_port_range = "22" | |
| protocol = "TCP" | |
| } | |
| resource "azure_security_group_rule" "private_ssh_access" { | |
| name = "private_ssh-access-rule" | |
| security_group_names = ["${azure_security_group.private_ssh.name}"] | |
| type = "Inbound" | |
| action = "Allow" | |
| priority = 200 | |
| source_address_prefix = "10.128.2.0/24" | |
| source_port_range = "*" | |
| destination_address_prefix = "10.128.1.0/24" | |
| destination_port_range = "22" | |
| protocol = "TCP" | |
| } |
| resource "azure_storage_service" "azure_test_storage" { | |
| name = "azure_test_storage" | |
| location = "North Europe" | |
| description = "Made by Terraform." | |
| account_type = "Standard_LRS" | |
| } |
| variable "azure_settings_file" { | |
| description = "The settings file available from https://manage.windowsazure.com/publishsettings" | |
| } | |
| variable "ssh_user_password" { | |
| description = "The password for the SSH User" | |
| } |
| resource "azure_virtual_network" "azure_test" { | |
| name = "azure_test" | |
| address_space = ["10.128.0.0/16"] | |
| location = "North Europe" | |
| subnet { | |
| name = "private" | |
| address_prefix = "10.128.1.0/24" | |
| } | |
| subnet { | |
| name = "public" | |
| address_prefix = "10.128.2.0/24" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Thanks for sharing this documentation. I need one help from your end. I want to access my two private web VM's(same configuation they have) from outside network. I want to run joomla website on my private VMs which is accessible only port 80 from outside and also want to add loadbalncer. So for that I need terraform code of security group for azure. So can you assist me How can I do using terraform. Please reply with the terraform code.