Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@rtrentin73

rtrentin73/vm-central.tf

Created August 23, 2022 13:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rtrentin73/68c067af47e46c66c652594f3bbccf57 to your computer and use it in GitHub Desktop.
Save rtrentin73/68c067af47e46c66c652594f3bbccf57 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vm-central.tf
resource "azurerm_resource_group" "central-app-vm1-rg" {
name = "central-app-vm1-rg"
location = var.region-a
}
resource "azurerm_public_ip" "central-app-vm1-pip" {
name = "central-app-vm1-pip"
resource_group_name = azurerm_resource_group.central-app-vm1-rg.name
location = var.region-a
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_network_interface" "central-app-vm1-nic" {
name = "central-app-vm1-nic"
location = var.region-a
resource_group_name = azurerm_resource_group.central-app-vm1-rg.name
ip_configuration {
name = "primary"
subnet_id = module.app-spoke-central.vpc.public_subnets[1].subnet_id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.central-app-vm1-pip.id
}
}
resource "azurerm_network_security_group" "central-app-vm1-nsg" {
name = "central-app-vm1-nsg"
location = var.region-a
resource_group_name = azurerm_resource_group.central-app-vm1-rg.name
security_rule {
access = "Allow"
direction = "Inbound"
name = "ssh"
priority = 900
protocol = "Tcp"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "22"
destination_address_prefix = "*"
}
security_rule {
access = "Allow"
direction = "Inbound"
name = "http"
priority = 910
protocol = "Tcp"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "80"
destination_address_prefix = "*"
}
security_rule {
access = "Allow"
direction = "Outbound"
name = "AnyOut"
priority = 920
protocol = "*"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "central-app-vm1-nsg-association" {
subnet_id = module.app-spoke-central.vpc.public_subnets[1].subnet_id
network_security_group_id = azurerm_network_security_group.central-app-vm1-nsg.id
}
resource "azurerm_linux_virtual_machine" "central-app-vm1" {
name = "central-app-vm1"
resource_group_name = azurerm_resource_group.central-app-vm1-rg.name
location = var.region-a
size = var.instance_size
admin_username = var.admin_username
admin_password = var.admin_password
disable_password_authentication = false
network_interface_ids = [
azurerm_network_interface.central-app-vm1-nic.id
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
provisioner "remote-exec" {
inline = [
"/usr/bin/sudo apt install nginx -y"
]
connection {
type = "ssh"
user = var.admin_username
password = var.admin_password
host = azurerm_public_ip.central-app-vm1-pip.ip_address
}
}
}
resource "azurerm_resource_group" "central-app-vm2-rg" {
name = "central-app-vm2-rg"
location = var.region-a
}
resource "azurerm_public_ip" "central-app-vm2-pip" {
name = "central-app-vm2-pip"
resource_group_name = azurerm_resource_group.central-app-vm2-rg.name
location = var.region-a
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_network_interface" "central-app-vm2-nic" {
name = "central-app-vm2-nic"
location = var.region-a
resource_group_name = azurerm_resource_group.central-app-vm2-rg.name
ip_configuration {
name = "primary"
subnet_id = module.app-spoke-central.vpc.public_subnets[2].subnet_id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.central-app-vm2-pip.id
}
}
resource "azurerm_network_security_group" "central-app-vm2-nsg" {
name = "central-app-vm2-nsg"
location = var.region-a
resource_group_name = azurerm_resource_group.central-app-vm2-rg.name
security_rule {
access = "Allow"
direction = "Inbound"
name = "ssh"
priority = 900
protocol = "Tcp"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "22"
destination_address_prefix = "*"
}
security_rule {
access = "Allow"
direction = "Inbound"
name = "http"
priority = 910
protocol = "Tcp"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "80"
destination_address_prefix = "*"
}
security_rule {
access = "Allow"
direction = "Outbound"
name = "AnyOut"
priority = 920
protocol = "*"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "central-app-vm2-nsg-association" {
subnet_id = module.app-spoke-central.vpc.public_subnets[2].subnet_id
network_security_group_id = azurerm_network_security_group.central-app-vm2-nsg.id
}
resource "azurerm_linux_virtual_machine" "central-app-vm2" {
name = "central-app-vm2"
resource_group_name = azurerm_resource_group.central-app-vm2-rg.name
location = var.region-a
size = var.instance_size
admin_username = var.admin_username
admin_password = var.admin_password
disable_password_authentication = false
network_interface_ids = [
azurerm_network_interface.central-app-vm2-nic.id
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
provisioner "remote-exec" {
inline = [
"/usr/bin/sudo apt install nginx -y"
]
connection {
type = "ssh"
user = var.admin_username
password = var.admin_password
host = azurerm_public_ip.central-app-vm2-pip.ip_address
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment