Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

terraform fmt

Browse Source
This commit is contained in:
ryhud 2021-11-12 16:33:12 -05:00
parent 91b12bb8b9
commit 057a0330ca
4 changed files with 142 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

218
quickstart/201-machine-learning-moderately-secure/bastion.tf
View File

@ -1,125 +1,125 @@
resource "azurerm_public_ip" "azure_bastion" { resource "azurerm_public_ip" "azure_bastion" {
name = "pip-azure-bastion" name = "pip-azure-bastion"
location = azurerm_resource_group.default.location location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
allocation_method = "Static" allocation_method = "Static"
sku = "Standard" sku = "Standard"
} }
resource "azurerm_network_security_group" "bastion_nsg" { resource "azurerm_network_security_group" "bastion_nsg" {
name = "nsg-bastion" name = "nsg-bastion"
location = azurerm_resource_group.default.location location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
security_rule { security_rule {
name = "AllowHTTPSInbound" name = "AllowHTTPSInbound"
priority = 100 priority = 100
direction = "Inbound" direction = "Inbound"
access = "Allow" access = "Allow"
protocol = "Tcp" protocol = "Tcp"
source_port_range = "*" source_port_range = "*"
destination_port_range = "443" destination_port_range = "443"
source_address_prefix = "Internet" source_address_prefix = "Internet"
destination_address_prefix = "*" destination_address_prefix = "*"
}
security_rule {
name = "AllowGatewayManagerInbound"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "GatewayManager"
destination_address_prefix = "*"
}
security_rule {
name = "AllowAzureLBInbound"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureLoadBalancer"
destination_address_prefix = "*"
}
security_rule {
name = "AllowBastionHostCommunication"
priority = 400
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_ranges = ["5701","8080"]
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
}
security_rule {
name = "AllowRdpSshOutbound"
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["22", "3389"]
source_address_prefix = "*"
destination_address_prefix = "VirtualNetwork"
}
security_rule {
name = "AllowBastionHostCommunicationOutbound"
priority = 110
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["5701", "8080"]
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
} }
security_rule { security_rule {
name = "AllowAzureCloudOutbound" name = "AllowGatewayManagerInbound"
priority = 120 priority = 200
direction = "Outbound" direction = "Inbound"
access = "Allow" access = "Allow"
protocol = "Tcp" protocol = "Tcp"
source_port_range = "*" source_port_range = "*"
destination_port_ranges = ["443"] destination_port_range = "443"
source_address_prefix = "*" source_address_prefix = "GatewayManager"
destination_address_prefix = "AzureCloud" destination_address_prefix = "*"
} }
security_rule { security_rule {
name = "AllowGetSessionInformation" name = "AllowAzureLBInbound"
priority = 130 priority = 300
direction = "Outbound" direction = "Inbound"
access = "Allow" access = "Allow"
protocol = "Tcp" protocol = "Tcp"
source_port_range = "*" source_port_range = "*"
destination_port_ranges = ["80"] destination_port_range = "443"
source_address_prefix = "*" source_address_prefix = "AzureLoadBalancer"
destination_address_prefix = "Internet" destination_address_prefix = "*"
} }
security_rule {
name = "AllowBastionHostCommunication"
priority = 400
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_ranges = ["5701", "8080"]
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
}
security_rule {
name = "AllowRdpSshOutbound"
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["22", "3389"]
source_address_prefix = "*"
destination_address_prefix = "VirtualNetwork"
}
security_rule {
name = "AllowBastionHostCommunicationOutbound"
priority = 110
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["5701", "8080"]
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
}
security_rule {
name = "AllowAzureCloudOutbound"
priority = 120
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["443"]
source_address_prefix = "*"
destination_address_prefix = "AzureCloud"
}
security_rule {
name = "AllowGetSessionInformation"
priority = 130
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["80"]
source_address_prefix = "*"
destination_address_prefix = "Internet"
}
} }
resource "azurerm_subnet_network_security_group_association" "bastion_nsg_assoc" { resource "azurerm_subnet_network_security_group_association" "bastion_nsg_assoc" {
subnet_id = azurerm_subnet.azure_bastion.id subnet_id = azurerm_subnet.azure_bastion.id
network_security_group_id = azurerm_network_security_group.bastion_nsg.id network_security_group_id = azurerm_network_security_group.bastion_nsg.id
depends_on = [ depends_on = [
azurerm_bastion_host.azure_bastion_instance azurerm_bastion_host.azure_bastion_instance
] ]
} }
resource "azurerm_bastion_host" "azure_bastion_instance" { resource "azurerm_bastion_host" "azure_bastion_instance" {
name = "bas-${var.name}-${var.environment}" name = "bas-${var.name}-${var.environment}"
location = azurerm_resource_group.default.location location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
ip_configuration { ip_configuration {
name = "configuration" name = "configuration"
subnet_id = azurerm_subnet.azure_bastion.id subnet_id = azurerm_subnet.azure_bastion.id
public_ip_address_id = azurerm_public_ip.azure_bastion.id public_ip_address_id = azurerm_public_ip.azure_bastion.id
} }
} }

56
quickstart/201-machine-learning-moderately-secure/dsvm.tf
View File

@ -1,48 +1,48 @@
resource "azurerm_network_interface" "dsvm" { resource "azurerm_network_interface" "dsvm" {
name = "nic-${var.dsvm_name}" name = "nic-${var.dsvm_name}"
location = azurerm_resource_group.default.location location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
ip_configuration { ip_configuration {
name = "configuration" name = "configuration"
subnet_id = azurerm_subnet.snet-dsvm.id subnet_id = azurerm_subnet.snet-dsvm.id
private_ip_address_allocation = "Dynamic" private_ip_address_allocation = "Dynamic"
} }
} }
resource "azurerm_windows_virtual_machine" "dsvm" { resource "azurerm_windows_virtual_machine" "dsvm" {
name = var.dsvm_name name = var.dsvm_name
location = azurerm_resource_group.default.location location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
network_interface_ids = [ network_interface_ids = [
azurerm_network_interface.dsvm.id azurerm_network_interface.dsvm.id
] ]
size = "Standard_DS3_v2" size = "Standard_DS3_v2"
source_image_reference { source_image_reference {
publisher = "microsoft-dsvm" publisher = "microsoft-dsvm"
offer = "dsvm-win-2019" offer = "dsvm-win-2019"
sku = "server-2019" sku = "server-2019"
version = "latest" version = "latest"
} }
os_disk { os_disk {
name = "osdisk-${var.dsvm_name}" name = "osdisk-${var.dsvm_name}"
caching = "ReadWrite" caching = "ReadWrite"
storage_account_type = "Premium_LRS" storage_account_type = "Premium_LRS"
} }
identity { identity {
type = "SystemAssigned" type = "SystemAssigned"
} }
computer_name = var.dsvm_name computer_name = var.dsvm_name
admin_username = var.dsvm_admin_username admin_username = var.dsvm_admin_username
admin_password = var.dsvm_host_password admin_password = var.dsvm_host_password
provision_vm_agent = true provision_vm_agent = true
timeouts { timeouts {
create = "60m" create = "60m"
delete = "2h" delete = "2h"
} }
} }

8
quickstart/201-machine-learning-moderately-secure/network.tf
View File

@ -39,10 +39,10 @@ resource "azurerm_subnet" "snet-dsvm" {
} }
resource "azurerm_subnet" "azure_bastion" { resource "azurerm_subnet" "azure_bastion" {
name = "AzureBastionSubnet" name = "AzureBastionSubnet"
resource_group_name = azurerm_resource_group.default.name resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = var.bastion_subnet_address_space address_prefixes = var.bastion_subnet_address_space
} }
# Private DNS Zones # Private DNS Zones

2
quickstart/201-machine-learning-moderately-secure/workspace.tf
View File

@ -63,7 +63,7 @@ resource "azurerm_machine_learning_workspace" "default" {
# Args of use when using an Azure Private Link configuration # Args of use when using an Azure Private Link configuration
public_network_access_enabled = false public_network_access_enabled = false
image_build_compute_name = var.image_build_compute_name image_build_compute_name = var.image_build_compute_name
depends_on = [ depends_on = [
azurerm_private_endpoint.kv_ple, azurerm_private_endpoint.kv_ple,
azurerm_private_endpoint.st_ple_blob, azurerm_private_endpoint.st_ple_blob,
azurerm_private_endpoint.storage_ple_file, azurerm_private_endpoint.storage_ple_file,