adding AML 301

2021-10-06 14:10:15 -04:00
parent 2f2199f204
commit 32a9580ffb
11 changed files with 952 additions and 0 deletions
--- a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf
+++ b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf
@ -0,0 +1,80 @@
+resource "azurerm_public_ip" "azure_firewall" {
+    name                        = "pip-azfw"
+    location                    = azurerm_resource_group.default.location
+    resource_group_name         = azurerm_resource_group.hub_rg.name
+    allocation_method           = "Static"
+    sku                         = "Standard"
+}
+
+resource "azurerm_firewall_policy" "base_policy" {
+  name                = "afwp-base-01"
+  resource_group_name = azurerm_resource_group.hub_rg.name
+  location            = azurerm_resource_group.default.location
+  dns {
+    proxy_enabled = true
+  }
+  depends_on = [
+    azurerm_virtual_network_peering.direction1,
+    azurerm_virtual_network_peering.direction2
+  ]
+}
+resource "azurerm_firewall" "azure_firewall_instance" { 
+    name                        = "afw-${var.name}-${var.environment}"
+    location                    = azurerm_resource_group.default.location
+    resource_group_name         = azurerm_resource_group.hub_rg.name
+    firewall_policy_id          = azurerm_firewall_policy.base_policy.id   
+
+    ip_configuration {
+        name                    = "configuration"
+        subnet_id               = azurerm_subnet.azure_firewall.id 
+        public_ip_address_id    = azurerm_public_ip.azure_firewall.id
+    }
+
+    timeouts {
+      create = "60m"
+      delete = "2h"
+  }
+  depends_on = [ azurerm_public_ip.azure_firewall,
+  azurerm_firewall_policy.base_policy]
+}
+
+resource "azurerm_monitor_diagnostic_setting" "azure_firewall_instance" {
+  name                        = "diagnostics"
+  target_resource_id          = azurerm_firewall.azure_firewall_instance.id
+  log_analytics_workspace_id  = azurerm_log_analytics_workspace.default.id
+
+  log {
+    category = "AzureFirewallApplicationRule"
+    enabled  = true
+
+    retention_policy {
+      enabled = false
+    }
+  }
+  log {
+    category = "AzureFirewallNetworkRule"
+    enabled  = true
+
+    retention_policy {
+      enabled = false
+    }
+  }
+  log {
+    category = "AzureFirewallDnsProxy"
+    enabled  = true
+
+    retention_policy {
+      enabled = false
+    }
+  }
+  
+
+  metric {
+    category = "AllMetrics"
+
+    retention_policy {
+      enabled = false
+    }
+  }
+
+}