From d6cb01939426a99f03929aa5ca0b6f07123a101c Mon Sep 17 00:00:00 2001 From: cshea15 Date: Sat, 23 Sep 2023 16:05:24 -0400 Subject: [PATCH 1/9] add new files to new branch --- quickstart/201-azfw-multi-addresses/main.tf | 0 .../201-azfw-multi-addresses/outputs.tf | 18 +++++++++++++ .../201-azfw-multi-addresses/provider.tf | 21 +++++++++++++++ quickstart/201-azfw-multi-addresses/readme.tf | 0 .../201-azfw-multi-addresses/variables.tf | 27 +++++++++++++++++++ 5 files changed, 66 insertions(+) create mode 100644 quickstart/201-azfw-multi-addresses/main.tf create mode 100644 quickstart/201-azfw-multi-addresses/outputs.tf create mode 100644 quickstart/201-azfw-multi-addresses/provider.tf create mode 100644 quickstart/201-azfw-multi-addresses/readme.tf create mode 100644 quickstart/201-azfw-multi-addresses/variables.tf diff --git a/quickstart/201-azfw-multi-addresses/main.tf b/quickstart/201-azfw-multi-addresses/main.tf new file mode 100644 index 00000000..e69de29b diff --git a/quickstart/201-azfw-multi-addresses/outputs.tf b/quickstart/201-azfw-multi-addresses/outputs.tf new file mode 100644 index 00000000..81d20800 --- /dev/null +++ b/quickstart/201-azfw-multi-addresses/outputs.tf @@ -0,0 +1,18 @@ +output "resource_group_name" { + value = azurerm_resource_group.rg.name +} + +output "virtual_hub_name" { + value = azurerm_virtual_hub.azfw_vwan_hub.name +} + +output "jump_admin_password" { + sensitive = true + value = azurerm_windows_virtual_machine.vm_jump.admin_password +} + +output "service_admin_password" { + sensitive = true + value = azurerm_windows_virtual_machine.vm_workload.admin_password +} + diff --git a/quickstart/201-azfw-multi-addresses/provider.tf b/quickstart/201-azfw-multi-addresses/provider.tf new file mode 100644 index 00000000..bf50b67e --- /dev/null +++ b/quickstart/201-azfw-multi-addresses/provider.tf @@ -0,0 +1,21 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>3.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + } +} + +provider "azurerm" { + features { + virtual_machine { + delete_os_disk_on_deletion = true + skip_shutdown_and_force_delete = true + } + } +} diff --git a/quickstart/201-azfw-multi-addresses/readme.tf b/quickstart/201-azfw-multi-addresses/readme.tf new file mode 100644 index 00000000..e69de29b diff --git a/quickstart/201-azfw-multi-addresses/variables.tf b/quickstart/201-azfw-multi-addresses/variables.tf new file mode 100644 index 00000000..e76f46d9 --- /dev/null +++ b/quickstart/201-azfw-multi-addresses/variables.tf @@ -0,0 +1,27 @@ +variable "resource_group_location" { + type = string + description = "Location for all resources." + default = "eastus" +} + +variable "resource_group_name_prefix" { + type = string + description = "Prefix for the Resource Group Name that's combined with a random id so name is unique in your Azure subcription." + default = "rg" +} + +variable "firewall_sku_name" { + type = string + description = "SKU name for the firewall." + default = "Premium" # Valid values are Standard and Premium +} + +variable "virtual_machine_size" { + type = string + description = "Size of the virtual machine." + default = "Standard_D2_v3" +} + +variable "admin_username" { + default = "azureuser" +} From 5c810c97a344786249520260e42fab980a0b5854 Mon Sep 17 00:00:00 2001 From: cshea15 Date: Sun, 24 Sep 2023 12:28:21 -0400 Subject: [PATCH 2/9] update files --- .../101-azfw-with-fwpolicy/variables.tf | 2 +- quickstart/201-azfw-multi-addresses/main.tf | 228 ++++++++++++++++++ .../201-azfw-multi-addresses/outputs.tf | 14 +- .../201-azfw-multi-addresses/provider.tf | 2 +- quickstart/201-azfw-multi-addresses/readme.md | 32 +++ quickstart/201-azfw-multi-addresses/readme.tf | 0 .../201-azfw-multi-addresses/variables.tf | 14 +- 7 files changed, 273 insertions(+), 19 deletions(-) create mode 100644 quickstart/201-azfw-multi-addresses/readme.md delete mode 100644 quickstart/201-azfw-multi-addresses/readme.tf diff --git a/quickstart/101-azfw-with-fwpolicy/variables.tf b/quickstart/101-azfw-with-fwpolicy/variables.tf index eb12bf64..570f731b 100644 --- a/quickstart/101-azfw-with-fwpolicy/variables.tf +++ b/quickstart/101-azfw-with-fwpolicy/variables.tf @@ -13,7 +13,7 @@ variable "resource_group_name_prefix" { variable "firewall_sku_tier" { type = string description = "Firewall SKU." - default = "Premium" # Valid values are Standard and Premium + default = "Standard" # Valid values are Standard and Premium validation { condition = contains(["Standard", "Premium"], var.firewall_sku_tier) error_message = "The sku must be one of the following: Standard, Premium" diff --git a/quickstart/201-azfw-multi-addresses/main.tf b/quickstart/201-azfw-multi-addresses/main.tf index e69de29b..8cd1d9a6 100644 --- a/quickstart/201-azfw-multi-addresses/main.tf +++ b/quickstart/201-azfw-multi-addresses/main.tf @@ -0,0 +1,228 @@ +resource "random_pet" "rg_name" { + prefix = var.resource_group_name_prefix +} + +resource "random_password" "password" { + length = 20 + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 + special = true +} + +resource "azurerm_resource_group" "rg" { + name = random_pet.rg_name.id + location = var.resource_group_location +} +resource "azurerm_public_ip_prefix" "pip_prefix" { + count = 2 + name = "pip-prefix-${count.index + 1}" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + sku = "Standard" + prefix_length = 31 +} + +resource "azurerm_public_ip" "pip_azfw" { + count = 2 + name = "pip-azfw-${count.index + 1}" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + sku = "Standard" + allocation_method = "Static" + public_ip_prefix_id = azurerm_public_ip_prefix.pip_prefix[count.index].id +} + +resource "azurerm_virtual_network" "azfw_vnet" { + name = "azfw-vnet" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + address_space = ["10.10.0.0/16"] +} + +resource "azurerm_subnet" "azfw_subnet" { + name = "AzureFirewallSubnet" + resource_group_name = azurerm_resource_group.rg.name + virtual_network_name = azurerm_virtual_network.azfw_vnet.name + address_prefixes = ["10.10.0.0/26"] +} + +resource "azurerm_subnet" "backend_subnet" { + name = "subnet-backend" + resource_group_name = azurerm_resource_group.rg.name + virtual_network_name = azurerm_virtual_network.azfw_vnet.name + address_prefixes = ["10.10.1.0/24"] +} + +resource "azurerm_network_interface" "backend_nic" { + count = 2 + name = "nic-backend-${count.index + 1}" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + + ip_configuration { + name = "ipconfig-backend-${count.index + 1}" + subnet_id = azurerm_subnet.backend_subnet.id + private_ip_address_allocation = "Dynamic" + } +} + +resource "azurerm_network_security_group" "backend_nsg" { + name = "nsg-backend" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + security_rule { + name = "RDP" + priority = 300 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "3389" + source_address_prefix = "*" + destination_address_prefix = "*" + } +} + +resource "azurerm_network_interface_security_group_association" "vm_backend_nsg_association" { + count = 2 + network_interface_id = azurerm_network_interface.backend_nic[count.index].id + network_security_group_id = azurerm_network_security_group.backend_nsg.id +} + +resource "azurerm_windows_virtual_machine" "vm_backend" { + count = 2 + name = "vm-backend-${count.index + 1}" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + size = var.virtual_machine_size + admin_username = var.admin_username + admin_password = random_password.password.result + network_interface_ids = [azurerm_network_interface.backend_nic[count.index].id] + os_disk { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + source_image_reference { + publisher = "MicrosoftWindowsServer" + offer = "WindowsServer" + sku = "2019-Datacenter" + version = "latest" + } +} + +resource "azurerm_firewall_policy" "azfw_policy" { + name = "azfw-policy" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + sku = var.firewall_sku_tier + threat_intelligence_mode = "Alert" +} + +resource "azurerm_firewall_policy_rule_collection_group" "policy_rule_collection_group" { + name = "RuleCollectionGroup" + firewall_policy_id = azurerm_firewall_policy.azfw_policy.id + priority = 300 + application_rule_collection { + name = "web" + priority = 100 + action = "Allow" + rule { + name = "wan-address" + protocols { + type = "Http" + port = 80 + } + protocols { + type = "Https" + port = 443 + } + destination_fqdns = ["getmywanip.com"] + source_addresses = ["*"] + } + rule { + name = "google" + protocols { + type = "Http" + port = 80 + } + protocols { + type = "Https" + port = 443 + } + destination_fqdns = ["www.google.com"] + source_addresses = ["10.10.1.0/24"] + } + rule { + name = "wupdate" + protocols { + type = "Http" + port = 80 + } + protocols { + type = "Https" + port = 443 + } + destination_fqdn_tags = ["WindowsUpdate"] + source_addresses = ["*"] + } + } + nat_rule_collection { + name = "Coll-01" + action = "Dnat" + priority = 200 + rule { + name = "rdp-01" + protocols = ["TCP"] + translated_address = "10.10.1.4" + translated_port = "3389" + source_addresses = ["*"] + destination_address = azurerm_public_ip.pip_azfw[count.index].ip_address + destination_ports = ["3389"] + } + rule { + name = "rdp-02" + protocols = ["TCP"] + translated_address = "10.10.1.5" + translated_port = "3389" + source_addresses = ["*"] + destination_address = azurerm_public_ip.pip_azfw[count.index].ip_address + destination_ports = ["3389"] + } + } +} + +resource "azurerm_firewall" "fw" { + name = "azfw" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + sku_name = "AZFW_VNet" + sku_tier = var.firewall_sku_tier + ip_configuration { + count = 2 + name = "azfw-ipconfig-${count.index + 1}" + subnet_id = azurerm_subnet.azfw_subnet.id + public_ip_address_id = azurerm_public_ip.pip_azfw[count.index].id + } + firewall_policy_id = azurerm_firewall_policy.azfw_policy.id +} + +resource "azurerm_route_table" "rt" { + name = "rt-azfw-eus" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + disable_bgp_route_propagation = false + route { + name = "azfw" + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "10.10.0.4" + } +} + +resource "azurerm_subnet_route_table_association" "jump_subnet_rt_association" { + subnet_id = azurerm_subnet.backend_subnet.id + route_table_id = azurerm_route_table.rt.id +} + diff --git a/quickstart/201-azfw-multi-addresses/outputs.tf b/quickstart/201-azfw-multi-addresses/outputs.tf index 81d20800..2deac2a3 100644 --- a/quickstart/201-azfw-multi-addresses/outputs.tf +++ b/quickstart/201-azfw-multi-addresses/outputs.tf @@ -1,18 +1,8 @@ output "resource_group_name" { value = azurerm_resource_group.rg.name } - -output "virtual_hub_name" { - value = azurerm_virtual_hub.azfw_vwan_hub.name -} - -output "jump_admin_password" { +output "backend_admin_password" { sensitive = true - value = azurerm_windows_virtual_machine.vm_jump.admin_password -} - -output "service_admin_password" { - sensitive = true - value = azurerm_windows_virtual_machine.vm_workload.admin_password + value = azurerm_windows_virtual_machine.vm_backend.admin_password } diff --git a/quickstart/201-azfw-multi-addresses/provider.tf b/quickstart/201-azfw-multi-addresses/provider.tf index bf50b67e..72b9204f 100644 --- a/quickstart/201-azfw-multi-addresses/provider.tf +++ b/quickstart/201-azfw-multi-addresses/provider.tf @@ -14,7 +14,7 @@ terraform { provider "azurerm" { features { virtual_machine { - delete_os_disk_on_deletion = true + delete_os_disk_on_deletion = true skip_shutdown_and_force_delete = true } } diff --git a/quickstart/201-azfw-multi-addresses/readme.md b/quickstart/201-azfw-multi-addresses/readme.md new file mode 100644 index 00000000..f601bd81 --- /dev/null +++ b/quickstart/201-azfw-multi-addresses/readme.md @@ -0,0 +1,32 @@ +# Deploy Azure Firewall with multiple public IP addresses + +This template deploys an [Azure Firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) with [Public IP Prefixes] + +## Terraform resource types + +- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) +- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) +- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) +- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) +- [azurerm_public_ip_prefix](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip_prefix) +- [azurerm_firewall_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy) +- [azurerm_firewall_policy_rule_collection_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group) +- [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) +- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) +- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) +- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association +- [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) +- [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) +- [azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) +- [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) +- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) + +## Variables + +| Name | Description | Default value | +|-|-|-| +| `resource_group_location` | location for your resources | eastus | +| `firewall_sku_tier` | Sku size for your Firewall and Firewall Policy | Standard | +| `resource_group_name_prefix` | Prefix for your resource group | rg | +| `virtual_machine_size` | Sku size for your jump and workload vms | Standard_D2_v3 | +| `admin_username` | admin username for the jump and workload vms | azureuser | \ No newline at end of file diff --git a/quickstart/201-azfw-multi-addresses/readme.tf b/quickstart/201-azfw-multi-addresses/readme.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/quickstart/201-azfw-multi-addresses/variables.tf b/quickstart/201-azfw-multi-addresses/variables.tf index e76f46d9..5abb6c49 100644 --- a/quickstart/201-azfw-multi-addresses/variables.tf +++ b/quickstart/201-azfw-multi-addresses/variables.tf @@ -5,15 +5,19 @@ variable "resource_group_location" { } variable "resource_group_name_prefix" { - type = string - description = "Prefix for the Resource Group Name that's combined with a random id so name is unique in your Azure subcription." - default = "rg" + type = string + description = "Prefix for the Resource Group Name that's combined with a random id so name is unique in your Azure subcription." + default = "rg" } -variable "firewall_sku_name" { +variable "firewall_sku_tier" { type = string - description = "SKU name for the firewall." + description = "Firewall SKU." default = "Premium" # Valid values are Standard and Premium + validation { + condition = contains(["Standard", "Premium"], var.firewall_sku_tier) + error_message = "The sku must be one of the following: Standard, Premium" + } } variable "virtual_machine_size" { From ec8fa91e0512da04c44c258e94f74b2537499898 Mon Sep 17 00:00:00 2001 From: cshea15 Date: Mon, 25 Sep 2023 16:18:40 -0400 Subject: [PATCH 3/9] update files --- quickstart/201-azfw-multi-addresses/main.tf | 25 +++++++++---------- .../201-azfw-multi-addresses/outputs.tf | 2 +- quickstart/201-azfw-multi-addresses/readme.md | 2 +- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/quickstart/201-azfw-multi-addresses/main.tf b/quickstart/201-azfw-multi-addresses/main.tf index 8cd1d9a6..c6fa8f48 100644 --- a/quickstart/201-azfw-multi-addresses/main.tf +++ b/quickstart/201-azfw-multi-addresses/main.tf @@ -3,6 +3,7 @@ resource "random_pet" "rg_name" { } resource "random_password" "password" { + count = 2 length = 20 min_lower = 1 min_upper = 1 @@ -15,9 +16,9 @@ resource "azurerm_resource_group" "rg" { name = random_pet.rg_name.id location = var.resource_group_location } + resource "azurerm_public_ip_prefix" "pip_prefix" { - count = 2 - name = "pip-prefix-${count.index + 1}" + name = "pip-prefix" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name sku = "Standard" @@ -25,13 +26,12 @@ resource "azurerm_public_ip_prefix" "pip_prefix" { } resource "azurerm_public_ip" "pip_azfw" { - count = 2 - name = "pip-azfw-${count.index + 1}" + name = "pip-azfw" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name sku = "Standard" allocation_method = "Static" - public_ip_prefix_id = azurerm_public_ip_prefix.pip_prefix[count.index].id + public_ip_prefix_id = azurerm_public_ip_prefix.pip_prefix.id } resource "azurerm_virtual_network" "azfw_vnet" { @@ -56,7 +56,7 @@ resource "azurerm_subnet" "backend_subnet" { } resource "azurerm_network_interface" "backend_nic" { - count = 2 + count = 2 name = "nic-backend-${count.index + 1}" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name @@ -86,7 +86,7 @@ resource "azurerm_network_security_group" "backend_nsg" { } resource "azurerm_network_interface_security_group_association" "vm_backend_nsg_association" { - count = 2 + count = 2 network_interface_id = azurerm_network_interface.backend_nic[count.index].id network_security_group_id = azurerm_network_security_group.backend_nsg.id } @@ -98,7 +98,7 @@ resource "azurerm_windows_virtual_machine" "vm_backend" { location = azurerm_resource_group.rg.location size = var.virtual_machine_size admin_username = var.admin_username - admin_password = random_password.password.result + admin_password = random_password.password[count.index].result network_interface_ids = [azurerm_network_interface.backend_nic[count.index].id] os_disk { caching = "ReadWrite" @@ -178,7 +178,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "policy_rule_collection translated_address = "10.10.1.4" translated_port = "3389" source_addresses = ["*"] - destination_address = azurerm_public_ip.pip_azfw[count.index].ip_address + destination_address = azurerm_public_ip.pip_azfw.ip_address destination_ports = ["3389"] } rule { @@ -187,7 +187,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "policy_rule_collection translated_address = "10.10.1.5" translated_port = "3389" source_addresses = ["*"] - destination_address = azurerm_public_ip.pip_azfw[count.index].ip_address + destination_address = azurerm_public_ip.pip_azfw.ip_address destination_ports = ["3389"] } } @@ -200,10 +200,9 @@ resource "azurerm_firewall" "fw" { sku_name = "AZFW_VNet" sku_tier = var.firewall_sku_tier ip_configuration { - count = 2 - name = "azfw-ipconfig-${count.index + 1}" + name = "azfw-ipconfig" subnet_id = azurerm_subnet.azfw_subnet.id - public_ip_address_id = azurerm_public_ip.pip_azfw[count.index].id + public_ip_address_id = azurerm_public_ip.pip_azfw.id } firewall_policy_id = azurerm_firewall_policy.azfw_policy.id } diff --git a/quickstart/201-azfw-multi-addresses/outputs.tf b/quickstart/201-azfw-multi-addresses/outputs.tf index 2deac2a3..f00ff985 100644 --- a/quickstart/201-azfw-multi-addresses/outputs.tf +++ b/quickstart/201-azfw-multi-addresses/outputs.tf @@ -3,6 +3,6 @@ output "resource_group_name" { } output "backend_admin_password" { sensitive = true - value = azurerm_windows_virtual_machine.vm_backend.admin_password + value = azurerm_windows_virtual_machine.vm_backend.*.admin_password } diff --git a/quickstart/201-azfw-multi-addresses/readme.md b/quickstart/201-azfw-multi-addresses/readme.md index f601bd81..76afbb7f 100644 --- a/quickstart/201-azfw-multi-addresses/readme.md +++ b/quickstart/201-azfw-multi-addresses/readme.md @@ -1,6 +1,6 @@ # Deploy Azure Firewall with multiple public IP addresses -This template deploys an [Azure Firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) with [Public IP Prefixes] +This template deploys an [Azure Firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) with multiple [Public IP Address](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines.\ ## Terraform resource types From 00d4ef3f0ce2d3e85d2670b6d50ab5bb4e2626ca Mon Sep 17 00:00:00 2001 From: cshea15 Date: Mon, 2 Oct 2023 20:37:33 -0400 Subject: [PATCH 4/9] update files from comments --- quickstart/201-azfw-multi-addresses/readme.md | 10 +++++----- quickstart/201-azfw-multi-addresses/variables.tf | 2 ++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/quickstart/201-azfw-multi-addresses/readme.md b/quickstart/201-azfw-multi-addresses/readme.md index 76afbb7f..c909c77a 100644 --- a/quickstart/201-azfw-multi-addresses/readme.md +++ b/quickstart/201-azfw-multi-addresses/readme.md @@ -25,8 +25,8 @@ This template deploys an [Azure Firewall](https://registry.terraform.io/provider | Name | Description | Default value | |-|-|-| -| `resource_group_location` | location for your resources | eastus | -| `firewall_sku_tier` | Sku size for your Firewall and Firewall Policy | Standard | -| `resource_group_name_prefix` | Prefix for your resource group | rg | -| `virtual_machine_size` | Sku size for your jump and workload vms | Standard_D2_v3 | -| `admin_username` | admin username for the jump and workload vms | azureuser | \ No newline at end of file +| `resource_group_location` | The location of the resource group | eastus | +| `firewall_sku_tier` | The sku size for your Firewall and Firewall Policy | Possible values: Standard, Premium | +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so that name is unique in your Azure subscription | rg | +| `virtual_machine_size` | The sku size for your jump and workload VMs | Standard_D2_v3 | +| `admin_username` | THe admin username for the jump and workload VMs | azureuser | \ No newline at end of file diff --git a/quickstart/201-azfw-multi-addresses/variables.tf b/quickstart/201-azfw-multi-addresses/variables.tf index 5abb6c49..d48ebf42 100644 --- a/quickstart/201-azfw-multi-addresses/variables.tf +++ b/quickstart/201-azfw-multi-addresses/variables.tf @@ -27,5 +27,7 @@ variable "virtual_machine_size" { } variable "admin_username" { + type = string + description = "value of the admin username." default = "azureuser" } From 44857345c7f860f7e4524b608c45acca777bb745 Mon Sep 17 00:00:00 2001 From: cshea15 Date: Mon, 2 Oct 2023 21:32:54 -0400 Subject: [PATCH 5/9] update changes to files --- quickstart/201-azfw-multi-addresses/main.tf | 15 ++++++++++++++- quickstart/201-azfw-multi-addresses/variables.tf | 4 ++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/quickstart/201-azfw-multi-addresses/main.tf b/quickstart/201-azfw-multi-addresses/main.tf index c6fa8f48..8d252f1a 100644 --- a/quickstart/201-azfw-multi-addresses/main.tf +++ b/quickstart/201-azfw-multi-addresses/main.tf @@ -3,7 +3,7 @@ resource "random_pet" "rg_name" { } resource "random_password" "password" { - count = 2 + count = 2 length = 20 min_lower = 1 min_upper = 1 @@ -34,6 +34,15 @@ resource "azurerm_public_ip" "pip_azfw" { public_ip_prefix_id = azurerm_public_ip_prefix.pip_prefix.id } +resource "azurerm_public_ip" "pip_azfw_2" { + name = "pip-azfw-1" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + sku = "Standard" + allocation_method = "Static" + public_ip_prefix_id = azurerm_public_ip_prefix.pip_prefix.id +} + resource "azurerm_virtual_network" "azfw_vnet" { name = "azfw-vnet" location = azurerm_resource_group.rg.location @@ -204,6 +213,10 @@ resource "azurerm_firewall" "fw" { subnet_id = azurerm_subnet.azfw_subnet.id public_ip_address_id = azurerm_public_ip.pip_azfw.id } + ip_configuration { + name = "azfw-ipconfig-2" + public_ip_address_id = azurerm_public_ip.pip_azfw_2.id + } firewall_policy_id = azurerm_firewall_policy.azfw_policy.id } diff --git a/quickstart/201-azfw-multi-addresses/variables.tf b/quickstart/201-azfw-multi-addresses/variables.tf index d48ebf42..f3308100 100644 --- a/quickstart/201-azfw-multi-addresses/variables.tf +++ b/quickstart/201-azfw-multi-addresses/variables.tf @@ -27,7 +27,7 @@ variable "virtual_machine_size" { } variable "admin_username" { - type = string + type = string description = "value of the admin username." - default = "azureuser" + default = "azureuser" } From 477932520dea57cf0246ef2d0119826c99a6fd26 Mon Sep 17 00:00:00 2001 From: cshea15 Date: Tue, 3 Oct 2023 17:10:50 -0400 Subject: [PATCH 6/9] updating readme --- quickstart/201-azfw-multi-addresses/readme.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/quickstart/201-azfw-multi-addresses/readme.md b/quickstart/201-azfw-multi-addresses/readme.md index c909c77a..8575980c 100644 --- a/quickstart/201-azfw-multi-addresses/readme.md +++ b/quickstart/201-azfw-multi-addresses/readme.md @@ -25,8 +25,8 @@ This template deploys an [Azure Firewall](https://registry.terraform.io/provider | Name | Description | Default value | |-|-|-| -| `resource_group_location` | The location of the resource group | eastus | -| `firewall_sku_tier` | The sku size for your Firewall and Firewall Policy | Possible values: Standard, Premium | -| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so that name is unique in your Azure subscription | rg | -| `virtual_machine_size` | The sku size for your jump and workload VMs | Standard_D2_v3 | -| `admin_username` | THe admin username for the jump and workload VMs | azureuser | \ No newline at end of file +| `resource_group_location` | Location of the resource group | eastus | +| `firewall_sku_tier` | SKU size for your Firewall and Firewall Policy. Possible values: Standard, Premium | Premium | +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so that name is unique in your Azure subscription. | rg | +| `virtual_machine_size` | SKU size for your jump and workload VMs | Standard_D2_v3 | +| `admin_username` | THe admin username for the jump and workload VMs | azureuser | \ No newline at end of file From 6d957e8a997111ab31a11ba28dfe051b703e6294 Mon Sep 17 00:00:00 2001 From: cshea15 Date: Wed, 4 Oct 2023 15:02:11 -0400 Subject: [PATCH 7/9] updating providers.tf --- quickstart/201-azfw-multi-addresses/{provider.tf => providers.tf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename quickstart/201-azfw-multi-addresses/{provider.tf => providers.tf} (100%) diff --git a/quickstart/201-azfw-multi-addresses/provider.tf b/quickstart/201-azfw-multi-addresses/providers.tf similarity index 100% rename from quickstart/201-azfw-multi-addresses/provider.tf rename to quickstart/201-azfw-multi-addresses/providers.tf From f4a6a235e2c6518449447e0059902a3834fd99aa Mon Sep 17 00:00:00 2001 From: cshea15 Date: Thu, 5 Oct 2023 14:04:10 -0400 Subject: [PATCH 8/9] update file with changes --- quickstart/101-azfw-with-fwpolicy/variables.tf | 2 +- quickstart/201-azfw-multi-addresses/outputs.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/101-azfw-with-fwpolicy/variables.tf b/quickstart/101-azfw-with-fwpolicy/variables.tf index 570f731b..eb12bf64 100644 --- a/quickstart/101-azfw-with-fwpolicy/variables.tf +++ b/quickstart/101-azfw-with-fwpolicy/variables.tf @@ -13,7 +13,7 @@ variable "resource_group_name_prefix" { variable "firewall_sku_tier" { type = string description = "Firewall SKU." - default = "Standard" # Valid values are Standard and Premium + default = "Premium" # Valid values are Standard and Premium validation { condition = contains(["Standard", "Premium"], var.firewall_sku_tier) error_message = "The sku must be one of the following: Standard, Premium" diff --git a/quickstart/201-azfw-multi-addresses/outputs.tf b/quickstart/201-azfw-multi-addresses/outputs.tf index f00ff985..7a255dcb 100644 --- a/quickstart/201-azfw-multi-addresses/outputs.tf +++ b/quickstart/201-azfw-multi-addresses/outputs.tf @@ -3,6 +3,6 @@ output "resource_group_name" { } output "backend_admin_password" { sensitive = true - value = azurerm_windows_virtual_machine.vm_backend.*.admin_password + value = azurerm_windows_virtual_machine.vm_backend[*].admin_password } From 67de62401526292d7e1dafe8fe34ee3a5a5c52a8 Mon Sep 17 00:00:00 2001 From: cshea15 Date: Thu, 5 Oct 2023 15:33:57 -0400 Subject: [PATCH 9/9] fixed minor issues --- quickstart/201-azfw-multi-addresses/readme.md | 4 ++-- quickstart/201-azfw-multi-addresses/variables.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/quickstart/201-azfw-multi-addresses/readme.md b/quickstart/201-azfw-multi-addresses/readme.md index 8575980c..c9364f50 100644 --- a/quickstart/201-azfw-multi-addresses/readme.md +++ b/quickstart/201-azfw-multi-addresses/readme.md @@ -1,6 +1,6 @@ # Deploy Azure Firewall with multiple public IP addresses -This template deploys an [Azure Firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) with multiple [Public IP Address](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines.\ +This template deploys an [Azure Firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) with multiple [Public IP Address](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines. ## Terraform resource types @@ -27,6 +27,6 @@ This template deploys an [Azure Firewall](https://registry.terraform.io/provider |-|-|-| | `resource_group_location` | Location of the resource group | eastus | | `firewall_sku_tier` | SKU size for your Firewall and Firewall Policy. Possible values: Standard, Premium | Premium | -| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so that name is unique in your Azure subscription. | rg | +| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so that name is unique in your Azure subscription. | rg | | `virtual_machine_size` | SKU size for your jump and workload VMs | Standard_D2_v3 | | `admin_username` | THe admin username for the jump and workload VMs | azureuser | \ No newline at end of file diff --git a/quickstart/201-azfw-multi-addresses/variables.tf b/quickstart/201-azfw-multi-addresses/variables.tf index f3308100..c3af42e4 100644 --- a/quickstart/201-azfw-multi-addresses/variables.tf +++ b/quickstart/201-azfw-multi-addresses/variables.tf @@ -16,7 +16,7 @@ variable "firewall_sku_tier" { default = "Premium" # Valid values are Standard and Premium validation { condition = contains(["Standard", "Premium"], var.firewall_sku_tier) - error_message = "The sku must be one of the following: Standard, Premium" + error_message = "The SKU must be one of the following: Standard, Premium" } } @@ -28,6 +28,6 @@ variable "virtual_machine_size" { variable "admin_username" { type = string - description = "value of the admin username." + description = "Value of the admin username." default = "azureuser" }