Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

random string for fw diagnostics + missing FW rule

Browse Source
This commit is contained in:
Dylan Reed
2021-10-25 19:10:15 -04:00
parent 2b9b074b9c
commit a1d13658a3
1 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf
View File

@@ -1,4 +1,10 @@
# Generate random string for unique firewall diagnostic name
resource "random_string" "fw_diag_prefix" {
length = 8
upper = false
special = false
number = false
}
resource "azurerm_ip_group" "ip_group_hub" { resource "azurerm_ip_group" "ip_group_hub" {
name = "hub-ipgroup" name = "hub-ipgroup"
location = azurerm_resource_group.hub_rg.location location = azurerm_resource_group.hub_rg.location
@@ -61,7 +67,7 @@ resource "azurerm_firewall" "azure_firewall_instance" {
} }
resource "azurerm_monitor_diagnostic_setting" "azure_firewall_instance" { resource "azurerm_monitor_diagnostic_setting" "azure_firewall_instance" {
name = "diagnostics-${var.name}-${var.environment}" name = "diagnostics-${var.name}-${var.environment}-${random_string.fw_diag_prefix.result}"
target_resource_id = azurerm_firewall.azure_firewall_instance.id target_resource_id = azurerm_firewall.azure_firewall_instance.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id
@@ -168,6 +174,20 @@ application_rule_collection {
destination_fqdns = ["github.com"] destination_fqdns = ["github.com"]
} }
rule {
name = "raw.githubusercontent.com"
protocols {
type = "Https"
port = 443
}
protocols {
type = "Http"
port = 80
}
source_ip_groups = [azurerm_ip_group.ip_group_spoke.id]
destination_fqdns = ["raw.githubusercontent.com"]
}
rule { rule {
name = "microsoft-metrics-rules" name = "microsoft-metrics-rules"
protocols { protocols {