diff --git a/quickstart/101-machine-learning/main.tf b/quickstart/101-machine-learning/main.tf index b7d6655b..e7dc0655 100644 --- a/quickstart/101-machine-learning/main.tf +++ b/quickstart/101-machine-learning/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">=0.15.0" + required_version = ">=1.0" required_providers { azurerm = { diff --git a/quickstart/201-machine-learning-moderately-secure/main.tf b/quickstart/201-machine-learning-moderately-secure/main.tf index b5e0c3a8..21befa79 100644 --- a/quickstart/201-machine-learning-moderately-secure/main.tf +++ b/quickstart/201-machine-learning-moderately-secure/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">=0.15.0" + required_version = ">=1.0" required_providers { azurerm = { diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf index b5e0c3a8..21befa79 100644 --- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">=0.15.0" + required_version = ">=1.0" required_providers { azurerm = { diff --git a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf index 4c83703d..6293ab1c 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/azure-firewall.tf @@ -27,11 +27,11 @@ resource "azurerm_ip_group" "ip_group_dsvm_subnet" { } resource "azurerm_public_ip" "azure_firewall" { - name = "pip-azfw" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.hub_rg.name - allocation_method = "Static" - sku = "Standard" + name = "pip-azfw" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.hub_rg.name + allocation_method = "Static" + sku = "Standard" } resource "azurerm_firewall_policy" "base_policy" { @@ -41,35 +41,35 @@ resource "azurerm_firewall_policy" "base_policy" { dns { proxy_enabled = true } - + } -resource "azurerm_firewall" "azure_firewall_instance" { - name = "afw-${var.name}-${var.environment}" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.hub_rg.name - firewall_policy_id = azurerm_firewall_policy.base_policy.id +resource "azurerm_firewall" "azure_firewall_instance" { + name = "afw-${var.name}-${var.environment}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.hub_rg.name + firewall_policy_id = azurerm_firewall_policy.base_policy.id - ip_configuration { - name = "configuration" - subnet_id = azurerm_subnet.azure_firewall.id - public_ip_address_id = azurerm_public_ip.azure_firewall.id - } - - timeouts { - create = "60m" - delete = "2h" + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.azure_firewall.id + public_ip_address_id = azurerm_public_ip.azure_firewall.id } - depends_on = [ + + timeouts { + create = "60m" + delete = "2h" + } + depends_on = [ azurerm_public_ip.azure_firewall, azurerm_subnet.azure_firewall, azurerm_firewall_policy_rule_collection_group.azure_firewall_rules_collection - ] + ] } resource "azurerm_monitor_diagnostic_setting" "azure_firewall_instance" { - name = "diagnostics-${var.name}-${var.environment}-${random_string.fw_diag_prefix.result}" - target_resource_id = azurerm_firewall.azure_firewall_instance.id - log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id + name = "diagnostics-${var.name}-${var.environment}-${random_string.fw_diag_prefix.result}" + target_resource_id = azurerm_firewall.azure_firewall_instance.id + log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id log { category = "AzureFirewallApplicationRule" @@ -95,7 +95,7 @@ resource "azurerm_monitor_diagnostic_setting" "azure_firewall_instance" { enabled = false } } - + metric { category = "AllMetrics" @@ -112,7 +112,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "azure_firewall_rules_c firewall_policy_id = azurerm_firewall_policy.base_policy.id priority = 100 -application_rule_collection { + application_rule_collection { name = "afwp-base-app-rule-collection" priority = 200 action = "Allow" @@ -125,9 +125,9 @@ application_rule_collection { } protocols { type = "Http" - port= 80 + port = 80 } - source_ip_groups = [azurerm_ip_group.ip_group_dsvm_subnet.id] + source_ip_groups = [azurerm_ip_group.ip_group_dsvm_subnet.id] destination_fqdns = ["*"] } @@ -137,7 +137,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdn_tags = ["AzureKubernetesService"] } @@ -147,8 +147,8 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] - destination_fqdns = ["api.snapcraft.io","motd.ubuntu.com",] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + destination_fqdns = ["api.snapcraft.io", "motd.ubuntu.com", ] } rule { @@ -157,11 +157,11 @@ application_rule_collection { type = "Http" port = 80 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["crl.microsoft.com", - "mscrl.microsoft.com", - "crl3.digicert.com", - "ocsp.digicert.com"] + "mscrl.microsoft.com", + "crl3.digicert.com", + "ocsp.digicert.com"] } rule { @@ -170,7 +170,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["github.com"] } @@ -184,7 +184,7 @@ application_rule_collection { type = "Http" port = 80 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["raw.githubusercontent.com"] } @@ -194,7 +194,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["*.prod.microsoftmetrics.com"] } @@ -204,11 +204,11 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["acs-mirror.azureedge.net", - "*.docker.io", - "production.cloudflare.docker.com", - "*.azurecr.io"] + "*.docker.io", + "production.cloudflare.docker.com", + "*.azurecr.io"] } rule { @@ -217,11 +217,11 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["login.microsoftonline.com"] } - rule { + rule { name = "graph.windows.net" protocols { type = "Http" @@ -231,7 +231,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["graph.windows.net"] } @@ -245,7 +245,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["anaconda.com", "*.anaconda.com"] } @@ -259,10 +259,10 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["*.anaconda.org"] } - + rule { name = "pypi.org" protocols { @@ -273,7 +273,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["pypi.org"] } @@ -287,7 +287,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["cloud.r-project.org"] } @@ -301,7 +301,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["*pytorch.org"] } @@ -315,7 +315,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["*.tensorflow.org"] } @@ -329,7 +329,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["update.code.visualstudio.com", "*.vo.msecnd.net"] } @@ -343,7 +343,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["dc.applicationinsights.azure.com"] } @@ -357,7 +357,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["dc.applicationinsights.microsoft.com"] } @@ -371,7 +371,7 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["dc.services.visualstudio.com"] } @@ -385,12 +385,12 @@ application_rule_collection { type = "Https" port = 443 } - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_fqdns = ["*.instances.azureml.net", "*.instances.azureml.ms"] } } - network_rule_collection { + network_rule_collection { name = "afwp-base-network-rule-collection" priority = 100 action = "Allow" @@ -398,15 +398,15 @@ application_rule_collection { rule { name = "hub-to-spoke-rule" protocols = ["Any"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id,azurerm_ip_group.ip_group_hub.id] - destination_ip_groups = [azurerm_ip_group.ip_group_hub.id,azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id, azurerm_ip_group.ip_group_hub.id] + destination_ip_groups = [azurerm_ip_group.ip_group_hub.id, azurerm_ip_group.ip_group_spoke.id] destination_ports = ["*"] } - rule { + rule { name = "aks-global-network-rule" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["AzureCloud"] destination_ports = ["443", "9000"] } @@ -414,7 +414,7 @@ application_rule_collection { rule { name = "aks-ntp-network-rule" protocols = ["UDP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["*"] destination_ports = ["123"] } @@ -422,7 +422,7 @@ application_rule_collection { rule { name = "Azure-Active-Directory" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["AzureActiveDirectory"] destination_ports = ["*"] } @@ -430,7 +430,7 @@ application_rule_collection { rule { name = "Azure-Machine-Learning" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["AzureMachineLearning"] destination_ports = ["443"] } @@ -438,7 +438,7 @@ application_rule_collection { rule { name = "Azure-Resource-Manager" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["AzureResourceManager"] destination_ports = ["443"] } @@ -446,7 +446,7 @@ application_rule_collection { rule { name = "Azure-Storage" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["Storage"] destination_ports = ["443"] } @@ -454,15 +454,15 @@ application_rule_collection { rule { name = "Azure-Front-Door-Frontend" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] - destination_addresses = ["AzureFrontDoor.Frontend","AzureFrontDoor.FirstParty"] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + destination_addresses = ["AzureFrontDoor.Frontend", "AzureFrontDoor.FirstParty"] destination_ports = ["443"] } rule { name = "Azure-Container-Registry" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["AzureContainerRegistry"] destination_ports = ["443"] } @@ -470,7 +470,7 @@ application_rule_collection { rule { name = "Azure-Key-Vault" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["AzureKeyVault"] destination_ports = ["443"] } @@ -478,13 +478,13 @@ application_rule_collection { rule { name = "Microsoft-Container-Registry" protocols = ["TCP"] - source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] + source_ip_groups = [azurerm_ip_group.ip_group_spoke.id] destination_addresses = ["MicrosoftContainerRegistry"] destination_ports = ["443"] } - } - depends_on = [ - azurerm_ip_group.ip_group_hub, - azurerm_ip_group.ip_group_spoke - ] + } + depends_on = [ + azurerm_ip_group.ip_group_hub, + azurerm_ip_group.ip_group_spoke + ] } \ No newline at end of file diff --git a/quickstart/301-machine-learning-hub-spoke-secure/bastion.tf b/quickstart/301-machine-learning-hub-spoke-secure/bastion.tf index 89c81847..d06b3f3c 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/bastion.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/bastion.tf @@ -1,126 +1,126 @@ -resource "azurerm_public_ip" "azure_bastion" { - name = "pip-azure-bastion" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.hub_rg.name - allocation_method = "Static" - sku = "Standard" +resource "azurerm_public_ip" "azure_bastion" { + name = "pip-azure-bastion" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.hub_rg.name + allocation_method = "Static" + sku = "Standard" } -resource "azurerm_network_security_group" "bastion_nsg" { - name = "nsg-bastion" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.hub_rg.name +resource "azurerm_network_security_group" "bastion_nsg" { + name = "nsg-bastion" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.hub_rg.name - security_rule { - name = "AllowHTTPSInbound" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "443" - source_address_prefix = "Internet" - destination_address_prefix = "*" - } - security_rule { - name = "AllowGatewayManagerInbound" - priority = 200 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "443" - source_address_prefix = "GatewayManager" - destination_address_prefix = "*" - } - security_rule { - name = "AllowAzureLBInbound" - priority = 300 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "443" - source_address_prefix = "AzureLoadBalancer" - destination_address_prefix = "*" - } - security_rule { - name = "AllowBastionHostCommunication" - priority = 400 - direction = "Inbound" - access = "Allow" - protocol = "*" - source_port_range = "*" - destination_port_ranges = ["5701","8080"] - source_address_prefix = "VirtualNetwork" - destination_address_prefix = "VirtualNetwork" - } - security_rule { - name = "AllowRdpSshOutbound" - priority = 100 - direction = "Outbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_ranges = ["22", "3389"] - source_address_prefix = "*" - destination_address_prefix = "VirtualNetwork" - } - security_rule { - name = "AllowBastionHostCommunicationOutbound" - priority = 110 - direction = "Outbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_ranges = ["5701", "8080"] - source_address_prefix = "VirtualNetwork" - destination_address_prefix = "VirtualNetwork" + security_rule { + name = "AllowHTTPSInbound" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "Internet" + destination_address_prefix = "*" } - security_rule { - name = "AllowAzureCloudOutbound" - priority = 120 - direction = "Outbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_ranges = ["443"] - source_address_prefix = "*" - destination_address_prefix = "AzureCloud" - } - security_rule { - name = "AllowGetSessionInformation" - priority = 130 - direction = "Outbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_ranges = ["80"] - source_address_prefix = "*" - destination_address_prefix = "Internet" -} - + security_rule { + name = "AllowGatewayManagerInbound" + priority = 200 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "GatewayManager" + destination_address_prefix = "*" + } + security_rule { + name = "AllowAzureLBInbound" + priority = 300 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "AzureLoadBalancer" + destination_address_prefix = "*" + } + security_rule { + name = "AllowBastionHostCommunication" + priority = 400 + direction = "Inbound" + access = "Allow" + protocol = "*" + source_port_range = "*" + destination_port_ranges = ["5701", "8080"] + source_address_prefix = "VirtualNetwork" + destination_address_prefix = "VirtualNetwork" + } + security_rule { + name = "AllowRdpSshOutbound" + priority = 100 + direction = "Outbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_ranges = ["22", "3389"] + source_address_prefix = "*" + destination_address_prefix = "VirtualNetwork" + } + security_rule { + name = "AllowBastionHostCommunicationOutbound" + priority = 110 + direction = "Outbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_ranges = ["5701", "8080"] + source_address_prefix = "VirtualNetwork" + destination_address_prefix = "VirtualNetwork" + } + security_rule { + name = "AllowAzureCloudOutbound" + priority = 120 + direction = "Outbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_ranges = ["443"] + source_address_prefix = "*" + destination_address_prefix = "AzureCloud" + } + security_rule { + name = "AllowGetSessionInformation" + priority = 130 + direction = "Outbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_ranges = ["80"] + source_address_prefix = "*" + destination_address_prefix = "Internet" + } + } resource "azurerm_subnet_network_security_group_association" "bastion_nsg_assoc" { subnet_id = azurerm_subnet.azure_bastion.id network_security_group_id = azurerm_network_security_group.bastion_nsg.id - depends_on = [ + depends_on = [ azurerm_bastion_host.azure_bastion_instance, azurerm_subnet_network_security_group_association.jumphost_nsg_assoc - ] + ] } resource "azurerm_bastion_host" "azure_bastion_instance" { - name = "bas-${var.name}-${var.environment}" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.hub_rg.name + name = "bas-${var.name}-${var.environment}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.hub_rg.name - ip_configuration { - name = "configuration" - subnet_id = azurerm_subnet.azure_bastion.id - public_ip_address_id = azurerm_public_ip.azure_bastion.id - } + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.azure_bastion.id + public_ip_address_id = azurerm_public_ip.azure_bastion.id + } } diff --git a/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf b/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf index 383fccd3..204e9b6e 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/dsvm.tf @@ -1,48 +1,48 @@ -resource "azurerm_network_interface" "dsvm" { - name = "nic-${var.dsvm_name}" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name - - ip_configuration { - name = "configuration" - subnet_id = azurerm_subnet.snet-jumphost.id - private_ip_address_allocation = "Dynamic" - } +resource "azurerm_network_interface" "dsvm" { + name = "nic-${var.dsvm_name}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.snet-jumphost.id + private_ip_address_allocation = "Dynamic" + } } resource "azurerm_windows_virtual_machine" "dsvm" { - name = var.dsvm_name - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name + name = var.dsvm_name + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name network_interface_ids = [ - azurerm_network_interface.dsvm.id - ] - size = "Standard_DS3_v2" - + azurerm_network_interface.dsvm.id + ] + size = "Standard_DS3_v2" + source_image_reference { publisher = "microsoft-dsvm" offer = "dsvm-win-2019" sku = "server-2019" version = "latest" } - + os_disk { - name = "osdisk-${var.dsvm_name}" - caching = "ReadWrite" + name = "osdisk-${var.dsvm_name}" + caching = "ReadWrite" storage_account_type = "Premium_LRS" } - + identity { type = "SystemAssigned" } - computer_name = var.dsvm_name - admin_username = var.dsvm_admin_username - admin_password = var.dsvm_host_password - + computer_name = var.dsvm_name + admin_username = var.dsvm_admin_username + admin_password = var.dsvm_host_password + provision_vm_agent = true - + timeouts { - create = "60m" - delete = "2h" + create = "60m" + delete = "2h" } } diff --git a/quickstart/301-machine-learning-hub-spoke-secure/main.tf b/quickstart/301-machine-learning-hub-spoke-secure/main.tf index 124361e0..e67f4af8 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/main.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">=0.15.0" + required_version = ">=1.0" required_providers { azurerm = { @@ -24,5 +24,5 @@ resource "azurerm_resource_group" "default" { resource "azurerm_resource_group" "hub_rg" { name = "rg-hub-${var.name}-${var.environment}" location = var.location - + } \ No newline at end of file diff --git a/quickstart/301-machine-learning-hub-spoke-secure/network-hub.tf b/quickstart/301-machine-learning-hub-spoke-secure/network-hub.tf index cf0bb055..28c29ac5 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/network-hub.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/network-hub.tf @@ -8,28 +8,28 @@ resource "azurerm_virtual_network" "hub" { } resource "azurerm_subnet" "snet-jumphost" { - name = "snet-jumphost" - resource_group_name = azurerm_resource_group.hub_rg.name - virtual_network_name = azurerm_virtual_network.hub.name - address_prefixes = var.jumphost_subnet_address_space + name = "snet-jumphost" + resource_group_name = azurerm_resource_group.hub_rg.name + virtual_network_name = azurerm_virtual_network.hub.name + address_prefixes = var.jumphost_subnet_address_space } resource "azurerm_subnet" "azure_bastion" { - name = "AzureBastionSubnet" - resource_group_name = azurerm_resource_group.hub_rg.name - virtual_network_name = azurerm_virtual_network.hub.name - address_prefixes = var.bastion_subnet_address_space - -} + name = "AzureBastionSubnet" + resource_group_name = azurerm_resource_group.hub_rg.name + virtual_network_name = azurerm_virtual_network.hub.name + address_prefixes = var.bastion_subnet_address_space + +} resource "azurerm_subnet" "azure_firewall" { - name = "AzureFirewallSubnet" - resource_group_name = azurerm_resource_group.hub_rg.name - virtual_network_name = azurerm_virtual_network.hub.name - address_prefixes = var.firewall_subnet_address_space - -} + name = "AzureFirewallSubnet" + resource_group_name = azurerm_resource_group.hub_rg.name + virtual_network_name = azurerm_virtual_network.hub.name + address_prefixes = var.firewall_subnet_address_space + +} #Vnet Peering @@ -62,7 +62,7 @@ resource "azurerm_virtual_network_peering" "direction2" { azurerm_virtual_network.hub, azurerm_virtual_network.default ] - + } # Private DNS Zones @@ -140,14 +140,14 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { # NSG for jump_host Subnet -resource "azurerm_network_security_group" "jump_host" { - name = "nsg-jumphost-subnet" - location = azurerm_resource_group.hub_rg.location - resource_group_name = azurerm_resource_group.hub_rg.name +resource "azurerm_network_security_group" "jump_host" { + name = "nsg-jumphost-subnet" + location = azurerm_resource_group.hub_rg.location + resource_group_name = azurerm_resource_group.hub_rg.name } resource "azurerm_subnet_network_security_group_association" "jumphost_nsg_assoc" { - subnet_id = azurerm_subnet.snet-jumphost.id + subnet_id = azurerm_subnet.snet-jumphost.id network_security_group_id = azurerm_network_security_group.jump_host.id depends_on = [ azurerm_network_interface.dsvm @@ -162,11 +162,11 @@ resource "azurerm_route_table" "jumphost_rt" { } resource "azurerm_route" "jumphost-fw-route" { - name = "udr-Default" - resource_group_name = azurerm_resource_group.default.name - route_table_name = azurerm_route_table.jumphost_rt.name - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" + name = "udr-Default" + resource_group_name = azurerm_resource_group.default.name + route_table_name = azurerm_route_table.jumphost_rt.name + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" next_hop_in_ip_address = azurerm_firewall.azure_firewall_instance.ip_configuration[0].private_ip_address } diff --git a/quickstart/301-machine-learning-hub-spoke-secure/network-spoke.tf b/quickstart/301-machine-learning-hub-spoke-secure/network-spoke.tf index 75a98046..7d00fdf9 100644 --- a/quickstart/301-machine-learning-hub-spoke-secure/network-spoke.tf +++ b/quickstart/301-machine-learning-hub-spoke-secure/network-spoke.tf @@ -93,11 +93,11 @@ resource "azurerm_route_table" "rt-training" { } resource "azurerm_route" "training-Internet-Route" { - name = "udr-Default" - resource_group_name = azurerm_resource_group.default.name - route_table_name = azurerm_route_table.rt-training.name - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" + name = "udr-Default" + resource_group_name = azurerm_resource_group.default.name + route_table_name = azurerm_route_table.rt-training.name + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" next_hop_in_ip_address = azurerm_firewall.azure_firewall_instance.ip_configuration[0].private_ip_address } @@ -130,11 +130,11 @@ resource "azurerm_route_table" "rt-aks" { } resource "azurerm_route" "aks-default-Route" { - name = "udr-Default" - resource_group_name = azurerm_resource_group.default.name - route_table_name = azurerm_route_table.rt-aks.name - address_prefix = "0.0.0.0/0" - next_hop_type = "VirtualAppliance" + name = "udr-Default" + resource_group_name = azurerm_resource_group.default.name + route_table_name = azurerm_route_table.rt-aks.name + address_prefix = "0.0.0.0/0" + next_hop_type = "VirtualAppliance" next_hop_in_ip_address = azurerm_firewall.azure_firewall_instance.ip_configuration[0].private_ip_address }