-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.tf
More file actions
130 lines (111 loc) · 4.33 KB
/
main.tf
File metadata and controls
130 lines (111 loc) · 4.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=4.1.0"
}
}
}
# Configure the Microsoft Azure Provider
provider "azurerm" {
features {}
}
variable "prefix" {
default = "tfdemo" # Change this prefix as needed
}
resource "azurerm_resource_group" "rg-tfdemo" {
name = "${var.prefix}-resources"
location = "eastasia" # Change location as needed
}
resource "azurerm_virtual_network" "main" {
name = "${var.prefix}-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.rg-tfdemo.location
resource_group_name = azurerm_resource_group.rg-tfdemo.name
}
resource "azurerm_subnet" "internal" {
name = "internal"
resource_group_name = azurerm_resource_group.rg-tfdemo.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_public_ip" "main" {
name = "${var.prefix}-publicip"
location = azurerm_resource_group.rg-tfdemo.location
resource_group_name = azurerm_resource_group.rg-tfdemo.name
allocation_method = "Static"
}
resource "azurerm_network_interface" "main" {
name = "${var.prefix}-nic"
location = azurerm_resource_group.rg-tfdemo.location
resource_group_name = azurerm_resource_group.rg-tfdemo.name
ip_configuration {
name = "testconfiguration1"
subnet_id = azurerm_subnet.internal.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.main.id
}
}
resource "azurerm_network_security_group" "vm_nsg" {
name = "${var.prefix}-nsg"
location = azurerm_resource_group.rg-tfdemo.location
resource_group_name = azurerm_resource_group.rg-tfdemo.name
}
resource "azurerm_network_security_rule" "allow_ssh" {
name = "Allow-SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*" # Allow from any source port
destination_port_range = "22"
source_address_prefix = "*" # Change to "your ip" for better security (Ex: your_ip/32)
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg-tfdemo.name
network_security_group_name = azurerm_network_security_group.vm_nsg.name
}
# Associate NSG to NIC
resource "azurerm_network_interface_security_group_association" "nsg_assoc" {
network_interface_id = azurerm_network_interface.main.id
network_security_group_id = azurerm_network_security_group.vm_nsg.id
}
# Create the stored SSH public key (use RSA key)
resource "azurerm_ssh_public_key" "ssh-pubkey" {
name = "${var.prefix}-sshkey"
resource_group_name = azurerm_resource_group.rg-tfdemo.name
location = azurerm_resource_group.rg-tfdemo.location
public_key = file("C:/Users/Lahiru Galhena/.ssh/id_rsa.pub") # Full path to your RSA pub key
}
# Data source to fetch the key content
data "azurerm_ssh_public_key" "ssh-pubkey" {
name = azurerm_ssh_public_key.ssh-pubkey.name
resource_group_name = azurerm_resource_group.rg-tfdemo.name
}
# Modern azurerm_linux_virtual_machine instead of deprecated azurerm_virtual_machine
resource "azurerm_linux_virtual_machine" "main" {
name = "${var.prefix}-vm"
location = azurerm_resource_group.rg-tfdemo.location
resource_group_name = azurerm_resource_group.rg-tfdemo.name
network_interface_ids = [azurerm_network_interface.main.id]
size = "Standard_B2ats_v2" # Change VM size as needed
admin_username = "lahiru" # Change as needed
disable_password_authentication = true # Enforce key-only auth
admin_ssh_key {
username = "lahiru" # Change as needed
public_key = data.azurerm_ssh_public_key.ssh-pubkey.public_key # Use fetched RSA key
}
os_disk {
name = "myosdisk1"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
tags = {
environment = "staging"
}
}