From 81ecc3df981d743c1f5735134b263956c3e582dc Mon Sep 17 00:00:00 2001 From: karim mdmirajul Date: Thu, 16 Nov 2023 17:13:30 +0200 Subject: [PATCH] Implements common, specific rules and specified ports Signed-off-by: karim mdmirajul --- terraform/azure-ghaf-infra.tf | 65 ++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 5 deletions(-) diff --git a/terraform/azure-ghaf-infra.tf b/terraform/azure-ghaf-infra.tf index f0778b4e..af43e98a 100644 --- a/terraform/azure-ghaf-infra.tf +++ b/terraform/azure-ghaf-infra.tf @@ -45,13 +45,15 @@ resource "azurerm_subnet" "ghaf_infra_tf_subnet" { virtual_network_name = azurerm_virtual_network.ghaf_infra_tf_vnet.name address_prefixes = ["10.0.2.0/24"] } -# Network Security Group -resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { - name = "ghaf-infra-tf-nsg" + +# AllowSSH rule for the Common Security Group + +resource "azurerm_network_security_group" "common_nsg" { + name = "common-nsg" location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name security_rule { - name = "SSH" + name = "AllowSSHInbound" priority = 300 direction = "Inbound" access = "Allow" @@ -63,10 +65,34 @@ resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { } } + + + ################################################################################ # ghafhydra: +# Security Group + +resource "azurerm_network_security_group" "ghafhydra_nsg" { + name = "ghafhydra-nsg" + location = azurerm_resource_group.ghaf_infra_tf_dev.location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + + security_rule { + name = "CustomRuleForghafhydra" + priority = 310 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "5000" + source_address_prefix = "*" + destination_address_prefix = "*" + } +} + + # Public IP resource "azurerm_public_ip" "ghafhydra_public_ip" { name = "ghafhydra-public-ip" @@ -80,6 +106,7 @@ resource "azurerm_network_interface" "ghafhydra_ni" { name = "ghafhydra-nic" location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + ip_configuration { name = "ghafhydra_nic_configuration" subnet_id = azurerm_subnet.ghaf_infra_tf_subnet.id @@ -88,6 +115,26 @@ resource "azurerm_network_interface" "ghafhydra_ni" { public_ip_address_id = azurerm_public_ip.ghafhydra_public_ip.id } } + +# specfic NSG +resource "azurerm_network_interface_security_group_association" "association_ghafhydra_nsg" { + network_interface_id = azurerm_network_interface.ghafhydra_ni.id + network_security_group_id = azurerm_network_security_group.ghafhydra_nsg.id + +} + +# common NSG +resource "azurerm_network_interface_security_group_association" "association_common_nsg" { + network_interface_id = azurerm_network_interface.ghafhydra_ni.id + network_security_group_id = azurerm_network_security_group.common_nsg.id +} + + + + + + + # Ghafhydra VM resource "azurerm_linux_virtual_machine" "ghafhydra_vm" { name = "ghafhydra" @@ -149,6 +196,14 @@ resource "azurerm_network_interface" "azarm_ni" { public_ip_address_id = azurerm_public_ip.azarm_public_ip.id } } + + +# common NSG +resource "azurerm_network_interface_security_group_association" "association_common_nsg_azarm" { + network_interface_id = azurerm_network_interface.azarm_ni.id + network_security_group_id = azurerm_network_security_group.common_nsg.id +} + # Azure arm builder (azarm) resource "azurerm_linux_virtual_machine" "azarm_vm" { name = "azarm" @@ -189,4 +244,4 @@ resource "azurerm_virtual_machine_extension" "deploy_ubuntu_builder" { } EOF } -################################################################################ +################################################################################ \ No newline at end of file