Skip to content

Commit

Permalink
- Added Common Security Group for common-nsg
Browse files Browse the repository at this point in the history 
  - Rule: Allow Inbound TCP traffic on port 22 (AllowSSH)
  - Rule: Allow Inbound TCP traffic on port 80 (AllowHTTP)

- Added VM-Specific Security Group for testhost
  - Rule: Allow Inbound TCP traffic on port 22
  - Rule: Allow Inbound TCP traffic on port 5000

- Added VM-Specific Security Group for azarm
  - Rule: Allow Inbound TCP traffic on port 3389
  - Rule: Allow Inbound TCP traffic on port 8080

Signed-off-by: karim mdmirajul <karim.mdmirajul@unikie.com>
  • Loading branch information
@karim20230
karim20230 committed Nov 15, 2023
1 parent dc58805 commit 942caae
Showing 1 changed file with 87 additions and 4 deletions.
91 changes: 87 additions & 4 deletions terraform/azure-ghaf-infra.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,53 @@ resource "azurerm_subnet" "ghaf_infra_tf_subnet" {
virtual_network_name = azurerm_virtual_network.ghaf_infra_tf_vnet.name
address_prefixes = ["10.0.2.0/24"]
}
# Network Security Group
resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" {
name = "ghaf-infra-tf-nsg"

# Common Security Group
resource "azurerm_network_security_group" "common_nsg" {
name = "common-nsg"
location = azurerm_resource_group.ghaf_infra_tf_dev.location
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
}

# AllowSSH
resource "azurerm_network_security_rule" "AllowSSH" {
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
name = "AllowSSH"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
network_security_group_name = azurerm_network_security_group.common_nsg.name
}

# AllowHTTP
resource "azurerm_network_security_rule" "AllowHTTP" {
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
name = "AllowHTTP"
priority = 301
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
network_security_group_name = azurerm_network_security_group.common_nsg.name
}

# VM-Specific Security Group

# testhost
resource "azurerm_network_security_group" "testhost_nsg" {
name = "testhost-nsg"
location = azurerm_resource_group.ghaf_infra_tf_dev.location
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
security_rule {
name = "SSH"
name = "AllowSSHForTesthost"
priority = 300
direction = "Inbound"
access = "Allow"
Expand All @@ -61,8 +101,51 @@ resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" {
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "CustomRuleTesthost"
priority = 310
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5000"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}

# VM-Specific Security Group

# azarm
resource "azurerm_network_security_group" "azarm_nsg" {
name = "azarm-nsg"
location = azurerm_resource_group.ghaf_infra_tf_dev.location
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
security_rule {
name = "AllowRDPForAzarm"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "*"
destination_address_prefix = "*"
}
security_rule {
name = "CustomRuleForAzarm"
priority = 311
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "8080"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}


################################################################################

# ghafhydra:
Expand Down

0 comments on commit 942caae

Please sign in to comment.