diff --git a/terraform/azure-ghaf-infra.tf b/terraform/azure-ghaf-infra.tf index f0778b4e..cce47fd8 100644 --- a/terraform/azure-ghaf-infra.tf +++ b/terraform/azure-ghaf-infra.tf @@ -45,13 +45,53 @@ resource "azurerm_subnet" "ghaf_infra_tf_subnet" { virtual_network_name = azurerm_virtual_network.ghaf_infra_tf_vnet.name address_prefixes = ["10.0.2.0/24"] } -# Network Security Group -resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { - name = "ghaf-infra-tf-nsg" + +# Common Security Group +resource "azurerm_network_security_group" "common_nsg" { + name = "common-nsg" + location = azurerm_resource_group.ghaf_infra_tf_dev.location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name +} + +# AllowSSH +resource "azurerm_network_security_rule" "AllowSSH" { + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + name = "AllowSSH" + priority = 300 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + network_security_group_name = azurerm_network_security_group.common_nsg.name +} + +# AllowHTTP +resource "azurerm_network_security_rule" "AllowHTTP" { + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + name = "AllowHTTP" + priority = 301 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "80" + source_address_prefix = "*" + destination_address_prefix = "*" + network_security_group_name = azurerm_network_security_group.common_nsg.name +} + +# VM-Specific Security Group + +# testhost +resource "azurerm_network_security_group" "testhost_nsg" { + name = "testhost-nsg" location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name security_rule { - name = "SSH" + name = "AllowSSHForTesthost" priority = 300 direction = "Inbound" access = "Allow" @@ -61,8 +101,51 @@ resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { source_address_prefix = "*" destination_address_prefix = "*" } + security_rule { + name = "CustomRuleTesthost" + priority = 310 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "5000" + source_address_prefix = "*" + destination_address_prefix = "*" + } } +# VM-Specific Security Group + +# azarm +resource "azurerm_network_security_group" "azarm_nsg" { + name = "azarm-nsg" + location = azurerm_resource_group.ghaf_infra_tf_dev.location + resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name + security_rule { + name = "AllowRDPForAzarm" + priority = 300 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "3389" + source_address_prefix = "*" + destination_address_prefix = "*" + } + security_rule { + name = "CustomRuleForAzarm" + priority = 311 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "8080" + source_address_prefix = "*" + destination_address_prefix = "*" + } +} + + ################################################################################ # ghafhydra: