API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 16th, 2016
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.87 KB | None | 0 0
raw download clone embed print report
  1. # Specify the provider and access details
  2. provider "aws" {
  3. region = "${var.aws_region}"
  4. }
  5.  
  6. # Our default security group to access
  7. # the instances over SSH and HTTP
  8. resource "aws_security_group" "windows" {
  9. name = "terraform_windows_private"
  10. description = "Used in the terraform"
  11.  
  12. # WinRM access from anywhere
  13. ingress {
  14. from_port = 5985
  15. to_port = 5985
  16. protocol = "tcp"
  17. cidr_blocks = ["0.0.0.0/0"]
  18. }
  19. # WinRMS access from anywhere
  20. ingress {
  21. from_port = 5986
  22. to_port = 5986
  23. protocol = "tcp"
  24. cidr_blocks = ["0.0.0.0/0"]
  25. }
  26.  
  27. # outbound internet access
  28. egress {
  29. from_port = 0
  30. to_port = 0
  31. protocol = "-1"
  32. cidr_blocks = ["0.0.0.0/0"]
  33. }
  34. # vpc_id = "${aws_vpc.default.id}"
  35. }
  36.  
  37. resource "aws_key_pair" "auth-windows" {
  38. key_name = "${var.ssh_key_name_for_windows}"
  39. public_key = "${file(var.ssh_public_key_pair_windows)}"
  40. }
  41.  
  42. resource "aws_instance" "windows" {
  43. instance_type = "${var.instance_type}"
  44. availability_zone = "${var.aws_zone}"
  45.  
  46. # Lookup the correct AMI based on the region
  47. # we specified
  48. ami = "${var.aws_tornado_ami}"
  49. key_name = "${aws_key_pair.auth-windows.id}"
  50. associate_public_ip_address = true
  51.  
  52. tags {
  53. Name = "Tornado"
  54. }
  55.  
  56. # Our Security group to allow WinRM access
  57. vpc_security_group_ids = ["${aws_security_group.windows.id}"]
  58.  
  59. # subnet_id = "${aws_subnet.eu-west-1a-public.id}"
  60.  
  61. user_data = <<EOF
  62. <powershell>
  63. echo "Generate certificate for WinRM"
  64. $cert = New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName $env:computername
  65. $thumb = $cert.Thumbprint
  66.  
  67. echo "create new user"
  68. net user ${var.new_boss_name} ${var.new_boss_pw} /add
  69. net localgroup administrators ${var.new_boss_name} /add
  70. net localgroup WinRMRemoteWMIUsers__ ${var.new_boss_name} /add
  71.  
  72. echo "Enable WinRM"
  73. winrm quickconfig -q
  74. winrm set winrm/config '@{MaxTimeoutms="1800000"}'
  75. winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
  76. winrm set winrm/config/service/auth '@{Basic="true"}'
  77. winrm create winrm/config/listener?Address=*+Transport=HTTPS "@{CertificateThumbprint=`"$thumb`";Port=`"5986`"}"
  78.  
  79. echo "Enable WinRM firewall rules"
  80. Remove-NetFirewallRule -DisplayName "WinRMS" -ErrorAction SilentlyContinue
  81. New-NetFirewallRule -DisplayName "WinRMS" -Direction Inbound -Protocol TCP -LocalPort 5986 | Out-Null
  82.  
  83. echo "Restart WinRM service"
  84. Stop-Service winrm
  85. Set-Service winrm -StartupType Automatic
  86. Start-Service winrm
  87. </powershell>
  88. EOF
  89.  
  90. provisioner "remote-exec" {
  91. connection {
  92. type = "winrm"
  93. user = "${var.new_boss_name}"
  94. port = 5986
  95. https = true
  96. insecure = true
  97. password = "${var.new_boss_pw}"
  98. password_private_key = "${file(var.ssh_key_pair_path_windows)}"
  99. timeout = "10m"
  100. }
  101. inline = [
  102. "echo Instance provisioner works! Alex"
  103. ]
  104. }
  105. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!