provider "azurerm" { client_id = "${var.azurerm_client_id}" client_sec

1. provider "azurerm" {
2. client_id = "${var.azurerm_client_id}"
3. client_secret = "${var.azurerm_client_secret}"
4. subscription_id = "${var.azurerm_subscription_id}"
5. tenant_id = "${var.azurerm_tenant_id}"
6. }
7.  
8. // Resource Group name & Location
9. resource "azurerm_resource_group" "Prod_RG" {
10. name = "${var.Customer_Name}RG"
11. location = "${var.azurerm_location}"
12. }
13.  
14. // Public IP for Web01
15. resource "azurerm_public_ip" "Prod_PublicIP_Web01" {
16. name = "${var.azurerm_prefix}-publicip-web-01"
17. location = "${var.azurerm_location}"
18. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
19. public_ip_address_allocation = "static"
20. }
21.  
22. // Public IP for DB01
23. resource "azurerm_public_ip" "Prod_PublicIP_DB01" {
24. name = "${var.azurerm_prefix}-publicip-db-01"
25. location = "${var.azurerm_location}"
26. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
27. public_ip_address_allocation = "static"
28. }
29.  
30. // Virtual Network
31. resource "azurerm_virtual_network" "Prod_VirtualNetwork" {
32. name = "Woodside-virtual-network"
33. address_space = ["10.1.0.0/16"]
34. location = "${var.azurerm_location}"
35.  
36. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
37. }
38.  
39. // Network Interface Web01
40. resource "azurerm_network_interface" "Prod_netint_web01" {
41. count = "1"
42. name = "${var.azurerm_prefix}-netint-web-01"
43. location = "${var.azurerm_location}"
44. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
45. enable_ip_forwarding = "True"
46. network_security_group_id = "${azurerm_network_security_group.Prod_nsg_Webservers.id}"
47.  
48. ip_configuration {
49. name = "${var.azurerm_prefix}-ip-web01"
50. subnet_id = "${azurerm_subnet.Prod_subnet.id}"
51. private_ip_address_allocation = "dynamic"
52. public_ip_address_id = "${azurerm_public_ip.Prod_PublicIP_Web01.id}"
53. }
54. }
55.  
56. // Network Interface DB01
57. resource "azurerm_network_interface" "Prod_netint_db01" {
58. count = "1"
59. name = "${var.azurerm_prefix}-netint-db-01"
60. location = "${var.azurerm_location}"
61. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
62. enable_ip_forwarding = "True"
63. network_security_group_id = "${azurerm_network_security_group.Prod_nsg_DBservers.id}"
64.  
65. ip_configuration {
66. name = "${var.azurerm_prefix}-ip-db01"
67. subnet_id = "${azurerm_subnet.Prod_subnet.id}"
68. private_ip_address_allocation = "dynamic"
69. public_ip_address_id = "${azurerm_public_ip.Prod_PublicIP_DB01.id}"
70. }
71. }
72.  
73. // Subnet configurtion
74. resource "azurerm_subnet" "Prod_subnet" {
75. name = "${var.azurerm_prefix}-subnet"
76. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
77. virtual_network_name = "woodside-virtual-network"
78. address_prefix = "10.1.12.0/24"
79. }
80.  
81. // Network Security group for Web Servers
82. resource "azurerm_network_security_group" "Prod_nsg_Webservers" {
83. name = "${var.azurerm_prefix}-nsg-web-01"
84. location = "${var.azurerm_location}"
85. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
86. }
87.  
88. // Network Security group for DB Servers
89. resource "azurerm_network_security_group" "Prod_nsg_DBservers" {
90. name = "${var.azurerm_prefix}-nsg-db-01"
91. location = "${var.azurerm_location}"
92. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
93. }
94.  
95. // Azure Virtual Machine - Web 01 - Standard F2
96. resource "azurerm_virtual_machine" "Prod_VM_Web01" {
97. count = "1"
98. name = "${var.azurerm_prefix}-vm-web-01"
99. location = "${var.azurerm_location}"
100. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
101. network_interface_ids = ["${azurerm_network_interface.Prod_netint_web01.id}"]
102. vm_size = "Standard_F2"
103.  
104. storage_image_reference {
105. publisher = "MicrosoftWindowsServer"
106. offer = "WindowsServer"
107. sku = "2016-DataCenter"
108. version = "latest"
109. }
110.  
111. storage_os_disk {
112. name = "${var.azurerm_prefix}-osdisk-web-01"
113. caching = "ReadWrite"
114. create_option = "FromImage"
115. managed_disk_type = "Standard_LRS"
116. disk_size_gb = "128"
117. }
118.  
119. storage_data_disk {
120. name = "${var.azurerm_prefix}-datadisk01-web-01"
121. disk_size_gb = "128"
122. create_option = "Empty"
123. managed_disk_type = "Standard_LRS"
124. lun = 0
125. }
126.  
127. storage_data_disk {
128. name = "${var.azurerm_prefix}-datadisk02-web-01"
129. disk_size_gb = "128"
130. create_option = "Empty"
131. managed_disk_type = "Standard_LRS"
132. lun = 1
133. }
134.  
135. delete_os_disk_on_termination = true
136. delete_data_disks_on_termination = true
137.  
138. os_profile {
139. computer_name = "prod-web-01"
140. admin_username = "${var.azurerm_vm_username}"
141. admin_password = "${var.azurerm_vm_admin_password}"
142. }
143.  
144. }
145.  
146. // Azure Virtual Machine - DB01 - Standard_DS11_v2
147. resource "azurerm_virtual_machine" "Prod_VM_DB01" {
148. count = "1"
149. name = "${var.azurerm_prefix}-vm-db-01"
150. location = "${var.azurerm_location}"
151. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
152. network_interface_ids = ["${azurerm_network_interface.Prod_netint_db01.id}"]
153. vm_size = "Standard_DS11_v2"
154.  
155. storage_image_reference {
156. publisher = "MicrosoftSQLServer"
157. offer = "SQL2016SP1-WS2016"
158. sku = "Web"
159. version = "latest"
160. }
161.  
162. storage_os_disk {
163. name = "${var.azurerm_prefix}-osdisk-db-01"
164. caching = "ReadWrite"
165. create_option = "FromImage"
166. managed_disk_type = "Premium_LRS"
167. disk_size_gb = "128"
168. }
169.  
170. storage_data_disk {
171. name = "${var.azurerm_prefix}-datadisk01-db-01"
172. disk_size_gb = "128"
173. create_option = "Empty"
174. managed_disk_type = "Premium_LRS"
175. lun = 0
176. }
177.  
178. storage_data_disk {
179. name = "${var.azurerm_prefix}-datadisk02-db-01"
180. disk_size_gb = "512"
181. create_option = "Empty"
182. managed_disk_type = "Standard_LRS"
183. lun = 1
184. }
185.  
186. delete_os_disk_on_termination = true
187. delete_data_disks_on_termination = true
188.  
189. os_profile {
190. computer_name = "prod-db-01"
191. admin_username = "${var.azurerm_vm_username}"
192. admin_password = "${var.azurerm_vm_admin_password}"
193. }
194. }
195.  
196. // Network Security group rule for RDP inbound to Web01
197. resource "azurerm_network_security_rule" "Prod_nsgrule_RDP_Web01" {
198. name = "Web-RDP-IN"
199. priority = 200
200. direction = "Inbound"
201. access = "Allow"
202. protocol = "Tcp"
203. source_port_range = "3389"
204. destination_port_range = "3389"
205. source_address_prefix = "62.253.79.194"
206. destination_address_prefix = "10.1.12.5"
207. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
208. network_security_group_name = "${var.azurerm_prefix}-nsg-web-01"
209. }
210.  
211. // Network Security group rule for web/80 inbound to Web01
212. resource "azurerm_network_security_rule" "Prod_nsgrule_http_Web01" {
213. name = "Web-HTTP-IN"
214. priority = 100
215. direction = "Inbound"
216. access = "Allow"
217. protocol = "Tcp"
218. source_port_range = "80"
219. destination_port_range = "80"
220. source_address_prefix = "*"
221. destination_address_prefix = "10.1.12.5"
222. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
223. network_security_group_name = "${var.azurerm_prefix}-nsg-web-01"
224. }
225.  
226. // Network Security group rule for Octopus Deploy inbound to Web01
227. resource "azurerm_network_security_rule" "Prod_nsgrule_octopus_Web01" {
228. name = "Web-Octo-IN"
229. priority = 110
230. direction = "Inbound"
231. access = "Allow"
232. protocol = "Tcp"
233. source_port_range = "10933"
234. destination_port_range = "10933"
235. source_address_prefix = "83.138.171.64"
236. destination_address_prefix = "10.1.12.5"
237. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
238. network_security_group_name = "${var.azurerm_prefix}-nsg-web-01"
239. }
240.  
241. // Network Security group rule for Octopus Deploy inbound to DB01
242. resource "azurerm_network_security_rule" "Prod_nsgrule_octopus_DB01" {
243. name = "DB-Octo-IN"
244. priority = 120
245. direction = "Inbound"
246. access = "Allow"
247. protocol = "Tcp"
248. source_port_range = "10933"
249. destination_port_range = "10933"
250. source_address_prefix = "83.138.171.64"
251. destination_address_prefix = "10.1.12.4"
252. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
253. network_security_group_name = "${var.azurerm_prefix}-nsg-db-01"
254. }
255.  
256. // Network Security group rule for RDP inbound to DB01
257. resource "azurerm_network_security_rule" "Prod_nsgrule_RDP_DB01" {
258. name = "DB-RDP-IN"
259. priority = 220
260. direction = "Inbound"
261. access = "Allow"
262. protocol = "Tcp"
263. source_port_range = "3389"
264. destination_port_range = "3389"
265. source_address_prefix = "62.253.79.194"
266. destination_address_prefix = "10.1.12.4"
267. resource_group_name = "${azurerm_resource_group.Prod_RG.name}"
268. network_security_group_name = "${var.azurerm_prefix}-nsg-db-01"
269. }