Skip to content

Commit

Permalink
Implements common, specific rules and specified ports
Browse files Browse the repository at this point in the history
    Enhances network security configurations.
    Implements common and specific rules for specified ports.
    Improves infrastructure security posture.

Signed-off-by: karim mdmirajul <[email protected]>
  • Loading branch information
karim20230 committed Nov 16, 2023
1 parent dc58805 commit fed3d61
Showing 1 changed file with 61 additions and 6 deletions.
67 changes: 61 additions & 6 deletions terraform/azure-ghaf-infra.tf
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,15 @@ resource "azurerm_subnet" "ghaf_infra_tf_subnet" {
virtual_network_name = azurerm_virtual_network.ghaf_infra_tf_vnet.name
address_prefixes = ["10.0.2.0/24"]
}
# Network Security Group
resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" {
name = "ghaf-infra-tf-nsg"

# AllowSSH rule for the Common Security Group

resource "azurerm_network_security_group" "common_nsg" {
name = "common-nsg"
location = azurerm_resource_group.ghaf_infra_tf_dev.location
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name
security_rule {
name = "SSH"
security_rule {
name = "AllowSSHInbound"
priority = 300
direction = "Inbound"
access = "Allow"
Expand All @@ -63,10 +65,34 @@ resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" {
}
}




################################################################################

# ghafhydra:

# Security Group

resource "azurerm_network_security_group" "ghafhydra_nsg" {
name = "ghafhydra-nsg"
location = azurerm_resource_group.ghaf_infra_tf_dev.location
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name

security_rule {
name = "CustomRuleForghafhydra"
priority = 310
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5000"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}


# Public IP
resource "azurerm_public_ip" "ghafhydra_public_ip" {
name = "ghafhydra-public-ip"
Expand All @@ -80,6 +106,7 @@ resource "azurerm_network_interface" "ghafhydra_ni" {
name = "ghafhydra-nic"
location = azurerm_resource_group.ghaf_infra_tf_dev.location
resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name

ip_configuration {
name = "ghafhydra_nic_configuration"
subnet_id = azurerm_subnet.ghaf_infra_tf_subnet.id
Expand All @@ -88,6 +115,26 @@ resource "azurerm_network_interface" "ghafhydra_ni" {
public_ip_address_id = azurerm_public_ip.ghafhydra_public_ip.id
}
}

# specfic NSG
resource "azurerm_network_interface_security_group_association" "association_ghafhydra_nsg" {
network_interface_id = azurerm_network_interface.ghafhydra_ni.id
network_security_group_id = azurerm_network_security_group.ghafhydra_nsg.id

}

# common NSG
resource "azurerm_network_interface_security_group_association" "association_common_nsg" {
network_interface_id = azurerm_network_interface.ghafhydra_ni.id
network_security_group_id = azurerm_network_security_group.common_nsg.id
}







# Ghafhydra VM
resource "azurerm_linux_virtual_machine" "ghafhydra_vm" {
name = "ghafhydra"
Expand Down Expand Up @@ -149,6 +196,14 @@ resource "azurerm_network_interface" "azarm_ni" {
public_ip_address_id = azurerm_public_ip.azarm_public_ip.id
}
}


# common NSG
resource "azurerm_network_interface_security_group_association" "association_common_nsg_azarm" {
network_interface_id = azurerm_network_interface.azarm_ni.id
network_security_group_id = azurerm_network_security_group.common_nsg.id
}

# Azure arm builder (azarm)
resource "azurerm_linux_virtual_machine" "azarm_vm" {
name = "azarm"
Expand Down Expand Up @@ -189,4 +244,4 @@ resource "azurerm_virtual_machine_extension" "deploy_ubuntu_builder" {
}
EOF
}
################################################################################
################################################################################

0 comments on commit fed3d61

Please sign in to comment.