├── .gitattributes
├── 12. Lab - Creating an Azure virtual network
    └── main.tf
├── 13. Lab - Creating an Azure virtual machine
    └── main.tf
├── 15. Lab - Create Public IP Address
    └── main.tf
├── 16.Lab - Adding data disks
    └── main.tf
├── 17. Lab - Availability Sets
    └── main.tf
├── 18. Lab - Custom Script extensions
    ├── IIS_Config.ps1
    └── main.tf
├── 19. Lab - Network Security Groups
    └── main.tf
├── 20. Lab - Fetching from Azure Key Vault
    └── main.tf
├── 21. Lab - Creating a Linux VM
    └── main.tf
├── 22. Lab - Linux VM with SSH keys
    └── main.tf
├── 23. Lab - Cloud init data
    └── main.tf
├── 24. Lab - Azure Web App
    └── main.tf
├── 25. Lab - Azure Web App - Publishing from GitHub
    └── main.tf
├── 26. Lab - Azure SQL Database
    └── main.tf
├── 27. Lab - Azure Web App - Connecting to Database app
    ├── init.sql
    └── main.tf
├── 28. Lab - Azure Bastion
    └── main.tf
├── 29. Lab - Azure Load Balancer
    ├── IIS_Config.ps1
    └── main.tf
├── 30. Lab - Azure Public DNS Zone
    └── main.tf
├── 31. Lab - Virtual Machine Scale Set
    ├── IIS_Config.ps1
    └── main.tf
├── 32. Lab - Azure Traffic Manager
    └── main.tf
├── 33. Lab - Log Analytics workspace
    └── main.tf
├── 34. Lab - Azure Monitor alerts
    └── main.tf
├── 35. Lab - Budget alerts
    └── main.tf
├── 36. Lab - Azure Function App
    └── main.tf
├── 37. Lab - Role based access control
    └── main.tf
├── 38. Lab - Azure Application Gateway
    ├── IIS_Config_image.ps1
    ├── IIS_Config_video.ps1
    └── main.tf
├── 39. Breaking down the configuration files
    ├── main.tf
    ├── network.tf
    ├── variables.tf
    ├── versions.tf
    └── virtualmachines.tf
├── 40. Creating multiple resources
    ├── main.tf
    ├── network.tf
    ├── outputs.tf
    ├── variables.tf
    ├── versions.tf
    └── virtualmachines.tf
├── 5. Lab - Creating a resource group
    └── main.tf
├── 6. Lab - Creating a storage account
    └── main.tf
├── 7. Terraform state
    └── main.tf
├── 8. Lab - Creating a container and a blob
    └── main.tf
└── 9. Lab - Dependencies between resources
    └── main.tf


/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 | 


--------------------------------------------------------------------------------
/12. Lab - Creating an Azure virtual network/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.93.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"
22 | }
23 | 
24 | resource "azurerm_resource_group" "app_grp"{
25 |   name=local.resource_group
26 |   location=local.location
27 | }
28 | 
29 | resource "azurerm_virtual_network" "app_network" {
30 |   name                = "app-network"
31 |   location            = local.location
32 |   resource_group_name = azurerm_resource_group.app_grp.name
33 |   address_space       = ["10.0.0.0/16"]
34 | 
35 |   subnet {
36 |     name           = "SubnetA"
37 |     address_prefix = "10.0.1.0/24"
38 |   }  
39 | }
40 | 


--------------------------------------------------------------------------------
/13. Lab - Creating an Azure virtual machine/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.93.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"
22 | }
23 | 
24 | data "azurerm_subnet" "SubnetA" {
25 |   name                 = "SubnetA"
26 |   virtual_network_name = "app-network"
27 |   resource_group_name  = local.resource_group
28 | }
29 | 
30 | resource "azurerm_resource_group" "app_grp"{
31 |   name=local.resource_group
32 |   location=local.location
33 | }
34 | 
35 | resource "azurerm_virtual_network" "app_network" {
36 |   name                = "app-network"
37 |   location            = local.location
38 |   resource_group_name = azurerm_resource_group.app_grp.name
39 |   address_space       = ["10.0.0.0/16"]
40 | 
41 |   subnet {
42 |     name           = "SubnetA"
43 |     address_prefix = "10.0.1.0/24"
44 |   }  
45 | }
46 | 
47 | resource "azurerm_network_interface" "app_interface" {
48 |   name                = "app-interface"
49 |   location            = local.location
50 |   resource_group_name = local.resource_group
51 | 
52 |   ip_configuration {
53 |     name                          = "internal"
54 |     subnet_id                     = data.azurerm_subnet.SubnetA.id
55 |     private_ip_address_allocation = "Dynamic"
56 |   }
57 | 
58 |   depends_on = [
59 |     azurerm_virtual_network.app_network
60 |   ]
61 | }
62 | 
63 | resource "azurerm_windows_virtual_machine" "app_vm" {
64 |   name                = "appvm"
65 |   resource_group_name = local.resource_group
66 |   location            = local.location
67 |   size                = "Standard_D2s_v3"
68 |   admin_username      = "demousr"
69 |   admin_password      = "Azure@123"
70 |   network_interface_ids = [
71 |     azurerm_network_interface.app_interface.id,
72 |   ]
73 | 
74 |   os_disk {
75 |     caching              = "ReadWrite"
76 |     storage_account_type = "Standard_LRS"
77 |   }
78 | 
79 |   source_image_reference {
80 |     publisher = "MicrosoftWindowsServer"
81 |     offer     = "WindowsServer"
82 |     sku       = "2019-Datacenter"
83 |     version   = "latest"
84 |   }
85 | 
86 |   depends_on = [
87 |     azurerm_network_interface.app_interface
88 |   ]
89 | }
90 | 
91 | 


--------------------------------------------------------------------------------
/15. Lab - Create Public IP Address/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | data "azurerm_subnet" "SubnetA" {
 25 |   name                 = "SubnetA"
 26 |   virtual_network_name = "app-network"
 27 |   resource_group_name  = local.resource_group
 28 | }
 29 | 
 30 | resource "azurerm_resource_group" "app_grp"{
 31 |   name=local.resource_group
 32 |   location=local.location
 33 | }
 34 | 
 35 | resource "azurerm_virtual_network" "app_network" {
 36 |   name                = "app-network"
 37 |   location            = local.location
 38 |   resource_group_name = azurerm_resource_group.app_grp.name
 39 |   address_space       = ["10.0.0.0/16"]
 40 | 
 41 |   subnet {
 42 |     name           = "SubnetA"
 43 |     address_prefix = "10.0.1.0/24"
 44 |   }  
 45 | }
 46 | 
 47 | resource "azurerm_network_interface" "app_interface" {
 48 |   name                = "app-interface"
 49 |   location            = local.location
 50 |   resource_group_name = local.resource_group
 51 | 
 52 |   ip_configuration {
 53 |     name                          = "internal"
 54 |     subnet_id                     = data.azurerm_subnet.SubnetA.id
 55 |     private_ip_address_allocation = "Dynamic"
 56 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 57 |   }
 58 | 
 59 |   depends_on = [
 60 |     azurerm_virtual_network.app_network,
 61 |     azurerm_public_ip.app_public_ip
 62 |   ]
 63 | }
 64 | 
 65 | resource "azurerm_windows_virtual_machine" "app_vm" {
 66 |   name                = "appvm"
 67 |   resource_group_name = local.resource_group
 68 |   location            = local.location
 69 |   size                = "Standard_D2s_v3"
 70 |   admin_username      = "demousr"
 71 |   admin_password      = "Azure@123"
 72 |   network_interface_ids = [
 73 |     azurerm_network_interface.app_interface.id,
 74 |   ]
 75 | 
 76 |   os_disk {
 77 |     caching              = "ReadWrite"
 78 |     storage_account_type = "Standard_LRS"
 79 |   }
 80 | 
 81 |   source_image_reference {
 82 |     publisher = "MicrosoftWindowsServer"
 83 |     offer     = "WindowsServer"
 84 |     sku       = "2019-Datacenter"
 85 |     version   = "latest"
 86 |   }
 87 | 
 88 |   depends_on = [
 89 |     azurerm_network_interface.app_interface
 90 |   ]
 91 | }
 92 | 
 93 | resource "azurerm_public_ip" "app_public_ip" {
 94 |   name                = "app-public-ip"
 95 |   resource_group_name = local.resource_group
 96 |   location            = local.location
 97 |   allocation_method   = "Static"
 98 | }
 99 | 
100 | 


--------------------------------------------------------------------------------
/16.Lab - Adding data disks/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | data "azurerm_subnet" "SubnetA" {
 25 |   name                 = "SubnetA"
 26 |   virtual_network_name = "app-network"
 27 |   resource_group_name  = local.resource_group
 28 | }
 29 | 
 30 | resource "azurerm_resource_group" "app_grp"{
 31 |   name=local.resource_group
 32 |   location=local.location
 33 | }
 34 | 
 35 | resource "azurerm_virtual_network" "app_network" {
 36 |   name                = "app-network"
 37 |   location            = local.location
 38 |   resource_group_name = azurerm_resource_group.app_grp.name
 39 |   address_space       = ["10.0.0.0/16"]
 40 | 
 41 |   subnet {
 42 |     name           = "SubnetA"
 43 |     address_prefix = "10.0.1.0/24"
 44 |   }  
 45 | }
 46 | 
 47 | resource "azurerm_network_interface" "app_interface" {
 48 |   name                = "app-interface"
 49 |   location            = local.location
 50 |   resource_group_name = local.resource_group
 51 | 
 52 |   ip_configuration {
 53 |     name                          = "internal"
 54 |     subnet_id                     = data.azurerm_subnet.SubnetA.id
 55 |     private_ip_address_allocation = "Dynamic"
 56 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 57 |   }
 58 | 
 59 |   depends_on = [
 60 |     azurerm_virtual_network.app_network,
 61 |     azurerm_public_ip.app_public_ip
 62 |   ]
 63 | }
 64 | 
 65 | resource "azurerm_windows_virtual_machine" "app_vm" {
 66 |   name                = "appvm"
 67 |   resource_group_name = local.resource_group
 68 |   location            = local.location
 69 |   size                = "Standard_D2s_v3"
 70 |   admin_username      = "demousr"
 71 |   admin_password      = "Azure@123"
 72 |   network_interface_ids = [
 73 |     azurerm_network_interface.app_interface.id,
 74 |   ]
 75 | 
 76 |   os_disk {
 77 |     caching              = "ReadWrite"
 78 |     storage_account_type = "Standard_LRS"
 79 |   }
 80 | 
 81 |   source_image_reference {
 82 |     publisher = "MicrosoftWindowsServer"
 83 |     offer     = "WindowsServer"
 84 |     sku       = "2019-Datacenter"
 85 |     version   = "latest"
 86 |   }
 87 | 
 88 |   depends_on = [
 89 |     azurerm_network_interface.app_interface
 90 |   ]
 91 | }
 92 | 
 93 | resource "azurerm_public_ip" "app_public_ip" {
 94 |   name                = "app-public-ip"
 95 |   resource_group_name = local.resource_group
 96 |   location            = local.location
 97 |   allocation_method   = "Static"
 98 | }
 99 | 
100 | resource "azurerm_managed_disk" "data_disk" {
101 |   name                 = "data-disk"
102 |   location             = local.location
103 |   resource_group_name  = local.resource_group
104 |   storage_account_type = "Standard_LRS"
105 |   create_option        = "Empty"
106 |   disk_size_gb         = 16
107 | }
108 | # Then we need to attach the data disk to the Azure virtual machine
109 | resource "azurerm_virtual_machine_data_disk_attachment" "disk_attach" {
110 |   managed_disk_id    = azurerm_managed_disk.data_disk.id
111 |   virtual_machine_id = azurerm_windows_virtual_machine.app_vm.id
112 |   lun                = "0"
113 |   caching            = "ReadWrite"
114 |   depends_on = [
115 |     azurerm_windows_virtual_machine.app_vm,
116 |     azurerm_managed_disk.data_disk
117 |   ]
118 | }


--------------------------------------------------------------------------------
/17. Lab - Availability Sets/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = local.resource_group
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.1.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | resource "azurerm_network_interface" "app_interface" {
 51 |   name                = "app-interface"
 52 |   location            = local.location
 53 |   resource_group_name = local.resource_group
 54 | 
 55 |   ip_configuration {
 56 |     name                          = "internal"
 57 |     subnet_id                     = azurerm_subnet.SubnetA.id
 58 |     private_ip_address_allocation = "Dynamic"
 59 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 60 |   }
 61 | 
 62 |   depends_on = [
 63 |     azurerm_virtual_network.app_network,
 64 |     azurerm_public_ip.app_public_ip,
 65 |     azurerm_subnet.SubnetA
 66 |   ]
 67 | }
 68 | 
 69 | resource "azurerm_windows_virtual_machine" "app_vm" {
 70 |   name                = "appvm"
 71 |   resource_group_name = local.resource_group
 72 |   location            = local.location
 73 |   size                = "Standard_D2s_v3"
 74 |   admin_username      = "demousr"
 75 |   admin_password      = "Azure@123"
 76 |   availability_set_id = azurerm_availability_set.app_set.id
 77 |   network_interface_ids = [
 78 |     azurerm_network_interface.app_interface.id,
 79 |   ]
 80 | 
 81 |   os_disk {
 82 |     caching              = "ReadWrite"
 83 |     storage_account_type = "Standard_LRS"
 84 |   }
 85 | 
 86 |   source_image_reference {
 87 |     publisher = "MicrosoftWindowsServer"
 88 |     offer     = "WindowsServer"
 89 |     sku       = "2019-Datacenter"
 90 |     version   = "latest"
 91 |   }
 92 | 
 93 |   depends_on = [
 94 |     azurerm_network_interface.app_interface,
 95 |     azurerm_availability_set.app_set
 96 |   ]
 97 | }
 98 | 
 99 | resource "azurerm_public_ip" "app_public_ip" {
100 |   name                = "app-public-ip"
101 |   resource_group_name = local.resource_group
102 |   location            = local.location
103 |   allocation_method   = "Static"
104 |   depends_on = [
105 |     azurerm_resource_group.app_grp
106 |   ]
107 | }
108 | 
109 | resource "azurerm_managed_disk" "data_disk" {
110 |   name                 = "data-disk"
111 |   location             = local.location
112 |   resource_group_name  = local.resource_group
113 |   storage_account_type = "Standard_LRS"
114 |   create_option        = "Empty"
115 |   disk_size_gb         = 16
116 | }
117 | # Then we need to attach the data disk to the Azure virtual machine
118 | resource "azurerm_virtual_machine_data_disk_attachment" "disk_attach" {
119 |   managed_disk_id    = azurerm_managed_disk.data_disk.id
120 |   virtual_machine_id = azurerm_windows_virtual_machine.app_vm.id
121 |   lun                = "0"
122 |   caching            = "ReadWrite"
123 |   depends_on = [
124 |     azurerm_windows_virtual_machine.app_vm,
125 |     azurerm_managed_disk.data_disk
126 |   ]
127 | }
128 | 
129 | resource "azurerm_availability_set" "app_set" {
130 |   name                = "app-set"
131 |   location            = local.location
132 |   resource_group_name = local.resource_group
133 |   platform_fault_domain_count = 3
134 |   platform_update_domain_count = 3  
135 |   depends_on = [
136 |     azurerm_resource_group.app_grp
137 |   ]
138 | }


--------------------------------------------------------------------------------
/18. Lab - Custom Script extensions/IIS_Config.ps1:
--------------------------------------------------------------------------------
1 | import-module servermanager
2 | add-windowsfeature web-server -includeallsubfeature
3 | add-windowsfeature Web-Asp-Net45
4 | add-windowsfeature NET-Framework-Features 


--------------------------------------------------------------------------------
/18. Lab - Custom Script extensions/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = local.resource_group
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.1.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | resource "azurerm_network_interface" "app_interface" {
 51 |   name                = "app-interface"
 52 |   location            = local.location
 53 |   resource_group_name = local.resource_group
 54 | 
 55 |   ip_configuration {
 56 |     name                          = "internal"
 57 |     subnet_id                     = azurerm_subnet.SubnetA.id
 58 |     private_ip_address_allocation = "Dynamic"
 59 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 60 |   }
 61 | 
 62 |   depends_on = [
 63 |     azurerm_virtual_network.app_network,
 64 |     azurerm_public_ip.app_public_ip,
 65 |     azurerm_subnet.SubnetA
 66 |   ]
 67 | }
 68 | 
 69 | resource "azurerm_windows_virtual_machine" "app_vm" {
 70 |   name                = "appvm"
 71 |   resource_group_name = local.resource_group
 72 |   location            = local.location
 73 |   size                = "Standard_D2s_v3"
 74 |   admin_username      = "demousr"
 75 |   admin_password      = "Azure@123"
 76 |   availability_set_id = azurerm_availability_set.app_set.id
 77 |   network_interface_ids = [
 78 |     azurerm_network_interface.app_interface.id,
 79 |   ]
 80 | 
 81 |   os_disk {
 82 |     caching              = "ReadWrite"
 83 |     storage_account_type = "Standard_LRS"
 84 |   }
 85 | 
 86 |   source_image_reference {
 87 |     publisher = "MicrosoftWindowsServer"
 88 |     offer     = "WindowsServer"
 89 |     sku       = "2019-Datacenter"
 90 |     version   = "latest"
 91 |   }
 92 | 
 93 |   depends_on = [
 94 |     azurerm_network_interface.app_interface,
 95 |     azurerm_availability_set.app_set
 96 |   ]
 97 | }
 98 | 
 99 | resource "azurerm_public_ip" "app_public_ip" {
100 |   name                = "app-public-ip"
101 |   resource_group_name = local.resource_group
102 |   location            = local.location
103 |   allocation_method   = "Static"
104 |   depends_on = [
105 |     azurerm_resource_group.app_grp
106 |   ]
107 | }
108 | 
109 | resource "azurerm_managed_disk" "data_disk" {
110 |   name                 = "data-disk"
111 |   location             = local.location
112 |   resource_group_name  = local.resource_group
113 |   storage_account_type = "Standard_LRS"
114 |   create_option        = "Empty"
115 |   disk_size_gb         = 16
116 | }
117 | # Then we need to attach the data disk to the Azure virtual machine
118 | resource "azurerm_virtual_machine_data_disk_attachment" "disk_attach" {
119 |   managed_disk_id    = azurerm_managed_disk.data_disk.id
120 |   virtual_machine_id = azurerm_windows_virtual_machine.app_vm.id
121 |   lun                = "0"
122 |   caching            = "ReadWrite"
123 |   depends_on = [
124 |     azurerm_windows_virtual_machine.app_vm,
125 |     azurerm_managed_disk.data_disk
126 |   ]
127 | }
128 | 
129 | resource "azurerm_availability_set" "app_set" {
130 |   name                = "app-set"
131 |   location            = local.location
132 |   resource_group_name = local.resource_group
133 |   platform_fault_domain_count = 3
134 |   platform_update_domain_count = 3  
135 |   depends_on = [
136 |     azurerm_resource_group.app_grp
137 |   ]
138 | }
139 | 
140 | resource "azurerm_storage_account" "appstore" {
141 |   name                     = "appstore4577687"
142 |   resource_group_name      = "app-grp"
143 |   location                 = "North Europe"
144 |   account_tier             = "Standard"
145 |   account_replication_type = "LRS"
146 |   allow_blob_public_access = true
147 | }
148 | 
149 | resource "azurerm_storage_container" "data" {
150 |   name                  = "data"
151 |   storage_account_name  = "appstore4577687"
152 |   container_access_type = "blob"
153 |   depends_on=[
154 |     azurerm_storage_account.appstore
155 |     ]
156 | }
157 | 
158 | # Here we are uploading our IIS Configuration script as a blob
159 | # to the Azure storage account
160 | 
161 | resource "azurerm_storage_blob" "IIS_config" {
162 |   name                   = "IIS_Config.ps1"
163 |   storage_account_name   = "appstore4577687"
164 |   storage_container_name = "data"
165 |   type                   = "Block"
166 |   source                 = "IIS_Config.ps1"
167 |    depends_on=[azurerm_storage_container.data]
168 | }
169 | 
170 | resource "azurerm_virtual_machine_extension" "vm_extension" {
171 |   name                 = "appvm-extension"
172 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm.id
173 |   publisher            = "Microsoft.Compute"
174 |   type                 = "CustomScriptExtension"
175 |   type_handler_version = "1.10"
176 |   depends_on = [
177 |     azurerm_storage_blob.IIS_config
178 |   ]
179 |   settings = <<SETTINGS
180 |     {
181 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
182 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
183 |     }
184 | SETTINGS
185 | 
186 | }
187 | 
188 | 


--------------------------------------------------------------------------------
/19. Lab - Network Security Groups/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = local.resource_group
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.1.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | resource "azurerm_network_interface" "app_interface" {
 51 |   name                = "app-interface"
 52 |   location            = local.location
 53 |   resource_group_name = local.resource_group
 54 | 
 55 |   ip_configuration {
 56 |     name                          = "internal"
 57 |     subnet_id                     = azurerm_subnet.SubnetA.id
 58 |     private_ip_address_allocation = "Dynamic"
 59 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 60 |   }
 61 | 
 62 |   depends_on = [
 63 |     azurerm_virtual_network.app_network,
 64 |     azurerm_public_ip.app_public_ip,
 65 |     azurerm_subnet.SubnetA
 66 |   ]
 67 | }
 68 | 
 69 | resource "azurerm_windows_virtual_machine" "app_vm" {
 70 |   name                = "appvm"
 71 |   resource_group_name = local.resource_group
 72 |   location            = local.location
 73 |   size                = "Standard_D2s_v3"
 74 |   admin_username      = "demousr"
 75 |   admin_password      = "Azure@123"
 76 |   availability_set_id = azurerm_availability_set.app_set.id
 77 |   network_interface_ids = [
 78 |     azurerm_network_interface.app_interface.id,
 79 |   ]
 80 | 
 81 |   os_disk {
 82 |     caching              = "ReadWrite"
 83 |     storage_account_type = "Standard_LRS"
 84 |   }
 85 | 
 86 |   source_image_reference {
 87 |     publisher = "MicrosoftWindowsServer"
 88 |     offer     = "WindowsServer"
 89 |     sku       = "2019-Datacenter"
 90 |     version   = "latest"
 91 |   }
 92 | 
 93 |   depends_on = [
 94 |     azurerm_network_interface.app_interface,
 95 |     azurerm_availability_set.app_set
 96 |   ]
 97 | }
 98 | 
 99 | resource "azurerm_public_ip" "app_public_ip" {
100 |   name                = "app-public-ip"
101 |   resource_group_name = local.resource_group
102 |   location            = local.location
103 |   allocation_method   = "Static"
104 |   depends_on = [
105 |     azurerm_resource_group.app_grp
106 |   ]
107 | }
108 | 
109 | resource "azurerm_managed_disk" "data_disk" {
110 |   name                 = "data-disk"
111 |   location             = local.location
112 |   resource_group_name  = local.resource_group
113 |   storage_account_type = "Standard_LRS"
114 |   create_option        = "Empty"
115 |   disk_size_gb         = 16
116 | }
117 | # Then we need to attach the data disk to the Azure virtual machine
118 | resource "azurerm_virtual_machine_data_disk_attachment" "disk_attach" {
119 |   managed_disk_id    = azurerm_managed_disk.data_disk.id
120 |   virtual_machine_id = azurerm_windows_virtual_machine.app_vm.id
121 |   lun                = "0"
122 |   caching            = "ReadWrite"
123 |   depends_on = [
124 |     azurerm_windows_virtual_machine.app_vm,
125 |     azurerm_managed_disk.data_disk
126 |   ]
127 | }
128 | 
129 | resource "azurerm_availability_set" "app_set" {
130 |   name                = "app-set"
131 |   location            = local.location
132 |   resource_group_name = local.resource_group
133 |   platform_fault_domain_count = 3
134 |   platform_update_domain_count = 3  
135 |   depends_on = [
136 |     azurerm_resource_group.app_grp
137 |   ]
138 | }
139 | 
140 | resource "azurerm_storage_account" "appstore" {
141 |   name                     = "appstore4577687"
142 |   resource_group_name      = "app-grp"
143 |   location                 = "North Europe"
144 |   account_tier             = "Standard"
145 |   account_replication_type = "LRS"
146 |   allow_blob_public_access = true
147 | }
148 | 
149 | resource "azurerm_storage_container" "data" {
150 |   name                  = "data"
151 |   storage_account_name  = "appstore4577687"
152 |   container_access_type = "blob"
153 |   depends_on=[
154 |     azurerm_storage_account.appstore
155 |     ]
156 | }
157 | 
158 | # Here we are uploading our IIS Configuration script as a blob
159 | # to the Azure storage account
160 | 
161 | resource "azurerm_storage_blob" "IIS_config" {
162 |   name                   = "IIS_Config.ps1"
163 |   storage_account_name   = "appstore4577687"
164 |   storage_container_name = "data"
165 |   type                   = "Block"
166 |   source                 = "IIS_Config.ps1"
167 |    depends_on=[azurerm_storage_container.data]
168 | }
169 | 
170 | resource "azurerm_virtual_machine_extension" "vm_extension" {
171 |   name                 = "appvm-extension"
172 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm.id
173 |   publisher            = "Microsoft.Compute"
174 |   type                 = "CustomScriptExtension"
175 |   type_handler_version = "1.10"
176 |   depends_on = [
177 |     azurerm_storage_blob.IIS_config
178 |   ]
179 |   settings = <<SETTINGS
180 |     {
181 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
182 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
183 |     }
184 | SETTINGS
185 | 
186 | }
187 | 
188 | resource "azurerm_network_security_group" "app_nsg" {
189 |   name                = "app-nsg"
190 |   location            = local.location
191 |   resource_group_name = local.resource_group
192 | 
193 | # We are creating a rule to allow traffic on port 80
194 |   security_rule {
195 |     name                       = "Allow_HTTP"
196 |     priority                   = 200
197 |     direction                  = "Inbound"
198 |     access                     = "Allow"
199 |     protocol                   = "Tcp"
200 |     source_port_range          = "*"
201 |     destination_port_range     = "80"
202 |     source_address_prefix      = "*"
203 |     destination_address_prefix = "*"
204 |   }
205 | }
206 | 
207 | resource "azurerm_subnet_network_security_group_association" "nsg_association" {
208 |   subnet_id                 = azurerm_subnet.SubnetA.id
209 |   network_security_group_id = azurerm_network_security_group.app_nsg.id
210 |   depends_on = [
211 |     azurerm_network_security_group.app_nsg
212 |   ]
213 | }


--------------------------------------------------------------------------------
/20. Lab - Fetching from Azure Key Vault/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | data "azurerm_client_config" "current" {}
 25 | 
 26 | resource "azurerm_resource_group" "app_grp"{
 27 |   name=local.resource_group
 28 |   location=local.location
 29 | }
 30 | 
 31 | resource "azurerm_virtual_network" "app_network" {
 32 |   name                = "app-network"
 33 |   location            = local.location
 34 |   resource_group_name = azurerm_resource_group.app_grp.name
 35 |   address_space       = ["10.0.0.0/16"]
 36 | }
 37 | 
 38 | resource "azurerm_subnet" "SubnetA" {
 39 |   name                 = "SubnetA"
 40 |   resource_group_name  = local.resource_group
 41 |   virtual_network_name = azurerm_virtual_network.app_network.name
 42 |   address_prefixes     = ["10.0.1.0/24"]
 43 |   depends_on = [
 44 |     azurerm_virtual_network.app_network
 45 |   ]
 46 | }
 47 | 
 48 | resource "azurerm_network_interface" "app_interface" {
 49 |   name                = "app-interface"
 50 |   location            = local.location
 51 |   resource_group_name = local.resource_group
 52 | 
 53 |   ip_configuration {
 54 |     name                          = "internal"
 55 |     subnet_id                     = azurerm_subnet.SubnetA.id
 56 |     private_ip_address_allocation = "Dynamic"
 57 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 58 |   }
 59 | 
 60 |   depends_on = [
 61 |     azurerm_virtual_network.app_network,
 62 |     azurerm_public_ip.app_public_ip
 63 |   ]
 64 | }
 65 | 
 66 | resource "azurerm_windows_virtual_machine" "app_vm" {
 67 |   name                = "appvm"
 68 |   resource_group_name = local.resource_group
 69 |   location            = local.location
 70 |   size                = "Standard_D2s_v3"
 71 |   admin_username      = "demousr"
 72 |   admin_password      = azurerm_key_vault_secret.vmpassword.value
 73 |   network_interface_ids = [
 74 |     azurerm_network_interface.app_interface.id,
 75 |   ]
 76 | 
 77 |   os_disk {
 78 |     caching              = "ReadWrite"
 79 |     storage_account_type = "Standard_LRS"
 80 |   }
 81 | 
 82 |   source_image_reference {
 83 |     publisher = "MicrosoftWindowsServer"
 84 |     offer     = "WindowsServer"
 85 |     sku       = "2019-Datacenter"
 86 |     version   = "latest"
 87 |   }
 88 | 
 89 |   depends_on = [
 90 |     azurerm_network_interface.app_interface,
 91 |     azurerm_key_vault_secret.vmpassword
 92 |   ]
 93 | }
 94 | 
 95 | resource "azurerm_public_ip" "app_public_ip" {
 96 |   name                = "app-public-ip"
 97 |   resource_group_name = local.resource_group
 98 |   location            = local.location
 99 |   allocation_method   = "Static"
100 |   depends_on = [
101 |     azurerm_resource_group.app_grp
102 |   ]
103 | }
104 | 
105 | resource "azurerm_key_vault" "app_vault" {  
106 |   name                        = "appvault9087878"
107 |   location                    = local.location
108 |   resource_group_name         = local.resource_group  
109 |   tenant_id                   = data.azurerm_client_config.current.tenant_id
110 |   soft_delete_retention_days  = 7
111 |   purge_protection_enabled    = false
112 |   sku_name = "standard"
113 |   access_policy {
114 |     tenant_id = data.azurerm_client_config.current.tenant_id
115 |     object_id = data.azurerm_client_config.current.object_id
116 |     key_permissions = [
117 |       "get",
118 |     ]
119 |     secret_permissions = [
120 |       "get", "backup", "delete", "list", "purge", "recover", "restore", "set",
121 |     ]
122 |     storage_permissions = [
123 |       "get",
124 |     ]
125 |   }
126 |   depends_on = [
127 |     azurerm_resource_group.app_grp
128 |   ]
129 | }
130 | 
131 | # We are creating a secret in the key vault
132 | resource "azurerm_key_vault_secret" "vmpassword" {
133 |   name         = "vmpassword"
134 |   value        = "Azure@123"
135 |   key_vault_id = azurerm_key_vault.app_vault.id
136 |   depends_on = [ azurerm_key_vault.app_vault ]
137 | }


--------------------------------------------------------------------------------
/21. Lab - Creating a Linux VM/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]
 35 | }
 36 | 
 37 | resource "azurerm_subnet" "SubnetA" {
 38 |   name                 = "SubnetA"
 39 |   resource_group_name  = local.resource_group
 40 |   virtual_network_name = azurerm_virtual_network.app_network.name
 41 |   address_prefixes     = ["10.0.1.0/24"]
 42 |   depends_on = [
 43 |     azurerm_virtual_network.app_network
 44 |   ]
 45 | }
 46 | 
 47 | resource "azurerm_network_interface" "app_interface" {
 48 |   name                = "app-interface"
 49 |   location            = local.location
 50 |   resource_group_name = local.resource_group
 51 | 
 52 |   ip_configuration {
 53 |     name                          = "internal"
 54 |     subnet_id                     = azurerm_subnet.SubnetA.id
 55 |     private_ip_address_allocation = "Dynamic"
 56 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 57 |   }
 58 | 
 59 |   depends_on = [
 60 |     azurerm_virtual_network.app_network,
 61 |     azurerm_public_ip.app_public_ip
 62 |   ]
 63 | }
 64 | 
 65 | resource "azurerm_linux_virtual_machine" "linux_vm" {
 66 |   name                = "linuxvm"
 67 |   resource_group_name = local.resource_group
 68 |   location            = local.location
 69 |   size                = "Standard_D2s_v3"
 70 |   admin_username      = "linuxusr"
 71 |   admin_password      = "Azure@123"
 72 |   disable_password_authentication = false
 73 |   network_interface_ids = [
 74 |     azurerm_network_interface.app_interface.id,
 75 |   ]
 76 | 
 77 |   os_disk {
 78 |     caching              = "ReadWrite"
 79 |     storage_account_type = "Standard_LRS"
 80 |   }
 81 | 
 82 |   source_image_reference {
 83 |     publisher = "Canonical"
 84 |     offer     = "UbuntuServer"
 85 |     sku       = "18.04-LTS"
 86 |     version   = "latest"
 87 |   }
 88 | 
 89 |   depends_on = [
 90 |     azurerm_network_interface.app_interface
 91 |   ]
 92 | }
 93 | 
 94 | resource "azurerm_public_ip" "app_public_ip" {
 95 |   name                = "app-public-ip"
 96 |   resource_group_name = local.resource_group
 97 |   location            = local.location
 98 |   allocation_method   = "Static"
 99 |   depends_on = [
100 |     azurerm_resource_group.app_grp
101 |   ]
102 | }
103 | 
104 | 
105 | 


--------------------------------------------------------------------------------
/22. Lab - Linux VM with SSH keys/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | 
 25 | resource "tls_private_key" "linux_key" {
 26 |   algorithm = "RSA"
 27 |   rsa_bits = 4096
 28 | }
 29 | 
 30 | # We want to save the private key to our machine
 31 | # We can then use this key to connect to our Linux VM
 32 | 
 33 | resource "local_file" "linuxkey" {
 34 |   filename="linuxkey.pem"  
 35 |   content=tls_private_key.linux_key.private_key_pem 
 36 | }
 37 | 
 38 | resource "azurerm_resource_group" "app_grp"{
 39 |   name=local.resource_group
 40 |   location=local.location
 41 | }
 42 | 
 43 | resource "azurerm_virtual_network" "app_network" {
 44 |   name                = "app-network"
 45 |   location            = local.location
 46 |   resource_group_name = azurerm_resource_group.app_grp.name
 47 |   address_space       = ["10.0.0.0/16"]
 48 | }
 49 | 
 50 | resource "azurerm_subnet" "SubnetA" {
 51 |   name                 = "SubnetA"
 52 |   resource_group_name  = local.resource_group
 53 |   virtual_network_name = azurerm_virtual_network.app_network.name
 54 |   address_prefixes     = ["10.0.1.0/24"]
 55 |   depends_on = [
 56 |     azurerm_virtual_network.app_network
 57 |   ]
 58 | }
 59 | 
 60 | 
 61 | resource "azurerm_network_interface" "app_interface" {
 62 |   name                = "app-interface"
 63 |   location            = local.location
 64 |   resource_group_name = local.resource_group
 65 | 
 66 |   ip_configuration {
 67 |     name                          = "internal"
 68 |     subnet_id                     = azurerm_subnet.SubnetA.id
 69 |     private_ip_address_allocation = "Dynamic"
 70 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 71 |   }
 72 | 
 73 |   depends_on = [
 74 |     azurerm_virtual_network.app_network,
 75 |     azurerm_public_ip.app_public_ip
 76 |   ]
 77 | }
 78 | 
 79 | resource "azurerm_linux_virtual_machine" "linux_vm" {
 80 |   name                = "linuxvm"
 81 |   resource_group_name = local.resource_group
 82 |   location            = local.location
 83 |   size                = "Standard_D2s_v3"
 84 |   admin_username      = "linuxusr"  
 85 |   network_interface_ids = [
 86 |     azurerm_network_interface.app_interface.id,
 87 |   ]
 88 |   admin_ssh_key {
 89 |     username   = "linuxusr"
 90 |     public_key = tls_private_key.linux_key.public_key_openssh
 91 |   }
 92 |   os_disk {
 93 |     caching              = "ReadWrite"
 94 |     storage_account_type = "Standard_LRS"
 95 |   }
 96 | 
 97 |   source_image_reference {
 98 |     publisher = "Canonical"
 99 |     offer     = "UbuntuServer"
100 |     sku       = "18.04-LTS"
101 |     version   = "latest"
102 |   }
103 | 
104 |   depends_on = [
105 |     azurerm_network_interface.app_interface,
106 |     tls_private_key.linux_key
107 |   ]
108 | }
109 | 
110 | resource "azurerm_public_ip" "app_public_ip" {
111 |   name                = "app-public-ip"
112 |   resource_group_name = local.resource_group
113 |   location            = local.location
114 |   allocation_method   = "Static"
115 |   depends_on = [
116 |     azurerm_resource_group.app_grp
117 |   ]
118 | }
119 | 
120 | 
121 | 


--------------------------------------------------------------------------------
/23. Lab - Cloud init data/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "ed5d6ac4-de15-4a24-b5d3-61812c9e9941"
 13 |   client_secret   = "HOl7Q~23UVXp4J1SlBTsQQSR~dMk2CTsNERWH"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"
 22 | }
 23 | 
 24 | data "template_cloudinit_config" "linuxconfig" {
 25 |   gzip          = true
 26 |   base64_encode = true
 27 | 
 28 |   part {
 29 |     content_type = "text/cloud-config"
 30 |     content      = "packages: ['nginx']"
 31 |   }
 32 | }
 33 | 
 34 | resource "azurerm_resource_group" "app_grp"{
 35 |   name=local.resource_group
 36 |   location=local.location
 37 | }
 38 | 
 39 | resource "azurerm_virtual_network" "app_network" {
 40 |   name                = "app-network"
 41 |   location            = local.location
 42 |   resource_group_name = azurerm_resource_group.app_grp.name
 43 |   address_space       = ["10.0.0.0/16"]
 44 | }
 45 | 
 46 | resource "azurerm_subnet" "SubnetA" {
 47 |   name                 = "SubnetA"
 48 |   resource_group_name  = local.resource_group
 49 |   virtual_network_name = azurerm_virtual_network.app_network.name
 50 |   address_prefixes     = ["10.0.1.0/24"]
 51 |   depends_on = [
 52 |     azurerm_virtual_network.app_network
 53 |   ]
 54 | }
 55 | 
 56 | resource "azurerm_network_interface" "app_interface" {
 57 |   name                = "app-interface"
 58 |   location            = local.location
 59 |   resource_group_name = local.resource_group
 60 | 
 61 |   ip_configuration {
 62 |     name                          = "internal"
 63 |     subnet_id                     = azurerm_subnet.SubnetA.id
 64 |     private_ip_address_allocation = "Dynamic"
 65 |     public_ip_address_id = azurerm_public_ip.app_public_ip.id
 66 |   }
 67 | 
 68 |   depends_on = [
 69 |     azurerm_virtual_network.app_network,
 70 |     azurerm_public_ip.app_public_ip
 71 |   ]
 72 | }
 73 | 
 74 | resource "azurerm_linux_virtual_machine" "linux_vm" {
 75 |   name                = "linuxvm"
 76 |   resource_group_name = local.resource_group
 77 |   location            = local.location
 78 |   size                = "Standard_D2s_v3"
 79 |   admin_username      = "linuxusr"
 80 |   admin_password      = "Azure@123"
 81 |   disable_password_authentication = false
 82 |   custom_data = data.template_cloudinit_config.linuxconfig.rendered
 83 |   network_interface_ids = [
 84 |     azurerm_network_interface.app_interface.id,
 85 |   ]
 86 | 
 87 |   os_disk {
 88 |     caching              = "ReadWrite"
 89 |     storage_account_type = "Standard_LRS"
 90 |   }
 91 | 
 92 |   source_image_reference {
 93 |     publisher = "Canonical"
 94 |     offer     = "UbuntuServer"
 95 |     sku       = "18.04-LTS"
 96 |     version   = "latest"
 97 |   }
 98 | 
 99 |   depends_on = [
100 |     azurerm_network_interface.app_interface
101 |   ]
102 | }
103 | 
104 | resource "azurerm_public_ip" "app_public_ip" {
105 |   name                = "app-public-ip"
106 |   resource_group_name = local.resource_group
107 |   location            = local.location
108 |   allocation_method   = "Static"
109 |   depends_on = [
110 |     azurerm_resource_group.app_grp
111 |   ]
112 | }
113 | 
114 | 
115 | 


--------------------------------------------------------------------------------
/24. Lab - Azure Web App/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"
22 | }
23 | 
24 | 
25 | resource "azurerm_resource_group" "app_grp"{
26 |   name=local.resource_group
27 |   location=local.location
28 | }
29 | 
30 | resource "azurerm_app_service_plan" "app_plan1000" {
31 |   name                = "app-plan1000"
32 |   location            = azurerm_resource_group.app_grp.location
33 |   resource_group_name = azurerm_resource_group.app_grp.name
34 | 
35 |   sku {
36 |     tier = "Basic"
37 |     size = "B1"
38 |   }
39 | }
40 | 
41 | resource "azurerm_app_service" "webapp" {
42 |   name                = "webapp2530050"
43 |   location            = azurerm_resource_group.app_grp.location
44 |   resource_group_name = azurerm_resource_group.app_grp.name
45 |   app_service_plan_id = azurerm_app_service_plan.app_plan1000.id
46 | }


--------------------------------------------------------------------------------
/25. Lab - Azure Web App - Publishing from GitHub/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"
22 | }
23 | 
24 | 
25 | resource "azurerm_resource_group" "app_grp"{
26 |   name=local.resource_group
27 |   location=local.location
28 | }
29 | 
30 | resource "azurerm_app_service_plan" "app_plan1000" {
31 |   name                = "app-plan1000"
32 |   location            = azurerm_resource_group.app_grp.location
33 |   resource_group_name = azurerm_resource_group.app_grp.name
34 | 
35 |   sku {
36 |     tier = "Basic"
37 |     size = "B1"
38 |   }
39 | }
40 | 
41 | resource "azurerm_app_service" "webapp" {
42 |   name                = "webapp2530050"
43 |   location            = azurerm_resource_group.app_grp.location
44 |   resource_group_name = azurerm_resource_group.app_grp.name
45 |   app_service_plan_id = azurerm_app_service_plan.app_plan1000.id
46 |    site_config {    
47 |     dotnet_framework_version = "v6.0"
48 |   }
49 |    source_control {
50 |     repo_url           = ""
51 |     branch             = "master"
52 |     manual_integration = true
53 |     use_mercurial      = false
54 |   }
55 | }


--------------------------------------------------------------------------------
/26. Lab - Azure SQL Database/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"
22 | }
23 | 
24 | 
25 | resource "azurerm_resource_group" "app_grp"{
26 |   name=local.resource_group
27 |   location=local.location
28 | }
29 | 
30 | resource "azurerm_sql_server" "app_server_6008089" {
31 |   name                         = "appserver6008089"
32 |   resource_group_name          = azurerm_resource_group.app_grp.name
33 |   location                     = "North Europe"  
34 |   version             = "12.0"
35 |   administrator_login          = "sqladmin"
36 |   administrator_login_password = "Azure@123"
37 | }
38 | 
39 | resource "azurerm_sql_database" "app_db" {
40 |   name                = "appdb"
41 |   resource_group_name = azurerm_resource_group.app_grp.name
42 |   location            = "North Europe"  
43 |   server_name         = azurerm_sql_server.app_server_6008089.name
44 |    depends_on = [
45 |      azurerm_sql_server.app_server_6008089
46 |    ]
47 | }
48 | 
49 | resource "azurerm_sql_firewall_rule" "app_server_firewall_rule" {
50 |   name                = "app-server-firewall-rule"
51 |   resource_group_name = azurerm_resource_group.app_grp.name
52 |   server_name         = azurerm_sql_server.app_server_6008089.name
53 |   start_ip_address    = ""
54 |   end_ip_address      = ""
55 | }
56 | 


--------------------------------------------------------------------------------
/27. Lab - Azure Web App - Connecting to Database app/init.sql:
--------------------------------------------------------------------------------
 1 | CREATE TABLE Inventory
 2 | (
 3 |    ProductID int,
 4 |    ProductName varchar(1000),
 5 |    Quantity int
 6 | );
 7 | 
 8 | INSERT INTO Inventory(ProductID,ProductName,Quantity) VALUES
 9 | (1,'Mobile',100),
10 | (2,'Laptop',200),
11 | (3,'Headphones',300);
12 | 


--------------------------------------------------------------------------------
/27. Lab - Azure Web App - Connecting to Database app/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.92.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_app_service_plan" "app_plan1000" {
 31 |   name                = "app-plan1000"
 32 |   location            = azurerm_resource_group.app_grp.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 | 
 35 |   sku {
 36 |     tier = "Basic"
 37 |     size = "B1"
 38 |   }
 39 | }
 40 | 
 41 | resource "azurerm_app_service" "webapp" {
 42 |   name                = "webapp2530050"
 43 |   location            = azurerm_resource_group.app_grp.location
 44 |   resource_group_name = azurerm_resource_group.app_grp.name
 45 |   app_service_plan_id = azurerm_app_service_plan.app_plan1000.id
 46 |      source_control {
 47 |     repo_url           = ""
 48 |     branch             = "master"
 49 |     manual_integration = true
 50 |     use_mercurial      = false
 51 |   }
 52 |   depends_on=[azurerm_app_service_plan.app_plan1000]
 53 | }
 54 | 
 55 | resource "azurerm_sql_server" "app_server_6008089" {
 56 |   name                         = "appserver6008089"
 57 |   resource_group_name          = azurerm_resource_group.app_grp.name
 58 |   location                     = "North Europe"  
 59 |   version             = "12.0"
 60 |   administrator_login          = "sqladmin"
 61 |   administrator_login_password = "Azure@123"
 62 | }
 63 | 
 64 | resource "azurerm_sql_database" "app_db" {
 65 |   name                = "appdb"
 66 |   resource_group_name = azurerm_resource_group.app_grp.name
 67 |   location            = "North Europe"  
 68 |   server_name         = azurerm_sql_server.app_server_6008089.name
 69 |    depends_on = [
 70 |      azurerm_sql_server.app_server_6008089
 71 |    ]
 72 | }
 73 | 
 74 | resource "azurerm_sql_firewall_rule" "app_server_firewall_rule_Azure_services" {
 75 |   name                = "app-server-firewall-rule-Allow-Azure-services"
 76 |   resource_group_name = azurerm_resource_group.app_grp.name
 77 |   server_name         = azurerm_sql_server.app_server_6008089.name
 78 |   start_ip_address    = "0.0.0.0"
 79 |   end_ip_address      = "0.0.0.0"
 80 |   depends_on=[
 81 |     azurerm_sql_server.app_server_6008089
 82 |   ]
 83 | }
 84 | 
 85 | resource "azurerm_sql_firewall_rule" "app_server_firewall_rule_Client_IP" {
 86 |   name                = "app-server-firewall-rule-Allow-Client-IP"
 87 |   resource_group_name = azurerm_resource_group.app_grp.name
 88 |   server_name         = azurerm_sql_server.app_server_6008089.name
 89 |   start_ip_address    = "2.49.123.3"
 90 |   end_ip_address      = "2.49.123.3"
 91 |   depends_on=[
 92 |     azurerm_sql_server.app_server_6008089
 93 |   ]
 94 | }
 95 | 
 96 | resource "null_resource" "database_setup" {
 97 |   provisioner "local-exec" {
 98 |       command = "sqlcmd -S appserver6008089.database.windows.net -U sqladmin -P Azure@123 -d appdb -i init.sql"
 99 |   }
100 |   depends_on=[
101 |     azurerm_sql_server.app_server_6008089
102 |   ]
103 | }
104 | 


--------------------------------------------------------------------------------
/28. Lab - Azure Bastion/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.92.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = azurerm_resource_group.app_grp.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = azurerm_resource_group.app_grp.name
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.1.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | // This subnet is meant for the Azure Bastion service
 51 | resource "azurerm_subnet" "Azure_Bastion_Subnet" {
 52 |   name                 = "AzureBastionSubnet"
 53 |   resource_group_name  = azurerm_resource_group.app_grp.name
 54 |   virtual_network_name = azurerm_virtual_network.app_network.name
 55 |   address_prefixes     = ["10.0.2.0/24"]
 56 |   depends_on = [
 57 |     azurerm_virtual_network.app_network
 58 |   ]
 59 | }
 60 | 
 61 | resource "azurerm_network_interface" "app_interface" {
 62 |   name                = "app-interface"
 63 |   location            = azurerm_resource_group.app_grp.location
 64 |   resource_group_name = azurerm_resource_group.app_grp.name
 65 | 
 66 |   ip_configuration {
 67 |     name                          = "internal"
 68 |     subnet_id                     = azurerm_subnet.SubnetA.id
 69 |     private_ip_address_allocation = "Dynamic"
 70 |   }
 71 | 
 72 |   depends_on = [
 73 |     azurerm_virtual_network.app_network,
 74 |     azurerm_subnet.SubnetA
 75 |   ]
 76 | }
 77 | 
 78 | resource "azurerm_windows_virtual_machine" "app_vm" {
 79 |   name                = "appvm"
 80 |   resource_group_name = azurerm_resource_group.app_grp.name
 81 |   location            = azurerm_resource_group.app_grp.location
 82 |   size                = "Standard_D2s_v3"
 83 |   admin_username      = "demousr"
 84 |   admin_password      = "Azure@123"  
 85 |   network_interface_ids = [
 86 |     azurerm_network_interface.app_interface.id,
 87 |   ]
 88 | 
 89 |   os_disk {
 90 |     caching              = "ReadWrite"
 91 |     storage_account_type = "Standard_LRS"
 92 |   }
 93 | 
 94 |   source_image_reference {
 95 |     publisher = "MicrosoftWindowsServer"
 96 |     offer     = "WindowsServer"
 97 |     sku       = "2019-Datacenter"
 98 |     version   = "latest"
 99 |   }
100 | 
101 |   depends_on = [
102 |     azurerm_network_interface.app_interface
103 |   ]
104 | }
105 | 
106 | 
107 | 
108 | resource "azurerm_network_security_group" "app_nsg" {
109 |   name                = "app-nsg"
110 |   location            = azurerm_resource_group.app_grp.location
111 |   resource_group_name = azurerm_resource_group.app_grp.name
112 | 
113 | # We are creating a rule to allow traffic on port 3389
114 |   security_rule {
115 |     name                       = "Allow_HTTP"
116 |     priority                   = 200
117 |     direction                  = "Inbound"
118 |     access                     = "Allow"
119 |     protocol                   = "Tcp"
120 |     source_port_range          = "*"
121 |     destination_port_range     = "3389"
122 |     source_address_prefix      = "*"
123 |     destination_address_prefix = "*"
124 |   }
125 | }
126 | 
127 | resource "azurerm_subnet_network_security_group_association" "nsg_association" {
128 |   subnet_id                 = azurerm_subnet.SubnetA.id
129 |   network_security_group_id = azurerm_network_security_group.app_nsg.id
130 |   depends_on = [
131 |     azurerm_network_security_group.app_nsg
132 |   ]
133 | }
134 | 
135 | resource "azurerm_public_ip" "bastion_ip" {
136 |   name                = "bastion-ip"
137 |   location            = azurerm_resource_group.app_grp.location
138 |   resource_group_name = azurerm_resource_group.app_grp.name
139 |   allocation_method   = "Static"
140 |   sku                 = "Standard"
141 | }
142 | 
143 | resource "azurerm_bastion_host" "app_bastion" {
144 |   name                = "app-bastion"
145 |   location            = azurerm_resource_group.app_grp.location
146 |   resource_group_name = azurerm_resource_group.app_grp.name
147 | 
148 |   ip_configuration {
149 |     name                 = "configuration"
150 |     subnet_id            = azurerm_subnet.Azure_Bastion_Subnet.id
151 |     public_ip_address_id = azurerm_public_ip.bastion_ip.id
152 |   }
153 | 
154 |   depends_on=[
155 |     azurerm_subnet.Azure_Bastion_Subnet,
156 |     azurerm_public_ip.bastion_ip
157 |   ]
158 | }


--------------------------------------------------------------------------------
/29. Lab - Azure Load Balancer/IIS_Config.ps1:
--------------------------------------------------------------------------------
1 | import-module servermanager
2 | add-windowsfeature web-server -includeallsubfeature
3 | add-windowsfeature Web-Asp-Net45
4 | add-windowsfeature NET-Framework-Features
5 | Set-Content -Path "C:\inetpub\wwwroot\Default.html" -Value "This is the server $($env:computername) !"


--------------------------------------------------------------------------------
/29. Lab - Azure Load Balancer/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.92.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = azurerm_resource_group.app_grp.name
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.0.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | // This interface is for appvm1
 51 | resource "azurerm_network_interface" "app_interface1" {
 52 |   name                = "app-interface1"
 53 |   location            = azurerm_resource_group.app_grp.location
 54 |   resource_group_name = azurerm_resource_group.app_grp.name
 55 | 
 56 |   ip_configuration {
 57 |     name                          = "internal"
 58 |     subnet_id                     = azurerm_subnet.SubnetA.id
 59 |     private_ip_address_allocation = "Dynamic"    
 60 |   }
 61 | 
 62 |   depends_on = [
 63 |     azurerm_virtual_network.app_network,
 64 |     azurerm_subnet.SubnetA
 65 |   ]
 66 | }
 67 | 
 68 | // This interface is for appvm2
 69 | resource "azurerm_network_interface" "app_interface2" {
 70 |   name                = "app-interface2"
 71 |   location            = azurerm_resource_group.app_grp.location
 72 |   resource_group_name = azurerm_resource_group.app_grp.name
 73 | 
 74 |   ip_configuration {
 75 |     name                          = "internal"
 76 |     subnet_id                     = azurerm_subnet.SubnetA.id
 77 |     private_ip_address_allocation = "Dynamic"    
 78 |   }
 79 | 
 80 |   depends_on = [
 81 |     azurerm_virtual_network.app_network,
 82 |     azurerm_subnet.SubnetA
 83 |   ]
 84 | }
 85 | 
 86 | // This is the resource for appvm1
 87 | resource "azurerm_windows_virtual_machine" "app_vm1" {
 88 |   name                = "appvm1"
 89 |   resource_group_name = azurerm_resource_group.app_grp.name
 90 |   location            = azurerm_resource_group.app_grp.location
 91 |   size                = "Standard_D2s_v3"
 92 |   admin_username      = "demousr"
 93 |   admin_password      = "Azure@123"
 94 |   availability_set_id = azurerm_availability_set.app_set.id
 95 |   network_interface_ids = [
 96 |     azurerm_network_interface.app_interface1.id,
 97 |   ]
 98 | 
 99 |   os_disk {
100 |     caching              = "ReadWrite"
101 |     storage_account_type = "Standard_LRS"
102 |   }
103 | 
104 |   source_image_reference {
105 |     publisher = "MicrosoftWindowsServer"
106 |     offer     = "WindowsServer"
107 |     sku       = "2019-Datacenter"
108 |     version   = "latest"
109 |   }
110 | 
111 |   depends_on = [
112 |     azurerm_network_interface.app_interface1,
113 |     azurerm_availability_set.app_set
114 |   ]
115 | }
116 | 
117 | // This is the resource for appvm2
118 | resource "azurerm_windows_virtual_machine" "app_vm2" {
119 |   name                = "appvm2"
120 |   resource_group_name = azurerm_resource_group.app_grp.name
121 |   location            = azurerm_resource_group.app_grp.location
122 |   size                = "Standard_D2s_v3"
123 |   admin_username      = "demousr"
124 |   admin_password      = "Azure@123"
125 |   availability_set_id = azurerm_availability_set.app_set.id
126 |   network_interface_ids = [
127 |     azurerm_network_interface.app_interface2.id,
128 |   ]
129 | 
130 |   os_disk {
131 |     caching              = "ReadWrite"
132 |     storage_account_type = "Standard_LRS"
133 |   }
134 | 
135 |   source_image_reference {
136 |     publisher = "MicrosoftWindowsServer"
137 |     offer     = "WindowsServer"
138 |     sku       = "2019-Datacenter"
139 |     version   = "latest"
140 |   }
141 | 
142 |   depends_on = [
143 |     azurerm_network_interface.app_interface2,
144 |     azurerm_availability_set.app_set
145 |   ]
146 | }
147 | 
148 | 
149 | resource "azurerm_availability_set" "app_set" {
150 |   name                = "app-set"
151 |   location            = azurerm_resource_group.app_grp.location
152 |   resource_group_name = azurerm_resource_group.app_grp.name
153 |   platform_fault_domain_count = 3
154 |   platform_update_domain_count = 3  
155 |   depends_on = [
156 |     azurerm_resource_group.app_grp
157 |   ]
158 | }
159 | 
160 | resource "azurerm_storage_account" "appstore" {
161 |   name                     = "appstore4577687"
162 |   resource_group_name      = azurerm_resource_group.app_grp.name
163 |   location                 = azurerm_resource_group.app_grp.location
164 |   account_tier             = "Standard"
165 |   account_replication_type = "LRS"
166 |   allow_blob_public_access = true
167 | }
168 | 
169 | resource "azurerm_storage_container" "data" {
170 |   name                  = "data"
171 |   storage_account_name  = "appstore4577687"
172 |   container_access_type = "blob"
173 |   depends_on=[
174 |     azurerm_storage_account.appstore
175 |     ]
176 | }
177 | 
178 | # Here we are uploading our IIS Configuration script as a blob
179 | # to the Azure storage account
180 | 
181 | resource "azurerm_storage_blob" "IIS_config" {
182 |   name                   = "IIS_Config.ps1"
183 |   storage_account_name   = "appstore4577687"
184 |   storage_container_name = "data"
185 |   type                   = "Block"
186 |   source                 = "IIS_Config.ps1"
187 |    depends_on=[azurerm_storage_container.data]
188 | }
189 | 
190 | // This is the extension for appvm1
191 | resource "azurerm_virtual_machine_extension" "vm_extension1" {
192 |   name                 = "appvm-extension"
193 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm1.id
194 |   publisher            = "Microsoft.Compute"
195 |   type                 = "CustomScriptExtension"
196 |   type_handler_version = "1.10"
197 |   depends_on = [
198 |     azurerm_storage_blob.IIS_config
199 |   ]
200 |   settings = <<SETTINGS
201 |     {
202 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
203 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
204 |     }
205 | SETTINGS
206 | }
207 | 
208 | 
209 | // This is the extension for appvm2
210 | resource "azurerm_virtual_machine_extension" "vm_extension2" {
211 |   name                 = "appvm-extension"
212 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm2.id
213 |   publisher            = "Microsoft.Compute"
214 |   type                 = "CustomScriptExtension"
215 |   type_handler_version = "1.10"
216 |   depends_on = [
217 |     azurerm_storage_blob.IIS_config
218 |   ]
219 |   settings = <<SETTINGS
220 |     {
221 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
222 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
223 |     }
224 | SETTINGS
225 | }
226 | 
227 | 
228 | resource "azurerm_network_security_group" "app_nsg" {
229 |   name                = "app-nsg"
230 |   location            = azurerm_resource_group.app_grp.location
231 |   resource_group_name = azurerm_resource_group.app_grp.name
232 | 
233 | # We are creating a rule to allow traffic on port 80
234 |   security_rule {
235 |     name                       = "Allow_HTTP"
236 |     priority                   = 200
237 |     direction                  = "Inbound"
238 |     access                     = "Allow"
239 |     protocol                   = "Tcp"
240 |     source_port_range          = "*"
241 |     destination_port_range     = "80"
242 |     source_address_prefix      = "*"
243 |     destination_address_prefix = "*"
244 |   }
245 | }
246 | 
247 | resource "azurerm_subnet_network_security_group_association" "nsg_association" {
248 |   subnet_id                 = azurerm_subnet.SubnetA.id
249 |   network_security_group_id = azurerm_network_security_group.app_nsg.id
250 |   depends_on = [
251 |     azurerm_network_security_group.app_nsg
252 |   ]
253 | }


--------------------------------------------------------------------------------
/30. Lab - Azure Public DNS Zone/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.92.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = azurerm_resource_group.app_grp.name
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.1.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | // This interface is for appvm1
 51 | resource "azurerm_network_interface" "app_interface1" {
 52 |   name                = "app-interface1"
 53 |   location            = azurerm_resource_group.app_grp.location
 54 |   resource_group_name = azurerm_resource_group.app_grp.name
 55 | 
 56 |   ip_configuration {
 57 |     name                          = "internal"
 58 |     subnet_id                     = azurerm_subnet.SubnetA.id
 59 |     private_ip_address_allocation = "Dynamic"    
 60 |   }
 61 | 
 62 |   depends_on = [
 63 |     azurerm_virtual_network.app_network,
 64 |     azurerm_subnet.SubnetA
 65 |   ]
 66 | }
 67 | 
 68 | // This interface is for appvm2
 69 | resource "azurerm_network_interface" "app_interface2" {
 70 |   name                = "app-interface2"
 71 |   location            = azurerm_resource_group.app_grp.location
 72 |   resource_group_name = azurerm_resource_group.app_grp.name
 73 | 
 74 |   ip_configuration {
 75 |     name                          = "internal"
 76 |     subnet_id                     = azurerm_subnet.SubnetA.id
 77 |     private_ip_address_allocation = "Dynamic"    
 78 |   }
 79 | 
 80 |   depends_on = [
 81 |     azurerm_virtual_network.app_network,
 82 |     azurerm_subnet.SubnetA
 83 |   ]
 84 | }
 85 | 
 86 | // This is the resource for appvm1
 87 | resource "azurerm_windows_virtual_machine" "app_vm1" {
 88 |   name                = "appvm1"
 89 |   resource_group_name = azurerm_resource_group.app_grp.name
 90 |   location            = azurerm_resource_group.app_grp.location
 91 |   size                = "Standard_D2s_v3"
 92 |   admin_username      = "demousr"
 93 |   admin_password      = "Azure@123"
 94 |   availability_set_id = azurerm_availability_set.app_set.id
 95 |   network_interface_ids = [
 96 |     azurerm_network_interface.app_interface1.id,
 97 |   ]
 98 | 
 99 |   os_disk {
100 |     caching              = "ReadWrite"
101 |     storage_account_type = "Standard_LRS"
102 |   }
103 | 
104 |   source_image_reference {
105 |     publisher = "MicrosoftWindowsServer"
106 |     offer     = "WindowsServer"
107 |     sku       = "2019-Datacenter"
108 |     version   = "latest"
109 |   }
110 | 
111 |   depends_on = [
112 |     azurerm_network_interface.app_interface1,
113 |     azurerm_availability_set.app_set
114 |   ]
115 | }
116 | 
117 | // This is the resource for appvm2
118 | resource "azurerm_windows_virtual_machine" "app_vm2" {
119 |   name                = "appvm2"
120 |   resource_group_name = azurerm_resource_group.app_grp.name
121 |   location            = azurerm_resource_group.app_grp.location
122 |   size                = "Standard_D2s_v3"
123 |   admin_username      = "demousr"
124 |   admin_password      = "Azure@123"
125 |   availability_set_id = azurerm_availability_set.app_set.id
126 |   network_interface_ids = [
127 |     azurerm_network_interface.app_interface2.id,
128 |   ]
129 | 
130 |   os_disk {
131 |     caching              = "ReadWrite"
132 |     storage_account_type = "Standard_LRS"
133 |   }
134 | 
135 |   source_image_reference {
136 |     publisher = "MicrosoftWindowsServer"
137 |     offer     = "WindowsServer"
138 |     sku       = "2019-Datacenter"
139 |     version   = "latest"
140 |   }
141 | 
142 |   depends_on = [
143 |     azurerm_network_interface.app_interface2,
144 |     azurerm_availability_set.app_set
145 |   ]
146 | }
147 | 
148 | 
149 | resource "azurerm_availability_set" "app_set" {
150 |   name                = "app-set"
151 |   location            = azurerm_resource_group.app_grp.location
152 |   resource_group_name = azurerm_resource_group.app_grp.name
153 |   platform_fault_domain_count = 3
154 |   platform_update_domain_count = 3  
155 |   depends_on = [
156 |     azurerm_resource_group.app_grp
157 |   ]
158 | }
159 | 
160 | resource "azurerm_storage_account" "appstore" {
161 |   name                     = "appstore4577687"
162 |   resource_group_name      = azurerm_resource_group.app_grp.name
163 |   location                 = azurerm_resource_group.app_grp.location
164 |   account_tier             = "Standard"
165 |   account_replication_type = "LRS"
166 |   allow_blob_public_access = true
167 | }
168 | 
169 | resource "azurerm_storage_container" "data" {
170 |   name                  = "data"
171 |   storage_account_name  = "appstore4577687"
172 |   container_access_type = "blob"
173 |   depends_on=[
174 |     azurerm_storage_account.appstore
175 |     ]
176 | }
177 | 
178 | # Here we are uploading our IIS Configuration script as a blob
179 | # to the Azure storage account
180 | 
181 | resource "azurerm_storage_blob" "IIS_config" {
182 |   name                   = "IIS_Config.ps1"
183 |   storage_account_name   = "appstore4577687"
184 |   storage_container_name = "data"
185 |   type                   = "Block"
186 |   source                 = "IIS_Config.ps1"
187 |    depends_on=[azurerm_storage_container.data]
188 | }
189 | 
190 | // This is the extension for appvm1
191 | resource "azurerm_virtual_machine_extension" "vm_extension1" {
192 |   name                 = "appvm-extension"
193 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm1.id
194 |   publisher            = "Microsoft.Compute"
195 |   type                 = "CustomScriptExtension"
196 |   type_handler_version = "1.10"
197 |   depends_on = [
198 |     azurerm_storage_blob.IIS_config
199 |   ]
200 |   settings = <<SETTINGS
201 |     {
202 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
203 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
204 |     }
205 | SETTINGS
206 | }
207 | 
208 | 
209 | // This is the extension for appvm2
210 | resource "azurerm_virtual_machine_extension" "vm_extension2" {
211 |   name                 = "appvm-extension"
212 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm2.id
213 |   publisher            = "Microsoft.Compute"
214 |   type                 = "CustomScriptExtension"
215 |   type_handler_version = "1.10"
216 |   depends_on = [
217 |     azurerm_storage_blob.IIS_config
218 |   ]
219 |   settings = <<SETTINGS
220 |     {
221 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
222 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
223 |     }
224 | SETTINGS
225 | }
226 | 
227 | 
228 | resource "azurerm_network_security_group" "app_nsg" {
229 |   name                = "app-nsg"
230 |   location            = azurerm_resource_group.app_grp.location
231 |   resource_group_name = azurerm_resource_group.app_grp.name
232 | 
233 | # We are creating a rule to allow traffic on port 80
234 |   security_rule {
235 |     name                       = "Allow_HTTP"
236 |     priority                   = 200
237 |     direction                  = "Inbound"
238 |     access                     = "Allow"
239 |     protocol                   = "Tcp"
240 |     source_port_range          = "*"
241 |     destination_port_range     = "80"
242 |     source_address_prefix      = "*"
243 |     destination_address_prefix = "*"
244 |   }
245 | }
246 | 
247 | resource "azurerm_subnet_network_security_group_association" "nsg_association" {
248 |   subnet_id                 = azurerm_subnet.SubnetA.id
249 |   network_security_group_id = azurerm_network_security_group.app_nsg.id
250 |   depends_on = [
251 |     azurerm_network_security_group.app_nsg
252 |   ]
253 | }
254 | 
255 | // Lets create the Load balancer
256 | 
257 | resource "azurerm_public_ip" "load_ip" {
258 |   name                = "load-ip"
259 |   location            = azurerm_resource_group.app_grp.location
260 |   resource_group_name = azurerm_resource_group.app_grp.name
261 |   allocation_method   = "Static"
262 |   sku="Standard"
263 | }
264 | 
265 | resource "azurerm_lb" "app_balancer" {
266 |   name                = "app-balancer"
267 |   location            = azurerm_resource_group.app_grp.location
268 |   resource_group_name = azurerm_resource_group.app_grp.name
269 |   sku="Standard"
270 |   sku_tier = "Regional"
271 |   frontend_ip_configuration {
272 |     name                 = "frontend-ip"
273 |     public_ip_address_id = azurerm_public_ip.load_ip.id
274 |   }
275 | 
276 |   depends_on=[
277 |     azurerm_public_ip.load_ip
278 |   ]
279 | }
280 | 
281 | // Here we are defining the backend pool
282 | resource "azurerm_lb_backend_address_pool" "PoolA" {
283 |   loadbalancer_id = azurerm_lb.app_balancer.id
284 |   name            = "PoolA"
285 |   depends_on=[
286 |     azurerm_lb.app_balancer
287 |   ]
288 | }
289 | 
290 | resource "azurerm_lb_backend_address_pool_address" "appvm1_address" {
291 |   name                    = "appvm1"
292 |   backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
293 |   virtual_network_id      = azurerm_virtual_network.app_network.id
294 |   ip_address              = azurerm_network_interface.app_interface1.private_ip_address
295 |   depends_on=[
296 |     azurerm_lb_backend_address_pool.PoolA
297 |   ]
298 | }
299 | 
300 | resource "azurerm_lb_backend_address_pool_address" "appvm2_address" {
301 |   name                    = "appvm2"
302 |   backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
303 |   virtual_network_id      = azurerm_virtual_network.app_network.id
304 |   ip_address              = azurerm_network_interface.app_interface2.private_ip_address
305 |   depends_on=[
306 |     azurerm_lb_backend_address_pool.PoolA
307 |   ]
308 | }
309 | 
310 | 
311 | // Here we are defining the Health Probe
312 | resource "azurerm_lb_probe" "ProbeA" {
313 |   resource_group_name = azurerm_resource_group.app_grp.name
314 |   loadbalancer_id     = azurerm_lb.app_balancer.id
315 |   name                = "probeA"
316 |   port                = 80
317 |   protocol            =  "Tcp"
318 |   depends_on=[
319 |     azurerm_lb.app_balancer
320 |   ]
321 | }
322 | 
323 | // Here we are defining the Load Balancing Rule
324 | resource "azurerm_lb_rule" "RuleA" {
325 |   resource_group_name            = azurerm_resource_group.app_grp.name
326 |   loadbalancer_id                = azurerm_lb.app_balancer.id
327 |   name                           = "RuleA"
328 |   protocol                       = "Tcp"
329 |   frontend_port                  = 80
330 |   backend_port                   = 80
331 |   frontend_ip_configuration_name = "frontend-ip"
332 |   backend_address_pool_ids = [ azurerm_lb_backend_address_pool.PoolA.id ]
333 |   depends_on=[
334 |     azurerm_lb.app_balancer
335 |   ]
336 | }
337 | 
338 | // This is used for creating the NAT Rules
339 | 
340 | resource "azurerm_lb_nat_rule" "NATRuleA" {
341 |   resource_group_name            = azurerm_resource_group.app_grp.name
342 |   loadbalancer_id                = azurerm_lb.app_balancer.id
343 |   name                           = "RDPAccess"
344 |   protocol                       = "Tcp"
345 |   frontend_port                  = 3389
346 |   backend_port                   = 3389
347 |   frontend_ip_configuration_name = "frontend-ip"
348 |   depends_on=[
349 |     azurerm_lb.app_balancer
350 |   ]
351 | }
352 | 
353 | // Here we are creating the Public DNS Zone
354 | resource "azurerm_dns_zone" "public_zone" {
355 |   name                = "cloudportalhub.com"
356 |   resource_group_name = azurerm_resource_group.app_grp.name
357 | }
358 | 
359 | output "server_names"{
360 |   value=azurerm_dns_zone.public_zone.name_servers
361 | }
362 | 
363 | // Pointing the domain name to the load balancer
364 | resource "azurerm_dns_a_record" "load_balancer_record" {
365 |   name                = "www"
366 |   zone_name           = azurerm_dns_zone.public_zone.name
367 |   resource_group_name = azurerm_resource_group.app_grp.name
368 |   ttl                 = 360
369 |   records             = [azurerm_public_ip.load_ip.ip_address]
370 | }


--------------------------------------------------------------------------------
/31. Lab - Virtual Machine Scale Set/IIS_Config.ps1:
--------------------------------------------------------------------------------
1 | import-module servermanager
2 | add-windowsfeature web-server -includeallsubfeature
3 | add-windowsfeature Web-Asp-Net45
4 | add-windowsfeature NET-Framework-Features
5 | Set-Content -Path "C:\inetpub\wwwroot\Default.html" -Value "This is the server $($env:computername) !"


--------------------------------------------------------------------------------
/31. Lab - Virtual Machine Scale Set/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | // First we create a virtual network to hold the machines that 
 31 | // are going to be part of the virtual machine scale set
 32 | 
 33 | resource "azurerm_virtual_network" "app_network" {
 34 |   name                = "app-network"
 35 |   location            = local.location
 36 |   resource_group_name = azurerm_resource_group.app_grp.name
 37 |   address_space       = ["10.0.0.0/16"]  
 38 |   depends_on = [
 39 |     azurerm_resource_group.app_grp
 40 |   ]
 41 | }
 42 | 
 43 | // The virtual network will have the following subnet
 44 | 
 45 | resource "azurerm_subnet" "SubnetA" {
 46 |   name                 = "SubnetA"
 47 |   resource_group_name  = azurerm_resource_group.app_grp.name
 48 |   virtual_network_name = azurerm_virtual_network.app_network.name
 49 |   address_prefixes     = ["10.0.1.0/24"]
 50 |   depends_on = [
 51 |     azurerm_virtual_network.app_network
 52 |   ]
 53 | }
 54 | 
 55 | // The public IP address is going to be assigned to the load balancer
 56 | resource "azurerm_public_ip" "load_ip" {
 57 |   name                = "load-ip"
 58 |   location            = azurerm_resource_group.app_grp.location
 59 |   resource_group_name = azurerm_resource_group.app_grp.name
 60 |   allocation_method   = "Static"
 61 |   sku="Standard"
 62 | }
 63 | 
 64 | // Here we are creating the Azure Load Balancer
 65 | // This will be sitting in front of the Load Balancer
 66 | 
 67 | resource "azurerm_lb" "app_balancer" {
 68 |   name                = "app-balancer"
 69 |   location            = azurerm_resource_group.app_grp.location
 70 |   resource_group_name = azurerm_resource_group.app_grp.name
 71 |   sku="Standard"
 72 |   sku_tier = "Regional"
 73 |   frontend_ip_configuration {
 74 |     name                 = "frontend-ip"
 75 |     public_ip_address_id = azurerm_public_ip.load_ip.id
 76 |   }
 77 | 
 78 |   depends_on=[
 79 |     azurerm_public_ip.load_ip
 80 |   ]
 81 | }
 82 | 
 83 | // Here we are defining the backend pool
 84 | resource "azurerm_lb_backend_address_pool" "scalesetpool" {
 85 |   loadbalancer_id = azurerm_lb.app_balancer.id
 86 |   name            = "scalesetpool"
 87 |   depends_on=[
 88 |     azurerm_lb.app_balancer
 89 |   ]
 90 | }
 91 | 
 92 | // Here we are defining the Health Probe
 93 | resource "azurerm_lb_probe" "ProbeA" {
 94 |   resource_group_name = azurerm_resource_group.app_grp.name
 95 |   loadbalancer_id     = azurerm_lb.app_balancer.id
 96 |   name                = "probeA"
 97 |   port                = 80
 98 |   protocol            =  "Tcp"
 99 |   depends_on=[
100 |     azurerm_lb.app_balancer
101 |   ]
102 | }
103 | 
104 | // Here we are defining the Load Balancing Rule
105 | resource "azurerm_lb_rule" "RuleA" {
106 |   resource_group_name            = azurerm_resource_group.app_grp.name
107 |   loadbalancer_id                = azurerm_lb.app_balancer.id
108 |   name                           = "RuleA"
109 |   protocol                       = "Tcp"
110 |   frontend_port                  = 80
111 |   backend_port                   = 80
112 |   frontend_ip_configuration_name = "frontend-ip"
113 |   backend_address_pool_ids = [ azurerm_lb_backend_address_pool.scalesetpool.id ]
114 | }
115 | 
116 | resource "azurerm_windows_virtual_machine_scale_set" "scale_set" {
117 |   name                = "scale-set"
118 |   resource_group_name = azurerm_resource_group.app_grp.name
119 |   location            = azurerm_resource_group.app_grp.location
120 |   sku                 = "Standard_D2s_v3"
121 |   instances           = 2
122 |   admin_password      = "Azure@123"
123 |   admin_username      = "vmuser"
124 |   upgrade_mode = "Automatic"
125 |   source_image_reference {
126 |     publisher = "MicrosoftWindowsServer"
127 |     offer     = "WindowsServer"
128 |     sku       = "2019-Datacenter"
129 |     version   = "latest"
130 |   }
131 | 
132 |   os_disk {
133 |     storage_account_type = "Standard_LRS"
134 |     caching              = "ReadWrite"
135 |   }
136 | 
137 |   network_interface {
138 |     name    = "scaleset-interface"
139 |     primary = true
140 | 
141 |     ip_configuration {
142 |       name      = "internal"
143 |       primary   = true
144 |       subnet_id = azurerm_subnet.SubnetA.id
145 |       load_balancer_backend_address_pool_ids =[azurerm_lb_backend_address_pool.scalesetpool.id]
146 |     }    
147 |   }
148 |   depends_on=[
149 |       azurerm_virtual_network.app_network
150 |     ]
151 | }
152 | 
153 | // We want to ensure that we have a web server running on the 
154 | // machines that are part of the backend pool
155 | 
156 | resource "azurerm_storage_account" "appstore" {
157 |   name                     = "appstore4577687"
158 |   resource_group_name      = azurerm_resource_group.app_grp.name
159 |   location                 = azurerm_resource_group.app_grp.location
160 |   account_tier             = "Standard"
161 |   account_replication_type = "LRS"
162 |   allow_blob_public_access = true
163 | }
164 | 
165 | resource "azurerm_storage_container" "data" {
166 |   name                  = "data"
167 |   storage_account_name  = "appstore4577687"
168 |   container_access_type = "blob"
169 |   depends_on=[
170 |     azurerm_storage_account.appstore
171 |     ]
172 | }
173 | 
174 | # Here we are uploading our IIS Configuration script as a blob
175 | # to the Azure storage account
176 | 
177 | resource "azurerm_storage_blob" "IIS_config" {
178 |   name                   = "IIS_Config.ps1"
179 |   storage_account_name   = "appstore4577687"
180 |   storage_container_name = "data"
181 |   type                   = "Block"
182 |   source                 = "IIS_Config.ps1"
183 |    depends_on=[azurerm_storage_container.data]
184 | }
185 | 
186 | // Here we are applying the custom script extension on the 
187 | // virtual machine scale set
188 | resource "azurerm_virtual_machine_scale_set_extension" "scaleset_extension" {
189 |   name                 = "scaleset-extension"
190 |   virtual_machine_scale_set_id   = azurerm_windows_virtual_machine_scale_set.scale_set.id
191 |   publisher            = "Microsoft.Compute"
192 |   type                 = "CustomScriptExtension"
193 |   type_handler_version = "1.9"
194 |   depends_on = [
195 |     azurerm_storage_blob.IIS_config
196 |   ]
197 |   settings = <<SETTINGS
198 |     {
199 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config.ps1"],
200 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config.ps1"     
201 |     }
202 | SETTINGS
203 | }
204 | 
205 | 
206 | resource "azurerm_network_security_group" "app_nsg" {
207 |   name                = "app-nsg"
208 |   location            = local.location
209 |   resource_group_name = local.resource_group
210 | 
211 | # We are creating a rule to allow traffic on port 80
212 |   security_rule {
213 |     name                       = "Allow_HTTP"
214 |     priority                   = 200
215 |     direction                  = "Inbound"
216 |     access                     = "Allow"
217 |     protocol                   = "Tcp"
218 |     source_port_range          = "*"
219 |     destination_port_range     = "80"
220 |     source_address_prefix      = "*"
221 |     destination_address_prefix = "*"
222 |   }
223 | }
224 | 
225 | resource "azurerm_subnet_network_security_group_association" "nsg_association" {
226 |   subnet_id                 = azurerm_subnet.SubnetA.id
227 |   network_security_group_id = azurerm_network_security_group.app_nsg.id
228 |   depends_on = [
229 |     azurerm_network_security_group.app_nsg
230 |   ]
231 | }


--------------------------------------------------------------------------------
/32. Lab - Azure Traffic Manager/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = ">=2.92.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_app_service_plan" "primary_plan" {
 31 |   name                = "primary-plan1000"
 32 |   location            = "North Europe"
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 | 
 35 |   sku {
 36 |     tier = "Standard"
 37 |     size = "S1"
 38 |   }
 39 | }
 40 | 
 41 | resource "azurerm_app_service" "primary_webapp" {
 42 |   name                = "primaryapp1000"
 43 |   location            = "North Europe"
 44 |   resource_group_name = azurerm_resource_group.app_grp.name
 45 |   app_service_plan_id = azurerm_app_service_plan.primary_plan.id
 46 |    site_config {    
 47 |     dotnet_framework_version = "v6.0"
 48 |   }
 49 |    source_control {
 50 |     repo_url           = "https://github.com/alashro/primaryapp"
 51 |     branch             = "master"
 52 |     manual_integration = true
 53 |     use_mercurial      = false
 54 |   }
 55 | }
 56 | 
 57 | resource "azurerm_app_service_plan" "secondary_plan" {
 58 |   name                = "secondary-plan1000"
 59 |   location            = "UK South"
 60 |   resource_group_name = azurerm_resource_group.app_grp.name
 61 | 
 62 |   sku {
 63 |     tier = "Standard"
 64 |     size = "S1"
 65 |   }
 66 | }
 67 | 
 68 | resource "azurerm_app_service" "secondary_webapp" {
 69 |   name                = "secondaryapp1000"
 70 |   location            = "UK South"
 71 |   resource_group_name = azurerm_resource_group.app_grp.name
 72 |   app_service_plan_id = azurerm_app_service_plan.secondary_plan.id
 73 |    site_config {    
 74 |     dotnet_framework_version = "v6.0"
 75 |   }
 76 |    source_control {
 77 |     repo_url           = "https://github.com/alashro/secondaryapp"
 78 |     branch             = "master"
 79 |     manual_integration = true
 80 |     use_mercurial      = false
 81 |   }
 82 | }
 83 | 
 84 | // Here we are creating a Traffic Manager Profile
 85 | 
 86 | resource "azurerm_traffic_manager_profile" "traffic_profile" {
 87 |   name                   = "traffic-profile2000"
 88 |   resource_group_name    = azurerm_resource_group.app_grp.name
 89 |   traffic_routing_method = "Priority"
 90 |    dns_config {
 91 |     relative_name = "traffic-profile2000"
 92 |     ttl           = 100
 93 |   }
 94 |   monitor_config {
 95 |     protocol                     = "https"
 96 |     port                         = 443
 97 |     path                         = "/"
 98 |     interval_in_seconds          = 30
 99 |     timeout_in_seconds           = 10
100 |     tolerated_number_of_failures = 2
101 |   }
102 |   }
103 | 
104 | 
105 | resource "azurerm_traffic_manager_azure_endpoint" "primary_endpoint" {
106 |   name               = "primary-endpoint"
107 |   profile_id         = azurerm_traffic_manager_profile.traffic_profile.id
108 |   priority           = 1
109 |   weight             = 100
110 |   target_resource_id = azurerm_app_service.primary_webapp.id
111 | }
112 | 
113 | 
114 | resource "azurerm_traffic_manager_azure_endpoint" "secondary_endpoint" {
115 |   name               = "secondary-endpoint"
116 |   profile_id         = azurerm_traffic_manager_profile.traffic_profile.id
117 |   priority           = 2
118 |   weight             = 100
119 |   target_resource_id = azurerm_app_service.secondary_webapp.id
120 | }
121 | 
122 | 


--------------------------------------------------------------------------------
/33. Lab - Log Analytics workspace/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_log_analytics_workspace" "vm_workspace" {
 31 |   name                = "vm-workspace2000"
 32 |   location            = azurerm_resource_group.app_grp.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   sku                 = "PerGB2018"
 35 |   retention_in_days   = 30
 36 | }
 37 | 
 38 | resource "azurerm_virtual_network" "app_network" {
 39 |   name                = "app-network"
 40 |   location            = azurerm_resource_group.app_grp.location
 41 |   resource_group_name = azurerm_resource_group.app_grp.name
 42 |   address_space       = ["10.0.0.0/16"]  
 43 |   depends_on = [
 44 |     azurerm_resource_group.app_grp
 45 |   ]
 46 | }
 47 | 
 48 | resource "azurerm_subnet" "SubnetA" {
 49 |   name                 = "SubnetA"
 50 |   resource_group_name  = azurerm_resource_group.app_grp.name
 51 |   virtual_network_name = azurerm_virtual_network.app_network.name
 52 |   address_prefixes     = ["10.0.0.0/24"]
 53 |   depends_on = [
 54 |     azurerm_virtual_network.app_network
 55 |   ]
 56 | }
 57 | 
 58 | resource "azurerm_network_interface" "app_interface" {
 59 |   name                = "app-interface"
 60 |   location            = azurerm_resource_group.app_grp.location
 61 |   resource_group_name = azurerm_resource_group.app_grp.name
 62 | 
 63 |   ip_configuration {
 64 |     name                          = "internal"
 65 |     subnet_id                     = azurerm_subnet.SubnetA.id
 66 |     private_ip_address_allocation = "Dynamic"
 67 |   }
 68 | 
 69 |   depends_on = [
 70 |     azurerm_virtual_network.app_network,
 71 |     azurerm_subnet.SubnetA
 72 |   ]
 73 | }
 74 | 
 75 | resource "azurerm_windows_virtual_machine" "app_vm" {
 76 |   name                = "appvm"
 77 |   resource_group_name = azurerm_resource_group.app_grp.name
 78 |   location            = azurerm_resource_group.app_grp.location
 79 |   size                = "Standard_D2s_v3"
 80 |   admin_username      = "demousr"
 81 |   admin_password      = "Azure@123"  
 82 |   network_interface_ids = [
 83 |     azurerm_network_interface.app_interface.id,
 84 |   ]
 85 | 
 86 |   os_disk {
 87 |     caching              = "ReadWrite"
 88 |     storage_account_type = "Standard_LRS"
 89 |   }
 90 | 
 91 |   source_image_reference {
 92 |     publisher = "MicrosoftWindowsServer"
 93 |     offer     = "WindowsServer"
 94 |     sku       = "2019-Datacenter"
 95 |     version   = "latest"
 96 |   }
 97 | 
 98 |   depends_on = [
 99 |     azurerm_network_interface.app_interface
100 |   ]
101 | }
102 | 
103 | 
104 | resource "azurerm_virtual_machine_extension" "vmagent" {
105 | 
106 |   name                 = "vmagent"
107 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm.id
108 |   publisher            = "Microsoft.EnterpriseCloud.Monitoring"
109 |   type                 = "MicrosoftMonitoringAgent"
110 |   type_handler_version = "1.0"
111 |   
112 |   auto_upgrade_minor_version = "true"
113 |   settings = <<SETTINGS
114 |     {
115 |       "workspaceId": "${azurerm_log_analytics_workspace.vm_workspace.workspace_id}"
116 |     }
117 | SETTINGS
118 |    protected_settings = <<PROTECTED_SETTINGS
119 |    {
120 |       "workspaceKey": "${azurerm_log_analytics_workspace.vm_workspace.primary_shared_key}"
121 |    }
122 | PROTECTED_SETTINGS
123 | }
124 | 
125 | // We want to collect the security events from the virtual machine
126 | 
127 | resource "azurerm_log_analytics_datasource_windows_event" "collect_events" {
128 |   name                = "collect-events"
129 |   resource_group_name = azurerm_resource_group.app_grp.name
130 |   workspace_name      = azurerm_log_analytics_workspace.vm_workspace.name
131 |   event_log_name      = "System"
132 |   event_types         = ["Information"]
133 | }


--------------------------------------------------------------------------------
/34. Lab - Azure Monitor alerts/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | 
 31 | resource "azurerm_virtual_network" "app_network" {
 32 |   name                = "app-network"
 33 |   location            = azurerm_resource_group.app_grp.location
 34 |   resource_group_name = azurerm_resource_group.app_grp.name
 35 |   address_space       = ["10.0.0.0/16"]  
 36 |   depends_on = [
 37 |     azurerm_resource_group.app_grp
 38 |   ]
 39 | }
 40 | 
 41 | resource "azurerm_subnet" "SubnetA" {
 42 |   name                 = "SubnetA"
 43 |   resource_group_name  = azurerm_resource_group.app_grp.name
 44 |   virtual_network_name = azurerm_virtual_network.app_network.name
 45 |   address_prefixes     = ["10.0.0.0/24"]
 46 |   depends_on = [
 47 |     azurerm_virtual_network.app_network
 48 |   ]
 49 | }
 50 | 
 51 | resource "azurerm_network_interface" "app_interface" {
 52 |   name                = "app-interface"
 53 |   location            = azurerm_resource_group.app_grp.location
 54 |   resource_group_name = azurerm_resource_group.app_grp.name
 55 | 
 56 |   ip_configuration {
 57 |     name                          = "internal"
 58 |     subnet_id                     = azurerm_subnet.SubnetA.id
 59 |     private_ip_address_allocation = "Dynamic"
 60 |   }
 61 | 
 62 |   depends_on = [
 63 |     azurerm_virtual_network.app_network,
 64 |     azurerm_subnet.SubnetA
 65 |   ]
 66 | }
 67 | 
 68 | resource "azurerm_windows_virtual_machine" "app_vm" {
 69 |   name                = "appvm"
 70 |   resource_group_name = azurerm_resource_group.app_grp.name
 71 |   location            = azurerm_resource_group.app_grp.location
 72 |   size                = "Standard_D2s_v3"
 73 |   admin_username      = "demousr"
 74 |   admin_password      = "Azure@123"  
 75 |   network_interface_ids = [
 76 |     azurerm_network_interface.app_interface.id,
 77 |   ]
 78 | 
 79 |   os_disk {
 80 |     caching              = "ReadWrite"
 81 |     storage_account_type = "Standard_LRS"
 82 |   }
 83 | 
 84 |   source_image_reference {
 85 |     publisher = "MicrosoftWindowsServer"
 86 |     offer     = "WindowsServer"
 87 |     sku       = "2019-Datacenter"
 88 |     version   = "latest"
 89 |   }
 90 | 
 91 |   depends_on = [
 92 |     azurerm_network_interface.app_interface
 93 |   ]
 94 | }
 95 | 
 96 | // We need to define the action group
 97 | resource "azurerm_monitor_action_group" "email_alert" {
 98 |   name                = "email-alert"
 99 |   resource_group_name = azurerm_resource_group.app_grp.name
100 |   short_name          = "email-alert"
101 | 
102 |    email_receiver {
103 |     name                    = "sendtoAdmin"
104 |     email_address           = ""
105 |     use_common_alert_schema = true
106 |   }
107 | 
108 | }
109 | 
110 | // Here we are defining the metric
111 | resource "azurerm_monitor_metric_alert" "Network_Threshold_alert" {
112 |   name                = "Network-Threshold-alert"
113 |   resource_group_name = azurerm_resource_group.app_grp.name
114 |   scopes              = [azurerm_windows_virtual_machine.app_vm.id]
115 |   description         = "The alert will be sent if the Network Out bytes exceeds 70 bytes"
116 | 
117 |   criteria {
118 |     metric_namespace = "Microsoft.Compute/virtualMachines"
119 |     metric_name      = "Network Out Total"
120 |     aggregation      = "Total"
121 |     operator         = "GreaterThan"
122 |     threshold        = 70    
123 |   }
124 | 
125 |   action {
126 |     action_group_id = azurerm_monitor_action_group.email_alert.id
127 |   }
128 | 
129 |   depends_on = [
130 |     azurerm_windows_virtual_machine.app_vm,
131 |     azurerm_monitor_metric_alert.email_alert
132 |   ]
133 | }
134 | 
135 | 


--------------------------------------------------------------------------------
/35. Lab - Budget alerts/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.93.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"  
22 | }
23 | 
24 | 
25 | resource "azurerm_resource_group" "app_grp"{
26 |   name=local.resource_group
27 |   location=local.location
28 | }
29 | 
30 | 
31 | 
32 | // We need to define the action group
33 | resource "azurerm_monitor_action_group" "email_alert" {
34 |   name                = "email-alert"
35 |   resource_group_name = azurerm_resource_group.app_grp.name
36 |   short_name          = "email-alert"
37 | 
38 |    email_receiver {
39 |     name                    = "sendtoAdmin"
40 |     email_address           = ""
41 |     use_common_alert_schema = true
42 |   }
43 | 
44 | }
45 | 
46 | resource "azurerm_consumption_budget_resource_group" "Monthly_budget" {
47 |   name              = "Monthly-budget"
48 |   resource_group_id = azurerm_resource_group.app_grp.id
49 | 
50 |   amount     = 50
51 |   time_grain = "Monthly"
52 | 
53 |   time_period {
54 |     start_date = "2022-02-01T00:00:00Z"
55 |     end_date   = "2022-12-01T00:00:00Z"
56 |   }
57 | 
58 |     notification {
59 |     enabled        = true
60 |     threshold      = 70.0
61 |     operator       = "EqualTo"
62 |     threshold_type = "Forecasted"
63 | 
64 |     
65 |     contact_groups = [
66 |       azurerm_monitor_action_group.email_alert.id,
67 |     ]
68 |     }
69 | }


--------------------------------------------------------------------------------
/36. Lab - Azure Function App/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.96.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | 
19 | locals {
20 |   resource_group="app-grp"
21 |   location="North Europe"
22 | }
23 | 
24 | 
25 | resource "azurerm_resource_group" "app_grp"{
26 |   name=local.resource_group
27 |   location=local.location
28 | }
29 | 
30 | resource "azurerm_storage_account" "functionstore_089889" {
31 |   name                     = "functionstore089889"
32 |   resource_group_name      = azurerm_resource_group.app_grp.name
33 |   location                 = azurerm_resource_group.app_grp.location
34 |   account_tier             = "Standard"
35 |   account_replication_type = "LRS"
36 | }
37 | 
38 | resource "azurerm_app_service_plan" "function_app_plan" {
39 |   name                = "function-app-plan"
40 |   location            = azurerm_resource_group.app_grp.location
41 |   resource_group_name = azurerm_resource_group.app_grp.name
42 | 
43 |   sku {
44 |     tier = "Standard"
45 |     size = "S1"
46 |   }
47 | }
48 | 
49 | resource "azurerm_function_app" "functionapp_1234000" {
50 |   name                       = "functionapp1234000"
51 |   location                   = azurerm_resource_group.app_grp.location
52 |   resource_group_name        = azurerm_resource_group.app_grp.name
53 |   app_service_plan_id        = azurerm_app_service_plan.function_app_plan.id
54 |   storage_account_name       = azurerm_storage_account.functionstore_089889.name
55 |   storage_account_access_key = azurerm_storage_account.functionstore_089889.primary_access_key
56 |   site_config {
57 |     dotnet_framework_version = "v6.0"
58 |   }
59 | }


--------------------------------------------------------------------------------
/37. Lab - Role based access control/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | data "azurerm_subscription" "my_subscription" {
 19 | }
 20 | 
 21 | locals {
 22 |   resource_group="app-grp"
 23 |   location="North Europe"  
 24 | }
 25 | 
 26 | 
 27 | resource "azurerm_resource_group" "app_grp"{
 28 |   name=local.resource_group
 29 |   location=local.location
 30 | }
 31 | 
 32 | resource "azurerm_virtual_network" "app_network" {
 33 |   name                = "app-network"
 34 |   location            = azurerm_resource_group.app_grp.location
 35 |   resource_group_name = azurerm_resource_group.app_grp.name
 36 |   address_space       = ["10.0.0.0/16"]  
 37 |   depends_on = [
 38 |     azurerm_resource_group.app_grp
 39 |   ]
 40 | }
 41 | 
 42 | resource "azurerm_subnet" "SubnetA" {
 43 |   name                 = "SubnetA"
 44 |   resource_group_name  = azurerm_resource_group.app_grp.name
 45 |   virtual_network_name = azurerm_virtual_network.app_network.name
 46 |   address_prefixes     = ["10.0.0.0/24"]
 47 |   depends_on = [
 48 |     azurerm_virtual_network.app_network
 49 |   ]
 50 | }
 51 | 
 52 | resource "azurerm_network_interface" "app_interface" {
 53 |   name                = "app-interface"
 54 |   location            = azurerm_resource_group.app_grp.location
 55 |   resource_group_name = azurerm_resource_group.app_grp.name
 56 | 
 57 |   ip_configuration {
 58 |     name                          = "internal"
 59 |     subnet_id                     = azurerm_subnet.SubnetA.id
 60 |     private_ip_address_allocation = "Dynamic"
 61 |   }
 62 | 
 63 |   depends_on = [
 64 |     azurerm_virtual_network.app_network,
 65 |     azurerm_subnet.SubnetA
 66 |   ]
 67 | }
 68 | 
 69 | resource "azurerm_windows_virtual_machine" "app_vm" {
 70 |   name                = "appvm"
 71 |   resource_group_name = azurerm_resource_group.app_grp.name
 72 |   location            = azurerm_resource_group.app_grp.location
 73 |   size                = "Standard_D2s_v3"
 74 |   admin_username      = "demousr"
 75 |   admin_password      = "Azure@123"  
 76 |   network_interface_ids = [
 77 |     azurerm_network_interface.app_interface.id,
 78 |   ]
 79 | 
 80 |   os_disk {
 81 |     caching              = "ReadWrite"
 82 |     storage_account_type = "Standard_LRS"
 83 |   }
 84 | 
 85 |   source_image_reference {
 86 |     publisher = "MicrosoftWindowsServer"
 87 |     offer     = "WindowsServer"
 88 |     sku       = "2019-Datacenter"
 89 |     version   = "latest"
 90 |   }
 91 | 
 92 |   depends_on = [
 93 |     azurerm_network_interface.app_interface
 94 |   ]
 95 | }
 96 | 
 97 | // Creating a user in Azure AD
 98 | resource "azuread_user" "UserA" {
 99 |   user_principal_name = ""
100 |   display_name        = "userA"  
101 |   password            = "Secret@123"
102 | }
103 | 
104 | resource "azurerm_role_assignment" "Reader_Role" {
105 |   scope                = azurerm_resource_group.app_grp.id
106 |   role_definition_name = "Reader"
107 |   principal_id         = azuread_user.UserA.object_id
108 | 
109 |   depends_on = [
110 |     azuread_user.UserA,
111 |     azurerm_resource_group.app_grp
112 |   ]
113 | }


--------------------------------------------------------------------------------
/38. Lab - Azure Application Gateway/IIS_Config_image.ps1:
--------------------------------------------------------------------------------
1 | import-module servermanager
2 | add-windowsfeature web-server -includeallsubfeature
3 | add-windowsfeature Web-Asp-Net45
4 | add-windowsfeature NET-Framework-Features
5 | New-Item -Path "C:\inetpub\wwwroot\" -Name "images" -ItemType "directory"
6 | Set-Content -Path "C:\inetpub\wwwroot\images\Default.html" -Value "This is the images server"


--------------------------------------------------------------------------------
/38. Lab - Azure Application Gateway/IIS_Config_video.ps1:
--------------------------------------------------------------------------------
1 | import-module servermanager
2 | add-windowsfeature web-server -includeallsubfeature
3 | add-windowsfeature Web-Asp-Net45
4 | add-windowsfeature NET-Framework-Features
5 | New-Item -Path "C:\inetpub\wwwroot\" -Name "videos" -ItemType "directory"
6 | Set-Content -Path "C:\inetpub\wwwroot\videos\Default.html" -Value "This is the videos server"


--------------------------------------------------------------------------------
/38. Lab - Azure Application Gateway/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     azurerm = {
  4 |       source = "hashicorp/azurerm"
  5 |       version = "2.93.0"
  6 |     }
  7 |   }
  8 | }
  9 | 
 10 | provider "azurerm" {
 11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 12 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 13 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 15 |   features {}
 16 | }
 17 | 
 18 | 
 19 | locals {
 20 |   resource_group="app-grp"
 21 |   location="North Europe"  
 22 | }
 23 | 
 24 | 
 25 | resource "azurerm_resource_group" "app_grp"{
 26 |   name=local.resource_group
 27 |   location=local.location
 28 | }
 29 | 
 30 | resource "azurerm_virtual_network" "app_network" {
 31 |   name                = "app-network"
 32 |   location            = local.location
 33 |   resource_group_name = azurerm_resource_group.app_grp.name
 34 |   address_space       = ["10.0.0.0/16"]  
 35 |   depends_on = [
 36 |     azurerm_resource_group.app_grp
 37 |   ]
 38 | }
 39 | 
 40 | resource "azurerm_subnet" "SubnetA" {
 41 |   name                 = "SubnetA"
 42 |   resource_group_name  = azurerm_resource_group.app_grp.name
 43 |   virtual_network_name = azurerm_virtual_network.app_network.name
 44 |   address_prefixes     = ["10.0.0.0/24"]
 45 |   depends_on = [
 46 |     azurerm_virtual_network.app_network
 47 |   ]
 48 | }
 49 | 
 50 | // This subnet is for the Azure Application Gateway resource
 51 | resource "azurerm_subnet" "SubnetB" {
 52 |   name                 = "SubnetB"
 53 |   resource_group_name  = azurerm_resource_group.app_grp.name
 54 |   virtual_network_name = azurerm_virtual_network.app_network.name
 55 |   address_prefixes     = ["10.0.1.0/24"]
 56 |   depends_on = [
 57 |     azurerm_virtual_network.app_network
 58 |   ]
 59 | }
 60 | 
 61 | 
 62 | // This interface is for appvm1
 63 | resource "azurerm_network_interface" "app_interface1" {
 64 |   name                = "app-interface1"
 65 |   location            = azurerm_resource_group.app_grp.location
 66 |   resource_group_name = azurerm_resource_group.app_grp.name
 67 | 
 68 |   ip_configuration {
 69 |     name                          = "internal"
 70 |     subnet_id                     = azurerm_subnet.SubnetA.id
 71 |     private_ip_address_allocation = "Dynamic"    
 72 |   }
 73 | 
 74 |   depends_on = [
 75 |     azurerm_virtual_network.app_network,
 76 |     azurerm_subnet.SubnetA
 77 |   ]
 78 | }
 79 | 
 80 | // This interface is for appvm2
 81 | resource "azurerm_network_interface" "app_interface2" {
 82 |   name                = "app-interface2"
 83 |   location            = azurerm_resource_group.app_grp.location
 84 |   resource_group_name = azurerm_resource_group.app_grp.name
 85 | 
 86 |   ip_configuration {
 87 |     name                          = "internal"
 88 |     subnet_id                     = azurerm_subnet.SubnetA.id
 89 |     private_ip_address_allocation = "Dynamic"    
 90 |   }
 91 | 
 92 |   depends_on = [
 93 |     azurerm_virtual_network.app_network,
 94 |     azurerm_subnet.SubnetA
 95 |   ]
 96 | }
 97 | 
 98 | // This is the resource for appvm1
 99 | resource "azurerm_windows_virtual_machine" "app_vm1" {
100 |   name                = "appvm1"
101 |   resource_group_name = azurerm_resource_group.app_grp.name
102 |   location            = azurerm_resource_group.app_grp.location
103 |   size                = "Standard_D2s_v3"
104 |   admin_username      = "demousr"
105 |   admin_password      = "Azure@123"  
106 |   network_interface_ids = [
107 |     azurerm_network_interface.app_interface1.id,
108 |   ]
109 | 
110 |   os_disk {
111 |     caching              = "ReadWrite"
112 |     storage_account_type = "Standard_LRS"
113 |   }
114 | 
115 |   source_image_reference {
116 |     publisher = "MicrosoftWindowsServer"
117 |     offer     = "WindowsServer"
118 |     sku       = "2019-Datacenter"
119 |     version   = "latest"
120 |   }
121 | 
122 |   depends_on = [
123 |     azurerm_network_interface.app_interface1
124 |   ]
125 | }
126 | 
127 | // This is the resource for appvm2
128 | resource "azurerm_windows_virtual_machine" "app_vm2" {
129 |   name                = "appvm2"
130 |   resource_group_name = azurerm_resource_group.app_grp.name
131 |   location            = azurerm_resource_group.app_grp.location
132 |   size                = "Standard_D2s_v3"
133 |   admin_username      = "demousr"
134 |   admin_password      = "Azure@123"  
135 |   network_interface_ids = [
136 |     azurerm_network_interface.app_interface2.id,
137 |   ]
138 | 
139 |   os_disk {
140 |     caching              = "ReadWrite"
141 |     storage_account_type = "Standard_LRS"
142 |   }
143 | 
144 |   source_image_reference {
145 |     publisher = "MicrosoftWindowsServer"
146 |     offer     = "WindowsServer"
147 |     sku       = "2019-Datacenter"
148 |     version   = "latest"
149 |   }
150 | 
151 |   depends_on = [
152 |     azurerm_network_interface.app_interface2
153 |   ]
154 | }
155 | 
156 | 
157 | resource "azurerm_storage_account" "appstore" {
158 |   name                     = "appstore4577687"
159 |   resource_group_name      = azurerm_resource_group.app_grp.name
160 |   location                 = azurerm_resource_group.app_grp.location
161 |   account_tier             = "Standard"
162 |   account_replication_type = "LRS"
163 |   allow_blob_public_access = true
164 | }
165 | 
166 | resource "azurerm_storage_container" "data" {
167 |   name                  = "data"
168 |   storage_account_name  = "appstore4577687"
169 |   container_access_type = "blob"
170 |   depends_on=[
171 |     azurerm_storage_account.appstore
172 |     ]
173 | }
174 | 
175 | 
176 | resource "azurerm_storage_blob" "IIS_config_video" {
177 |   name                   = "IIS_Config_video.ps1"
178 |   storage_account_name   = "appstore4577687"
179 |   storage_container_name = "data"
180 |   type                   = "Block"
181 |   source                 = "IIS_Config_video.ps1"
182 |    depends_on=[azurerm_storage_container.data]
183 | }
184 | 
185 | resource "azurerm_storage_blob" "IIS_config_image" {
186 |   name                   = "IIS_Config_image.ps1"
187 |   storage_account_name   = "appstore4577687"
188 |   storage_container_name = "data"
189 |   type                   = "Block"
190 |   source                 = "IIS_Config_image.ps1"
191 |    depends_on=[azurerm_storage_container.data]
192 | }
193 | 
194 | // This is the extension for appvm1
195 | resource "azurerm_virtual_machine_extension" "vm_extension1" {
196 |   name                 = "appvm-extension"
197 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm1.id
198 |   publisher            = "Microsoft.Compute"
199 |   type                 = "CustomScriptExtension"
200 |   type_handler_version = "1.10"
201 |   depends_on = [
202 |     azurerm_storage_blob.IIS_config_video
203 |   ]
204 |   settings = <<SETTINGS
205 |     {
206 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config_video.ps1"],
207 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config_video.ps1"     
208 |     }
209 | SETTINGS
210 | }
211 | 
212 | 
213 | // This is the extension for appvm2
214 | resource "azurerm_virtual_machine_extension" "vm_extension2" {
215 |   name                 = "appvm-extension"
216 |   virtual_machine_id   = azurerm_windows_virtual_machine.app_vm2.id
217 |   publisher            = "Microsoft.Compute"
218 |   type                 = "CustomScriptExtension"
219 |   type_handler_version = "1.10"
220 |   depends_on = [
221 |     azurerm_storage_blob.IIS_config_image
222 |   ]
223 |   settings = <<SETTINGS
224 |     {
225 |         "fileUris": ["https://${azurerm_storage_account.appstore.name}.blob.core.windows.net/data/IIS_Config_image.ps1"],
226 |           "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file IIS_Config_image.ps1"     
227 |     }
228 | SETTINGS
229 | }
230 | 
231 | 
232 | resource "azurerm_network_security_group" "app_nsg" {
233 |   name                = "app-nsg"
234 |   location            = azurerm_resource_group.app_grp.location
235 |   resource_group_name = azurerm_resource_group.app_grp.name
236 | 
237 | # We are creating a rule to allow traffic on port 80
238 |   security_rule {
239 |     name                       = "Allow_HTTP"
240 |     priority                   = 200
241 |     direction                  = "Inbound"
242 |     access                     = "Allow"
243 |     protocol                   = "Tcp"
244 |     source_port_range          = "*"
245 |     destination_port_range     = "80"
246 |     source_address_prefix      = "*"
247 |     destination_address_prefix = "*"
248 |   }
249 | }
250 | 
251 | resource "azurerm_subnet_network_security_group_association" "nsg_association" {
252 |   subnet_id                 = azurerm_subnet.SubnetA.id
253 |   network_security_group_id = azurerm_network_security_group.app_nsg.id
254 |   depends_on = [
255 |     azurerm_network_security_group.app_nsg
256 |   ]
257 | }
258 | 
259 | // The public IP address is needed for the Azure Application Gateway
260 | 
261 | resource "azurerm_public_ip" "gateway_ip" {
262 |   name                = "gateway-ip"
263 |   resource_group_name = azurerm_resource_group.app_grp.name
264 |   location            = azurerm_resource_group.app_grp.location
265 |   allocation_method   = "Dynamic"
266 |   
267 | }
268 | 
269 | // Here we define the Azure Application Gateway resource
270 | resource "azurerm_application_gateway" "app_gateway" {
271 |   name                = "app-gateway"
272 |   resource_group_name = azurerm_resource_group.app_grp.name
273 |   location            = azurerm_resource_group.app_grp.location
274 | 
275 |   sku {
276 |     name     = "Standard_Small"
277 |     tier     = "Standard"
278 |     capacity = 2
279 |   }
280 | 
281 | 
282 | gateway_ip_configuration {
283 |     name      = "gateway-ip-config"
284 |     subnet_id = azurerm_subnet.SubnetB.id
285 |   }
286 | 
287 |   frontend_port {
288 |     name = "front-end-port"
289 |     port = 80
290 |   }
291 | 
292 |  frontend_ip_configuration {
293 |     name                 = "front-end-ip-config"
294 |     public_ip_address_id = azurerm_public_ip.gateway_ip.id    
295 |   }
296 | 
297 | 
298 | // Here we ensure the virtual machines are added to the backend pool
299 | // of the Azure Application Gateway
300 | 
301 |   backend_address_pool{      
302 |       name  = "videopool"
303 |       ip_addresses = [
304 |       "${azurerm_network_interface.app_interface1.private_ip_address}"
305 |       ]
306 |     }
307 | 
308 | backend_address_pool {
309 |       name  = "imagepool"
310 |       ip_addresses = [
311 |       "${azurerm_network_interface.app_interface2.private_ip_address}"]
312 |   
313 | }
314 |       
315 |         
316 |  
317 | 
318 |   backend_http_settings {
319 |     name                  = "HTTPSetting"
320 |     cookie_based_affinity = "Disabled"
321 |     path                  = ""
322 |     port                  = 80
323 |     protocol              = "Http"
324 |     request_timeout       = 60
325 |   }
326 | 
327 | 
328 |  http_listener {
329 |     name                           = "gateway-listener"
330 |     frontend_ip_configuration_name = "front-end-ip-config"
331 |     frontend_port_name             = "front-end-port"
332 |     protocol                       = "Http"
333 |   }
334 | 
335 | // This is used for implementing the URL routing rules
336 |  request_routing_rule {
337 |     name               = "RoutingRuleA"
338 |     rule_type          = "PathBasedRouting"
339 |     url_path_map_name  = "RoutingPath"
340 |     http_listener_name = "gateway-listener"
341 |   }
342 | 
343 |   url_path_map {
344 |     name                               = "RoutingPath"    
345 |     default_backend_address_pool_name   = "videopool"
346 |     default_backend_http_settings_name  = "HTTPSetting"
347 | 
348 |      path_rule {
349 |       name                          = "VideoRoutingRule"
350 |       backend_address_pool_name     = "videopool"
351 |       backend_http_settings_name    = "HTTPSetting"
352 |       paths = [
353 |         "/videos/*",
354 |       ]
355 |     }
356 | 
357 |     path_rule {
358 |       name                          = "ImageRoutingRule"
359 |       backend_address_pool_name     = "imagepool"
360 |       backend_http_settings_name    = "HTTPSetting"
361 |       paths = [
362 |         "/images/*",
363 |       ]
364 |     }
365 |   }
366 |   }


--------------------------------------------------------------------------------
/39. Breaking down the configuration files/main.tf:
--------------------------------------------------------------------------------
 1 | provider "azurerm" {
 2 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 3 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 4 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 5 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 6 |   features {}
 7 | }
 8 | 
 9 | 
10 | locals {
11 |   resource_group="app-grp"
12 |   location="North Europe"  
13 | }
14 | 
15 | 
16 | resource "azurerm_resource_group" "app_grp"{
17 |   name=local.resource_group
18 |   location=local.location
19 | }
20 | 
21 | 


--------------------------------------------------------------------------------
/39. Breaking down the configuration files/network.tf:
--------------------------------------------------------------------------------
 1 | resource "azurerm_virtual_network" "app_network" {
 2 |   name                = var.network_details.network_name
 3 |   location            = local.location
 4 |   resource_group_name = azurerm_resource_group.app_grp.name
 5 |   address_space       = [var.network_details.network_address_space]  
 6 |   depends_on = [
 7 |     azurerm_resource_group.app_grp
 8 |   ]
 9 | }
10 | 
11 | resource "azurerm_subnet" "SubnetA" {
12 |   name                 = var.network_details.vm_subnet_name
13 |   resource_group_name  = azurerm_resource_group.app_grp.name
14 |   virtual_network_name = azurerm_virtual_network.app_network.name
15 |   address_prefixes     = [ var.network_details.vm_subnet_address_space]
16 |   depends_on = [
17 |     azurerm_virtual_network.app_network
18 |   ]
19 | }
20 | 


--------------------------------------------------------------------------------
/39. Breaking down the configuration files/variables.tf:
--------------------------------------------------------------------------------
 1 | // These variables are defined as obejcts
 2 | 
 3 | variable "network_details"{    
 4 |     description = "This contains all of the network details"
 5 |     default={
 6 |         network_name="app-network"
 7 |         network_address_space="10.0.0.0/16"
 8 |         vm_subnet_name="SubnetA"
 9 |         vm_subnet_address_space="10.0.0.0/24"
10 |     }
11 | }
12 | 
13 | variable "vm_details"{
14 | 
15 |      description = "This contains all of the virtual machine details"
16 |       default={
17 |           vm_names=["appvm1","appvm2"]
18 |       }
19 | }
20 | 


--------------------------------------------------------------------------------
/39. Breaking down the configuration files/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_providers {
3 |     azurerm = {
4 |       source = "hashicorp/azurerm"
5 |       version = "2.93.0"
6 |     }
7 |   }
8 | }


--------------------------------------------------------------------------------
/39. Breaking down the configuration files/virtualmachines.tf:
--------------------------------------------------------------------------------
 1 | // This interface is for appvm1
 2 | resource "azurerm_network_interface" "app_interface1" {
 3 |   name                = "app-interface1"
 4 |   location            = azurerm_resource_group.app_grp.location
 5 |   resource_group_name = azurerm_resource_group.app_grp.name
 6 | 
 7 |   ip_configuration {
 8 |     name                          = "internal"
 9 |     subnet_id                     = azurerm_subnet.SubnetA.id
10 |     private_ip_address_allocation = "Dynamic"    
11 |   }
12 | 
13 |   depends_on = [
14 |     azurerm_virtual_network.app_network,
15 |     azurerm_subnet.SubnetA
16 |   ]
17 | }
18 | 
19 | // This interface is for appvm2
20 | resource "azurerm_network_interface" "app_interface2" {
21 |   name                = "app-interface2"
22 |   location            = azurerm_resource_group.app_grp.location
23 |   resource_group_name = azurerm_resource_group.app_grp.name
24 | 
25 |   ip_configuration {
26 |     name                          = "internal"
27 |     subnet_id                     = azurerm_subnet.SubnetA.id
28 |     private_ip_address_allocation = "Dynamic"    
29 |   }
30 | 
31 |   depends_on = [
32 |     azurerm_virtual_network.app_network,
33 |     azurerm_subnet.SubnetA
34 |   ]
35 | }
36 | 
37 | // This is the resource for appvm1
38 | resource "azurerm_windows_virtual_machine" "app_vm1" {
39 |   name                = var.vm_details.vm_names[0]
40 |   resource_group_name = azurerm_resource_group.app_grp.name
41 |   location            = azurerm_resource_group.app_grp.location
42 |   size                = "Standard_D2s_v3"
43 |   admin_username      = "demousr"
44 |   admin_password      = "Azure@123"  
45 |   network_interface_ids = [
46 |     azurerm_network_interface.app_interface1.id,
47 |   ]
48 | 
49 |   os_disk {
50 |     caching              = "ReadWrite"
51 |     storage_account_type = "Standard_LRS"
52 |   }
53 | 
54 |   source_image_reference {
55 |     publisher = "MicrosoftWindowsServer"
56 |     offer     = "WindowsServer"
57 |     sku       = "2019-Datacenter"
58 |     version   = "latest"
59 |   }
60 | 
61 |   depends_on = [
62 |     azurerm_network_interface.app_interface1
63 |   ]
64 | }
65 | 
66 | // This is the resource for appvm2
67 | resource "azurerm_windows_virtual_machine" "app_vm2" {
68 |   name                = var.vm_details.vm_names[1]
69 |   resource_group_name = azurerm_resource_group.app_grp.name
70 |   location            = azurerm_resource_group.app_grp.location
71 |   size                = "Standard_D2s_v3"
72 |   admin_username      = "demousr"
73 |   admin_password      = "Azure@123"  
74 |   network_interface_ids = [
75 |     azurerm_network_interface.app_interface2.id,
76 |   ]
77 | 
78 |   os_disk {
79 |     caching              = "ReadWrite"
80 |     storage_account_type = "Standard_LRS"
81 |   }
82 | 
83 |   source_image_reference {
84 |     publisher = "MicrosoftWindowsServer"
85 |     offer     = "WindowsServer"
86 |     sku       = "2019-Datacenter"
87 |     version   = "latest"
88 |   }
89 | 
90 |   depends_on = [
91 |     azurerm_network_interface.app_interface2
92 |   ]
93 | }
94 | 
95 | 
96 | 


--------------------------------------------------------------------------------
/40. Creating multiple resources/main.tf:
--------------------------------------------------------------------------------
 1 | provider "azurerm" {
 2 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
 3 |   client_id       = "7048caf3-327c-4b70-9461-e47683ec9b6f"
 4 |   client_secret   = "BkK7Q~mxpNI4TIH-eb7B9oGvx6ntABH~L-iQn"
 5 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
 6 |   features {}
 7 | }
 8 | 
 9 | 
10 | locals {
11 |   resource_group="app-grp"
12 |   location="North Europe"  
13 | }
14 | 
15 | 
16 | resource "azurerm_resource_group" "app_grp"{
17 |   name=local.resource_group
18 |   location=local.location
19 | }
20 | 
21 | 
22 | 
23 | 


--------------------------------------------------------------------------------
/40. Creating multiple resources/network.tf:
--------------------------------------------------------------------------------
 1 | resource "azurerm_virtual_network" "app_network" {
 2 |   name                = var.network_details.network_name
 3 |   location            = local.location
 4 |   resource_group_name = azurerm_resource_group.app_grp.name
 5 |   address_space       = [var.network_details.network_address_space]  
 6 |   depends_on = [
 7 |     azurerm_resource_group.app_grp
 8 |   ]
 9 | }
10 | 
11 | resource "azurerm_subnet" "SubnetA" {
12 |   name                 = var.network_details.vm_subnet_name
13 |   resource_group_name  = azurerm_resource_group.app_grp.name
14 |   virtual_network_name = azurerm_virtual_network.app_network.name
15 |   address_prefixes     = [ var.network_details.vm_subnet_address_space]
16 |   depends_on = [
17 |     azurerm_virtual_network.app_network
18 |   ]
19 | }
20 | 


--------------------------------------------------------------------------------
/40. Creating multiple resources/outputs.tf:
--------------------------------------------------------------------------------
1 | output "private_ip_address" {
2 | description ="Here the private IP addresses assigned to the VM's will be shown"
3 | value= {
4 |     for ip in azurerm_network_interface.app_interface:
5 |     ip.name=>ip.private_ip_address
6 | }
7 | }


--------------------------------------------------------------------------------
/40. Creating multiple resources/variables.tf:
--------------------------------------------------------------------------------
 1 | // These variables are defined as obejcts
 2 | 
 3 | variable "network_details"{    
 4 |     description = "This contains all of the network details"
 5 |     default={
 6 |         network_name="app-network"
 7 |         network_address_space="10.0.0.0/16"
 8 |         vm_subnet_name="SubnetA"
 9 |         vm_subnet_address_space="10.0.0.0/24"
10 |     }
11 | }
12 | 
13 | variable "vm_details"{
14 | 
15 |      description = "This contains all of the virtual machine details"
16 |       default={
17 |           vm_names="appvm"
18 |       }
19 | }
20 | 


--------------------------------------------------------------------------------
/40. Creating multiple resources/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_providers {
3 |     azurerm = {
4 |       source = "hashicorp/azurerm"
5 |       version = "2.93.0"
6 |     }
7 |   }
8 | }


--------------------------------------------------------------------------------
/40. Creating multiple resources/virtualmachines.tf:
--------------------------------------------------------------------------------
 1 | // The count meta-arguement helps to create multiple resources 
 2 | // without the need of defining multiple resource blocks for each resource
 3 | 
 4 | // General block to create the network interface
 5 | resource "azurerm_network_interface" "app_interface" {
 6 |   count =2
 7 | 
 8 |   // The count object is available in expressions. Here the count starts from the number 0
 9 |   name                = format("app-interface%s",(count.index)+1)
10 |   location            = azurerm_resource_group.app_grp.location
11 |   resource_group_name = azurerm_resource_group.app_grp.name
12 | 
13 |   ip_configuration {
14 |     name                          = "internal"
15 |     subnet_id                     = azurerm_subnet.SubnetA.id
16 |     private_ip_address_allocation = "Dynamic"    
17 |   }
18 | 
19 |   depends_on = [
20 |     azurerm_virtual_network.app_network,
21 |     azurerm_subnet.SubnetA
22 |   ]
23 | }
24 | 
25 | 
26 | 
27 | // This is a general resource for the creation of virtual machines
28 | resource "azurerm_windows_virtual_machine" "appvm" {
29 |   count=2  
30 |   name                = format("%s%s",var.vm_details.vm_names,(count.index)+1)
31 |   resource_group_name = azurerm_resource_group.app_grp.name
32 |   location            = azurerm_resource_group.app_grp.location
33 |   size                = "Standard_D2s_v3"
34 |   admin_username      = "demousr"
35 |   admin_password      = "Azure@123"  
36 |   network_interface_ids = [
37 |     azurerm_network_interface.app_interface[count.index].id,
38 |   ]
39 | 
40 |   os_disk {
41 |     caching              = "ReadWrite"
42 |     storage_account_type = "Standard_LRS"
43 |   }
44 | 
45 |   source_image_reference {
46 |     publisher = "MicrosoftWindowsServer"
47 |     offer     = "WindowsServer"
48 |     sku       = "2019-Datacenter"
49 |     version   = "latest"
50 |   }
51 | 
52 |   depends_on = [
53 |     azurerm_network_interface.app_interface
54 |   ]
55 | }
56 | 
57 | 


--------------------------------------------------------------------------------
/5. Lab - Creating a resource group/main.tf:
--------------------------------------------------------------------------------
 1 | # We first specify the terraform provider. 
 2 | # Terraform will use the provider to ensure that we can work with Microsoft Azure
 3 | 
 4 | terraform {
 5 |   required_providers {
 6 |     azurerm = {
 7 |       source = "hashicorp/azurerm"
 8 |       version = "2.92.0"
 9 |     }
10 |   }
11 | }
12 | 
13 | # Here we need to mention the Azure AD Application Object credentials to allow us to work with 
14 | # our Azure account
15 | 
16 | provider "azurerm" {
17 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
18 |   client_id       = "230411ec-45e9-4650-95b2-7675131e2d1a"
19 |   client_secret   = "8D~7Q~y39tBTXsFXGcuVIwvGCOorRUo6dXtwX"
20 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
21 |   features {}
22 | }
23 | 
24 | # The resource block defines the type of resource we want to work with
25 | # The name and location are arguements for the resource block
26 | 
27 | resource "azurerm_resource_group" "app_grp"{
28 |   name="app-grp" 
29 |   location="North Europe"
30 | }
31 | 


--------------------------------------------------------------------------------
/6. Lab - Creating a storage account/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "230411ec-45e9-4650-95b2-7675131e2d1a"
13 |   client_secret   = "8D~7Q~y39tBTXsFXGcuVIwvGCOorRUo6dXtwX"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | resource "azurerm_resource_group" "app_grp"{
19 |   name="app-grp" 
20 |   location="North Europe"
21 | }
22 | 
23 | # Here we are creating a storage account.
24 | # The storage account service has more properties and hence there are more arguements we can specify here
25 | 
26 | resource "azurerm_storage_account" "storage_account" {
27 |   name                     = "terraformstore10090"
28 |   resource_group_name      = "app-grp"
29 |   location                 = "North Europe"
30 |   account_tier             = "Standard"
31 |   account_replication_type = "LRS"
32 | }


--------------------------------------------------------------------------------
/7. Terraform state/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "230411ec-45e9-4650-95b2-7675131e2d1a"
13 |   client_secret   = "8D~7Q~y39tBTXsFXGcuVIwvGCOorRUo6dXtwX"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | resource "azurerm_resource_group" "app_grp"{
19 |   name="app-grp" 
20 |   location="North Europe"
21 | }
22 | 
23 | # Here we are creating a storage account.
24 | # The storage account service has more properties and hence there are more arguements we can specify here
25 | 
26 | resource "azurerm_storage_account" "storage_account" {
27 |   name                     = "terraformstore10090"
28 |   resource_group_name      = "app-grp"
29 |   location                 = "North Europe"
30 |   account_tier             = "Standard"
31 |   account_replication_type = "LRS"
32 |   allow_blob_public_access = true
33 | }


--------------------------------------------------------------------------------
/8. Lab - Creating a container and a blob/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "230411ec-45e9-4650-95b2-7675131e2d1a"
13 |   client_secret   = "8D~7Q~y39tBTXsFXGcuVIwvGCOorRUo6dXtwX"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | resource "azurerm_resource_group" "app_grp"{
19 |   name="app-grp" 
20 |   location="North Europe"
21 | }
22 | 
23 | # Here we are creating a storage account.
24 | # The storage account service has more properties and hence there are more arguements we can specify here
25 | 
26 | resource "azurerm_storage_account" "storage_account" {
27 |   name                     = "terraformstore10090"
28 |   resource_group_name      = "app-grp"
29 |   location                 = "North Europe"
30 |   account_tier             = "Standard"
31 |   account_replication_type = "LRS"
32 |   allow_blob_public_access = true
33 | }
34 | 
35 | # Here we are creating a container in the storage account
36 | resource "azurerm_storage_container" "data" {
37 |   name                  = "data"
38 |   storage_account_name  = "terraformstore10090"
39 |   container_access_type = "private"
40 | }
41 | 
42 | # This is used to upload a local file onto the container
43 | resource "azurerm_storage_blob" "sample" {
44 |   name                   = "sample.txt"
45 |   storage_account_name   = "appstore4577687"
46 |   storage_container_name = "data"
47 |   type                   = "Block"
48 |   source                 = "sample.txt"
49 | }
50 | 


--------------------------------------------------------------------------------
/9. Lab - Dependencies between resources/main.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     azurerm = {
 4 |       source = "hashicorp/azurerm"
 5 |       version = "2.92.0"
 6 |     }
 7 |   }
 8 | }
 9 | 
10 | provider "azurerm" {
11 |   subscription_id = "6912d7a0-bc28-459a-9407-33bbba641c07"
12 |   client_id       = "230411ec-45e9-4650-95b2-7675131e2d1a"
13 |   client_secret   = "8D~7Q~y39tBTXsFXGcuVIwvGCOorRUo6dXtwX"
14 |   tenant_id       = "70c0f6d9-7f3b-4425-a6b6-09b47643ec58"
15 |   features {}
16 | }
17 | 
18 | resource "azurerm_resource_group" "app_grp"{
19 |   name="app-grp" 
20 |   location="North Europe"
21 | }
22 | 
23 | # Here we are creating a storage account.
24 | # The storage account service has more properties and hence there are more arguements we can specify here
25 | 
26 | resource "azurerm_storage_account" "storage_account" {
27 |   name                     = "terraformstore10090"
28 |   resource_group_name      = "app-grp"
29 |   location                 = "North Europe"
30 |   account_tier             = "Standard"
31 |   account_replication_type = "LRS"
32 |   allow_blob_public_access = true
33 | }
34 | 
35 | # Here we are creating a container in the storage account
36 | resource "azurerm_storage_container" "data" {
37 |   name                  = "data"
38 |   storage_account_name  = "terraformstore10090"
39 |   container_access_type = "private"
40 | }
41 | 
42 | # This is used to upload a local file onto the container
43 | resource "azurerm_storage_blob" "sample" {
44 |   name                   = "sample.txt"
45 |   storage_account_name   = "appstore4577687"
46 |   storage_container_name = "data"
47 |   type                   = "Block"
48 |   source                 = "sample.txt"
49 |   # Here we we are adding a dependency. The file can only be uploaded if the container is present
50 | # We can access the attributes of a resource in terraform via the resource_type.resource_name
51 | 
52 |   depends_on=[azurerm_storage_container.data]
53 | 
54 | }
55 | 


--------------------------------------------------------------------------------