-
Notifications
You must be signed in to change notification settings - Fork 826
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added TF code for Azure Automation runbook
- Loading branch information
1 parent
c2ccaa2
commit 78c3732
Showing
5 changed files
with
417 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,215 @@ | ||
# Resource Group | ||
resource "azurerm_resource_group" "rg" { | ||
location = var.resource_group_location | ||
name = "${random_pet.prefix.id}-rg" | ||
} | ||
|
||
# Virtual Network | ||
resource "azurerm_virtual_network" "my_terraform_network" { | ||
name = "${random_pet.prefix.id}-vnet" | ||
address_space = ["10.0.0.0/16"] | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
} | ||
|
||
# Subnet | ||
resource "azurerm_subnet" "my_terraform_subnet" { | ||
name = "${random_pet.prefix.id}-subnet" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
virtual_network_name = azurerm_virtual_network.my_terraform_network.name | ||
address_prefixes = ["10.0.1.0/24"] | ||
} | ||
|
||
# Public IP | ||
resource "azurerm_public_ip" "my_terraform_public_ip" { | ||
name = "${random_pet.prefix.id}-public-ip" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
allocation_method = "Dynamic" | ||
} | ||
|
||
# Network Security Group and rules | ||
resource "azurerm_network_security_group" "my_terraform_nsg" { | ||
name = "${random_pet.prefix.id}-nsg" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
|
||
security_rule { | ||
name = "RDP" | ||
priority = 1000 | ||
direction = "Inbound" | ||
access = "Allow" | ||
protocol = "*" | ||
source_port_range = "*" | ||
destination_port_range = "3389" | ||
source_address_prefix = "*" | ||
destination_address_prefix = "*" | ||
} | ||
|
||
security_rule { | ||
name = "web" | ||
priority = 1001 | ||
direction = "Inbound" | ||
access = "Allow" | ||
protocol = "Tcp" | ||
source_port_range = "*" | ||
destination_port_range = "80" | ||
source_address_prefix = "*" | ||
destination_address_prefix = "*" | ||
} | ||
} | ||
|
||
# Network Interface | ||
resource "azurerm_network_interface" "my_terraform_nic" { | ||
name = "${random_pet.prefix.id}-nic" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
|
||
ip_configuration { | ||
name = "my_nic_configuration" | ||
subnet_id = azurerm_subnet.my_terraform_subnet.id | ||
private_ip_address_allocation = "Dynamic" | ||
public_ip_address_id = azurerm_public_ip.my_terraform_public_ip.id | ||
} | ||
} | ||
|
||
# Connect the security group to the network interface | ||
resource "azurerm_network_interface_security_group_association" "example" { | ||
network_interface_id = azurerm_network_interface.my_terraform_nic.id | ||
network_security_group_id = azurerm_network_security_group.my_terraform_nsg.id | ||
} | ||
|
||
# Storage account for boot diagnostics | ||
resource "azurerm_storage_account" "my_storage_account" { | ||
name = "diag${random_id.random_id.hex}" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
} | ||
|
||
# Virtual Machine | ||
resource "azurerm_windows_virtual_machine" "main" { | ||
name = "${var.prefix}-vm" | ||
admin_username = "azureuser" | ||
admin_password = random_password.password.result | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
network_interface_ids = [azurerm_network_interface.my_terraform_nic.id] | ||
size = "Standard_DS1_v2" | ||
|
||
os_disk { | ||
name = "myOsDisk" | ||
caching = "ReadWrite" | ||
storage_account_type = "Premium_LRS" | ||
} | ||
|
||
source_image_reference { | ||
publisher = "MicrosoftWindowsServer" | ||
offer = "WindowsServer" | ||
sku = "2022-datacenter-azure-edition" | ||
version = "latest" | ||
} | ||
|
||
boot_diagnostics { | ||
storage_account_uri = azurerm_storage_account.my_storage_account.primary_blob_endpoint | ||
} | ||
} | ||
|
||
# # Install IIS web server to the virtual machine | ||
# resource "azurerm_virtual_machine_extension" "web_server_install" { | ||
# name = "${random_pet.prefix.id}-wsi" | ||
# virtual_machine_id = azurerm_windows_virtual_machine.main.id | ||
# publisher = "Microsoft.Compute" | ||
# type = "CustomScriptExtension" | ||
# type_handler_version = "1.8" | ||
# auto_upgrade_minor_version = true | ||
|
||
# settings = <<SETTINGS | ||
# { | ||
# "commandToExecute": "powershell -ExecutionPolicy Unrestricted Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools" | ||
# } | ||
# SETTINGS | ||
# } | ||
|
||
# Azure Automation Account | ||
resource "azurerm_automation_account" "example" { | ||
name = "${random_pet.prefix.id}-automation-account" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
sku_name = "Basic" | ||
} | ||
|
||
# PowerShell Runbook | ||
resource "azurerm_automation_runbook" "example" { | ||
name = "${random_pet.prefix.id}-runbook" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
automation_account_name = azurerm_automation_account.example.name | ||
log_verbose = "true" | ||
log_progress = "true" | ||
description = "This is an example runbook" | ||
runbook_type = "PowerShell" | ||
|
||
publish_content_link { | ||
uri = "https://raw.githubusercontent.com/azureautomation/runbooks/master/Utility/ASM/Set-AzureScheduleWithRunbook.ps1" | ||
} | ||
} | ||
|
||
# One-time schedule for the runbook | ||
resource "azurerm_automation_schedule" "one_time" { | ||
name = "${random_pet.prefix.id}-one-time-schedule" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
automation_account_name = azurerm_automation_account.example.name | ||
frequency = "OneTime" | ||
start_time = timeadd(timestamp(), "10m") # 10 minutes from now | ||
} | ||
|
||
# Hourly schedule for the runbook | ||
resource "azurerm_automation_schedule" "hourly" { | ||
name = "${random_pet.prefix.id}-hourly-schedule" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
automation_account_name = azurerm_automation_account.example.name | ||
frequency = "Hour" | ||
interval = 1 | ||
start_time = timeadd(timestamp(), "15m") # 15 minutes from now | ||
} | ||
|
||
|
||
# Link the one-time schedule to the runbook | ||
resource "azurerm_automation_job_schedule" "one_time" { | ||
resource_group_name = azurerm_resource_group.rg.name | ||
automation_account_name = azurerm_automation_account.example.name | ||
schedule_name = azurerm_automation_schedule.one_time.name | ||
runbook_name = azurerm_automation_runbook.example.name | ||
} | ||
|
||
# Link the hourly schedule to the runbook | ||
resource "azurerm_automation_job_schedule" "hourly" { | ||
resource_group_name = azurerm_resource_group.rg.name | ||
automation_account_name = azurerm_automation_account.example.name | ||
schedule_name = azurerm_automation_schedule.hourly.name | ||
runbook_name = azurerm_automation_runbook.example.name | ||
} | ||
|
||
# Random resources for unique naming | ||
resource "random_id" "random_id" { | ||
keepers = { | ||
resource_group = azurerm_resource_group.rg.name | ||
} | ||
byte_length = 8 | ||
} | ||
|
||
resource "random_password" "password" { | ||
length = 20 | ||
min_lower = 1 | ||
min_upper = 1 | ||
min_numeric = 1 | ||
min_special = 1 | ||
special = true | ||
} | ||
|
||
resource "random_pet" "prefix" { | ||
prefix = var.prefix | ||
length = 1 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
output "resource_group_name" { | ||
description = "The name of the created resource group." | ||
value = azurerm_resource_group.rg.name | ||
} | ||
|
||
output "virtual_network_name" { | ||
description = "The name of the created virtual network." | ||
value = azurerm_virtual_network.my_terraform_network.name | ||
} | ||
|
||
output "subnet_name" { | ||
description = "The name of the created subnet." | ||
value = azurerm_subnet.my_terraform_subnet.name | ||
} | ||
|
||
output "public_ip_name" { | ||
description = "The name of the created public IP." | ||
value = azurerm_public_ip.my_terraform_public_ip.name | ||
} | ||
|
||
output "public_ip_address" { | ||
description = "The address of the created public IP." | ||
value = azurerm_public_ip.my_terraform_public_ip.ip_address | ||
} | ||
|
||
output "network_security_group_name" { | ||
description = "The name of the created network security group." | ||
value = azurerm_network_security_group.my_terraform_nsg.name | ||
} | ||
|
||
output "network_interface_name" { | ||
description = "The name of the created network interface." | ||
value = azurerm_network_interface.my_terraform_nic.name | ||
} | ||
|
||
output "storage_account_name" { | ||
description = "The name of the created storage account." | ||
value = azurerm_storage_account.my_storage_account.name | ||
} | ||
|
||
output "virtual_machine_name" { | ||
description = "The name of the created virtual machine." | ||
value = azurerm_windows_virtual_machine.main.name | ||
} | ||
|
||
output "automation_account_name" { | ||
description = "The name of the created automation account." | ||
value = azurerm_automation_account.example.name | ||
} | ||
|
||
output "powershell_runbook_name" { | ||
description = "The name of the created PowerShell runbook." | ||
value = azurerm_automation_runbook.example.name | ||
} | ||
|
||
output "one_time_schedule_name" { | ||
description = "The name of the created one-time schedule for the runbook." | ||
value = azurerm_automation_schedule.one_time.name | ||
} | ||
|
||
output "hourly_schedule_name" { | ||
description = "The name of the created hourly schedule for the runbook." | ||
value = azurerm_automation_schedule.hourly.name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
provider "azurerm" { | ||
features {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Terraform Azure VM Automation Example | ||
|
||
This repository contains Terraform code to create resources in Azure, including an Automation account, a PowerShell runbook, and schedules for the runbook. | ||
|
||
## Terraform resource types | ||
|
||
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | ||
- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | ||
- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | ||
- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | ||
- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | ||
- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | ||
- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | ||
- [azurerm_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | ||
- [azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) | ||
- [azurerm_virtual_machine_extension](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | ||
- [azurerm_automation_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_account) | ||
- [azurerm_automation_runbook](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_runbook) | ||
- [azurerm_automation_schedule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_schedule) | ||
- [azurerm_automation_job_schedule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_job_schedule) | ||
- [random_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | ||
- [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | ||
- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ||
|
||
## Variables | ||
|
||
| Name | Description | Default | | ||
|-|-|-| | ||
| `resource_group_location` | The location where the resource group should be created. | East US | | ||
| `prefix` | A prefix for naming resources. | demo | | ||
| `vnet_address_space` | Address space for the virtual network. | ["10.0.0.0/16"] | | ||
| `subnet_address_prefixes` | Address prefixes for the subnet. | ["10.0.1.0/24"] | | ||
| `public_ip_allocation_method` | Allocation method for the public IP. | Dynamic | | ||
| `vm_size` | Size of the virtual machine. | Standard_DS1_v2 | | ||
| `vm_image` | Source image reference for the virtual machine. | Windows Server 2022 | | ||
| `storage_account_tier` | Performance tier of the storage account. | Standard | | ||
| `storage_account_replication_type` | Replication type for the storage account. | LRS | | ||
| `automation_account_sku_name` | SKU name for the Azure Automation Account. | Basic | | ||
| `runbook_type` | Type of the runbook. | PowerShell | | ||
| `runbook_uri` | URI for the runbook content. | "https://example.com/script.ps1" | | ||
| `one_time_schedule_start_time` | Start time for the one-time runbook schedule. | "2023-09-23T00:00:00Z" | | ||
| `hourly_schedule_start_time` | Start time for the hourly runbook schedule. | "2023-09-23T01:00:00Z" | |
Oops, something went wrong.