From ebc0886ea1311d3b48b5c940c32035c5c7f847d0 Mon Sep 17 00:00:00 2001
From: Tom Archer <tarcher@microsoft.com>
Date: Fri, 6 Dec 2024 19:14:29 -0800
Subject: [PATCH] Initial put

---
 quickstart/101-dns-private-zone/README.md    |  30 ++++
 quickstart/101-dns-private-zone/main.tf      | 151 +++++++++++++++++++
 quickstart/101-dns-private-zone/outputs.tf   |  31 ++++
 quickstart/101-dns-private-zone/providers.tf |  18 +++
 quickstart/101-dns-private-zone/variables.tf |  35 +++++
 5 files changed, 265 insertions(+)
 create mode 100644 quickstart/101-dns-private-zone/README.md
 create mode 100644 quickstart/101-dns-private-zone/main.tf
 create mode 100644 quickstart/101-dns-private-zone/outputs.tf
 create mode 100644 quickstart/101-dns-private-zone/providers.tf
 create mode 100644 quickstart/101-dns-private-zone/variables.tf

diff --git a/quickstart/101-dns-private-zone/README.md b/quickstart/101-dns-private-zone/README.md
new file mode 100644
index 000000000..818c8fd3f
--- /dev/null
+++ b/quickstart/101-dns-private-zone/README.md
@@ -0,0 +1,30 @@
+# Azure Private DNS Zone
+
+This template deploys an Azure Private DNS Zone.
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+- [azurerm_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone)
+- [azurerm_private_dns_zone_virtual_network_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link)
+- [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
+- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
+- [azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine)
+- [azurerm_private_dns_a_record](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record)
+- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
+- [azurerm_network_security_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule)
+
+## Variables
+
+| Name | Description | Default value |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `address_space` | The address space that is used the virtual network. | ["10.0.0.0/16"] |
+| `description` | The address prefixes to use for the subnet. | ["10.0.2.0/24"] |
+| `private_dns_zone_name` | Name of the private DNS zone resource. | "" |
+| `admin_username` | Admin usernames for the Windows VMs. | "adminuser" |
diff --git a/quickstart/101-dns-private-zone/main.tf b/quickstart/101-dns-private-zone/main.tf
new file mode 100644
index 000000000..010a11511
--- /dev/null
+++ b/quickstart/101-dns-private-zone/main.tf
@@ -0,0 +1,151 @@
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+resource "random_string" "name" {
+  length  = 8
+  special = false
+  upper   = false
+  lower   = true
+  numeric = false
+}
+resource "azurerm_virtual_network" "vnet" {
+  name                = "vnet-${random_string.name.id}"
+  address_space       = var.address_space
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_subnet" "subnet" {
+  name                 = "subnet-${random_string.name.id}"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = var.address_prefixes
+}
+
+resource "azurerm_private_dns_zone" "dns_zone" {
+  name                = var.private_dns_zone_name
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "dsn_vnet_link" {
+  name                  = "dns-vnet-link-${random_string.name.id}"
+  resource_group_name   = azurerm_resource_group.rg.name
+  private_dns_zone_name = azurerm_private_dns_zone.dns_zone.name
+  virtual_network_id    = azurerm_virtual_network.vnet.id
+}
+
+resource "random_password" "vm1_admin_password" {
+  length  = 16
+  special = true
+}
+
+resource "random_password" "vm2_admin_password" {
+  length  = 16
+  special = true
+}
+
+resource "azurerm_network_interface" "nic1" {
+  name                = "nic1-${random_string.name.id}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.subnet.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_interface" "nic2" {
+  name                = "nic2-${random_string.name.id}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.subnet.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_windows_virtual_machine" "vm1" {
+  name                = "vm1-${random_string.name.id}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  size                = "Standard_F2"
+  admin_username      = var.admin_username
+  admin_password      = random_password.vm1_admin_password.result
+  network_interface_ids = [
+    azurerm_network_interface.nic1.id,
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2019-Datacenter"
+    version   = "latest"
+  }
+}
+
+resource "azurerm_windows_virtual_machine" "vm2" {
+  name                = "vm2-${random_string.name.id}"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  size                = "Standard_F2"
+  admin_username      = var.admin_username
+  admin_password      = random_password.vm1_admin_password.result
+  network_interface_ids = [
+    azurerm_network_interface.nic2.id,
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2019-Datacenter"
+    version   = "latest"
+  }
+}
+
+resource "azurerm_private_dns_a_record" "pdar" {
+  name                = "test"
+  zone_name           = azurerm_private_dns_zone.dns_zone.name
+  resource_group_name = azurerm_resource_group.rg.name
+  ttl                 = 300
+  records             = [azurerm_windows_virtual_machine.vm1.private_ip_address]
+}
+
+resource "azurerm_network_security_group" "nsg" {
+  name                = "nsg-${random_string.name.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_network_security_rule" "nsr_icmp" {
+  name                        = "Allow-ICMP"
+  priority                    = 100
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Icmp"
+  source_port_range           = "*"
+  destination_port_range      = "*"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "*"
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = azurerm_network_security_group.nsg.name
+}
\ No newline at end of file
diff --git a/quickstart/101-dns-private-zone/outputs.tf b/quickstart/101-dns-private-zone/outputs.tf
new file mode 100644
index 000000000..5718813e5
--- /dev/null
+++ b/quickstart/101-dns-private-zone/outputs.tf
@@ -0,0 +1,31 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "windows_virtual_machine_1_name" {
+  value = azurerm_windows_virtual_machine.vm1.name
+}
+
+output "windows_virtual_machine_2_name" {
+  value = azurerm_windows_virtual_machine.vm2.name
+}
+
+output "windows_virtual_machine_1_password" {
+  value     = azurerm_windows_virtual_machine.vm1.admin_password
+  sensitive = true
+}
+
+output "windows_virtual_machine_2_password" {
+  value     = azurerm_windows_virtual_machine.vm2.admin_password
+  sensitive = true
+}
+
+output "windows_virtual_machine_1_admin_username" {
+  value     = azurerm_windows_virtual_machine.vm1.admin_username
+  sensitive = true
+}
+
+output "windows_virtual_machine_2_admin_username" {
+  value     = azurerm_windows_virtual_machine.vm2.admin_username
+  sensitive = true
+}
\ No newline at end of file
diff --git a/quickstart/101-dns-private-zone/providers.tf b/quickstart/101-dns-private-zone/providers.tf
new file mode 100644
index 000000000..058b68717
--- /dev/null
+++ b/quickstart/101-dns-private-zone/providers.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
\ No newline at end of file
diff --git a/quickstart/101-dns-private-zone/variables.tf b/quickstart/101-dns-private-zone/variables.tf
new file mode 100644
index 000000000..c0502132b
--- /dev/null
+++ b/quickstart/101-dns-private-zone/variables.tf
@@ -0,0 +1,35 @@
+variable "resource_group_location" {
+  type        = string
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name_prefix" {
+  type        = string
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "address_space" {
+  type = list(string)
+  default = ["10.0.0.0/16"]
+  description = "The address space that is used the virtual network."
+}
+
+variable "address_prefixes" {
+  type = list(string)
+  default = ["10.0.2.0/24"]
+  description = "The address prefixes to use for the subnet"
+}
+
+variable "private_dns_zone_name" {
+  type = string
+  default = "private.contoso.com"
+  description = "The name of the Private DNS Zone. Must be a valid domain name. Changing this value forces a new resource to be created."
+}
+
+variable "admin_username" {
+  type = string
+  default = "adminuser"
+  description = "The username for the Windows virtual machines."
+}
\ No newline at end of file