Skip to content

Instantly share code, notes, and snippets.

@ptasker

ptasker/main.tf

Created April 4, 2025 17:20
Show Gist options
  • Save ptasker/d8697690f087f2a1403c6f5d5f193923 to your computer and use it in GitHub Desktop.
Save ptasker/d8697690f087f2a1403c6f5d5f193923 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform Azure config - demo
Raw
main.tf
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.2"
}
}
required_version = ">= 1.1.0"
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "rg" {
name = "myTFResourceGroup"
location = "eastus2"
}
# Create a virtual network
resource "azurerm_virtual_network" "vnet" {
name = "vnet-lb-demo"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
address_space = ["10.0.0.0/16"]
}
# Create a subnet for the VMs and NICs
resource "azurerm_subnet" "subnet" {
name = "subnet-lb-demo"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# Create a public IP for the load balancer
resource "azurerm_public_ip" "lb_pub_ip" {
name = "lb-public-ip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
}
# Create the load balancer with a frontend configuration
resource "azurerm_lb" "lb" {
name = "myLoadBalancer"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku = "Standard"
frontend_ip_configuration {
name = "LoadBalancerFrontEnd"
public_ip_address_id = azurerm_public_ip.lb_pub_ip.id
}
}
# Create the backend address pool for the load balancer
resource "azurerm_lb_backend_address_pool" "backend_pool" {
name = "backendPool"
loadbalancer_id = azurerm_lb.lb.id
}
# Create VM1 (Linux)
resource "azurerm_linux_virtual_machine" "vm1" {
name = "vm1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = "Standard_DS1_v2"
admin_username = "azureuser"
network_interface_ids = [
azurerm_network_interface.nic1.id
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts-gen2"
version = "22.04.202503240"
}
admin_ssh_key {
username = "azureuser"
public_key = file("~/.ssh/id_rsa.pub")
}
}
# Create VM2 (Linux)
resource "azurerm_linux_virtual_machine" "vm2" {
name = "vm2"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = "Standard_DS1_v2"
admin_username = "azureuser"
network_interface_ids = [
azurerm_network_interface.nic2.id
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts-gen2"
version = "22.04.202503240"
}
admin_ssh_key {
username = "azureuser"
public_key = file("~/.ssh/id_rsa.pub")
}
}
# Public IP for VM1
resource "azurerm_public_ip" "vm1_public_ip" {
name = "vm1-public-ip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
}
# Public IP for VM2
resource "azurerm_public_ip" "vm2_public_ip" {
name = "vm2-public-ip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_network_security_group" "nsg" {
name = "nsg-vms"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
# Allow SSH traffic on port 22
security_rule {
name = "Allow-SSH"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "*"
destination_address_prefix = "*"
source_port_range = "*"
destination_port_range = "22"
}
# Allow DNS queries on TCP port 53
security_rule {
name = "Allow-DNS-TCP"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "*"
destination_address_prefix = "*"
source_port_range = "*"
destination_port_range = "53"
}
# Allow DNS queries on UDP port 53
security_rule {
name = "Allow-DNS-UDP"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Udp"
source_address_prefix = "*"
destination_address_prefix = "*"
source_port_range = "*"
destination_port_range = "53"
}
}
# Create NIC for VM1 and associate it with the backend pool
resource "azurerm_network_interface" "nic1" {
name = "nic1"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.vm1_public_ip.id
}
}
resource "azurerm_network_interface_backend_address_pool_association" "nic1" {
network_interface_id = azurerm_network_interface.nic1.id
ip_configuration_name = "internal"
backend_address_pool_id = azurerm_lb_backend_address_pool.backend_pool.id
}
resource "azurerm_network_interface_security_group_association" "nic1" {
network_interface_id = azurerm_network_interface.nic1.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
# Create NIC for VM2 and associate it with the backend pool
resource "azurerm_network_interface" "nic2" {
name = "nic2"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface_backend_address_pool_association" "nic2" {
network_interface_id = azurerm_network_interface.nic2.id
ip_configuration_name = "internal"
backend_address_pool_id = azurerm_lb_backend_address_pool.backend_pool.id
}
resource "azurerm_network_interface_security_group_association" "nic2" {
network_interface_id = azurerm_network_interface.nic2.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
# Load balancing rule for TCP port 53
resource "azurerm_lb_rule" "lb_rule_tcp_53" {
name = "lbrule-tcp-53"
loadbalancer_id = azurerm_lb.lb.id
protocol = "Tcp"
frontend_port = 53
backend_port = 53
frontend_ip_configuration_name = "LoadBalancerFrontEnd"
backend_address_pool_ids = [azurerm_lb_backend_address_pool.backend_pool.id]
idle_timeout_in_minutes = 4
}
# Load balancing rule for UDP port 53
resource "azurerm_lb_rule" "lb_rule_udp_53" {
name = "lbrule-udp-53"
loadbalancer_id = azurerm_lb.lb.id
protocol = "Udp"
frontend_port = 53
backend_port = 53
frontend_ip_configuration_name = "LoadBalancerFrontEnd"
backend_address_pool_ids = [azurerm_lb_backend_address_pool.backend_pool.id]
idle_timeout_in_minutes = 4
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment