Web App Infrastructure as Code (IaC)

- 2 mins

Azure Deployment:

Hello All! Welcome back!

I was able to utilize Terraform to deploy infrastructure needed for the web app project. Deploying to Azure, I wanted to gain more experience using Terraform. I would consider myself an intermediate user at this point. If you check my github, I have a various deployments that I have made.

The IaC

Below is the code for the deployment. This covers all resources needed to deploy a linux virtual machine for the web app. There is of course more to come with it! View if you please!

### Dev/Designer: Tyler Hudson

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.91.0"
    }
  }
}

provider "azurerm" {
  features {}
}


variable "rg-name" {
  type    = string
  default = "flaskwebapp-rg"
}

variable "location" {
  type    = string
  default = "East US"
}

variable "vnet-name" {
  type    = string
  default = "flaskwebapp-vnet"
}

variable "sg-name" {
  type    = string
  default = "flaskwebapp-sg"
}

variable "host_os" {
  type    = string
  default = "windows"
}

resource "azurerm_resource_group" "rg-name" {
  name     = "flaskwebapp-rg"
  location = var.location
}

resource "azurerm_virtual_network" "flaskwebapp-vnet" {
  name                = "flaskwebapp-vnet"
  resource_group_name = azurerm_resource_group.rg-name.name
  location            = var.location
  address_space       = ["10.123.0.0/16"]

  tags = {
    environment = "dev"
  }
}

# creating a subnet
resource "azurerm_subnet" "flaskwebapp-subnet-1" {
  name                 = "flaskwebapp-subnet-1"
  resource_group_name  = azurerm_resource_group.rg-name.name
  virtual_network_name = azurerm_virtual_network.flaskwebapp-vnet.name

  address_prefixes = ["10.123.1.0/24"]

}

# creating security group
resource "azurerm_network_security_group" "flaskwebapp-sg" {
  name                = "flaskwebapp-sg"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg-name.name

  tags = {
    environment = "dev"
  }

}

#creating security rule
resource "azurerm_network_security_rule" "flaskwebapp-dev-rule" {
  name      = "flaskwebapp-dev-rule"
  priority  = 100
  direction = "Inbound"
  access    = "Allow"
  protocol  = "*"
  # changed protocol from TCP to * to allow for ICMP or anything else
  source_port_range      = "*"
  destination_port_range = "22"
  source_address_prefix  = "*"
  ### ^^ changed to *, was running into ssh/ip issues, want to deploy then change in azure portal to my ip for security
  ### will need to use "chmod 600 id_rsa" to change the 
  destination_address_prefix  = "*"
  resource_group_name         = azurerm_resource_group.rg-name.name
  network_security_group_name = azurerm_network_security_group.flaskwebapp-sg.name
}

# created association with subnet and security group. This allows the security group (with the rule) to protect our subnet
resource "azurerm_subnet_network_security_group_association" "subnetassociation" {
  subnet_id                 = azurerm_subnet.flaskwebapp-subnet-1.id
  network_security_group_id = azurerm_network_security_group.flaskwebapp-sg.id
}

# creating a public ip for future virtual machine. This will allow it to connect to the internet 
resource "azurerm_public_ip" "flaskwebapp-ip" {
  name                = "flaskwebapp-ip"
  resource_group_name = azurerm_resource_group.rg-name.name
  location            = var.location
  allocation_method   = "Dynamic"

  tags = {
    environment = "dev"
  }
}

# creating a NIC for the future VM
resource "azurerm_network_interface" "flaskwebapp-vm-nic" {
  name                = "flaskwebapp-vm-nic"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg-name.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.flaskwebapp-subnet-1.id
    private_ip_address_allocation = "Dynamic"
    public_ip_address_id          = azurerm_public_ip.flaskwebapp-ip.id
  }

  tags = {
    environment = "dev"
  }
}

# Create a new Linux VM for the group
resource "azurerm_linux_virtual_machine" "flaskwebapp-vm" {
  name                  = "flaskwebapp-vm"
  resource_group_name   = azurerm_resource_group.rg-name.name
  location              = var.location
  size                  = "Standard_B1s"
  admin_username        = "adminuser"
  network_interface_ids = [azurerm_network_interface.flaskwebapp-vm-nic.id]

  admin_ssh_key {
    username   = "adminuser"
    public_key = file("~/.ssh/id_rsa.pub")
  }
  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }
  source_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "18.04-LTS"
    version   = "latest"
  }
}

Signing Off

Thank you all.

Best regards, Tyler

Tyler
comments powered by Disqus