Beispiel #1
0
def firewall(stem, fw_sn_id, fwm_sn_id, private_ranges, depends_on=None):
    fw_pip = network.PublicIPAddress(
        f'{stem}{s}fw{s}pip',
        public_ip_address_name=f'{stem}{s}fw{s}pip{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        sku=network.PublicIPAddressSkuArgs(name='Standard', ),
        public_ip_allocation_method='Static',
        tags=tags,
        opts=ResourceOptions(parent=self, depends_on=depends_on),
    )
    fwm_pip = network.PublicIPAddress(
        f'{stem}{s}fwm{s}pip',
        public_ip_address_name=f'{stem}{s}fwm{s}pip{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        sku=network.PublicIPAddressSkuArgs(name='Standard', ),
        public_ip_allocation_method='Static',
        tags=tags,
        opts=ResourceOptions(parent=self, depends_on=depends_on),
    )
    fw = network.AzureFirewall(
        f'{stem}{s}fw',
        azure_firewall_name=f'{stem}{s}fw{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        additional_properties={
            "Network.SNAT.PrivateRanges": private_ranges,
        },
        sku=network.AzureFirewallSkuArgs(
            name='AZFW_VNet',
            tier='Standard',
        ),
        ip_configurations=[
            network.AzureFirewallIPConfigurationArgs(
                name=f'{stem}{s}fw{s}ipconf{s}{suffix}',
                public_ip_address=network.PublicIPAddressArgs(id=fw_pip.id, ),
                subnet=network.SubnetArgs(id=fw_sn_id, ),
            )
        ],
        management_ip_configuration=network.AzureFirewallIPConfigurationArgs(
            name=f'{stem}{s}fwm{s}ipconf{s}{suffix}',
            public_ip_address=network.PublicIPAddressArgs(id=fwm_pip.id, ),
            subnet=network.SubnetArgs(id=fwm_sn_id, ),
        ),
        tags=tags,
        opts=ResourceOptions(
            parent=self,
            depends_on=depends_on,
            custom_timeouts=CustomTimeouts(
                create='1h',
                update='1h',
                delete='1h',
            ),
        ),
    )
    return fw
Beispiel #2
0
def expressroute_gateway(stem, subnet_id, depends_on=None):
    er_gw_pip = network.PublicIPAddress(
        f'{stem}{s}er{s}gw{s}pip',
        public_ip_address_name=f'{stem}{s}er{s}gw{s}pip{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        public_ip_allocation_method='Dynamic',
        tags=tags,
        opts=ResourceOptions(parent=self, depends_on=depends_on),
    )
    er_gw = network.VirtualNetworkGateway(
        f'{stem}{s}er{s}gw',
        virtual_network_gateway_name=f'{stem}{s}er{s}gw{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        sku=network.VirtualNetworkGatewaySkuArgs(
            name='Standard',
            tier='Standard',
        ),
        gateway_type='ExpressRoute',
        vpn_type='RouteBased',
        enable_bgp=True,
        ip_configurations=[
            network.VirtualNetworkGatewayIPConfigurationArgs(
                name=f'{stem}{s}er{s}gw{s}ipconf{s}{suffix}',
                public_ip_address=network.PublicIPAddressArgs(
                    id=er_gw_pip.id, ),
                subnet=network.SubnetArgs(id=subnet_id, ),
            )
        ],
        tags=tags,
        opts=ResourceOptions(
            parent=self,
            depends_on=depends_on,
            custom_timeouts=CustomTimeouts(
                create='1h',
                update='1h',
                delete='1h',
            ),
        ),
    )
    return er_gw
Beispiel #3
0
def bastion_host(stem, virtual_network_name, address_prefix, depends_on=None):
    ab_sn = network.Subnet(
        f'{stem}{s}ab{s}sn',
        subnet_name='AzureBastionSubnet',  # name required
        resource_group_name=resource_group_name,
        virtual_network_name=virtual_network_name,
        address_prefix=address_prefix,
        opts=ResourceOptions(
            parent=self,
            delete_before_replace=True,
            depends_on=depends_on,
        ),
    )
    ab_pip = network.PublicIPAddress(
        f'{stem}{s}ab{s}pip',
        public_ip_address_name=f'{stem}{s}ab{s}pip{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        sku=network.PublicIPAddressSkuArgs(name='Standard', ),
        public_ip_allocation_method='Static',
        tags=tags,
        opts=ResourceOptions(parent=self, depends_on=depends_on),
    )
    ab = network.BastionHost(
        f'{stem}{s}ab',
        bastion_host_name=f'{stem}{s}ab{s}{suffix}',
        resource_group_name=resource_group_name,
        location=location,
        ip_configurations=[
            network.BastionHostIPConfigurationArgs(
                name=f'{stem}{s}ab{s}ipconf{s}{suffix}',
                public_ip_address=network.PublicIPAddressArgs(id=ab_pip.id, ),
                subnet=network.SubnetArgs(id=ab_sn.id, ),
            )
        ],
        tags=tags,
        opts=ResourceOptions(parent=self, depends_on=depends_on),
    )
    return ab
Beispiel #4
0
# Create a resource group to hold project resources.
resource_group = resources.ResourceGroup("server-rg",
                                         resource_group_name="minecraft",
                                         location=location)

# Create a virtual network resource.
net = network.VirtualNetwork("server-network",
                             resource_group_name=resource_group.name,
                             location=location,
                             virtual_network_name="server-network",
                             address_space=network.AddressSpaceArgs(
                                 address_prefixes=["10.0.0.0/16"], ),
                             subnets=[
                                 network.SubnetArgs(
                                     name="default",
                                     address_prefix="10.0.0.0/24",
                                 )
                             ])

# Create a public IP to enable access on the Internet.
public_ip = network.PublicIPAddress("server-ip",
                                    resource_group_name=resource_group.name,
                                    location=location,
                                    public_ip_address_name="server-ip",
                                    public_ip_allocation_method="Dynamic")

# Create the network interface for the server.
network_iface = network.NetworkInterface(
    "server-nic",
    resource_group_name=resource_group.name,
    location=resource_group.location,
Beispiel #5
0
                                 destination_port_range='8443',
                                 source_address_prefix='*',
                                 destination_address_prefix='*',
                                 priority=1002),
    ])

network_interface = network.NetworkInterface(
    resource_name='nic-nc',
    resource_group_name=resource_group.name,
    network_interface_name='nic-nc-{0}'.format(installation_id),
    location=location,
    ip_configurations=[
        network.NetworkInterfaceIPConfigurationArgs(
            name='pipcfg-nc',
            primary=True,
            subnet=network.SubnetArgs(id=subnet.id),
            private_ip_allocation_method='Dynamic',
            public_ip_address=network.PublicIPAddressArgs(id=public_ip.id))
    ],
    network_security_group=network.NetworkSecurityGroupArgs(
        id=network_security_group.id))

# Build NGINX Controller VM

controller_fqdn = Output.all(public_ip.dns_settings).apply(lambda lst: lst[0])
custom_data = scripts.platform_setup_script({
    'TLS_HOSTNAME':
    scripts.build_vm_domain(config),
    'LETS_ENCRYPT_EMAIL':
    admin_email
})