def firewall(stem, fw_sn_id, fwm_sn_id, private_ranges, depends_on=None):
fw_pip = network.PublicIPAddress(
f'{stem}{s}fw{s}pip',
public_ip_address_name=f'{stem}{s}fw{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.PublicIPAddressSkuArgs(name='Standard', ),
public_ip_allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
fwm_pip = network.PublicIPAddress(
f'{stem}{s}fwm{s}pip',
public_ip_address_name=f'{stem}{s}fwm{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.PublicIPAddressSkuArgs(name='Standard', ),
public_ip_allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
fw = network.AzureFirewall(
f'{stem}{s}fw',
azure_firewall_name=f'{stem}{s}fw{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
additional_properties={
"Network.SNAT.PrivateRanges": private_ranges,
},
sku=network.AzureFirewallSkuArgs(
name='AZFW_VNet',
tier='Standard',
),
ip_configurations=[
network.AzureFirewallIPConfigurationArgs(
name=f'{stem}{s}fw{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(id=fw_pip.id, ),
subnet=network.SubnetArgs(id=fw_sn_id, ),
)
],
management_ip_configuration=network.AzureFirewallIPConfigurationArgs(
name=f'{stem}{s}fwm{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(id=fwm_pip.id, ),
subnet=network.SubnetArgs(id=fwm_sn_id, ),
),
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return fw
def expressroute_gateway(stem, subnet_id, depends_on=None):
er_gw_pip = network.PublicIPAddress(
f'{stem}{s}er{s}gw{s}pip',
public_ip_address_name=f'{stem}{s}er{s}gw{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
public_ip_allocation_method='Dynamic',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
er_gw = network.VirtualNetworkGateway(
f'{stem}{s}er{s}gw',
virtual_network_gateway_name=f'{stem}{s}er{s}gw{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.VirtualNetworkGatewaySkuArgs(
name='Standard',
tier='Standard',
),
gateway_type='ExpressRoute',
vpn_type='RouteBased',
enable_bgp=True,
ip_configurations=[
network.VirtualNetworkGatewayIPConfigurationArgs(
name=f'{stem}{s}er{s}gw{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(
id=er_gw_pip.id, ),
subnet=network.SubnetArgs(id=subnet_id, ),
)
],
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return er_gw
def bastion_host(stem, virtual_network_name, address_prefix, depends_on=None):
ab_sn = network.Subnet(
f'{stem}{s}ab{s}sn',
subnet_name='AzureBastionSubnet', # name required
resource_group_name=resource_group_name,
virtual_network_name=virtual_network_name,
address_prefix=address_prefix,
opts=ResourceOptions(
parent=self,
delete_before_replace=True,
depends_on=depends_on,
),
)
ab_pip = network.PublicIPAddress(
f'{stem}{s}ab{s}pip',
public_ip_address_name=f'{stem}{s}ab{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku=network.PublicIPAddressSkuArgs(name='Standard', ),
public_ip_allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
ab = network.BastionHost(
f'{stem}{s}ab',
bastion_host_name=f'{stem}{s}ab{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
ip_configurations=[
network.BastionHostIPConfigurationArgs(
name=f'{stem}{s}ab{s}ipconf{s}{suffix}',
public_ip_address=network.PublicIPAddressArgs(id=ab_pip.id, ),
subnet=network.SubnetArgs(id=ab_sn.id, ),
)
],
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
return ab
location=location,
public_ip_address_name="server-ip",
public_ip_allocation_method="Dynamic")
# Create the network interface for the server.
network_iface = network.NetworkInterface(
"server-nic",
resource_group_name=resource_group.name,
location=resource_group.location,
network_interface_name="server-nic",
ip_configurations=[
network.NetworkInterfaceIPConfigurationArgs(
name="webserveripcfg",
subnet=network.SubnetArgs(id=net.subnets[0].id),
private_ip_allocation_method="Dynamic",
public_ip_address=network.PublicIPAddressArgs(id=public_ip.id),
)
])
# Create path to store ssh keys as a string.
ssh_path = "".join(["/home/", admin_username, "/.ssh/authorized_keys"])
# Create the virtual machine.
server = compute.VirtualMachine(
"server-vm",
resource_group_name=resource_group.name,
location=location,
vm_name="server-vm",
network_profile=compute.NetworkProfileArgs(network_interfaces=[
compute.NetworkInterfaceReferenceArgs(id=network_iface.id),
], ),
