def firewall(stem, fw_sn_id, fwm_sn_id, private_ranges, depends_on=None): fw_pip = network.PublicIp( f'{stem}{s}fw{s}pip{s}{suffix}', resource_group_name=resource_group_name, location=location, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) fwm_pip = network.PublicIp( f'{stem}{s}fwm{s}pip{s}{suffix}', resource_group_name=resource_group_name, location=location, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) fw = network.Firewall( f'{stem}{s}fw{s}{suffix}', resource_group_name=resource_group_name, location=location, # additional_properties = { # "Network.SNAT.PrivateRanges": private_ranges, # }, # sku = 'AZFW_VNet', ip_configurations=[ network.FirewallIpConfigurationArgs( name=f'{stem}{s}fw{s}ipc', public_ip_address_id=fw_pip.id, subnet_id=fw_sn_id, ) ], management_ip_configuration=network.FirewallIpConfigurationArgs( name=f'{stem}{s}fwm{s}ipc', public_ip_address_id=fwm_pip.id, subnet_id=fwm_sn_id, ), tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts( create='1h', update='1h', delete='1h', ), ), ) return fw
def vpn_gateway(stem, subnet_id, depends_on=[]): vpn_gw_pip = network.PublicIp( f'{stem}-vpn-gw-pip-', resource_group_name=resource_group_name, location=location, allocation_method='Dynamic', tags=tags, opts=ResourceOptions(parent=self), ) vpn_gw = network.VirtualNetworkGateway( f'{stem}-vpn-gw-', resource_group_name=resource_group_name, location=location, sku='VpnGw1', type='Vpn', vpn_type='RouteBased', ip_configurations=[{ 'name': f'{stem}-vpn-gw-ipconf', 'subnet_id': subnet_id, 'publicIpAddressId': vpn_gw_pip.id, }], tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts(create='1h', update='1h', delete='1h'), ), ) return vpn_gw
def expressroute_gateway(stem, subnet_id, depends_on=None): er_gw_pip = network.PublicIp( f'{stem}{s}er{s}gw{s}pip{s}{suffix}', resource_group_name=resource_group_name, location=location, allocation_method='Dynamic', tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) er_gw = network.VirtualNetworkGateway( f'{stem}{s}er{s}gw{s}{suffix}', resource_group_name=resource_group_name, location=location, sku='Standard', type='ExpressRoute', vpn_type='RouteBased', ip_configurations=[ network.VirtualNetworkGatewayIpConfigurationArgs( name=f'{stem}{s}er{s}gw{s}ipc', public_ip_address_id=er_gw_pip.id, subnet_id=subnet_id, ) ], tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts( create='1h', update='1h', delete='1h', ), ), ) return er_gw
def firewall(stem, subnet_id, depends_on=[]): fw_pip = network.PublicIp( f'{stem}-fw-pip-', resource_group_name=resource_group_name, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self), ) fw = network.Firewall( f'{stem}-fw-', resource_group_name=resource_group_name, ip_configurations=[{ 'name': f'{stem}-fw-ipconf', 'subnet_id': subnet_id, 'publicIpAddressId': fw_pip.id, }], tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts( create='1h', update='1h', delete='1h', ), ), ) return fw
def bastion_host(stem, virtual_network_name, address_prefix, depends_on=None): ab_sn = network.Subnet( f'{stem}{s}ab{s}sn', name='AzureBastionSubnet', # name required resource_group_name=resource_group_name, virtual_network_name=virtual_network_name, address_prefixes=[address_prefix], opts=ResourceOptions( parent=self, delete_before_replace=True, depends_on=depends_on, ), ) ab_pip = network.PublicIp( f'{stem}{s}ab{s}pip{s}{suffix}', resource_group_name=resource_group_name, location=location, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) ab = compute.BastionHost( f'{stem}{s}ab{s}{suffix}', resource_group_name=resource_group_name, location=location, ip_configuration=compute.BastionHostIpConfigurationArgs( name=f'{stem}{s}ab{s}ipc', public_ip_address_id=ab_pip.id, subnet_id=ab_sn.id, ), tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) return ab
def expressroute_gateway(stem, subnet_id, depends_on=None): er_gw_pip = network.PublicIp( f'{stem}-er-gw-pip-', resource_group_name=resource_group_name, allocation_method='Dynamic', tags=tags, opts=ResourceOptions(parent=self), ) er_gw = network.VirtualNetworkGateway( f'{stem}-er-gw-', resource_group_name=resource_group_name, sku='Standard', type='ExpressRoute', vpn_type='RouteBased', ip_configurations=[{ 'name': f'{stem}-er-gw-ipconf', 'publicIpAddressId': er_gw_pip.id, 'subnet_id': subnet_id, }], tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts( create='1h', update='1h', delete='1h', ), ), ) return er_gw
def vpn_gateway(stem, subnet_id, depends_on=None): vpn_gw_pip = network.PublicIp( f'{stem}-vpn-gw-pip-', resource_group_name=resource_group_name, allocation_method='Dynamic', tags=tags, opts=ResourceOptions(parent=self), ) vpn_gw = network.VirtualNetworkGateway( f'{stem}-vpn-gw-', resource_group_name=resource_group_name, sku='VpnGw1', type='Vpn', vpn_type='RouteBased', ip_configurations=[ network.VirtualNetworkGatewayIpConfigurationArgs( name=f'{stem}-vpn-gw-ipconf', public_ip_address_id=vpn_gw_pip.id, subnet_id=subnet_id, ) ], tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts( create='1h', update='1h', delete='1h', ), ), ) return vpn_gw
def firewall(stem, fw_sn_id, fwm_sn_id, depends_on=None): fw_pip = network.PublicIp( f'{stem}-fw-pip-', resource_group_name=resource_group_name, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self), ) # fwm_pip = network.PublicIp( # requires api 2019-11-01 or later # f'{stem}-fwm-pip-', # resource_group_name = resource_group_name, # sku = 'Standard', # allocation_method = 'Static', # tags = tags, # opts = ResourceOptions(parent=self), # ) fw = network.Firewall( f'{stem}-fw-', resource_group_name=resource_group_name, # sku = 'AZFW_VNet', # not required but distinguishes from 'AZFW_Hub' ip_configurations=[ network.FirewallIpConfigurationArgs( name=f'{stem}-fw-ipconf', public_ip_address_id=fw_pip.id, subnet_id=fw_sn_id, ) ], # management_ip_configuration = { # requires api 2019-11-01 or later # 'name': f'{stem}-fwm-ipconf', # 'publicIpAddressId': fwm_pip.id, # 'subnet_id': fwm_sn_id, # }, tags=tags, opts=ResourceOptions( parent=self, depends_on=depends_on, custom_timeouts=CustomTimeouts( create='1h', update='1h', delete='1h', ), ), ) return fw
def bastion_host(stem, subnet_id, depends_on=None): ab_pip = network.PublicIp( f'{stem}-ab-pip-', resource_group_name=resource_group_name, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self), ) ab = compute.BastionHost( f'{stem}-ab-', resource_group_name=resource_group_name, ip_configuration={ 'name': f'{stem}-ab-ipconf', 'publicIpAddressId': ab_pip.id, 'subnet_id': subnet_id, }, tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) return ab
def bastion_host(stem, subnet_id, depends_on=None): ab_pip = network.PublicIp( f'{stem}-ab-pip-', resource_group_name=resource_group_name, sku='Standard', allocation_method='Static', tags=tags, opts=ResourceOptions(parent=self), ) ab = compute.BastionHost( f'{stem}-ab-', resource_group_name=resource_group_name, ip_configuration=compute.BastionHostIpConfigurationArgs( name=f'{stem}-ab-ipconf', public_ip_address_id=ab_pip.id, subnet_id=subnet_id, ), tags=tags, opts=ResourceOptions(parent=self, depends_on=depends_on), ) return ab
def __init__(self, name: str, resource_group_name: str, domain_name_label: str = None, tags: dict = None, opts: pulumi.ResourceOptions = None): """ :param name: The name of the resource. :param resource_group_name: The name of resource group :param str domain_name_label: Label for the Domain Name. Will be used to make up the FQDN. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. :param tags: A mapping of tags to assign to the resource. :param opts: Options for the resource. """ __public_ip = network.PublicIp( name, resource_group_name=resource_group_name, sku="Standard", allocation_method=self.__allocation_method, domain_name_label=domain_name_label, tags=self.__get_tags(tags), opts=opts) self.public_ip = __public_ip
net = network.VirtualNetwork("server-network", resource_group_name=resource_group.name, location=resource_group.location, address_spaces=["10.0.0.0/16"], subnets=[{ "name": "default", "address_prefix": "10.0.1.0/24", }]) subnet = network.Subnet("server-subnet", resource_group_name=resource_group.name, virtual_network_name=net.name, address_prefix="10.0.2.0/24", enforce_private_link_endpoint_network_policies="false") public_ip = network.PublicIp("server-ip", resource_group_name=resource_group.name, location=resource_group.location, allocation_method="Dynamic") network_iface = network.NetworkInterface( "server-nic", resource_group_name=resource_group.name, location=resource_group.location, ip_configurations=[{ "name": "webserveripcfg", "subnet_id": subnet.id, "private_ip_address_allocation": "Dynamic", "public_ip_address_id": public_ip.id, }]) userdata = """#!/bin/bash
dns_servers=["10.2.0.4"]) subnet = network.Subnet("servers", virtual_network_name=vnet.name, address_prefix="10.2.0.0/24", resource_group_name=rg.name) bastionSubnet = network.Subnet("bastion", name="AzureBastionSubnet", virtual_network_name=vnet.name, address_prefix="10.2.1.0/24", resource_group_name=rg.name) # public ip ip = network.PublicIp("geba-sso-ip", resource_group_name=rg.name, allocation_method="Static", sku="Standard") # create bastion bastion = compute.BastionHost("sso-bastion", resource_group_name=rg.name, ip_configuration={ "name": "ipconfig1", "publicIpAddressId": ip.id, "subnet_id": bastionSubnet.id }) img2019 = { "offer": "WindowsServer", "publisher": "MicrosoftWindowsServer", "sku": "2019-Datacenter",
# Create an Azure subnet gatewaysubnet = network.Subnet( "GatewaySubnet", resource_group_name=resource_group.name, address_prefix=gateway_address_spaces, virtual_network_name=vnet.name, name="GatewaySubnet" ) # Create an Azure network public-ip public_ip = network.PublicIp( "Vnet01GWPIP", resource_group_name=resource_group.name, allocation_method="Dynamic", ip_version="IPv4", sku="Basic", name="Vnet01GWPIP") # Create an Azure gateway gateway = network.VirtualNetworkGateway( "Vnet01GW", name="Vnet01GW", resource_group_name=resource_group.name, vpn_type="RouteBased", sku="VpnGw1", type="Vpn", ip_configurations=[{ "publicIpAddressId": public_ip.id, "name": "Vnet01GWPIP",
def __init__(self, name: str, args: WebServerArgs, opts: ResourceOptions = None): super().__init__("custom:app:WebServer", name, {}, opts) child_opts = ResourceOptions(parent=self) public_ip = network.PublicIp( "server-ip", resource_group_name=args.resource_group.name, location=args.resource_group.location, allocation_method="Dynamic", opts=child_opts, ) network_iface = network.NetworkInterface( "server-nic", resource_group_name=args.resource_group.name, location=args.resource_group.location, ip_configurations=[ network.NetworkInterfaceIpConfigurationArgs( name="webserveripcfg", subnet_id=args.subnet.id, private_ip_address_allocation="Dynamic", public_ip_address_id=public_ip.id, ) ], opts=child_opts, ) userdata = """#!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 &""" vm = compute.VirtualMachine( "server-vm", resource_group_name=args.resource_group.name, location=args.resource_group.location, network_interface_ids=[network_iface.id], vm_size="Standard_A0", delete_data_disks_on_termination=True, delete_os_disk_on_termination=True, os_profile=compute.VirtualMachineOsProfileArgs( computer_name="hostname", admin_username=args.username, admin_password=args.password, custom_data=userdata, ), os_profile_linux_config=compute.VirtualMachineOsProfileLinuxConfigArgs( disable_password_authentication=False, ), storage_os_disk=compute.VirtualMachineStorageOsDiskArgs( create_option="FromImage", name="myosdisk1", ), storage_image_reference=compute.VirtualMachineStorageImageReferenceArgs( publisher="canonical", offer="UbuntuServer", sku="16.04-LTS", version="latest", ), opts=child_opts, ) # The public IP address is not allocated until the VM is running, so we wait # for that resource to create, and then lookup the IP address again to report # its public IP. combined_output = Output.all( vm.id, public_ip.name, public_ip.resource_group_name ) self.public_ip_addr = combined_output.apply( lambda lst: network.get_public_ip(name=lst[1], resource_group_name=lst[2]).ip_address ) self.register_outputs({})
from pulumi import Config, export, ResourceOptions from pulumi_azure import core, network, lb, compute import pulumi_random as random config = Config() admin_user = config.get("adminUser") or "azureuser" admin_password = config.get_secret("adminPassword") or random.RandomPassword( "pwd", length=20, special="true").result domain = config.get("domain") or random.RandomString( "domain", length=10, number="false", special="false", upper="false").result application_port = config.get_float("applicationPort") or 80 resource_group = core.ResourceGroup("vmss-rg") public_ip = network.PublicIp("public-ip", resource_group_name=resource_group.name, allocation_method="Static", domain_name_label=domain) load_balancer = lb.LoadBalancer("lb", resource_group_name=resource_group.name, frontend_ip_configurations=[{ "name": "PublicIPAddress", "publicIpAddressId": public_ip.id, }]) bpepool = lb.BackendAddressPool("bpepool", resource_group_name=resource_group.name, loadbalancer_id=load_balancer.id)
resource_group_name=resource_group.name, location=resource_group.location, address_spaces=hcl_vars['variable']['network_address_spaces']['default'], subnets=hcl_vars['variable']['network_subnets']['default'] ) subnet = network.Subnet( hcl_vars['variable']['network_additional_subnet_name']['default'], name=hcl_vars['variable']['network_additional_subnet_name']['default'], resource_group_name=resource_group.name, virtual_network_name=net.name, address_prefix=hcl_vars['variable']['network_additional_subnet_address_prefix']['default']) public_ip = network.PublicIp( hcl_vars['variable']['network_public_ip_name']['default'], name=hcl_vars['variable']['network_public_ip_name']['default'], resource_group_name=resource_group.name, location=resource_group.location, allocation_method=hcl_vars['variable']['network_public_ip_allocation_method']['default']) # per VM settings virtual_machines = hcl_vars['variable']['virtual_machines']['default'] network_ifaces = [] vms = [] vm_counter = 0 vm_size = 'Standard_B1ls' for virtual_machine in virtual_machines: ip_config = [{ "name": virtual_machine['name'],
def __init__(self, name: str, location: None, resource_group_name: None, vnet_name: None, address_prefix: None, opts: pulumi.ResourceOptions = None): super().__init__('Bastion', name, None, opts) # Make base info available to other methods self.name = name self.location = location self.resource_group_name = resource_group_name self.vnet_name = vnet_name self.address_prefix = address_prefix # Create Bastion Subnet self.subnet = network.Subnet("bastion-subnet", name="AzureBastionSubnet", resource_group_name=resource_group_name, virtual_network_name=vnet_name, address_prefix=address_prefix) # Create Public IP self.pip = network.PublicIp("bastion-pip", location=location, resource_group_name=resource_group_name, name=f"{name}-bastionpip", allocation_method="Static", sku="Standard") # Deploy Bastion ARM template self.bastion = core.TemplateDeployment( "bastion", deployment_mode="Incremental", resource_group_name=resource_group_name, template_body=json.dumps({ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "bastionHostName": { "type": "string", "metadata": { "description": "Bastion Name" } }, "location": { "type": "string", "metadata": { "description": "Location for all resources." } }, "bastionServicesVnetName": { "type": "string", "metadata": { "description": "Virtual Network Name" } }, "bastionServicesSubnetName": { "type": "string", "metadata": { "description": "Subnet Name" } }, "publicIpAddressName": { "type": "string" }, "COSTCENTRE": { "type": "string", "defaultValue": "1234" }, "APPLICATION": { "type": "string", "defaultValue": "platform" }, "ENVIRONMENT": { "type": "string", "defaultValue": "dev" }, }, "variables": { "subnetRefId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('bastionServicesVnetName'), parameters('bastionServicesSubnetName'))]" }, "resources": [{ "apiVersion": "2018-10-01", "type": "Microsoft.Network/bastionHosts", "name": "[parameters('bastionHostName')]", "location": "[parameters('location')]", "properties": { "ipConfigurations": [{ "name": "IpConf", "properties": { "subnet": { "id": "[variables('subnetRefId')]" }, "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIpAddresses', parameters('publicIpAddressName'))]" } } }] }, "tags": {} }], "outputs": {} }), parameters={ "bastionHostName": location.apply(lambda location: location + "-bastion"), "publicIpAddressName": self.pip.name, "location": location, "bastionServicesVnetName": vnet_name, "bastionServicesSubnetName": self.subnet.name }, __opts__={"dependsOn": [self.subnet.id]}) super().register_outputs({})
address_prefixes=["10.0.2.0/24"], enforce_private_link_endpoint_network_policies="false") # create example userdata userdata = """#!/bin/bash echo "Hello, World!" > hello """ # show off loop usage in pulumi names = ["vm1", "vm2", "vm3"] for name in names: # every vm needs its own public ip and interface public_ip = network.PublicIp( "{}-public-ip".format(name), resource_group_name=resource_group.name, location=resource_group.location, allocation_method="Dynamic") network_iface = network.NetworkInterface( "{}-nic".format(name), resource_group_name=resource_group.name, location=resource_group.location, ip_configurations=[{ "name": "server-ip", "subnet_id": subnet.id, "private_ip_address_allocation": "Dynamic", # just grab any ip "public_ip_address_id": public_ip.id, }]) # create vm itself
subnets = { 'default': '10.0.1.0/24', 'server-subnet': '10.0.2.0/24', } for name, prefix in subnets.iteritems(): subnet = network.Subnet( name, resource_group_name=resource_group.name, virtual_network_name=vnet.name, address_prefix=prefix, ) public_ip = network.PublicIp( 'server-ip', resource_group_name=resource_group.name, location=resource_group.location, public_ip_address_allocation='Dynamic', ) nic = network.NetworkInterface('server-nic', resource_group_name=resource_group.name, location=resource_group.location, ip_configurations=[{ 'name': 'ipconfig1', 'subnet_id': subnet.id, 'private_ip_address_allocation': 'Dynamic', 'public_ip_address_id': public_ip.id,