= Terraform, conditionals, state and VM == azure public ip * public IP = external access to resources * SND * Estáticas/Dinámicas * Acceso a recursos resource "azurerm_network_interface" "web_server_nic" { name = "${var.web_server_name}-nic" location = "${var.web_server_location}" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" ip_configuration { name = "${var.web_server_name}-ip" subnet_id = "${azurerm_subnet.web_server_subnet.id}" private_ip_address_allocation = "dynamic" public_ip_address_id = "${azurerm_public_ip.web_server_public_ip.id}" } } resource "azurerm_public_ip" "web_server_public_ip" { name = "${var.web_server_name}-public-ip" location = "${var.web_server_location}" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" public_ip_address_allocation = "dynamic" } == conditionals "web_server_location" = "westus2" "web_server_rg" = "web-rg" "resource_prefix" = "web-server" "web_server_address_space" = "1.0.0.0/22" "web_server_address_prefix" = "1.0.1.0/24" "web_server_name" = "web-01" "environment" = "production" variable "environment" {} resource "azurerm_public_ip" "web_server_public_ip" { name = "${var.web_server_name}-public-ip" location = "${var.web_server_location}" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" public_ip_address_allocation = "${var.environment == "production" ? "static" : "dynamic" }" } == azure Network Security Group * traffic control * like firewall * default rules * own rules * scope (network, subnets, resources) resource "azurerm_network_interface" "web_server_nic" { name = "${var.web_server_name}-nic" location = "${var.web_server_location}" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" network_security_group_id = "${azurerm_network_security_group.web_server_nsg.id}" ip_configuration { name = "${var.web_server_name}-ip" subnet_id = "${azurerm_subnet.web_server_subnet.id}" private_ip_address_allocation = "dynamic" public_ip_address_id = "${azurerm_public_ip.web_server_public_ip.id}" } } resource "azurerm_network_security_rule" "web_server_nsg_rule_rdp" { name = "RDP Inbound" priority = 100 direction = "Inbound" access = "Allow" protocol = "TCP" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" destination_address_prefix = "*" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" network_security_group_name = "${azurerm_network_security_group.web_server_nsg.name}" } == azure Terraform state * track and map deployed resources * **terraform.tfstate**, **terraform.tfstate.backup** * metadata * stored locally o remotely (to be shared, more security) * sensitive data! * don't edit this file, IMPORT * [[https://resources.azure.com|Azure Resource Explorer]] == azure Market Place Images * como obtener datos de las VM * desde el template, en un RG en el que ya tenemos desplegada una máquina * ''az vm image list-publishers -l -o table'' * ''az vm image list-offers -l -p MicrosoftWindowsServer -o table'' * **MicrosoftWindowsServer** lo hemos sacado del comando anterior * ''az vm image list-skus -l -p MicrosoftWindowsServer -f WindowsServer -o Table'' * **WindowsServer** lo hemos sacado del listado anterior * esto nos devuelve un listado con las versiones específicas == azure Hardware Models * [[https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-general]] * [[https://azure.microsoft.com/en-us/pricing/calculator/]] * ''az vm list-sizes -l -o table'' == Azure Virtual Machine * Hardware model * Image * Networking * Disks * Availability and Scale Sets * resource "azurerm_virtual_machine" "vm" { name = "${var.web_server_name}-vm" location = "${var.web_server_location}" resource_group_name = "${azurerm_resource_group.web_server_rg.name}" network_interface_ids = ["${azurerm_network_interface.web_server_nic.id}"] vm_size = "Standard_B1s" storage_image_reference { publisher = "MicrosoftWindowsServer" offer = "WindowsServer" sku = "2016-Datacenter-Server-Core-smalldisk" version = "latest" } storage_os_disk { name = "${var.web_server_name}-osdisk" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${var.web_server_name}-os" admin_username = "webserver" admin_password = "password" } os_profile_windows_config { } }