Terraform configuration to build a Zero-trust network

Terraform configuration to build a Zero-trust network for web applications in Azure MS, with Azure Firewall and application gateways:

Terraform

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "zerotrust" {
  name     = "zerotrust-rg"
  location = "westus"
}

resource "azurerm_virtual_network" "app-vnet" {
  name     = "app-vnet"
  location = azurerm_resource_group.zerotrust.location
  address_prefixes = ["10.0.0.0/16"]

  subnet {
    name         = "app-subnet"
    address_prefix = "10.0.1.0/24"
  }
}

resource "azurerm_application_gateway" "app-gw" {
  name     = "app-gw"
  location = azurerm_resource_group.zerotrust.location
  capacity = 2

  frontend_port {
    name     = "http"
    port     = 80
    protocol = "Http"
  }

  frontend_port {
    name     = "https"
    port     = 443
    protocol = "Https"
  }

  backend_address_pool {
    name = "app-backend-pool"
  }

  frontend_ip_configuration {
    name   = "app-frontend-ip"
    public_ip_address_id = null
  }

  listener {
    name                 = "http-listener"
    protocol             = "Http"
    frontend_port_name   = "http"
    frontend_ip_config_name = "app-frontend-ip"
  }

  listener {
    name                 = "https-listener"
    protocol             = "Https"
    frontend_port_name   = "https"
    frontend_ip_config_name = "app-frontend-ip"
  }

  request_routing_rule {
    name         = "app-http-rule"
    listener_name = "http-listener"
    backend_address_pool_name = "app-backend-pool"
    backend_http_setting_name = "app-http-setting"
  }

  request_routing_rule {
    name         = "app-https-rule"
    listener_name = "https-listener"
    backend_address_pool_name = "app-backend-pool"
    backend_http_setting_name = "app-https-setting"
  }

  backend_http_setting {
    name         = "app-http-setting"
    idle_timeout_in_minutes = 10

    path_rule {
      name         = "app-rule"
      path_patterns = ["/*"]
      backend_pool_name = "app-backend-pool"
      backend_http_setting_name = "app-http-setting"
    }
  }

  backend_http_setting {
    name         = "app-https-setting"
    idle_timeout_in_minutes = 10

    path_rule {
      name         = "app-rule"
      path_patterns = ["/*"]
      backend_pool_name = "app-backend-pool"
      backend_http_setting_name = "app-https-setting"
    }
  }

  probe {
    name        = "app-probe"
    path        = "/"
    interval_in_seconds = 30
    threshold = 3
  }

  health_monitor {
    name     = "app-monitor"
    probe_name = "app-probe"
  }
}

YAML

---
- name: Provision whitelist configuration
  hosts: all
  become: true
  tasks:
    - name: Get whitelist data from database
      uri:
        url: "https://database

OBS: 

Disclaimer

This Terraform and Ansible code is provided for informational purposes only and should not be considered production-ready. Running this code may have unintended consequences and could potentially compromise your Azure environment.

By using this code, you assume all risk and responsibility for any damages or losses that may occur. It is highly recommended to thoroughly understand the code and modify it to fit your specific needs and security requirements before deploying it in a production environment.

Additionally, always consult with qualified Azure and security professionals before implementing any changes in your environment.

Source Code:

 https://github.com/iNarendraK/terraform-nov-2022_new 

Building a Vagrant Box: From Scratch to Sharing

Building a Vagrant Box: From Scratch to Sharing

Vagrant streamlines the creation and management of virtual machines, making it a valuable tool for IT engineers. This guide walks you through building a customized Vagrant box, step-by-step, from creating the virtual machine to sharing it with others.

Prerequisites:

• Vagrant: Download and install Vagrant from the official website https://developer.hashicorp.com/vagrant/install.
• VirtualBox: Download and install a virtualization software like VirtualBox https://www.virtualbox.org/wiki/Downloads.
• Basic Linux knowledge: Familiarity with the command line and basic Linux administration tasks is recommended.

Step 1: Setting Up the Virtual Machine

1. Create a new virtual machine: Open VirtualBox and click "New." Choose the desired operating system (e.g., Ubuntu) and version. Allocate memory (e.g., 2048 MB) and storage space (e.g., 40 GB) for the virtual machine.

2. Configure shared folder: Right-click on the newly created VM and select "Settings > Shared Folders." Add a shared folder, specifying the host path (e.g., your project directory) and the guest path (e.g., /vagrant).

Step 2: Provisioning the Virtual Machine with Vagrant

1. Initialize Vagrant: In your project directory (containing the shared folder), open a terminal and run vagrant init to initialize a Vagrantfile.

2. Configure the Vagrantfile: Open the Vagrantfile in a text editor and customize the following sections:

Ruby

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

# Provider configuration
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu/focal64" # Replace with the desired box name and version

  # Shared folder configuration
  config.vm.synced_folder ".", "/vagrant"

  # Update packages & install essential tools
  config.vm.provision "shell", inline: <<-SHELL
    sudo apt-get update -y
    sudo apt-get upgrade -y
    sudo apt-get install -y essential curl unzip rsync
  SHELL
end

Explanation:

• VAGRANTFILE_API_VERSION: Specifies the Vagrantfile API version.
• config.vm.box: Sets the base box image to use.
• config.vm.synced_folder: Configures the shared folder between the host and guest machines.
• config.vm.provision: Defines provisioning scripts to run inside the virtual machine.

Step 3: Building the Vagrant Box

1. Provision the VM: Run vagrant up in the terminal. This will download the base box, configure the virtual machine, and execute the provisioning scripts.

2. Install additional software: Inside the virtual machine (accessible using vagrant ssh), install any additional software you need for your specific use case.

3. Clean up the VM: Once the VM is configured, run sudo apt-get autoremove -y to remove unnecessary packages and free up disk space.

4. Package the VM: Run vagrant package to create a compressed .box file containing the customized virtual machine.

Step 4: Sharing the Vagrant Box (Optional)

1. Upload the .box file: Upload the .box file to a platform like Vagrant Cloud https://app.vagrantup.com/ or your private repository.

2. Share the Vagrantfile: Share the Vagrantfile along with the .box file for others to easily provision the virtual machine.

Congratulations! You've successfully built and packaged a customized Vagrant box, ready to be used for your development or testing needs. 

By following these steps and customizing the configurations, you can create Vagrant boxes tailored to your specific requirements.