Terraform configuration to build a Zero-trust network

Terraform configuration to build a Zero-trust network for web applications in Azure MS, with Azure Firewall and application gateways:

Terraform

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "zerotrust" {
  name     = "zerotrust-rg"
  location = "westus"
}

resource "azurerm_virtual_network" "app-vnet" {
  name     = "app-vnet"
  location = azurerm_resource_group.zerotrust.location
  address_prefixes = ["10.0.0.0/16"]

  subnet {
    name         = "app-subnet"
    address_prefix = "10.0.1.0/24"
  }
}

resource "azurerm_application_gateway" "app-gw" {
  name     = "app-gw"
  location = azurerm_resource_group.zerotrust.location
  capacity = 2

  frontend_port {
    name     = "http"
    port     = 80
    protocol = "Http"
  }

  frontend_port {
    name     = "https"
    port     = 443
    protocol = "Https"
  }

  backend_address_pool {
    name = "app-backend-pool"
  }

  frontend_ip_configuration {
    name   = "app-frontend-ip"
    public_ip_address_id = null
  }

  listener {
    name                 = "http-listener"
    protocol             = "Http"
    frontend_port_name   = "http"
    frontend_ip_config_name = "app-frontend-ip"
  }

  listener {
    name                 = "https-listener"
    protocol             = "Https"
    frontend_port_name   = "https"
    frontend_ip_config_name = "app-frontend-ip"
  }

  request_routing_rule {
    name         = "app-http-rule"
    listener_name = "http-listener"
    backend_address_pool_name = "app-backend-pool"
    backend_http_setting_name = "app-http-setting"
  }

  request_routing_rule {
    name         = "app-https-rule"
    listener_name = "https-listener"
    backend_address_pool_name = "app-backend-pool"
    backend_http_setting_name = "app-https-setting"
  }

  backend_http_setting {
    name         = "app-http-setting"
    idle_timeout_in_minutes = 10

    path_rule {
      name         = "app-rule"
      path_patterns = ["/*"]
      backend_pool_name = "app-backend-pool"
      backend_http_setting_name = "app-http-setting"
    }
  }

  backend_http_setting {
    name         = "app-https-setting"
    idle_timeout_in_minutes = 10

    path_rule {
      name         = "app-rule"
      path_patterns = ["/*"]
      backend_pool_name = "app-backend-pool"
      backend_http_setting_name = "app-https-setting"
    }
  }

  probe {
    name        = "app-probe"
    path        = "/"
    interval_in_seconds = 30
    threshold = 3
  }

  health_monitor {
    name     = "app-monitor"
    probe_name = "app-probe"
  }
}

YAML

---
- name: Provision whitelist configuration
  hosts: all
  become: true
  tasks:
    - name: Get whitelist data from database
      uri:
        url: "https://database

OBS: 

Disclaimer

This Terraform and Ansible code is provided for informational purposes only and should not be considered production-ready. Running this code may have unintended consequences and could potentially compromise your Azure environment.

By using this code, you assume all risk and responsibility for any damages or losses that may occur. It is highly recommended to thoroughly understand the code and modify it to fit your specific needs and security requirements before deploying it in a production environment.

Additionally, always consult with qualified Azure and security professionals before implementing any changes in your environment.

Source Code:

 https://github.com/iNarendraK/terraform-nov-2022_new 

List of the best Terraform infrastructure as Code Books, based on Readers feedback.

Based on readers’ feedback, here are some of the best books on Terraform Infrastructure as Code:

• Continuous Delivery with Jenkins, Kubernetes, and Terraform: by Mohamed Labouardy. This book is a practical guide to automating your development pipeline in a cloud-native, service-driven world. It covers topics like the basics of Terraform and Jenkins, how to use Jenkins for code-driven CI/CD pipelines, and mastering the usage of Terraform for code-based infrastructure management.

• Terraform: Up & Running: Writing Infrastructure as Code by Yevgeniy (Jim) Brikman. This hands-on book shows you how to get up and running with Terraform fast. It covers topics like manual and automated testing for Terraform code, comparing Terraform to Chef, Puppet, Ansible, CloudFormation, and Salt Stack, and deploying server clusters, load balancers, and databases. It also important to mention here, this book is at 3rd edition already.

• Terraform in Action: This book is also highly recommended by readers.

• Getting Started with Terraform: Manage Production Infrastructure as a Code. This book is a great starting point for beginners.

• Terraform Cookbook: Efficiently define, launch, and manage Infrastructure as Code across various cloud platforms. This book is ideal for those who are new to Terraform and want to learn more about it.

Please, bear in mind that the availability of these books may vary. I recommend checking them out on your preferred book retailer or library.

1 - Here I can leave you guys with some more learning/Reading resources - GitHub - shuaibiyy/awesome-terraform: Curated list of resources on HashiCorp's Terraform

2 - Hashicorp Terraform source documentation - https://developer.hashicorp.com/terraform/docs 

3 - Master Terraform: A cheat sheet for infrastructure automation - https://www.architect.io/blog/2023-02-02/terraform-cheat-sheet/ 

Mastering Docker Minified Systems: A Step-by-Step Guide with Real Use Cases

Introduction

Docker is a powerful platform for developing, shipping, and running applications. Minified Docker systems are optimized for size and efficiency, making them ideal for production environments where resources are at a premium.

Step 1: Understanding Docker Basics

Before diving into minified systems, ensure you have a solid understanding of Docker concepts like images, containers, volumes, and networks.

Key Commands:

docker pull [image_name] # Download an image from Docker Hub
docker run -d --name [container_name] [image_name] # Run a container in detached mode

Step 2: Creating a Minified Dockerfile

A minified Dockerfile contains only the essential layers needed to run your application.

Example Dockerfile:

FROM alpine:latest
RUN apk add --no-cache python3 py3-pip
COPY . /app
WORKDIR /app
RUN pip install -r requirements.txt
CMD ["python3", "app.py"]

Step 3: Building and Running Your Minified Container

Build your image with the Docker build command, tagging it appropriately.

Build Command:

docker build -t my-minified-app .

Step 4: Optimizing Your Image

Use multi-stage builds to reduce size and remove unnecessary build dependencies.

Multi-Stage Dockerfile:

# Build stage
FROM python:3.8-slim as builder
COPY requirements.txt .
RUN pip install --user -r requirements.txt
# Final stage
FROM python:3.8-alpine
COPY --from=builder /root/.local /root/.local
COPY . .
CMD ["python", "./app.py"]

Step 5: Managing Data and State

For stateful applications, use volumes to persist data.

Volume Command:

docker volume create my_volume
docker run -d -v my_volume:/data my-minified-app

Step 6: Networking and Communication

Link containers and enable communication between them using Docker networks.

Network Commands:

docker network create my_network
docker run -d --net=my_network my-minified-app

Step 7: Deploying to Production

Deploy your containerized application using orchestration tools like Docker Swarm or Kubernetes.

Step 8: Monitoring and Maintenance

Monitor your containers and systems using tools like Docker stats, cAdvisor, or Prometheus.

Conclusion

Mastering Docker minified systems involves understanding Docker fundamentals, optimizing Dockerfiles, managing data, and deploying efficiently.

Further Learning

• Docker Official Documentation: docs.docker.com
• Dockerfile Best Practices: Dockerfile Best Practices
• Docker Networking: Docker Networking

Remember, practice makes perfect. Start small, iterate, and gradually incorporate these practices into larger projects.

OBs:

[ Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. 

With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production.

Certainly! Here’s an extensive guide titled “Mastering Docker Minified Systems: A Step-by-Step Guide with Real Use Cases.” ]

---

This guide provides a foundational understanding of working with minified Docker systems. For more in-depth learning, refer to the provided links and continue exploring real-world use cases. Happy Dockering!

Terraform Availability Zone on Azure Deployment. Documentation and Good Examples Missing..

While learning Terraform some time back, I wanted to leverage Availability Zones in Azure. I was specifically looking at Virtual Machine Scale Sets.  https://www.terraform.io/docs/providers/azurerm/r/virtual_machine_scale_set.html 

Looking at the documentation Terraform has, I noticed there is no good example on using zones. So, I tried a few things to see what was really needed for that field. While doing some research, I noticed there are many people in the same situation. No good examples. I figured I'd create this post to help anyone else. And, of course, it's a good reminder for me too if I forget the syntax on how I did this.

Here's a very simple Terraform file. I just created a new folder then a new file called zones.tf. Here's the contents:

variable "location" {
description = "The location where resources will be created"
default = "centralus"
type = string
}

locals {
regions_with_availability_zones = ["centralus","eastus2","eastus","westus"]
zones = contains(local.regions_with_availability_zones, var.location) ? list("1","2","3") : null
}

output "zones" {
value = local.zones
}

The variable 'location' is allowed to be changed from outside the script. But, I used 'locals' for variables I didn't want to be changed from outside. I hard coded a list of Azure regions that have availability zones. Right now it's just a list of regions in the United States. Of course, this is easily modifiable to add other regions.

The 'zones' local variable uses the contains function to see if the specified region is in that array. If so, then the value is a list of strings. Else it's null. This is important. The zones field in Azure resources required either a list of strings or null. An empty list didn't work for me.

As it is right now, you can run the Terraform Apply command and you should see some output. Changing the value of the location variable to something not in the list and you may not see output at all simply because the value is null.

Now, looking at a partial example from the Terraform documentation:

resource "azurerm_virtual_machine_scale_set" "example" { name = "mytestscaleset-1" location = var.location resource_group_name = "${azurerm_resource_group.example.name}" upgrade_policy_mode = "Manual" zones = local.zones

Now the zones field can be used safely when the value is either a list of strings or null. After I ran the complete Terraform script for VM Scale Set, I went to the Azure Portal to verify it worked.

I also changed the specified region to one that I know does not use Availability Zones, South Central US.

This proved to me that I can use a region with and without availability zones in the same Terraform script.

For a list of Azure regions with Availability Zones, see:
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview