updated rg prefixes and removed commented lines

Azure · Aug 28, 2023 · 4f1a6c1 · 4f1a6c1
1 parent 39f24e4
commit 4f1a6c1
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 52 deletions.
diff --git a/quickstart/101-azfw-with-fwpolicy/main.tf b/quickstart/101-azfw-with-fwpolicy/main.tf
@@ -1,18 +1,19 @@
+resource "random_pet" "rg-name" {
+  prefix = var.resource_group_name_prefix
+}
 
-// Create a Resource Group
 resource "azurerm_resource_group" "rg" {
-  name     = "azfw-rg"
+  name     = random_pet.rg-name.id
   location = var.resource_group_location
 }
-// Create a Virtual Network
+
 resource "azurerm_virtual_network" "azfw_vnet" {
   name                = "azfw-vnet"
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
   address_space       = ["10.10.0.0/24"]
 }
 
-// Create IP Groups
 resource "azurerm_ip_group" "workload_ip_group" {
   name                = "workload-ip-group"
   resource_group_name = azurerm_resource_group.rg.name
@@ -26,15 +27,13 @@ resource "azurerm_ip_group" "infra_ip_group" {
   cidrs               = ["10.40.0.0/24", "10.50.0.0/24"]
 }
 
-// Create the Azure Firewall Subnet
 resource "azurerm_subnet" "azfw_subnet" {
   name                 = "AzureFirewallSubnet"
   resource_group_name  = azurerm_resource_group.rg.name
   virtual_network_name = azurerm_virtual_network.azfw_vnet.name
   address_prefixes     = ["10.10.0.0/26"]
 }
 
-// Create a Public IP Address for Azure Firewall
 resource "azurerm_public_ip" "pip_azfw" {
   name                = "pip-azfw"
   location            = azurerm_resource_group.rg.location
@@ -43,7 +42,6 @@ resource "azurerm_public_ip" "pip_azfw" {
   sku                 = "Standard"
 }
 
-// Create a Azure Firewall Policy
 resource "azurerm_firewall_policy" "azfw_policy" {
   name                     = "azfw-policy"
   resource_group_name      = azurerm_resource_group.rg.name
@@ -52,9 +50,6 @@ resource "azurerm_firewall_policy" "azfw_policy" {
   threat_intelligence_mode = "Alert"
 }
 
-// Create a Network Rule Collection Group
-// Create a Network Rule Collection
-// Create rules for NTP
 resource "azurerm_firewall_policy_rule_collection_group" "net_policy_rule_collection_group" {
   name               = "DefaultNetworkRuleCollectionGroup"
   firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
@@ -73,10 +68,6 @@ resource "azurerm_firewall_policy_rule_collection_group" "net_policy_rule_collec
   }
 }
 
-// Create a Azure Firewall Policy Rule Collection Group
-// Create a Application Rule Collection
-// Create rules for Windows Update
-// Create rules for Microsoft.com
 resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collection_group" {
   name               = "DefaulApplicationtRuleCollectionGroup"
   firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
@@ -114,7 +105,6 @@ resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collec
   }
 }
 
-// Create the Azure Firewall
 resource "azurerm_firewall" "fw" {
   name                = "azfw"
   location            = azurerm_resource_group.rg.location

diff --git a/quickstart/101-azfw-with-fwpolicy/outputs.tf b/quickstart/101-azfw-with-fwpolicy/outputs.tf
@@ -1,3 +1,7 @@
 output "resource_group_name" {
   value = azurerm_resource_group.rg.name
+}
+
+output "firewall_name" {
+  value = azurerm_firewall.azfw.name
 }
diff --git a/quickstart/101-azfw-with-fwpolicy/provider.tf b/quickstart/101-azfw-with-fwpolicy/provider.tf
@@ -4,6 +4,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~>3.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
   }
 }
 

diff --git a/quickstart/101-azfw-with-fwpolicy/variables.tf b/quickstart/101-azfw-with-fwpolicy/variables.tf
@@ -1,11 +1,15 @@
-// Create Variables for Location and Tags
 variable "resource_group_location" {
   type        = string
   description = "Location for all resources."
   default     = "eastus"
 }
 
-// Create Firewall Variables
+variable "resource_group_name_prefix" {
+  type = string
+  description = "Prefix for the Resource Group Name that's combined with a random id so name is unique in your Azure subcription."  
+  default = "rg"
+}
+
 variable "firewall_sku_tier" {
   type        = string
   description = "Firewall SKU."

diff --git a/quickstart/201-azfw-with-secure-hub/main.tf b/quickstart/201-azfw-with-secure-hub/main.tf
@@ -1,12 +1,12 @@
+resource "random_pet" "rg-name" {
+  prefix = var.resource_group_name_prefix
+}
 
-// Create a Resource Group
 resource "azurerm_resource_group" "rg" {
-  name     = "rg-azfw-securehub-eus"
+  name     = random_pet.rg-name.id
   location = var.resource_group_location
 }
 
-// Create resources for Azure Virtual WAN
-// Create a Azure Vwan
 resource "azurerm_virtual_wan" "azfw_vwan" {
   name                           = "vwan-azfw-securehub-eus"
   location                       = azurerm_resource_group.rg.location
@@ -15,7 +15,6 @@ resource "azurerm_virtual_wan" "azfw_vwan" {
   disable_vpn_encryption         = false
 }
 
-// Create a Azure Vwan Hub
 resource "azurerm_virtual_hub" "azfw_vwan_hub" {
   name                = "hub-azfw-securehub-eus"
   location            = azurerm_resource_group.rg.location
@@ -24,7 +23,6 @@ resource "azurerm_virtual_hub" "azfw_vwan_hub" {
   address_prefix      = "10.20.0.0/23"
 }
 
-// Create a Azure VWan Hub Connection
 resource "azurerm_virtual_hub_connection" "azfw_vwan_hub_connection" {
   name                      = "hub-to-spoke"
   virtual_hub_id            = azurerm_virtual_hub.azfw_vwan_hub.id
@@ -39,8 +37,6 @@ resource "azurerm_virtual_hub_connection" "azfw_vwan_hub_connection" {
   }
 }
 
-// Create resources for Azure Firewall 
-// Create a Public IP Address for Azure Firewall
 resource "azurerm_public_ip" "pip_azfw" {
   name                = "pip-azfw-securehub-eus"
   location            = azurerm_resource_group.rg.location
@@ -49,7 +45,6 @@ resource "azurerm_public_ip" "pip_azfw" {
   sku                 = "Standard"
 }
 
-// Create a Azure Firewall Policy
 resource "azurerm_firewall_policy" "azfw_policy" {
   name                     = "policy-azfw-securehub-eus"
   resource_group_name      = azurerm_resource_group.rg.name
@@ -58,9 +53,6 @@ resource "azurerm_firewall_policy" "azfw_policy" {
   threat_intelligence_mode = "Alert"
 }
 
-// Create a Azure Firewall Policy Rule Collection Group
-// Create a Application Rule Collection
-// Create rules for Microsoft.com
 resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collection_group" {
   name               = "DefaulApplicationtRuleCollectionGroup"
   firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
@@ -87,7 +79,6 @@ resource "azurerm_firewall_policy_rule_collection_group" "app_policy_rule_collec
   }
 }
 
-// Create the Azure Firewall
 resource "azurerm_firewall" "fw" {
   name                = "fw-azfw-securehub-eus"
   location            = azurerm_resource_group.rg.location
@@ -101,32 +92,27 @@ resource "azurerm_firewall" "fw" {
   firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
 }
 
-// Create Virtual Network, Subnets, PIP, NICs, NSGs, and NIC-NSG associations
-// Create a Virtual Network
 resource "azurerm_virtual_network" "azfw_vnet" {
   name                = "vnet-azfw-securehub-eus"
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
   address_space       = ["10.10.0.0/16"]
 }
 
-// Create a Subnet for Workload VMs
 resource "azurerm_subnet" "workload_subnet" {
   name                 = "subnet-workload"
   resource_group_name  = azurerm_resource_group.rg.name
   virtual_network_name = azurerm_virtual_network.azfw_vnet.name
   address_prefixes     = ["10.10.1.0/24"]
 }
 
-// Create a Subnet for Jump VM
 resource "azurerm_subnet" "jump_subnet" {
   name                 = "subnet-jump"
   resource_group_name  = azurerm_resource_group.rg.name
   virtual_network_name = azurerm_virtual_network.azfw_vnet.name
   address_prefixes     = ["10.10.2.0/24"]
 }
 
-// Create a NIC for Workload VM
 resource "azurerm_network_interface" "vm_workload_nic" {
   name                = "nic-workload"
   location            = azurerm_resource_group.rg.location
@@ -139,7 +125,6 @@ resource "azurerm_network_interface" "vm_workload_nic" {
   }
 }
 
-// Create a PIP for Jump VM
 resource "azurerm_public_ip" "vm_jump_pip" {
   name                = "pip-jump"
   location            = azurerm_resource_group.rg.location
@@ -148,7 +133,6 @@ resource "azurerm_public_ip" "vm_jump_pip" {
   sku                 = "Standard"
 }
 
-// Create a NIC for Jump VM
 resource "azurerm_network_interface" "vm_jump_nic" {
   name                = "nic-jump"
   location            = azurerm_resource_group.rg.location
@@ -162,14 +146,12 @@ resource "azurerm_network_interface" "vm_jump_nic" {
   }
 }
 
-// Create a NSG for Workload VM
 resource "azurerm_network_security_group" "vm_workload_nsg" {
   name                = "nsg-workload"
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
 }
 
-// Create a NSG for Jump VM
 resource "azurerm_network_security_group" "vm_jump_nsg" {
   name                = "nsg-jump"
   location            = azurerm_resource_group.rg.location
@@ -187,20 +169,16 @@ resource "azurerm_network_security_group" "vm_jump_nsg" {
   }
 }
 
-// Associate NSG for Workload VM NIC
 resource "azurerm_network_interface_security_group_association" "vm_workload_nsg_association" {
   network_interface_id      = azurerm_network_interface.vm_workload_nic.id
   network_security_group_id = azurerm_network_security_group.vm_workload_nsg.id
 }
 
-// Associate NSG for Jump VM NIC
 resource "azurerm_network_interface_security_group_association" "vm_jump_nsg_association" {
   network_interface_id      = azurerm_network_interface.vm_jump_nic.id
   network_security_group_id = azurerm_network_security_group.vm_jump_nsg.id
 }
 
-// Create Virtual Machines for testing
-// Create a Workload Virtual Machine
 resource "azurerm_windows_virtual_machine" "vm_workload" {
   name                  = "workload-vm"
   resource_group_name   = azurerm_resource_group.rg.name
@@ -221,7 +199,6 @@ resource "azurerm_windows_virtual_machine" "vm_workload" {
   }
 }
 
-// Create a Jump Virtual Machine
 resource "azurerm_windows_virtual_machine" "vm_jump" {
   name                  = "jump-vm"
   resource_group_name   = azurerm_resource_group.rg.name
@@ -242,8 +219,6 @@ resource "azurerm_windows_virtual_machine" "vm_jump" {
   }
 }
 
-// Create Routing for testing
-// Create a Route Table
 resource "azurerm_route_table" "rt" {
   name                          = "rt-azfw-securehub-eus"
   location                      = azurerm_resource_group.rg.location
@@ -256,13 +231,11 @@ resource "azurerm_route_table" "rt" {
   }
 }
 
-// Associate Route Table to Jump VM Subnet
 resource "azurerm_subnet_route_table_association" "jump_subnet_rt_association" {
   subnet_id      = azurerm_subnet.jump_subnet.id
   route_table_id = azurerm_route_table.rt.id
 }
 
-// Creat a Virtual Hub Route Table
 resource "azurerm_virtual_hub_route_table" "vhub_rt" {
   name           = "vhub-rt-azfw-securehub-eus"
   virtual_hub_id = azurerm_virtual_hub.azfw_vwan_hub.id

diff --git a/quickstart/201-azfw-with-secure-hub/variables.tf b/quickstart/201-azfw-with-secure-hub/variables.tf
@@ -1,24 +1,27 @@
-// Create Variables for Location and Tags
 variable "resource_group_location" {
   type        = string
   description = "Location for all resources."
   default     = "eastus"
 }
-// Create Firewall Variables
+
+variable "resource_group_name_prefix" {
+  type = string
+  description = "Prefix for the Resource Group Name that's combined with a random id so name is unique in your Azure subcription."  
+  default = "rg"
+}
+
 variable "firewall_sku_name" {
   type        = string
   description = "SKU name for the firewall."
   default     = "Premium" # Valid values are Standard and Premium
 }
 
-// Create Virtual Machine Sku Size Variables
 variable "virtual_machine_size" {
   type        = string
   description = "Size of the virtual machine."
   default     = "Standard_D2_v3"
 }
 
-// Create Admin Username and Password
 variable "admin_username" {
   default = "azureuser"
 }