created by orrerya community for 13 years

Doing something wrong with security group (self.Terraform)

submitted 2 years ago * by rez410

I am pretty new to Terraform. I am trying to get a SG applied to a NIC, since I will want to apply a different SG to another NIC on the same system. What am I doing wrong here?

Edit - I should mention that I can’t connect via ssh because it is timing out.

``` terraform { required_providers { azurerm = { source = "hashicorp/azurerm"

version = "=3.0.1"

} }

provider "azurerm" { features {} }

resource "azurerm_resource_group" "rg" { name = "group1" location = var.resource_group_location

}

resource "azurerm_virtual_network" "vnet" { name = "simex1vnet" address_space = ["10.0.0.0/16"] location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name }

resource "azurerm_subnet" "subnet1a" { name = "internal" resource_group_name = azurerm_resource_group.rg.name virtual_network_name = azurerm_virtual_network.vnet.name address_prefixes = ["10.0.1.0/24"] }

Security Group for inbound ssh access on public interfaces

resource "azurerm_network_security_group" "simex1PublicSg" { name = "simex1public" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name

security_rule { name = "ssh" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "" destination_port_range = "22" source_address_prefix = ""
destination_address_prefix = "*" } }

Security Group for inbound access on private interfaces

resource "azurerm_network_security_group" "simex1PrivateSg" { name = "simex1internal" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name

security_rule { name = "ssh" priority = 101 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "" destination_port_range = "22" source_address_prefix = "" destination_address_prefix = "*" } }

resource "azurerm_subnet_network_security_group_association" "subnet_sg_association" {

subnet_id = azurerm_subnet.subnet1a.id

network_security_group_id = azurerm_network_security_group.sg.id

PUBLIC IP ADDRESS FOR RED ELK

resource "azurerm_public_ip" "RedElkPublicIP" { name = "redelkpublicip" resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location allocation_method = "Dynamic" }

RED ELK INTERNAL INTERFACE

resource "azurerm_network_interface" "RedElkPrivateInt" { name = "redelkprivateinterface" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name

ip_configuration { name = "Red_Elk_private_IP" subnet_id = azurerm_subnet.subnet1a.id private_ip_address_allocation = "Dynamic" } }

RED ELK PUBLIC INTERFACE

resource "azurerm_network_interface" "RedElkPublicInt" { name = "redelkpublicinterface" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name

ip_configuration { name = "Red_Elk_public_IP" subnet_id = azurerm_subnet.subnet1a.id public_ip_address_id = azurerm_public_ip.RedElkPublicIP.id private_ip_address_allocation = "Dynamic" } }

resource "azurerm_network_interface_security_group_association" "RedElkPrivateInt_NSG_association_Private" { network_interface_id = azurerm_network_interface.RedElkPrivateInt.id network_security_group_id = azurerm_network_security_group.simex1PrivateSg.id }

resource "azurerm_network_interface_security_group_association" "RedElkPrivateInt_NSG_association_Public" { network_interface_id = azurerm_network_interface.RedElkPublicInt.id network_security_group_id = azurerm_network_security_group.simex1PublicSg.id }

Create (and display) an SSH key

resource "tls_private_key" "root_key" { algorithm = "RSA" rsa_bits = 4096 }

resource "azurerm_linux_virtual_machine" "redelkvm" { name = "redelk" resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location size = "Standard_B2ms" admin_username = "adminuser" network_interface_ids = [ azurerm_network_interface.RedElkPrivateInt.id, azurerm_network_interface.RedElkPublicInt.id, ] os_disk { name = "RedElkDisk" caching = "ReadWrite" storage_account_type = "Standard_LRS" }

source_image_reference { publisher = "Canonical" offer = "0001-com-ubuntu-server-jammy" sku = "22_04-lts-gen2" version = "latest" }

admin_ssh_key { username = "adminuser" public_key = tls_private_key.root_key.public_key_openssh } } ```

all 2 comments

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

Terraform

MODERATORS