add project evidence output

README.md

@@ -1,4 +1,4 @@
-# Azure Infrastructure Operations Project: Deploying a scalable IaaS web server in Azure
+# Azure Infrastructure Operations Project: Deploying a scalable IaaS Web Server in Azure
 # Submitter: Quyet Nguyen
 
 ## Introduction
@@ -19,74 +19,50 @@ For this project, you will write a Packer template and a Terraform template to d
 
 ## Instructions
 ### 2.1. :heavy_check_mark: Navigate to your repository
-### 2.2. :heavy_check_mark: Authenticate to Azure 
+### 2.2. :heavy_check_mark: Authenticate to Azure the open Azure portal Bash Cloud Shell to upload `project1-tagging-policy.json`
+
 ### 2.3. :heavy_check_mark: Deploy a policy
 Create the Policy Definition:
 
 ```bash
-az policy definition create --name "tagging-policy" --display-name "deny-creation-untagged-resources" --description "This policy ensures all indexed resources in your subscription have tags and deny deployment if it does not" --rules ./project1-tagging-policy.json --mode "All"
+az policy definition create --name 'tagging-policy' --display-name 'deny-creation-untagged-resources' --description 'This policy ensures all indexed resources in your subscription have tags and deny deployment if they do not' --rules ./project1-tagging-policy.json  --mode All
 ```
 
 ### 2.4. :heavy_check_mark: Create the Policy Assignment
 ```bash
-az policy assignment create --name 'tagging-policy' --display-name "deny-creation-untagged-resources" --policy tagging-policy
+az policy assignment create --name 'tagging-policy' --display-name 'deny-creation-untagged-resources' --policy tagging-policy
 ```
 
 ### 2.5. :heavy_check_mark: List the policy assignments to verify
 
 ```bash
 az policy assignment list
 ```
+![alt text](images\azpolicyassignmentlist.png)
 
 ### 2.6. :heavy_check_mark: Create a Server Image with Packer
-Get your azure variables
-
-✔️ Get Subscription ID
-- Login into your azure account
-- Search and click "Subscriptions"
-- Select whichever subscriptions are needed
-- Click on the overview
-- Copy the Subscription Id
-
-✔️ Get Client ID
-- Login into your azure account
-- Search and click "Azure Active Directory"
-- Click "App registrations" under the Manage tab
-- Click the application that you own
-- Copy the client ID
-
-✔️ Get Client Secret
-- Login into your azure account
-- Search and click "Azure Active Directory"
-- Click "App registrations" under the Manage tab
-- Click the application that you own
-- Click the "Certificates & Secrets" under the Manage tab
-- Create a client secret as you need.
-
-Fill in variables section in the server.json file:
-
-`"variables": {
-   "client_id": "",
-   "client_secret": "",
-   "subscription_id": "" 
- }
-`
-
-Create image
+
+✔️ Open Azure portal Bash Cloud Shell then upload  `server.json`
+
+
+✔️ Create a Server Image using below packer command
 
 ```bash 
 packer build server.json
 ```
+![alt text](images\packagebuildsuccess.png)
 
-
-View Images
+✔️ View Images
 
 ```bash 
 az image list
 ```
+![alt text](images\azureimagelist.png)
 
 ### 2.7. :heavy_check_mark: Create the infrastructure with Terraform Template
 
+Go to folder `cd project1-IaC/`
+
 Our Terraform template will allow us to reliably create, update, and destroy our infrastructure
 
 Customize vars.tf
@@ -121,18 +97,29 @@ terraform init
 terraform plan -out solution.plan
 ```
 
+![alt text](images\terraform_solution_plan.png)
+
 3. Deploy the infrastructure plan
 
 ```bash  
 terraform apply "solution.plan"
 ```
 
+![alt text](images\terraform_apply_solution.png)
+
 4. View infrastructure
 
 ```bash  
 terraform show
 ```
 
+![alt text](images\terraform_show.png)
+
+
+Azure Portal Azuredevops resource created by terraform
+✔️ View in Azure Portal
+![alt text](images\azureportaloutput.png)
+
 
 5. Destroy infrastructure (when completed)
 
@@ -143,7 +130,7 @@ terraform destroy
 6. Delete images(when completed)
 
 ```bash 
-az image delete -g udacity-thoanvtt-project-1-rg -n myPackerImage
+az image delete -g Azuredevops -n MyPackerImage
 ```
 
 

main.tf

@@ -1,47 +1,35 @@
+# Configure the Azure Provider
 provider "azurerm" {
   features {}
 }
 
 resource "azurerm_resource_group" "main" {
-  name     = "${var.prefix}-rg"
+  name     = "Azuredevops"
   location = var.location
-  tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
-  }
 }
-resource "azurerm_virtual_network" "main" {
-  name                = "${var.prefix}-nw"
-  address_space       = ["10.0.0.0/16"]
-  location            = azurerm_resource_group.main.location
-  resource_group_name = azurerm_resource_group.main.name
+
+# Create a availabity set for virtual machines
+resource "azurerm_availability_set" "main" {
+  name                        = "${var.prefix}-aset"
+  location                    = azurerm_resource_group.main.location
+  resource_group_name         = azurerm_resource_group.main.name
+  platform_fault_domain_count = 2
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
 }
 
+# Create a network security group
 resource "azurerm_network_security_group" "main" {
   name                = "${var.prefix}-nsg"
   location            = azurerm_resource_group.main.location
   resource_group_name = azurerm_resource_group.main.name
-
-  security_rule {
-    name                       = "AllowOutboundSameSubnetVms"
-    priority                   = 100
-    direction                  = "Outbound"
-    access                     = "Allow"
-    protocol                   = "*"
-    source_port_range          = "*"
-    destination_port_range     = "*"
-    source_address_prefix      = "VirtualNetwork"
-    destination_address_prefix = "VirtualNetwork"
-  }
 
   security_rule {
-    name                       = "AllowInboundSameSubnetVms"
-    priority                   = 110
+    name                       = "AllowVnetInBound"
+    description                = "Allow access to other VMs on the subnet"
+    priority                   = 101
     direction                  = "Inbound"
     access                     = "Allow"
     protocol                   = "*"
@@ -52,73 +40,35 @@ resource "azurerm_network_security_group" "main" {
   }
 
   security_rule {
-    name                       = "DenyInboundInternet"
-    priority                   = 120
+    name                       = "DenyInternetInBound"
+    description                = "Deny all inbound traffic outside of the vnet from the Internet"
+    priority                   = 100
     direction                  = "Inbound"
     access                     = "Deny"
     protocol                   = "*"
     source_port_range          = "*"
     destination_port_range     = "*"
     source_address_prefix      = "Internet"
-    destination_address_prefix = "*"
+    destination_address_prefix = "VirtualNetwork"
   }
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
 }
 
-resource "azurerm_subnet" "main" {
-  name                 = "${var.prefix}-subnet1"
-  resource_group_name  = azurerm_resource_group.main.name
-  virtual_network_name = azurerm_virtual_network.main.name
-  address_prefixes     = ["10.0.1.0/24"]
-}
-
-resource "azurerm_network_interface" "main" {
-  count               = var.number_of_vms
-  name                = "${var.prefix}-nic-${count.index}"
+resource "azurerm_public_ip" "main" {
+  name                = "${var.prefix}-publicIp"
   resource_group_name = azurerm_resource_group.main.name
   location            = azurerm_resource_group.main.location
-
-  ip_configuration {
-    name                          = "main"
-    subnet_id                     = azurerm_subnet.main.id
-    private_ip_address_allocation = "Dynamic"
-  }
-
-  tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
-  }
-}
-
-resource "azurerm_linux_virtual_machine" "main" {
-  count                           = var.number_of_vms
-  name                            = "${var.prefix}-vm-${count.index}"
-  resource_group_name             = azurerm_resource_group.main.name
-  location                        = azurerm_resource_group.main.location
-  size                            = "Standard_D2s_v3"
-  admin_username                  = var.username
-  admin_password                  = var.password
-  source_image_id                 = var.packer_image
-  disable_password_authentication = false
-  network_interface_ids = [
-    element(azurerm_network_interface.main.*.id, count.index)
-  ]
-
-  os_disk {
-    storage_account_type = "Standard_LRS"
-    caching              = "ReadWrite"
-  }
+  allocation_method   = "Static"
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
 }
 
+# create a load balancer
 resource "azurerm_lb" "main" {
   name                = "${var.prefix}-lb"
   location            = azurerm_resource_group.main.location
@@ -130,41 +80,88 @@ resource "azurerm_lb" "main" {
   }
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
 }
 
 resource "azurerm_lb_backend_address_pool" "main" {
-  resource_group_name = azurerm_resource_group.main.name
   loadbalancer_id     = azurerm_lb.main.id
   name                = "BackEndAddressPool"
 }
 
-resource "azurerm_public_ip" "main" {
-  name                = "${var.prefix}-ip"
-  resource_group_name = azurerm_resource_group.main.name
+# Create a virtual network within the resource group
+resource "azurerm_virtual_network" "main" {
+  name                = "${var.prefix}-network"
+  address_space       = ["10.0.0.0/16"]
   location            = azurerm_resource_group.main.location
-  allocation_method   = "Static"
+  resource_group_name = azurerm_resource_group.main.name
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
 }
 
-resource "azurerm_availability_set" "main" {
-  name                = "${var.prefix}-as"
-  location            = azurerm_resource_group.main.location
+resource "azurerm_subnet" "main" {
+  name                 = "${var.prefix}-subnet"
+  resource_group_name  = azurerm_resource_group.main.name
+  virtual_network_name = azurerm_virtual_network.main.name
+  address_prefixes     = ["10.0.0.0/24"]
+}
+
+resource "azurerm_network_interface" "main" {
+  count = var.vm_count
+
+  name                = "${var.prefix}-nic-${var.server_names[count.index]}"
   resource_group_name = azurerm_resource_group.main.name
-  managed             = true
+  location            = azurerm_resource_group.main.location
+
+  ip_configuration {
+    name                          = "testConfiguration"
+    subnet_id                     = azurerm_subnet.main.id
+    private_ip_address_allocation = "Dynamic"
+  }
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
 }
 
+resource "azurerm_network_interface_backend_address_pool_association" "main" {
+  count = var.vm_count
+
+  network_interface_id    = azurerm_network_interface.main[count.index].id
+  ip_configuration_name   = "testConfiguration"
+  backend_address_pool_id = azurerm_lb_backend_address_pool.main.id
+}
+
+resource "azurerm_linux_virtual_machine" "main" {
+  count = var.vm_count
+
+  name                            = "${var.prefix}-vm-${var.server_names[count.index]}"
+  resource_group_name             = azurerm_resource_group.main.name
+  location                        = azurerm_resource_group.main.location
+  size                            = "Standard_D2s_v3"
+  admin_username                  = var.username
+  admin_password                  = var.password
+  disable_password_authentication = false
+  network_interface_ids = [
+    azurerm_network_interface.main[count.index].id
+  ]
+  availability_set_id = azurerm_availability_set.main.id
+  source_image_id     = var.packerImageId
+
+
+  os_disk {
+    storage_account_type = "Standard_LRS"
+    caching              = "ReadWrite"
+  }
+
+  tags = {
+    project_name = var.project_name    
+  }
+}
+
+# create managed disk for virtual machine
 resource "azurerm_managed_disk" "main" {
   name                 = "${var.prefix}-md"
   location             = azurerm_resource_group.main.location
@@ -174,7 +171,6 @@ resource "azurerm_managed_disk" "main" {
   disk_size_gb         = "1"
 
   tags = {
-    project_name = "Project1-InfraAsCode"
-    stage        = "Submission"
+    project_name = var.project_name
   }
-}
+}