Facebook

Re: Untitled safest cryptocurrency exchange

From Amit Baranes, 4 Years ago, written in Plain Text.
This paste is a reply to Untitled from Amit Baranes - view diff
URL https://pastebin.pl/view/aba5a14a
Embed
Download Paste or View Raw
Hits: 1080
  1. provider "azurerm" {
  2. version = "=2.25.0"
  3. features {}
  4. }
  5.  
  6. data "azurerm_client_config" "current" {}
  7.  
  8. resource "tls_private_key" "example_ssh" {
  9. algorithm = "RSA"
  10. rsa_bits = 4096
  11. }
  12.  
  13. output "tls_private_key" { value = "tls_private_key.example_ssh.private_key_pem" }
  14.  
  15. resource "azurerm_resource_group" "example" {
  16. name = "Encrypt-resources"
  17. location = "North Europe"
  18. }
  19.  
  20. resource "azurerm_virtual_network" "example" {
  21. name = "Encrypt-network"
  22. address_space = ["10.0.0.0/16"]
  23. location = "${azurerm_resource_group.example.location}"
  24. resource_group_name = "${azurerm_resource_group.example.name}"
  25. }
  26.  
  27. resource "azurerm_subnet" "internal" {
  28. name = "internal"
  29. resource_group_name = "${azurerm_resource_group.example.name}"
  30. virtual_network_name = "${azurerm_virtual_network.example.name}"
  31. address_prefix = "10.0.2.0/24"
  32. }
  33.  
  34. resource "azurerm_network_interface" "example" {
  35. name = "Encrypt-nic"
  36. location = "${azurerm_resource_group.example.location}"
  37. resource_group_name = "${azurerm_resource_group.example.name}"
  38.  
  39. ip_configuration {
  40. name = "testconfiguration1"
  41. subnet_id = "${azurerm_subnet.internal.id}"
  42. private_ip_address_allocation = "Dynamic"
  43. }
  44. }
  45.  
  46. resource "azurerm_key_vault" "example" {
  47. name = "TF-keyvault-omersh"
  48. location = "${azurerm_resource_group.example.location}"
  49. resource_group_name = "${azurerm_resource_group.example.name}"
  50. tenant_id = "${data.azurerm_client_config.current.tenant_id}"
  51. soft_delete_enabled = true
  52. enabled_for_disk_encryption = true
  53. purge_protection_enabled = true
  54. enabled_for_deployment = true
  55. sku_name = "premium"
  56.  
  57.  
  58.  
  59.   # Access Policy for Terraform User
  60.   access_policy {
  61.   tenant_id = data.azurerm_client_config.current.tenant_id
  62.   object_id = data.azurerm_client_config.current.object_id
  63.  
  64.     key_permissions = [
  65.       "Get",
  66.       "List",
  67.       "Update",
  68.       "Create",
  69.       "Import",
  70.       "Delete",
  71.       "Recover",
  72.       "Backup",
  73.       "Restore"
  74.     ]
  75.  
  76.     secret_permissions = [
  77.       "Get",
  78.       "List",
  79.       "Set",
  80.       "Delete",
  81.       "Recover",
  82.       "Backup",
  83.       "Restore"
  84.     ]
  85.  
  86.     certificate_permissions = [
  87.       "Get",
  88.       "List",
  89.       "Update",
  90.       "Create",
  91.       "Import",
  92.       "Delete",
  93.       "Recover",
  94.       "Backup",
  95.       "Restore",
  96.       "ManageContacts",
  97.       "ManageIssuers",
  98.       "GetIssuers",
  99.       "ListIssuers",
  100.       "SetIssuers",
  101.       "DeleteIssuers"
  102.     ]
  103.   }
  104.  
  105.  
  106. }
  107.  
  108. resource "azurerm_key_vault_key" "example" {
  109. name = "TF-key-omersh"
  110. key_vault_id = "${azurerm_key_vault.example.id}"
  111. key_type = "RSA"
  112. key_size = 2048
  113.  
  114. key_opts = [
  115. "decrypt",
  116. "encrypt",
  117. "sign",
  118. "unwrapKey",
  119. "verify",
  120. "wrapKey",
  121. ]
  122. }
  123.  
  124.  
  125. resource "azurerm_disk_encryption_set" "example" {
  126. name = "example-set"
  127. resource_group_name = "${azurerm_resource_group.example.name}"
  128. location = "${azurerm_resource_group.example.location}"
  129. key_vault_key_id = "${azurerm_key_vault_key.example.id}"
  130.  
  131. identity {
  132. type = "SystemAssigned"
  133. }
  134. }
  135. resource "azurerm_key_vault_access_policy" "disk-encryption" {
  136. key_vault_id = "${azurerm_key_vault.example.id}"
  137.  
  138. tenant_id = azurerm_disk_encryption_set.example.identity.0.tenant_id
  139. object_id = azurerm_disk_encryption_set.example.identity.0.principal_id
  140. key_permissions = [
  141. "create",
  142. "get",
  143. "list",
  144. "wrapkey",
  145. "unwrapkey",
  146. ]
  147. secret_permissions = [
  148. "get",
  149. "list",
  150. ]
  151.     storage_permissions = [
  152.       "get",
  153.     ]
  154. }
  155.  
  156. resource "azurerm_role_assignment" "disk-encryption-read-keyvault" {
  157. scope = "${azurerm_key_vault.example.id}"
  158. role_definition_name = "Reader"
  159. principal_id = "${azurerm_disk_encryption_set.example.identity.0.principal_id}"
  160. }
  161.  
  162.  
  163.  
  164.  
  165. resource "azurerm_linux_virtual_machine" "example" {
  166. name = "example-vm"
  167. resource_group_name = "${azurerm_resource_group.example.name}"
  168. location = "${azurerm_resource_group.example.location}"
  169. size = "Standard_F2"
  170. admin_username = "adminuser"
  171. disable_password_authentication = true
  172. network_interface_ids = [
  173. azurerm_network_interface.example.id,
  174. ]
  175.  
  176. admin_ssh_key {
  177. username = "adminuser"
  178. public_key = file("~/.ssh/id_rsa.pub")
  179. }
  180.  
  181. os_disk {
  182. caching = "ReadWrite"
  183. disk_encryption_set_id = "${azurerm_disk_encryption_set.example.id}"
  184. storage_account_type = "Standard_LRS"
  185. }
  186. source_image_reference {
  187. publisher = "Canonical"
  188. offer = "UbuntuServer"
  189. sku = "16.04-LTS"
  190. version = "latest"
  191. }
  192. }

Reply to "Re: Untitled"