terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "4.12.0" } random = { source = "hashicorp/random" version = "3.6.3" } tls = { source = "hashicorp/tls" version = "4.0.6" } cloudinit = { source = "hashicorp/cloudinit" version = "2.3.5" } } } provider "azurerm" { use_oidc = true features {} # This enables all resource providers. # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. resource_provider_registrations = "all" } provider "tls" {} resource "random_string" "suffix" { length = 6 special = false } resource "tls_private_key" "ssh_key" { algorithm = "RSA" rsa_bits = 2048 } data "cloudinit_config" "cloud_init" { base64_encode = true part { filename = "cloud-init.yaml" content_type = "text/cloud-config" content = file("${path.module}/cloud-init.yaml") } } resource "azurerm_resource_group" "main" { name = var.resource_group location = var.location } resource "azurerm_virtual_network" "main" { name = "mini-${random_string.suffix.result}" address_space = ["10.0.0.0/16"] location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name } resource "azurerm_subnet" "main" { name = "mini-${random_string.suffix.result}" resource_group_name = azurerm_resource_group.main.name virtual_network_name = azurerm_virtual_network.main.name address_prefixes = ["10.0.2.0/24"] } resource "azurerm_public_ip" "main" { name = "mini-${random_string.suffix.result}" location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name allocation_method = "Static" sku = "Standard" } resource "azurerm_network_interface" "main" { name = "mini-${random_string.suffix.result}" resource_group_name = azurerm_resource_group.main.name location = azurerm_resource_group.main.location ip_configuration { name = "main" subnet_id = azurerm_subnet.main.id private_ip_address_allocation = "Dynamic" public_ip_address_id = azurerm_public_ip.main.id } } resource "azurerm_network_security_group" "ssh" { name = "mini-${random_string.suffix.result}" resource_group_name = azurerm_resource_group.main.name location = azurerm_resource_group.main.location security_rule { name = "ssh" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" } } resource "azurerm_subnet_network_security_group_association" "ssh" { subnet_id = azurerm_subnet.main.id network_security_group_id = azurerm_network_security_group.ssh.id } resource "azurerm_linux_virtual_machine" "main" { name = "mini-${random_string.suffix.result}" resource_group_name = azurerm_resource_group.main.name location = azurerm_resource_group.main.location # Standard_D8s_v5 provides nested virtualization support size = var.machine_type admin_username = "adminuser" admin_ssh_key { username = "adminuser" public_key = tls_private_key.ssh_key.public_key_openssh } boot_diagnostics { } network_interface_ids = [ azurerm_network_interface.main.id, ] source_image_reference { publisher = "Canonical" offer = "0001-com-ubuntu-server-jammy-daily" sku = "22_04-daily-lts" version = "latest" } os_disk { storage_account_type = "Standard_LRS" caching = "ReadWrite" } user_data = data.cloudinit_config.cloud_init.rendered }