telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
1af7cdcaa1e975770e0a585075c8e967a1996d20
tpotce/cloud/azure/azuredeploy.json

309 lines
13 KiB
JSON
Raw Normal View History

Azure Deployment via ARM template The following is a Azure Deployment of T-Pot using a ARM Template, creates a debian 11 vm, disks, nic, nsg, pip and leverages cloud-init customData to pass a B64 encoded string of a cloud-inity yaml file, example in readme docs.
2023-07-02 00:56:38 -04:00
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"VMName": {
"type": "string",
"metadata": {
"description": "VM Name and convention your company uses, be sure to entice naming EX. vm-fileshares-prod-eastus-003"
},
"defaultValue": "vm-fileshares-prod-eastus-003"
},
"virtualNetworkId": {
"type": "string",
"metadata": {
"description": "Virtual Network Resource ID to Deploy Azure VM into"
},
"defaultValue": "/subscriptions/{SUBID}/resourceGroups/{RG NAME}/providers/Microsoft.Network/virtualNetworks/{VNET NAME}"
},
"subnetName": {
"type": "string",
"metadata": {
"description": "Virtual Network Subnet Name to Deploy Azure VM into"
}
},
"MyConnectionIP": {
"type": "string",
"minLength": 7,
"maxLength": 15,
"metadata": {
"description": "The Public IP I will be connecting from to administer and configure"
},
"defaultValue": "XXX.XXX.XXX.XXX"
},
"adminUsername": {
"type": "string",
"minLength": 1,
"defaultValue": "webuser",
"metadata": {
"description": "Admin user name for Linux VM"
}
},
"authenticationType": {
"type": "string",
"defaultValue": "password",
"allowedValues": [
"sshPublicKey",
"password"
],
"metadata": {
"description": "Type of authentication to use on the Virtual Machine. SSH key is recommended."
}
},
"adminPasswordOrKey": {
"type": "securestring",
"metadata": {
"description": "SSH Key or password for the Virtual Machine. SSH key is recommended."
}
},
"CloudInitB64Encoded": {
"type": "securestring",
"metadata": {
"description": "Cloud Init Configuration as a Base 64 encoded string, decode to examine a few variables to change and encode and submit"
},
"defaultValue": "I2Nsb3VkLWNvbmZpZwp0aW1lem9uZTogVVMvRWFzdGVybgoKcGFja2FnZXM6CiAgLSBnaXQKCnJ1bmNtZDoKICAtIGN1cmwgLXNTIC0tcmV0cnkgNSBodHRwczovL2dpdGh1Yi5jb20KICAtIGdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vdGVsZWtvbS1zZWN1cml0eS90cG90Y2UgL3Jvb3QvdHBvdAogIC0gL3Jvb3QvdHBvdC9pc28vaW5zdGFsbGVyL2luc3RhbGwuc2ggLS10eXBlPWF1dG8gLS1jb25mPS9yb290L3Rwb3QuY29uZgogIC0gcm0gL3Jvb3QvdHBvdC5jb25mCiAgLSAvc2Jpbi9zaHV0ZG93biAtciBub3cKCnBhc3N3b3JkOiB3M2IkZWNyZXRzMiEKY2hwYXNzd2Q6CiAgZXhwaXJlOiBmYWxzZQoKd3JpdGVfZmlsZXM6CiAgLSBjb250ZW50OiB8CiAgICAgICMgdHBvdCBjb25maWd1cmF0aW9uIGZpbGUKICAgICAgbXlDT05GX1RQT1RfRkxBVk9SPSdTVEFOREFSRCcKICAgICAgbXlDT05GX1dFQl9VU0VSPSd3ZWJ1c2VyJwogICAgICBteUNPTkZfV0VCX1BXPSd3M2IkZWNyZXRzMiEnCiAgICBvd25lcjogcm9vdDpyb290CiAgICBwYXRoOiAvcm9vdC90cG90LmNvbmYKICAgIHBlcm1pc3Npb25zOiAnMDYwMCc="
}
},
"variables": {
"vnetId": "[parameters('virtualNetworkId')]",
"subnetRef": "[concat(variables('vnetId'), '/subnets/', parameters('subnetName'))]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]",
"keyData": "[parameters('adminPasswordOrKey')]"
}
]
}
}
},
"resources": [
{
"name": "[concat(uniqueString(resourceGroup().id, deployment().name),'-nic')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-08-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups/', concat(uniqueString(resourceGroup().id, deployment().name),'-nsg'))]",
"[resourceId('Microsoft.Network/publicIpAddresses', concat(uniqueString(resourceGroup().id, deployment().name),'-pip'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic",
"publicIpAddress": {
"id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', concat(uniqueString(resourceGroup().id, deployment().name),'-pip'))]",
"properties": {
"deleteOption": "Detach"
}
}
}
}
],
"enableAcceleratedNetworking": true,
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/', concat(uniqueString(resourceGroup().id, deployment().name),'-nsg'))]"
}
}
},
{
"name": "[concat(uniqueString(resourceGroup().id, deployment().name),'-nsg')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-02-01",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "AllowAzureCloud22Inbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "AzureCloud",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1011,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowCustom64294Inbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "64294",
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1021,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowSSHCustom64295Inbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "64295",
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1031,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowAzureCloud64295Inbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "64295",
"sourceAddressPrefix": "AzureCloud",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1041,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowCustom64297Inbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "64297",
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1051,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "AllowAllHomeOfficeCustomAnyInbound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1061,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"name": "[concat(uniqueString(resourceGroup().id, deployment().name),'-pip')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "2020-08-01",
"location": "[resourceGroup().location]",
"properties": {
"publicIpAllocationMethod": "Static"
},
"sku": {
"name": "Standard"
},
"zones": [
"1"
]
},
{
"name": "[parameters('VMName')]",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2022-03-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', concat(uniqueString(resourceGroup().id, deployment().name),'-nic'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "Standard_D4s_v3"
},
"storageProfile": {
"osDisk": {
"createOption": "fromImage",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
},
"deleteOption": "Delete"
},
"imageReference": {
"publisher": "debian",
"offer": "debian-11",
"sku": "11-gen2",
"version": "latest"
},
"dataDisks": [
{
"name": "[concat(parameters('VMName'),'-datadisk')]",
"diskSizeGB": 256,
"lun": 0,
"createOption": "Empty",
"caching": "ReadWrite"
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(uniqueString(resourceGroup().id, deployment().name),'-nic'))]",
"properties": {
"deleteOption": "Delete"
}
}
]
},
"osProfile": {
"computerName": "[parameters('VMName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPasswordOrKey')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]",
"customData": "[parameters('CloudInitB64Encoded')]"
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true
}
}
},
"zones": [
"1"
]
}
],
"outputs": {}
}
Reference in New Issue Copy Permalink