mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
309 lines
13 KiB
JSON
309 lines
13 KiB
JSON
![]() |
{
|
||
|
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
|
||
|
"contentVersion": "1.0.0.0",
|
||
|
"parameters": {
|
||
|
"VMName": {
|
||
|
"type": "string",
|
||
|
"metadata": {
|
||
|
"description": "VM Name and convention your company uses, be sure to entice naming EX. vm-fileshares-prod-eastus-003"
|
||
|
},
|
||
|
"defaultValue": "vm-fileshares-prod-eastus-003"
|
||
|
},
|
||
|
"virtualNetworkId": {
|
||
|
"type": "string",
|
||
|
"metadata": {
|
||
|
"description": "Virtual Network Resource ID to Deploy Azure VM into"
|
||
|
},
|
||
|
"defaultValue": "/subscriptions/{SUBID}/resourceGroups/{RG NAME}/providers/Microsoft.Network/virtualNetworks/{VNET NAME}"
|
||
|
},
|
||
|
"subnetName": {
|
||
|
"type": "string",
|
||
|
"metadata": {
|
||
|
"description": "Virtual Network Subnet Name to Deploy Azure VM into"
|
||
|
}
|
||
|
},
|
||
|
"MyConnectionIP": {
|
||
|
"type": "string",
|
||
|
"minLength": 7,
|
||
|
"maxLength": 15,
|
||
|
"metadata": {
|
||
|
"description": "The Public IP I will be connecting from to administer and configure"
|
||
|
},
|
||
|
"defaultValue": "XXX.XXX.XXX.XXX"
|
||
|
},
|
||
|
"adminUsername": {
|
||
|
"type": "string",
|
||
|
"minLength": 1,
|
||
|
"defaultValue": "webuser",
|
||
|
"metadata": {
|
||
|
"description": "Admin user name for Linux VM"
|
||
|
}
|
||
|
},
|
||
|
"authenticationType": {
|
||
|
"type": "string",
|
||
|
"defaultValue": "password",
|
||
|
"allowedValues": [
|
||
|
"sshPublicKey",
|
||
|
"password"
|
||
|
],
|
||
|
"metadata": {
|
||
|
"description": "Type of authentication to use on the Virtual Machine. SSH key is recommended."
|
||
|
}
|
||
|
},
|
||
|
"adminPasswordOrKey": {
|
||
|
"type": "securestring",
|
||
|
"metadata": {
|
||
|
"description": "SSH Key or password for the Virtual Machine. SSH key is recommended."
|
||
|
}
|
||
|
},
|
||
|
"CloudInitB64Encoded": {
|
||
|
"type": "securestring",
|
||
|
"metadata": {
|
||
|
"description": "Cloud Init Configuration as a Base 64 encoded string, decode to examine a few variables to change and encode and submit"
|
||
|
},
|
||
|
"defaultValue": "I2Nsb3VkLWNvbmZpZwp0aW1lem9uZTogVVMvRWFzdGVybgoKcGFja2FnZXM6CiAgLSBnaXQKCnJ1bmNtZDoKICAtIGN1cmwgLXNTIC0tcmV0cnkgNSBodHRwczovL2dpdGh1Yi5jb20KICAtIGdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vdGVsZWtvbS1zZWN1cml0eS90cG90Y2UgL3Jvb3QvdHBvdAogIC0gL3Jvb3QvdHBvdC9pc28vaW5zdGFsbGVyL2luc3RhbGwuc2ggLS10eXBlPWF1dG8gLS1jb25mPS9yb290L3Rwb3QuY29uZgogIC0gcm0gL3Jvb3QvdHBvdC5jb25mCiAgLSAvc2Jpbi9zaHV0ZG93biAtciBub3cKCnBhc3N3b3JkOiB3M2IkZWNyZXRzMiEKY2hwYXNzd2Q6CiAgZXhwaXJlOiBmYWxzZQoKd3JpdGVfZmlsZXM6CiAgLSBjb250ZW50OiB8CiAgICAgICMgdHBvdCBjb25maWd1cmF0aW9uIGZpbGUKICAgICAgbXlDT05GX1RQT1RfRkxBVk9SPSdTVEFOREFSRCcKICAgICAgbXlDT05GX1dFQl9VU0VSPSd3ZWJ1c2VyJwogICAgICBteUNPTkZfV0VCX1BXPSd3M2IkZWNyZXRzMiEnCiAgICBvd25lcjogcm9vdDpyb290CiAgICBwYXRoOiAvcm9vdC90cG90LmNvbmYKICAgIHBlcm1pc3Npb25zOiAnMDYwMCc="
|
||
|
}
|
||
|
},
|
||
|
"variables": {
|
||
|
"vnetId": "[parameters('virtualNetworkId')]",
|
||
|
"subnetRef": "[concat(variables('vnetId'), '/subnets/', parameters('subnetName'))]",
|
||
|
"linuxConfiguration": {
|
||
|
"disablePasswordAuthentication": true,
|
||
|
"ssh": {
|
||
|
"publicKeys": [
|
||
|
{
|
||
|
"path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]",
|
||
|
"keyData": "[parameters('adminPasswordOrKey')]"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
"resources": [
|
||
|
{
|
||
|
"name": "[concat(uniqueString(resourceGroup().id, deployment().name),'-nic')]",
|
||
|
"type": "Microsoft.Network/networkInterfaces",
|
||
|
"apiVersion": "2021-08-01",
|
||
|
"location": "[resourceGroup().location]",
|
||
|
"dependsOn": [
|
||
|
"[resourceId('Microsoft.Network/networkSecurityGroups/', concat(uniqueString(resourceGroup().id, deployment().name),'-nsg'))]",
|
||
|
"[resourceId('Microsoft.Network/publicIpAddresses', concat(uniqueString(resourceGroup().id, deployment().name),'-pip'))]"
|
||
|
],
|
||
|
"properties": {
|
||
|
"ipConfigurations": [
|
||
|
{
|
||
|
"name": "ipconfig1",
|
||
|
"properties": {
|
||
|
"subnet": {
|
||
|
"id": "[variables('subnetRef')]"
|
||
|
},
|
||
|
"privateIPAllocationMethod": "Dynamic",
|
||
|
"publicIpAddress": {
|
||
|
"id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', concat(uniqueString(resourceGroup().id, deployment().name),'-pip'))]",
|
||
|
"properties": {
|
||
|
"deleteOption": "Detach"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"enableAcceleratedNetworking": true,
|
||
|
"networkSecurityGroup": {
|
||
|
"id": "[resourceId('Microsoft.Network/networkSecurityGroups/', concat(uniqueString(resourceGroup().id, deployment().name),'-nsg'))]"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "[concat(uniqueString(resourceGroup().id, deployment().name),'-nsg')]",
|
||
|
"type": "Microsoft.Network/networkSecurityGroups",
|
||
|
"apiVersion": "2019-02-01",
|
||
|
"location": "[resourceGroup().location]",
|
||
|
"properties": {
|
||
|
"securityRules": [
|
||
|
{
|
||
|
"name": "AllowAzureCloud22Inbound",
|
||
|
"properties": {
|
||
|
"protocol": "*",
|
||
|
"sourcePortRange": "*",
|
||
|
"destinationPortRange": "22",
|
||
|
"sourceAddressPrefix": "AzureCloud",
|
||
|
"destinationAddressPrefix": "*",
|
||
|
"access": "Allow",
|
||
|
"priority": 1011,
|
||
|
"direction": "Inbound",
|
||
|
"sourcePortRanges": [],
|
||
|
"destinationPortRanges": [],
|
||
|
"sourceAddressPrefixes": [],
|
||
|
"destinationAddressPrefixes": []
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "AllowCustom64294Inbound",
|
||
|
"properties": {
|
||
|
"protocol": "*",
|
||
|
"sourcePortRange": "*",
|
||
|
"destinationPortRange": "64294",
|
||
|
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
|
||
|
"destinationAddressPrefix": "*",
|
||
|
"access": "Allow",
|
||
|
"priority": 1021,
|
||
|
"direction": "Inbound",
|
||
|
"sourcePortRanges": [],
|
||
|
"destinationPortRanges": [],
|
||
|
"sourceAddressPrefixes": [],
|
||
|
"destinationAddressPrefixes": []
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "AllowSSHCustom64295Inbound",
|
||
|
"properties": {
|
||
|
"protocol": "*",
|
||
|
"sourcePortRange": "*",
|
||
|
"destinationPortRange": "64295",
|
||
|
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
|
||
|
"destinationAddressPrefix": "*",
|
||
|
"access": "Allow",
|
||
|
"priority": 1031,
|
||
|
"direction": "Inbound",
|
||
|
"sourcePortRanges": [],
|
||
|
"destinationPortRanges": [],
|
||
|
"sourceAddressPrefixes": [],
|
||
|
"destinationAddressPrefixes": []
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "AllowAzureCloud64295Inbound",
|
||
|
"properties": {
|
||
|
"protocol": "*",
|
||
|
"sourcePortRange": "*",
|
||
|
"destinationPortRange": "64295",
|
||
|
"sourceAddressPrefix": "AzureCloud",
|
||
|
"destinationAddressPrefix": "*",
|
||
|
"access": "Allow",
|
||
|
"priority": 1041,
|
||
|
"direction": "Inbound",
|
||
|
"sourcePortRanges": [],
|
||
|
"destinationPortRanges": [],
|
||
|
"sourceAddressPrefixes": [],
|
||
|
"destinationAddressPrefixes": []
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "AllowCustom64297Inbound",
|
||
|
"properties": {
|
||
|
"protocol": "*",
|
||
|
"sourcePortRange": "*",
|
||
|
"destinationPortRange": "64297",
|
||
|
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
|
||
|
"destinationAddressPrefix": "*",
|
||
|
"access": "Allow",
|
||
|
"priority": 1051,
|
||
|
"direction": "Inbound",
|
||
|
"sourcePortRanges": [],
|
||
|
"destinationPortRanges": [],
|
||
|
"sourceAddressPrefixes": [],
|
||
|
"destinationAddressPrefixes": []
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "AllowAllHomeOfficeCustomAnyInbound",
|
||
|
"properties": {
|
||
|
"protocol": "*",
|
||
|
"sourcePortRange": "*",
|
||
|
"destinationPortRange": "*",
|
||
|
"sourceAddressPrefix": "[parameters('MyConnectionIP')]",
|
||
|
"destinationAddressPrefix": "*",
|
||
|
"access": "Allow",
|
||
|
"priority": 1061,
|
||
|
"direction": "Inbound",
|
||
|
"sourcePortRanges": [],
|
||
|
"destinationPortRanges": [],
|
||
|
"sourceAddressPrefixes": [],
|
||
|
"destinationAddressPrefixes": []
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "[concat(uniqueString(resourceGroup().id, deployment().name),'-pip')]",
|
||
|
"type": "Microsoft.Network/publicIpAddresses",
|
||
|
"apiVersion": "2020-08-01",
|
||
|
"location": "[resourceGroup().location]",
|
||
|
"properties": {
|
||
|
"publicIpAllocationMethod": "Static"
|
||
|
},
|
||
|
"sku": {
|
||
|
"name": "Standard"
|
||
|
},
|
||
|
"zones": [
|
||
|
"1"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"name": "[parameters('VMName')]",
|
||
|
"type": "Microsoft.Compute/virtualMachines",
|
||
|
"apiVersion": "2022-03-01",
|
||
|
"location": "[resourceGroup().location]",
|
||
|
"dependsOn": [
|
||
|
"[resourceId('Microsoft.Network/networkInterfaces', concat(uniqueString(resourceGroup().id, deployment().name),'-nic'))]"
|
||
|
],
|
||
|
"properties": {
|
||
|
"hardwareProfile": {
|
||
|
"vmSize": "Standard_D4s_v3"
|
||
|
},
|
||
|
"storageProfile": {
|
||
|
"osDisk": {
|
||
|
"createOption": "fromImage",
|
||
|
"managedDisk": {
|
||
|
"storageAccountType": "StandardSSD_LRS"
|
||
|
},
|
||
|
"deleteOption": "Delete"
|
||
|
},
|
||
|
"imageReference": {
|
||
|
"publisher": "debian",
|
||
|
"offer": "debian-11",
|
||
|
"sku": "11-gen2",
|
||
|
"version": "latest"
|
||
|
},
|
||
|
"dataDisks": [
|
||
|
{
|
||
|
"name": "[concat(parameters('VMName'),'-datadisk')]",
|
||
|
"diskSizeGB": 256,
|
||
|
"lun": 0,
|
||
|
"createOption": "Empty",
|
||
|
"caching": "ReadWrite"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
"networkProfile": {
|
||
|
"networkInterfaces": [
|
||
|
{
|
||
|
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(uniqueString(resourceGroup().id, deployment().name),'-nic'))]",
|
||
|
"properties": {
|
||
|
"deleteOption": "Delete"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
"osProfile": {
|
||
|
"computerName": "[parameters('VMName')]",
|
||
|
"adminUsername": "[parameters('adminUsername')]",
|
||
|
"adminPassword": "[parameters('adminPasswordOrKey')]",
|
||
|
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]",
|
||
|
"customData": "[parameters('CloudInitB64Encoded')]"
|
||
|
},
|
||
|
"diagnosticsProfile": {
|
||
|
"bootDiagnostics": {
|
||
|
"enabled": true
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
"zones": [
|
||
|
"1"
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"outputs": {}
|
||
|
}
|