Skip to content

robinmordasiewicz/fortinet-secure-cloud-blueprint-terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

801 Commits
.github
.github
 
 
.infracost
.infracost
 
 
cloud-init
cloud-init
 
 
policies.bak
policies.bak
 
 
policies
policies
 
 
.cspell.json
.cspell.json
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.gitleaksignore
.gitleaksignore
 
 
.jscpd.json
.jscpd.json
 
 
.markdownlint.json
.markdownlint.json
 
 
.mega-linter.yml
.mega-linter.yml
 
 
.mega-linter.yml.orig
.mega-linter.yml.orig
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.secretlintignore
.secretlintignore
 
 
.secrets.baseline
.secrets.baseline
 
 
.secretsignore
.secretsignore
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.tflint.hcl
.tflint.hcl
 
 
.yamllint
.yamllint
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
admin-username.tf
admin-username.tf
 
 
availability_set.tf
availability_set.tf
 
 
data.tf
data.tf
 
 
fdevsec.yaml
fdevsec.yaml
 
 
fortigate_virtual_machine.tf
fortigate_virtual_machine.tf
 
 
fortiweb_virtual_machine.tf
fortiweb_virtual_machine.tf
 
 
go.sum
go.sum
 
 
links.txt
links.txt
 
 
network_security.tf
network_security.tf
 
 
outputs.tf
outputs.tf
 
 
resource-group.tf
resource-group.tf
 
 
subnet.tf
subnet.tf
 
 
terraform.auto.tfvars
terraform.auto.tfvars
 
 
terraform.tf
terraform.tf
 
 
terraform.tftest.hcl
terraform.tftest.hcl
 
 
tls_private_key.tf
tls_private_key.tf
 
 
ubuntu_virtual_machine.tf
ubuntu_virtual_machine.tf
 
 
variables.tf
variables.tf
 
 
virtual_network.tf
virtual_network.tf
 
 

Repository files navigation

terraform-docs

Azure Automation Fortinet Terraform.

MegaLinter

FortiDevSec SAST scanner

git config --global init.templateDir ~/.git-template
pre-commit init-templatedir ~/.git-template
git clone https://github.com/robinmordasiewicz/fortinet-secure-cloud-blueprint-terraform
export TF_CLI_ARGS_init="-backend-config=backend.hcl"
terraform output -raw admin_password
terraform output -raw tls_private_key
git checkout main
git pull
git checkout <local-branch>
git merge main
gh workflow run environment.yml --ref Production -R robinmordasiewicz/fortinet-secure-cloud-blueprint-terraform
trivy fs --scanners vuln,config .

Install megalinter

npm install mega-linter-runner -g

Requirements

Name Version
terraform 1.5.7
azurerm 3.77.0
random 3.5.1
tls 4.0.4

Providers

Name Version
azurerm 3.77.0
random 3.5.1
tls 4.0.4

Modules

No modules.

Resources

Name Type
azurerm_availability_set.fortinet_availability_set resource
azurerm_disk_encryption_set.en_set resource
azurerm_key_vault.vault resource
azurerm_key_vault_access_policy.kv_access_policy_des resource
azurerm_key_vault_key.key resource
azurerm_linux_virtual_machine.fortigate_virtual_machine resource
azurerm_linux_virtual_machine.fortiweb_virtual_machine resource
azurerm_linux_virtual_machine.ubuntu_virtual_machine resource
azurerm_managed_disk.fortiweb_log_disk resource
azurerm_monitor_diagnostic_setting.example resource
azurerm_network_ddos_protection_plan.ddos_protection_plan resource
azurerm_network_interface.fortigate_dmz_network_interface resource
azurerm_network_interface.fortigate_external_network_interface resource
azurerm_network_interface.fortiweb_dmz_network_interface resource
azurerm_network_interface.fortiweb_internal_network_interface resource
azurerm_network_interface.ubuntu_dmz_network_interface resource
azurerm_network_interface.ubuntu_internal_network_interface resource
azurerm_network_interface_security_group_association.fortigate_association resource
azurerm_network_security_group.nsg resource
azurerm_network_security_group.private_nsg resource
azurerm_network_security_group.vip_allow_https_tcp_nsg resource
azurerm_public_ip.vip_public_ip resource
azurerm_subnet.dmz_subnet resource
azurerm_subnet.external_subnet resource
azurerm_subnet.internal_subnet resource
azurerm_subnet_network_security_group_association.dmz_subnet_association resource
azurerm_subnet_network_security_group_association.external_subnet_association resource
azurerm_subnet_network_security_group_association.internal_subnet_association resource
azurerm_virtual_machine_data_disk_attachment.fortiweb_data_disk_attachment resource
azurerm_virtual_network.vnet resource
random_pet.admin_username resource
random_string.azurerm_key_vault_key_name resource
random_string.azurerm_key_vault_name resource
tls_private_key.ssh_key resource
azurerm_public_ip.vip_public_ip data source
azurerm_resource_group.AZURE_RESOURCE_GROUP data source
azurerm_subscription.current data source

Inputs

Name Description Type Default Required
ARM_TENANT_ID Azure Tenant ID string n/a yes
AZURE_RESOURCE_GROUP_NAME Name of the resource group. string n/a yes
AZURE_SERVICE_PRINCIPAL_UUID Azure service principal UUID string n/a yes
AZURE_STORAGE_ACCOUNT_ID ID of the Azure storage account. string n/a yes
dmz-Name DMZ Subnet Name. string n/a yes
dmz-Prefix DMZ Subnet Prefix. string n/a yes
external-Name External Subnet Name. string n/a yes
external-Prefix External Subnet Prefix. string n/a yes
internal-Name Internal Subnet Name. string n/a yes
internal-Prefix Internal Subnet Prefix. string n/a yes
key_name The name of the key to be created. The value will be randomly generated if blank. string "" no
key_opts The permitted JSON web key operations of the key to be created. list(string) 
[
  "decrypt",
  "encrypt",
  "sign",
  "unwrapKey",
  "verify",
  "wrapKey"
]
 no
key_permissions List of key permissions. list(string) 
[
  "List",
  "Create",
  "Delete",
  "Get",
  "Purge",
  "Recover",
  "Update",
  "GetRotationPolicy",
  "SetRotationPolicy"
]
 no
key_size The size in bits of the key to be created. number 2048 no
key_type The JsonWebKeyType of the key to be created. string "RSA" no
secret_permissions List of secret permissions. list(string) 
[
  "Set"
]
 no
sku_name The SKU of the vault to be created. string "premium" no
storage_permissions List of secret permissions. list(string) 
[
  "Get"
]
 no
vault_name The name of the key vault to be created. The value will be randomly generated if blank. string "" no
vnetAddressPrefix Virtual Network Address prefix. string n/a yes

Outputs

Name Description
admin_username Username for admin account
availabilitySetFdc Number of fault domains in the availability set.
availabilitySetId ID of the Azure availability set.
availabilitySetName Name of the Azure availability set.
azurerm_key_vault_id ID of the Azure key vault
azurerm_key_vault_name Name of the Azure key vault
currentSubscriptionDisplayName Azure subscription Name
currentSubscriptionId Azure subscription ID
resourceGroupName Azure resource group for all objects
tls_private_key TSL private key
ubuntuVmName Ubuntu machine name.
vip_public_ip_address Public IP address

Example terraform.auto.tfvars

vnetAddressPrefix = "10.0.0.0/16"
external-Name     = "external"
external-Prefix   = "10.0.1.0/24"
dmz-Name          = "dmz"
dmz-Prefix        = "10.0.2.0/24"
internal-Name     = "internal"
internal-Prefix   = "10.0.3.0/24"

Documentation

Requirements

Name Version
terraform 1.6.2
azurerm 3.78.0
http 3.4.0
random 3.5.1
tls 4.0.4

Inputs

Name Description Type Default Required
AZURE_RESOURCE_GROUP_NAME Name of the resource group. string n/a yes
dmz-Name DMZ Subnet Name. string n/a yes
dmz-Prefix DMZ Subnet Prefix. string n/a yes
external-Name External Subnet Name. string n/a yes
external-Prefix External Subnet Prefix. string n/a yes
internal-Name Internal Subnet Name. string n/a yes
internal-Prefix Internal Subnet Prefix. string n/a yes
vnetAddressPrefix Virtual Network Address prefix. string n/a yes

Resources

Name Type
azurerm_availability_set.fortinet_availability_set resource
azurerm_linux_virtual_machine.fortigate_virtual_machine resource
azurerm_linux_virtual_machine.fortiweb_virtual_machine resource
azurerm_linux_virtual_machine.ubuntu_virtual_machine resource
azurerm_managed_disk.fortiweb_log_disk resource
azurerm_network_ddos_protection_plan.ddos_protection_plan resource
azurerm_network_interface.fortigate_dmz_network_interface resource
azurerm_network_interface.fortigate_external_network_interface resource
azurerm_network_interface.fortiweb_dmz_network_interface resource
azurerm_network_interface.fortiweb_internal_network_interface resource
azurerm_network_interface.ubuntu_dmz_network_interface resource
azurerm_network_interface.ubuntu_internal_network_interface resource
azurerm_network_interface_security_group_association.fortigate_association resource
azurerm_network_security_group.nsg resource
azurerm_network_security_group.private_nsg resource
azurerm_network_security_group.vip_allow_https_tcp_nsg resource
azurerm_public_ip.vip_public_ip resource
azurerm_subnet.dmz_subnet resource
azurerm_subnet.external_subnet resource
azurerm_subnet.internal_subnet resource
azurerm_subnet_network_security_group_association.dmz_subnet_association resource
azurerm_subnet_network_security_group_association.external_subnet_association resource
azurerm_subnet_network_security_group_association.internal_subnet_association resource
azurerm_virtual_machine_data_disk_attachment.fortiweb_data_disk_attachment resource
azurerm_virtual_network.vnet resource
random_pet.admin_username resource
tls_private_key.ssh_key resource
azurerm_public_ip.vip_public_ip data source
azurerm_resource_group.AZURE_RESOURCE_GROUP data source
azurerm_subscription.current data source
http_http.terraform data source

Outputs

Name Description
admin_username Username for admin account
availabilitySetFdc Number of fault domains in the availability set.
availabilitySetId ID of the Azure availability set.
availabilitySetName Name of the Azure availability set.
currentSubscriptionDisplayName Azure subscription Name
currentSubscriptionId Azure subscription ID
resourceGroupName Azure resource group for all objects
terraform_version Terraform Version
tls_private_key TSL private key
ubuntuVmName Ubuntu machine name.
vip_public_ip_address Public IP address

About

No description, website, or topics provided.

Resources

Readme

Security policy

Security policy
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages