72 lines
1.8 KiB
Terraform
72 lines
1.8 KiB
Terraform
|
resource "aws_key_pair" "key" {
|
||
|
key_name = "my-key" # Replace with your key name
|
||
|
public_key = file("~/.ssh/my-key.pub") # Replace with the path to your public key
|
||
|
}
|
||
|
|
||
|
resource "aws_security_group" "ad_sg" {
|
||
|
name = "ad_security_group"
|
||
|
description = "Allow RDP and necessary AD ports"
|
||
|
|
||
|
ingress {
|
||
|
from_port = 3389
|
||
|
to_port = 3389
|
||
|
protocol = "tcp"
|
||
|
cidr_blocks = ["0.0.0.0/0"]
|
||
|
}
|
||
|
|
||
|
# Required ports for Active Directory
|
||
|
ingress {
|
||
|
from_port = 135
|
||
|
to_port = 135
|
||
|
protocol = "tcp"
|
||
|
cidr_blocks = ["0.0.0.0/0"]
|
||
|
}
|
||
|
ingress {
|
||
|
from_port = 389
|
||
|
to_port = 389
|
||
|
protocol = "tcp"
|
||
|
cidr_blocks = ["0.0.0.0/0"]
|
||
|
}
|
||
|
ingress {
|
||
|
from_port = 445
|
||
|
to_port = 445
|
||
|
protocol = "tcp"
|
||
|
cidr_blocks = ["0.0.0.0/0"]
|
||
|
}
|
||
|
ingress {
|
||
|
from_port = 1024
|
||
|
to_port = 65535
|
||
|
protocol = "tcp"
|
||
|
cidr_blocks = ["0.0.0.0/0"]
|
||
|
}
|
||
|
|
||
|
egress {
|
||
|
from_port = 0
|
||
|
to_port = 0
|
||
|
protocol = "-1"
|
||
|
cidr_blocks = ["0.0.0.0/0"]
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "aws_instance" "windows_ad_server" {
|
||
|
ami = "ami-0d8f6eb4f641ef691" # Change to a Windows Server AMI in your region
|
||
|
instance_type = "t3.medium"
|
||
|
key_name = aws_key_pair.key.key_name
|
||
|
vpc_security_group_ids = [aws_security_group.ad_sg.id]
|
||
|
associate_public_ip_address = true
|
||
|
|
||
|
user_data = file("userdata.ps1") # Loads the PowerShell script to initialize AD
|
||
|
|
||
|
# Wait until instance status is ready before proceeding
|
||
|
provisioner "local-exec" {
|
||
|
command = "echo 'Instance is booting and configuration script is being executed'"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
output "instance_id" {
|
||
|
value = aws_instance.windows_ad_server.id
|
||
|
}
|
||
|
|
||
|
output "instance_ip" {
|
||
|
value = aws_instance.windows_ad_server.public_ip
|
||
|
}
|