resource "aws_key_pair" "key" { key_name = "my-key" # Replace with your key name public_key = file("~/.ssh/my-key.pub") # Replace with the path to your public key } resource "aws_security_group" "ad_sg" { name = "ad_security_group" description = "Allow RDP and necessary AD ports" ingress { from_port = 3389 to_port = 3389 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # Required ports for Active Directory ingress { from_port = 135 to_port = 135 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 389 to_port = 389 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 445 to_port = 445 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 1024 to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } data "template_file" "init" { template = "${file("populate_ad/run.ps1.tpl")}" vars = { forest_mode = "" domain_mode = "" domain_name = "${aws_instance.some.private_ip}" domain_netbios_name = "" safe_mode_password = "" domain_admin_password = "" } } resource "aws_instance" "windows_ad_server" { ami = "ami-0d8f6eb4f641ef691" # Change to a Windows Server AMI in your region instance_type = "t3.medium" key_name = aws_key_pair.key.key_name vpc_security_group_ids = [aws_security_group.ad_sg.id] associate_public_ip_address = true user_data = ${data.template_file.init.rendered} # Wait until instance status is ready before proceeding provisioner "local-exec" { command = "echo 'Instance is booting and configuration script is being executed'" } } output "instance_id" { value = aws_instance.windows_ad_server.id } output "instance_ip" { value = aws_instance.windows_ad_server.public_ip }