demo-terraform/windows-ad/main.tf

72 lines
1.8 KiB
HCL

resource "aws_key_pair" "key" {
key_name = "my-key" # Replace with your key name
public_key = file("~/.ssh/my-key.pub") # Replace with the path to your public key
}
resource "aws_security_group" "ad_sg" {
name = "ad_security_group"
description = "Allow RDP and necessary AD ports"
ingress {
from_port = 3389
to_port = 3389
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Required ports for Active Directory
ingress {
from_port = 135
to_port = 135
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 389
to_port = 389
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 445
to_port = 445
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 1024
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "windows_ad_server" {
ami = "ami-0d8f6eb4f641ef691" # Change to a Windows Server AMI in your region
instance_type = "t3.medium"
key_name = aws_key_pair.key.key_name
vpc_security_group_ids = [aws_security_group.ad_sg.id]
associate_public_ip_address = true
user_data = file("userdata.ps1") # Loads the PowerShell script to initialize AD
# Wait until instance status is ready before proceeding
provisioner "local-exec" {
command = "echo 'Instance is booting and configuration script is being executed'"
}
}
output "instance_id" {
value = aws_instance.windows_ad_server.id
}
output "instance_ip" {
value = aws_instance.windows_ad_server.public_ip
}