added network secure module

qmi-network-secure/main.tf

@@ -0,0 +1,105 @@
+resource "random_id" "randomMachineId" {
+    keepers = {
+        # Generate a new ID only when a new resource group is defined
+        resource_group = var.resource_group_name
+    }
+    
+    byte_length = 2
+}
+
+resource "azurerm_virtual_network" "vnet" {
+  name                = "vnet-${random_id.randomMachineId.hex}"
+  address_space       = ["10.0.0.0/16"]
+  location            = var.location
+  resource_group_name = var.resource_group_name
+}
+
+resource "azurerm_subnet" "default" {
+  name                = "default"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefix       = "10.0.0.0/24"
+}
+
+resource "azurerm_subnet" "bastion-subnet" {
+  name                 = "AzureBastionSubnet"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefix       = "10.0.1.0/24"
+}
+
+resource "azurerm_subnet" "frontend" {
+  name                 = "AppGatewaySubnet"
+  resource_group_name  = var.resource_group_name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefix       = "10.0.2.0/24"
+}
+
+resource "azurerm_public_ip" "bastion-ip" {
+  name                = "bastion-ip-${random_id.randomMachineId.hex}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+}
+
+resource "azurerm_bastion_host" "bastion_host" {
+  name                = "bastion-host-${random_id.randomMachineId.hex}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  ip_configuration {
+    name                 = "configuration"
+    subnet_id            = azurerm_subnet.bastion-subnet.id
+    public_ip_address_id = azurerm_public_ip.bastion-ip.id
+  }
+}
+
+resource "azurerm_network_security_group" "nsg" {
+  name                = "DenyInternetMgmg"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+  }
+
+  security_rule {
+    name                       = "Deny_SSH_from_Internet"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Deny"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = "Internet"
+    destination_address_prefix = "*"
+  }
+  security_rule {
+    name                       = "Deny_RDP_from_Internet"
+    priority                   = 110
+    direction                  = "Inbound"
+    access                     = "Deny"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "3389"
+    source_address_prefix      = "Internet"
+    destination_address_prefix = "*"
+  }
+}
+
+resource "azurerm_subnet_network_security_group_association" "example" {
+  subnet_id                 = azurerm_subnet.default.id
+  network_security_group_id = azurerm_network_security_group.nsg.id
+}
+
+
+resource "azurerm_log_analytics_workspace" "example" {
+  name                = "analytics-${random_id.randomMachineId.hex}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  sku                 = "PerGB2018"
+  retention_in_days   = 90
+}
+

qmi-network-secure/outputs.tf

@@ -0,0 +1,11 @@
+output "default_subnet_id" {
+    value = azurerm_subnet.default.id
+}
+
+output "frontend_subnet_id" {
+    value = azurerm_subnet.frontend.id
+}
+
+output "bastion_subnet_id" {
+    value = azurerm_subnet.bastion-subnet.id
+}

qmi-network-secure/variables.tf

@@ -0,0 +1,7 @@
+variable "location" {
+
+}
+
+variable "resource_group_name" {
+    
+}