-
Notifications
You must be signed in to change notification settings - Fork 3
/
Multi-tier architecture.sh
164 lines (145 loc) · 4.7 KB
/
Multi-tier architecture.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/bin/bash
RgName="MyResourceGroup"
Location="eastus"
# Create a resource group.
az group create \
--name $RgName \
--location $Location
# Create a virtual network with a front-end subnet.
az network vnet create \
--name MyVnet \
--resource-group $RgName \
--location $Location \
--address-prefix 10.0.0.0/16 \
--subnet-name MySubnet-FrontEnd \
--subnet-prefix 10.0.1.0/24
# Create a back-end subnet.
az network vnet subnet create \
--address-prefix 10.0.2.0/24 \
--name MySubnet-BackEnd \
--resource-group $RgName \
--vnet-name MyVnet
# Create a network security group for the front-end subnet.
az network nsg create \
--resource-group $RgName \
--name MyNsg-FrontEnd \
--location $Location
# Create an NSG rule to allow HTTP traffic in from the Internet to the front-end subnet.
az network nsg rule create \
--resource-group $RgName \
--nsg-name MyNsg-FrontEnd \
--name Allow-HTTP-All \
--access Allow \
--protocol Tcp \
--direction Inbound \
--priority 100 \
--source-address-prefix Internet \
--source-port-range "*" \
--destination-address-prefix "*" \
--destination-port-range 80
# Create an NSG rule to allow SSH traffic in from the Internet to the front-end subnet.
az network nsg rule create \
--resource-group $RgName \
--nsg-name MyNsg-FrontEnd \
--name Allow-SSH-All \
--access Allow \
--protocol Tcp \
--direction Inbound \
--priority 300 \
--source-address-prefix Internet \
--source-port-range "*" \
--destination-address-prefix "*" \
--destination-port-range 22
# Associate the front-end NSG to the front-end subnet.
az network vnet subnet update \
--vnet-name MyVnet \
--name MySubnet-FrontEnd \
--resource-group $RgName \
--network-security-group MyNsg-FrontEnd
# Create a network security group for back-end subnet.
az network nsg create \
--resource-group $RgName \
--name MyNsg-BackEnd \
--location $Location
# Create an NSG rule to allow MySQL traffic from the front-end subnet to the back-end subnet.
az network nsg rule create \
--resource-group $RgName \
--nsg-name MyNsg-BackEnd \
--name Allow-MySql-FrontEnd \
--access Allow --protocol Tcp \
--direction Inbound \
--priority 100 \
--source-address-prefix 10.0.1.0/24 \
--source-port-range "*" \
--destination-address-prefix "*" \
--destination-port-range 3306
# Create an NSG rule to allow SSH traffic from the Internet to the front-end subnet.
az network nsg rule create \
--resource-group $RgName \
--nsg-name MyNsg-BackEnd \
--name Allow-SSH-All \
--access Allow \
--protocol Tcp \
--direction Inbound \
--priority 200 \
--source-address-prefix Internet \
--source-port-range "*" \
--destination-address-prefix "*" \
--destination-port-range 22
# Create an NSG rule to block all outbound traffic from the back-end subnet to the Internet (NOTE: If you run the MySQL installation below this rule will be disabled and then re-enabled).
az network nsg rule create \
--resource-group $RgName \
--nsg-name MyNsg-BackEnd \
--name Deny-Internet-All \
--access Deny --protocol Tcp \
--direction Outbound --priority 300 \
--source-address-prefix "*" \
--source-port-range "*" \
--destination-address-prefix "*" \
--destination-port-range "*"
# Associate the back-end NSG to the back-end subnet.
az network vnet subnet update \
--vnet-name MyVnet \
--name MySubnet-BackEnd \
--resource-group $RgName \
--network-security-group MyNsg-BackEnd
# Create a public IP address for the web server VM.
az network public-ip create \
--resource-group $RgName \
--name MyPublicIP-Web
# Create a NIC for the web server VM.
az network nic create \
--resource-group $RgName \
--name MyNic-Web \
--vnet-name MyVnet \
--subnet MySubnet-FrontEnd \
--network-security-group MyNsg-FrontEnd \
--public-ip-address MyPublicIP-Web
# Create a Web Server VM in the front-end subnet.
az vm create \
--resource-group $RgName \
--name MyVm-Web \
--nics MyNic-Web \
--image UbuntuLTS \
--admin-username azureadmin \
--generate-ssh-keys
# Create a public IP address for the MySQL VM.
az network public-ip create \
--resource-group $RgName \
--name MyPublicIP-Sql
# Create a NIC for the MySQL VM.
az network nic create \
--resource-group $RgName \
--name MyNic-Sql \
--vnet-name MyVnet \
--subnet MySubnet-BackEnd \
--network-security-group MyNsg-BackEnd \
--public-ip-address MyPublicIP-Sql
# Create a MySQL VM in the back-end subnet.
az vm create \
--resource-group $RgName \
--name MyVm-Sql \
--nics MyNic-Sql \
--image UbuntuLTS \
--admin-username azureadmin \
--generate-ssh-keys