diff --git a/terraform/modules/bastion/main.tf b/terraform/modules/bastion/main.tf index 7a36456..6c48f66 100644 --- a/terraform/modules/bastion/main.tf +++ b/terraform/modules/bastion/main.tf @@ -92,3 +92,60 @@ resource "azurerm_role_assignment" "example" { data "azurerm_role_definition" "vm_admin" { name = "Virtual Machine Administrator Login" } + +// Windows VM +resource "azurerm_network_interface" "vm" { + name = "windows-nic" + resource_group_name = var.resource_group.name + location = var.resource_group.location + + ip_configuration { + name = "internal" + subnet_id = var.subnet_jumphost_id + private_ip_address_allocation = "Dynamic" + } +} + +resource "azurerm_windows_virtual_machine" "vm" { + name = "windows-vm" + resource_group_name = var.resource_group.name + location = var.resource_group.location + + admin_username = "adminuser" + admin_password = var.admin_password + size = "Standard_DS1_v2" + + network_interface_ids = [azurerm_network_interface.vm.id] + + source_image_reference { + publisher = "MicrosoftWindowsServer" + offer = "WindowsServer" + sku = "2022-datacenter-azure-edition" + version = "latest" + } + + os_disk { + name = "winodws-vm-os" + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + identity { + type = "SystemAssigned" + } +} + +resource "azurerm_virtual_machine_extension" "AADLoginForWindows" { + name = "AADLoginForWindows" + virtual_machine_id = azurerm_windows_virtual_machine.vm.id + publisher = "Microsoft.Azure.ActiveDirectory" + type = "AADLoginForWindows" + type_handler_version = "1.0" + auto_upgrade_minor_version = true +} + +resource "azurerm_role_assignment" "windows_vm_admin" { + scope = azurerm_windows_virtual_machine.vm.id + role_definition_id = data.azurerm_role_definition.vm_admin.id + principal_id = local.azuread_group_object_id +}