This exercise teaches you how to build infrastructure in Azure using Terraform. You'll create a Linux virtual machine with proper networking, storage, and security configurations.
- Virtual Network (VNet) with a subnet
- Linux Virtual Machine (Kali Linux 2024.1)
- Storage: 100 GB managed disk
- Compute: Minimum 2 vCPUs
- Security: Network Security Group with SSH access
- Public IP for remote access
# Login to Azure
az login
# Set your subscription (if you have multiple)
az account set --subscription "your-subscription-id"
# Verify your account
az account showterraform-vm-exercise/
├── README.md # This guide
├── main.tf # Main Terraform configuration
├── variables.tf # Input variables
├── outputs.tf # Output values
├── terraform.tfvars # Variable values (create this)
└── .gitignore # Git ignore file
git clone <your-repo-url>
cd terraform-vm-exerciseCreate a terraform.tfvars file with your specific values:
# Copy terraform.tfvars.example to terraform.tfvars and customize
resource_group_name = "rg-terraform-exercise"
location = "West Europe"
admin_username = "azureuser"
vm_name = "vm-terraform-demo"# Initialize Terraform (downloads Azure provider)
terraform init# See what Terraform will create
terraform plan# Apply the configuration
terraform applyType yes when prompted to confirm the deployment.
After deployment, Terraform will output the public IP address:
# SSH to your Kali Linux VM (replace with actual IP)
ssh azureuser@<public-ip-address>Note: Kali Linux is a specialized penetration testing distribution. Make sure you comply with your organization's security policies when using it.
In the Azure Portal, navigate to your resource group to see:
- Virtual Machine
- Virtual Network and Subnet
- Network Security Group
- Public IP Address
- Managed Disks
# Destroy all created resources
terraform destroyType yes when prompted to confirm the destruction.
- VNet CIDR:
10.0.0.0/16(65,536 addresses) - Subnet CIDR:
10.0.1.0/24(256 addresses)
Why this range is safe:
10.0.0.0/8is a private IP range (RFC 1918)- Unlikely to conflict with on-premises networks
- Provides plenty of room for expansion
- SSH Access: Port 22 from any source (0.0.0.0/0)
- Note: In production, restrict SSH to specific IP ranges
-
Authentication Errors
# Re-login to Azure az login -
Resource Already Exists
# Import existing resource or change names in terraform.tfvars -
Quota Limits
- Check Azure quotas in the portal
- Try a different VM size or region
# Initialize working directory
terraform init
# Validate configuration files
terraform validate
# Format configuration files
terraform fmt
# Show current state
terraform show
# List resources in state
terraform state list
# Plan changes
terraform plan
# Apply changes
terraform apply
# Destroy infrastructure
terraform destroyAfter completing this exercise, you will understand:
-
Terraform Basics
- Provider configuration
- Resource definitions
- Variable usage
- Output values
-
Azure Networking
- Virtual Networks and Subnets
- Network Security Groups
- Public IP addresses
-
Azure Compute
- Virtual Machine sizing
- Managed disks
- SSH key authentication
- Kali Linux deployment
-
Infrastructure as Code
- Declarative infrastructure
- State management
- Resource dependencies
-
Enhance Security
- Add Key Vault for SSH keys
- Implement Azure Bastion
- Add monitoring and logging
-
Scale the Infrastructure
- Add load balancer
- Create multiple VMs
- Implement auto-scaling
-
Add Application Components
- Database services
- Container services
- Application Gateway
Happy Learning! 🚀
Remember: Always clean up your resources after the exercise to avoid unnecessary costs.