{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "adminPassword": { "type": "securestring", "metadata": { "description": "Admin Password" } }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", "metadata": { "description": "Location for all resources." } } }, "variables": { "virtualNetworkName": "prodVNET", "addressPrefix": "10.0.0.0/16", "FESubnetName": "FESubnet", "AppSubnetName": "AppSubnet", "DBSubnetName": "DBSubnet", "FESubnetPrefix": "10.0.1.0/24", "AppSubnetPrefix": "10.0.2.0/24", "DBSubnetPrefix": "10.0.3.0/24", "FENSGName": "FE_NSG", "AppNSGName": "App_NSG", "DBNSGName": "DB_NSG", "webSrvPipName": "webSrvPip", "appSrvPipName": "appSrvPip", "mongoDbPipName": "mongoDbPip", "publicIPAddressType": "Dynamic", "adminUsername": "azureadmin", "webSrvNicName": "webSrvNic", "appSrvNicName": "appSrvNic", "mongoDbNicName": "mongoDbNic", "webSrvVmName": "websrv1", "appSrvVmName": "appsrv1", "mongoDbVmName": "mongodb1", "vmSize": "Standard_A1_v2", "LinuxImagePublisher": "Canonical", "LinuxImageOffer":"UbuntuServer", "LinuxImageSKU": "18.04-LTS", "storageAccountName": "[concat('webdata', uniqueString(resourceGroup().id))]", "containerPrefix": "appdata", "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]", "FESubnetRef": "[concat(variables('vnetID'),'/subnets/',variables('FESubnetName'))]", "AppSubnetRef": "[concat(variables('vnetID'),'/subnets/',variables('AppSubnetName'))]", "DBSubnetRef": "[concat(variables('vnetID'),'/subnets/',variables('DBSubnetName'))]", "sqlServerName": "[concat('sqlserver', uniqueString(resourceGroup().id))]", "sqlDatabaseName": "app_sql_db01" }, "resources": [ { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[variables('FENSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "allow_any", "properties": { "description": "Allow all ports", "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } } ] } }, { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[variables('AppNSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "allow_any", "properties": { "description": "Allow all ports", "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } } ] } }, { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[variables('DBNSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "allow_any", "properties": { "description": "Allow all ports", "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } } ] } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/virtualNetworks", "name": "[variables('virtualNetworkName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/networkSecurityGroups/', variables('FENSGName'))]", "[concat('Microsoft.Network/networkSecurityGroups/', variables('AppNSGName'))]", "[concat('Microsoft.Network/networkSecurityGroups/', variables('DBNSGName'))]" ], "properties": { "addressSpace": { "addressPrefixes": [ "[variables('addressPrefix')]" ] }, "subnets": [ { "name": "[variables('FESubnetName')]", "properties": { "addressPrefix": "[variables('FESubnetPrefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('FENSGName'))]" } } }, { "name": "[variables('AppSubnetName')]", "properties": { "addressPrefix": "[variables('AppSubnetPrefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('AppNSGName'))]" } } }, { "name": "[variables('DBSubnetName')]", "properties": { "addressPrefix": "[variables('DBSubnetPrefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('DBNSGName'))]" } } } ] } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('mongoDbPipName')]", "location": "[parameters('location')]", "properties": { "publicIPAllocationMethod": "[variables('publicIPAddressType')]", "dnsSettings": { "domainNameLabel": "[concat('mongo', uniqueString(resourceGroup().id))]" } } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('webSrvPipName')]", "location": "[parameters('location')]", "properties": { "publicIPAllocationMethod": "[variables('publicIPAddressType')]", "dnsSettings": { "domainNameLabel": "[concat('websrv', uniqueString(resourceGroup().id))]" } } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('appSrvPipName')]", "location": "[parameters('location')]", "properties": { "publicIPAllocationMethod": "[variables('publicIPAddressType')]", "dnsSettings": { "domainNameLabel": "[concat('appsrv', uniqueString(resourceGroup().id))]" } } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/networkInterfaces", "name": "[variables('webSrvNicName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/publicIPAddresses/', variables('webSrvPipName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('webSrvPipName'))]" }, "subnet": { "id": "[variables('FESubnetRef')]" } } } ] } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/networkInterfaces", "name": "[variables('appSrvNicName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/publicIPAddresses/', variables('appSrvPipName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('appSrvPipName'))]" }, "subnet": { "id": "[variables('AppSubnetRef')]" } } } ] } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/networkInterfaces", "name": "[variables('mongoDbNicName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/publicIPAddresses/', variables('mongoDbPipName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('mongoDbPipName'))]" }, "subnet": { "id": "[variables('DBSubnetRef')]" } } } ] } }, { "apiVersion": "2017-03-30", "type": "Microsoft.Compute/virtualMachines", "name": "[variables('mongoDbVmName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/networkInterfaces/', variables('mongoDbNicName'))]" ], "properties": { "hardwareProfile": { "vmSize": "[variables('vmSize')]" }, "osProfile": { "computerName": "[variables('mongoDbVmName')]", "adminUsername": "[variables('adminUsername')]", "adminPassword": "[parameters('adminPassword')]" }, "storageProfile": { "imageReference": { "publisher": "[variables('LinuxImagePublisher')]", "offer": "[variables('LinuxImageOffer')]", "sku": "[variables('LinuxImageSKU')]", "version": "latest" }, "osDisk": { "name": "[concat(variables('mongoDbVmName'),'_OSDisk')]", "caching": "ReadWrite", "createOption": "FromImage" } }, "networkProfile": { "networkInterfaces": [ { "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('mongoDbNicName'))]" } ] } } }, { "type": "Microsoft.Compute/virtualMachines/extensions", "name": "[concat(variables('mongoDbVmName'),'/installmongo')]", "apiVersion": "2015-06-15", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Compute/virtualMachines/', variables('mongoDbVmName'))]" ], "properties": { "publisher": "Microsoft.Azure.Extensions", "type": "CustomScript", "typeHandlerVersion": "2.0", "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ "https://raw.githubusercontent.com/davidokeyode/vulnerable-by-design-azure/master/arm/scenario-one/mongo-install-ubuntu.sh" ], "commandToExecute": "sh mongo-install-ubuntu.sh" } } }, { "apiVersion": "2017-03-30", "type": "Microsoft.Compute/virtualMachines", "name": "[variables('appSrvVmName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/networkInterfaces/', variables('appSrvNicName'))]" ], "properties": { "hardwareProfile": { "vmSize": "[variables('vmSize')]" }, "osProfile": { "computerName": "[variables('appSrvVmName')]", "adminUsername": "[variables('adminUsername')]", "adminPassword": "[parameters('adminPassword')]" }, "storageProfile": { "imageReference": { "publisher": "[variables('LinuxImagePublisher')]", "offer": "[variables('LinuxImageOffer')]", "sku": "[variables('LinuxImageSKU')]", "version": "latest" }, "osDisk": { "name": "[concat(variables('appSrvVmName'),'_OSDisk')]", "caching": "ReadWrite", "createOption": "FromImage" } }, "networkProfile": { "networkInterfaces": [ { "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('appSrvNicName'))]" } ] } } }, { "apiVersion": "2017-03-30", "type": "Microsoft.Compute/virtualMachines", "name": "[variables('webSrvVmName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/networkInterfaces/', variables('webSrvNicName'))]" ], "properties": { "hardwareProfile": { "vmSize": "[variables('vmSize')]" }, "osProfile": { "computerName": "[variables('webSrvVmName')]", "adminUsername": "[variables('adminUsername')]", "adminPassword": "[parameters('adminPassword')]" }, "storageProfile": { "imageReference": { "publisher": "[variables('LinuxImagePublisher')]", "offer": "[variables('LinuxImageOffer')]", "sku": "[variables('LinuxImageSKU')]", "version": "latest" }, "osDisk": { "name": "[concat(variables('webSrvVmName'),'_OSDisk')]", "caching": "ReadWrite", "createOption": "FromImage" } }, "networkProfile": { "networkInterfaces": [ { "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('webSrvNicName'))]" } ] } } }, { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2018-11-01", "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", "kind": "StorageV2", "sku": { "name": "Standard_LRS", "tier": "Standard" }, "properties": { "accessTier": "Hot", "supportsHttpsTrafficOnly": false } }, { "type": "Microsoft.Storage/storageAccounts/blobServices/containers", "apiVersion": "2018-07-01", "name": "[concat(variables('storageAccountName'), '/default/', variables('containerPrefix'), copyIndex())]", "copy": { "name": "containercopy", "count": 3 }, "dependsOn": [ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ] }, { "name": "[variables('sqlServerName')]", "type": "Microsoft.Sql/servers", "location": "[parameters('location')]", "tags": { "displayName": "SqlServer" }, "apiVersion": "2014-04-01", "properties": { "administratorLogin": "[variables('adminUsername')]", "administratorLoginPassword": "[parameters('adminPassword')]", "version": "12.0" }, "resources": [ { "name": "[variables('sqlDatabaseName')]", "type": "databases", "location": "[parameters('location')]", "tags": { "displayName": "ApplicationDatabase" }, "apiVersion": "2014-04-01", "dependsOn": [ "[variables('sqlServerName')]" ], "properties": { "edition": "Basic", "collation": "SQL_Latin1_General_CP1_CI_AS", "maxSizeBytes": "1073741824", "requestedServiceObjectiveName": "Basic" }, "resources": [ { "comments": "Transparent Data Encryption", "name": "current", "type": "transparentDataEncryption", "apiVersion": "2014-04-01", "properties": { "status": "Disabled" }, "dependsOn": [ "[variables('sqlDatabaseName')]" ] } ] }, { "type": "firewallRules", "apiVersion": "2014-04-01", "dependsOn": [ "[variables('sqlServerName')]" ], "location": "[parameters('location')]", "name": "AllowAllWindowsAzureIps", "properties": { "endIpAddress": "0.0.0.0", "startIpAddress": "0.0.0.0" } } ] } ] }