-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathphysical-security.sh
64 lines (53 loc) · 2.1 KB
/
physical-security.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
# This script sample is released under the MIT license. For more information,
# see https://github.com/fouldsy/oreilly-azure-security-fundamentals/blob/master/LICENSE
# Create a public IP address and VPN gateway
# It will take 30-40 mins for the VPN gateway to be created, so --no-wait is
# used to return control the CLI prompt right away.
# PROVIDE YOUR OWN UNIQUE --dns-name
az network public-ip create \
--resource-group oreilly-security-essentials \
--name ip-vpn-gateway-centralus \
--dns-name vpngatewaycentralus
az network vnet-gateway create \
--resource-group oreilly-security-essentials \
--name gateway-centralus \
--vnet vnet-centralus \
--public-ip-addresses ip-vpn-gateway-centralus \
--no-wait
# PROVIDE YOUR OWN UNIQUE --dns-name
az network public-ip create \
--resource-group oreilly-security-essentials \
--name ip-vpn-gateway-northeurope \
--location northeurope \
--dns-name vpngatewaynortheurope
az network vnet-gateway create \
--resource-group oreilly-security-essentials \
--name gateway-northeurope \
--location northeurope \
--vnet vnet-northeurope \
--public-ip-addresses ip-vpn-gateway-northeurope \
--no-wait
# Create and configure an Azure firewall
az extension add --name azure-firewall
az network firewall create \
--resource-group oreilly-security-essentials \
--name firewall-centralus
az network public-ip create \
--resource-group oreilly-security-essentials \
--name ip-firewall \
--sku Standard
az network firewall ip-config create \
--resource-group oreilly-security-essentials \
--name firewall-ip-config \
--vnet-name vnet-centralus \
--firewall-name firewall-centralus \
--public-ip-address ip-firewall
# Create an Azure Storage account for encrupted blob data and HTTPS
# PROVIDE YOUR OWN UNIQUE STORAGE ACCOUNT NAME
az storage account create \
--resource-group oreilly-security-essentials \
--name storagecentralus \
--encryption-services blob \
--https-only true \
--sku Standard_LRS