diff --git a/Terraform/main.tf b/Terraform/main.tf index da702cb..4c0becb 100644 --- a/Terraform/main.tf +++ b/Terraform/main.tf @@ -26,9 +26,21 @@ resource "aws_route" "internet_access" { resource "aws_subnet" "default" { vpc_id = "${aws_vpc.default.id}" cidr_block = "192.168.38.0/24" + availability_zone = "${var.availability_zone}" map_public_ip_on_launch = true } +# Adjust VPC DNS settings to not conflict with lab +resource "aws_vpc_dhcp_options" "default" { + domain_name = "windomain.local" + domain_name_servers = ["${aws_instance.dc.private_ip}", "${var.external_dns_servers}"] + netbios_name_servers = ["${aws_instance.dc.private_ip}"] +} +resource "aws_vpc_dhcp_options_association" "default" { + vpc_id = "${aws_vpc.default.id}" + dhcp_options_id = "${aws_vpc_dhcp_options.default.id}" +} + # Our default security group for the logger host resource "aws_security_group" "logger" { name = "logger_security_group" @@ -185,18 +197,6 @@ resource "aws_instance" "dc" { subnet_id = "${aws_subnet.default.id}" vpc_security_group_ids = ["${aws_security_group.windows.id}"] private_ip = "192.168.38.102" - provisioner "remote-exec" { - connection = { - type = "winrm" - user = "vagrant" - password = "vagrant" - agent = "false" - insecure = "true" - } - inline = [ - "powershell -command \"$newDNSServers = @('192.168.38.102','8.8.8.8'); $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match '192.168.38.'}; $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}\"", - ] - } root_block_device { delete_on_termination = true } @@ -211,18 +211,6 @@ resource "aws_instance" "wef" { subnet_id = "${aws_subnet.default.id}" vpc_security_group_ids = ["${aws_security_group.windows.id}"] private_ip = "192.168.38.103" - provisioner "remote-exec" { - connection = { - type = "winrm" - user = "vagrant" - password = "vagrant" - agent = "false" - insecure = "true" - } - inline = [ - "powershell -command \"$newDNSServers = @('192.168.38.102','8.8.8.8'); $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match '192.168.38.'}; $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}\"", - ] - } root_block_device { delete_on_termination = true } @@ -237,18 +225,6 @@ resource "aws_instance" "win10" { subnet_id = "${aws_subnet.default.id}" vpc_security_group_ids = ["${aws_security_group.windows.id}"] private_ip = "192.168.38.104" - provisioner "remote-exec" { - connection = { - type = "winrm" - user = "vagrant" - password = "vagrant" - agent = "false" - insecure = "true" - } - inline = [ - "powershell -command \"$newDNSServers = @('192.168.38.102','8.8.8.8'); $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match '192.168.38.'}; $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}\"", - ] - } root_block_device { delete_on_termination = true } diff --git a/Terraform/variables.tf b/Terraform/variables.tf index ac5260e..3139d42 100644 --- a/Terraform/variables.tf +++ b/Terraform/variables.tf @@ -1,6 +1,10 @@ variable "region" { default = "us-west-1" } +variable "availability_zone" { + description = "https://www.terraform.io/docs/providers/aws/d/availability_zone.html" + default = "" +} variable "shared_credentials_file" { description = "Path to your AWS credentials file" type = "string" @@ -25,6 +29,11 @@ variable "ip_whitelist" { type = "list" default = [""] } +variable "external_dns_servers" { + description = "Configure lab to allow external DNS resolution" + type = "list" + default = ["8.8.8.8"] +} # The logger host will provision itself and does not use a pre-built AMI