{"id":19874213,"url":"https://github.com/pythoninthegrass/az_lab","last_synced_at":"2025-10-15T12:09:31.872Z","repository":{"id":191098939,"uuid":"683919866","full_name":"pythoninthegrass/az_lab","owner":"pythoninthegrass","description":"Azure Cloud sandbox using Terraform, Ansible, and Python","archived":false,"fork":false,"pushed_at":"2025-02-07T22:58:56.000Z","size":226,"stargazers_count":1,"open_issues_count":6,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-01T01:26:15.955Z","etag":null,"topics":["ansible","azure","cloud-init","golang","powershell","python","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pythoninthegrass.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"pythoninthegrass","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2023-08-28T04:18:43.000Z","updated_at":"2023-08-28T04:19:49.000Z","dependencies_parsed_at":"2023-08-28T05:35:59.276Z","dependency_job_id":"e2a484ef-b851-4744-b7b5-8b4875d5b44d","html_url":"https://github.com/pythoninthegrass/az_lab","commit_stats":null,"previous_names":["pythoninthegrass/az_lab"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pythoninthegrass/az_lab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythoninthegrass%2Faz_lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythoninthegrass%2Faz_lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythoninthegrass%2Faz_lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythoninthegrass%2Faz_lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pythoninthegrass","download_url":"https://codeload.github.com/pythoninthegrass/az_lab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythoninthegrass%2Faz_lab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279077248,"owners_count":26098234,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-15T02:00:07.814Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","azure","cloud-init","golang","powershell","python","terraform"],"created_at":"2024-11-12T16:22:19.988Z","updated_at":"2025-10-15T12:09:31.832Z","avatar_url":"https://github.com/pythoninthegrass.png","language":"HCL","readme":"# az_lab\n\nAzure Cloud sandbox using Terraform, Ansible, and Python (among other languages and tools.)\n\nTakes inspiration from [APT-Lab-Terraform](https://github.com/DefensiveOrigins/APT-Lab-Terraform).\n\n## Installation\n* [Install Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest)\n* [Install Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html)\n\n## Setup\n### Create Token/Document\n* From the [Azure Terraform Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret.html#creating-a-service-principal-using-the-azure-cli):\n    ```bash\n    # login\n    az login\n\n    # list accounts\n    az account list\n\n    # set subscription\n    az account set --subscription=\"\u003csubscription_id\u003e\"\n\n    # create service principal\n    az ad sp create-for-rbac --role=\"Contributor\" --scopes=\"/subscriptions/\u003csubscription_id\u003e\" \n    ```\n    \u003e This command will output 5 values:\n    ```json\n    {\n        \"appId\": \"00000000-0000-0000-0000-000000000000\",\n        \"displayName\": \"azure-cli-2017-06-05-10-41-15\",\n        \"name\": \"http://azure-cli-2017-06-05-10-41-15\",\n        \"password\": \"0000-0000-0000-0000-000000000000\",\n        \"tenant\": \"00000000-0000-0000-0000-000000000000\"\n    }\n    ```\n    \u003e These values map to the Terraform variables like so:\n    \u003e\n    \u003e * `appId` is the `client_id` defined above.\n    \u003e * `password` is the `client_secret` defined above.\n    \u003e * `tenant` is the `tenant_id` defined above.\n    \u003e  \n* Copy `.env.example` to `.env`\n* Edit `.env` and add your token info\n\n## Quickstart\n```bash\n# navigate to terraform directory\ncd ./terraform\n\n# initialize terraform\nterraform init -upgrade\n\n# plan terraform\nterraform plan -out tfplan\n\n# apply terraform\nterraform apply tfplan\n\n# replace ansible_provisioner local-exec\nterraform apply -replace=\"null_resource.ansible_provisioner\" -auto-approve\n\n# get public ip address\nip_addr=$(terraform show -json | jq -r '.values.root_module.resources[] | select(.address == \"azurerm_linux_virtual_machine.my_terraform_vm\").values.public_ip_address')\n\n# copy files to instance\nscp ./ansible/playbook.yml ubuntu@${ip_addr}:~\n\n# install ansible and activate virtualenv\npoetry install\npoetry shell\n\n# install terraform ansible collection\nansible-galaxy collection install -r ./ansible/collections/requirements.yml\n\n# ssh into instance\nssh -i ~/.ssh/id_rsa ubuntu@${ip_addr}\n\n# ping new server\n## stray comma is to prevent ansible from reading the ip as a file\nansible all -i \"$ip_addr,\" -m ping -u ubuntu\n\n# run ansible playbook\n## -i inventory\n## -u user\n## -b become\n## --tags|--skip-tags \u003ctag\u003e\n## -vvv verbose\n## -e extra vars\nansible-playbook -i hosts -u ubuntu playbook.yml --skip-tags qa -vvv -e \"azure=${ip_addr}\"\n\n# disconnect from instance\nexit\n\n# destroy terraform\nterraform destroy\n```\n\n## TODO\n* cloud-init\n* ansible\n  * remote management via ssh (use python to generate new hosts via .env)\n* azure\n  * windows server\n    * domain controller\n  * windows client(s)\n* [infectionmonkey](https://www.guardicore.com/infectionmonkey/)\n* multi-cloud?\n  * aws\n  * gcp\n\n## Further Reading\n[Authenticate Terraform to Azure](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure?tabs=bash#specify-service-principal-credentials-in-a-terraform-provider-block)\n\n[Quickstart: Use Terraform to create a Linux VM](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-terraform?tabs=azure-cli)\n\n[Quickstart: Use Terraform to create a Windows VM](https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-terraform)\n\n[Get Started - Configure Ansible on an Azure VM](https://learn.microsoft.com/en-us/azure/developer/ansible/install-on-linux-vm?tabs=azure-cli#test-ansible-installation)\n\n[How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!) – Black Hills Information Security](https://www.blackhillsinfosec.com/how-to-applied-purple-teaming-lab-build-on-azure-with-terraform/)\n\n\n","funding_links":["https://github.com/sponsors/pythoninthegrass"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpythoninthegrass%2Faz_lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpythoninthegrass%2Faz_lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpythoninthegrass%2Faz_lab/lists"}