import * as pulumi from "@pulumi/pulumi"; /** * Manages a Replica Set for an Active Directory Domain Service. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as azuread from "@pulumi/azuread"; * * const primary = new azure.core.ResourceGroup("primary", { * name: "aadds-primary-rg", * location: "West Europe", * }); * const primaryVirtualNetwork = new azure.network.VirtualNetwork("primary", { * name: "aadds-primary-vnet", * location: primary.location, * resourceGroupName: primary.name, * addressSpaces: ["10.0.1.0/16"], * }); * const primarySubnet = new azure.network.Subnet("primary", { * name: "aadds-primary-subnet", * resourceGroupName: primary.name, * virtualNetworkName: primaryVirtualNetwork.name, * addressPrefixes: ["10.0.1.0/24"], * }); * const primaryNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("primary", { * name: "aadds-primary-nsg", * location: primary.location, * resourceGroupName: primary.name, * securityRules: [ * { * name: "AllowSyncWithAzureAD", * priority: 101, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "443", * sourceAddressPrefix: "AzureActiveDirectoryDomainServices", * destinationAddressPrefix: "*", * }, * { * name: "AllowRD", * priority: 201, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "3389", * sourceAddressPrefix: "CorpNetSaw", * destinationAddressPrefix: "*", * }, * { * name: "AllowPSRemoting", * priority: 301, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "5986", * sourceAddressPrefix: "AzureActiveDirectoryDomainServices", * destinationAddressPrefix: "*", * }, * { * name: "AllowLDAPS", * priority: 401, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "636", * sourceAddressPrefix: "*", * destinationAddressPrefix: "*", * }, * ], * }); * const primarySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("primary", { * subnetId: primarySubnet.id, * networkSecurityGroupId: primaryNetworkSecurityGroup.id, * }); * const dcAdmins = new azuread.Group("dc_admins", { * displayName: "aad-dc-administrators", * securityEnabled: true, * }); * const admin = new azuread.User("admin", { * userPrincipalName: "dc-admin@hashicorp-example.net", * displayName: "DC Administrator", * password: "Pa55w0Rd!!1", * }); * const adminGroupMember = new azuread.GroupMember("admin", { * groupObjectId: dcAdmins.objectId, * memberObjectId: admin.objectId, * }); * const example = new azuread.ServicePrincipal("example", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"}); * const aadds = new azure.core.ResourceGroup("aadds", { * name: "aadds-rg", * location: "westeurope", * }); * const exampleService = new azure.domainservices.Service("example", { * name: "example-aadds", * location: aadds.location, * resourceGroupName: aadds.name, * domainName: "widgetslogin.net", * sku: "Enterprise", * filteredSyncEnabled: false, * initialReplicaSet: { * location: primaryVirtualNetwork.location, * subnetId: primarySubnet.id, * }, * notifications: { * additionalRecipients: [ * "notifyA@example.net", * "notifyB@example.org", * ], * notifyDcAdmins: true, * notifyGlobalAdmins: true, * }, * security: { * syncKerberosPasswords: true, * syncNtlmPasswords: true, * syncOnPremPasswords: true, * }, * tags: { * Environment: "prod", * }, * }, { * dependsOn: [ * example, * primarySubnetNetworkSecurityGroupAssociation, * ], * }); * const replica = new azure.core.ResourceGroup("replica", { * name: "aadds-replica-rg", * location: "North Europe", * }); * const replicaVirtualNetwork = new azure.network.VirtualNetwork("replica", { * name: "aadds-replica-vnet", * location: replica.location, * resourceGroupName: replica.name, * addressSpaces: ["10.20.0.0/16"], * }); * const aaddsReplica = new azure.network.Subnet("aadds_replica", { * name: "aadds-replica-subnet", * resourceGroupName: replica.name, * virtualNetworkName: replicaVirtualNetwork.name, * addressPrefixes: ["10.20.0.0/24"], * }); * const aaddsReplicaNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("aadds_replica", { * name: "aadds-replica-nsg", * location: replica.location, * resourceGroupName: replica.name, * securityRules: [ * { * name: "AllowSyncWithAzureAD", * priority: 101, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "443", * sourceAddressPrefix: "AzureActiveDirectoryDomainServices", * destinationAddressPrefix: "*", * }, * { * name: "AllowRD", * priority: 201, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "3389", * sourceAddressPrefix: "CorpNetSaw", * destinationAddressPrefix: "*", * }, * { * name: "AllowPSRemoting", * priority: 301, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "5986", * sourceAddressPrefix: "AzureActiveDirectoryDomainServices", * destinationAddressPrefix: "*", * }, * { * name: "AllowLDAPS", * priority: 401, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "636", * sourceAddressPrefix: "*", * destinationAddressPrefix: "*", * }, * ], * }); * const replicaSubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("replica", { * subnetId: aaddsReplica.id, * networkSecurityGroupId: aaddsReplicaNetworkSecurityGroup.id, * }); * const primaryReplica = new azure.network.VirtualNetworkPeering("primary_replica", { * name: "aadds-primary-replica", * resourceGroupName: primaryVirtualNetwork.resourceGroupName, * virtualNetworkName: primaryVirtualNetwork.name, * remoteVirtualNetworkId: replicaVirtualNetwork.id, * allowForwardedTraffic: true, * allowGatewayTransit: false, * allowVirtualNetworkAccess: true, * useRemoteGateways: false, * }); * const replicaPrimary = new azure.network.VirtualNetworkPeering("replica_primary", { * name: "aadds-replica-primary", * resourceGroupName: replicaVirtualNetwork.resourceGroupName, * virtualNetworkName: replicaVirtualNetwork.name, * remoteVirtualNetworkId: primaryVirtualNetwork.id, * allowForwardedTraffic: true, * allowGatewayTransit: false, * allowVirtualNetworkAccess: true, * useRemoteGateways: false, * }); * const replicaVirtualNetworkDnsServers = new azure.network.VirtualNetworkDnsServers("replica", { * virtualNetworkId: replicaVirtualNetwork.id, * dnsServers: exampleService.initialReplicaSet.apply(initialReplicaSet => initialReplicaSet.domainControllerIpAddresses), * }); * const replicaReplicaSet = new azure.domainservices.ReplicaSet("replica", { * domainServiceId: exampleService.id, * location: replica.location, * subnetId: aaddsReplica.id, * }, { * dependsOn: [ * replicaSubnetNetworkSecurityGroupAssociation, * primaryReplica, * replicaPrimary, * ], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.AAD` - 2021-05-01 * * ## Import * * Domain Service Replica Sets can be imported using the resource ID of the parent Domain Service and the Replica Set ID, e.g. * * ```sh * $ pulumi import azure:domainservices/replicaSet:ReplicaSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/replicaSets/00000000-0000-0000-0000-000000000000 * ``` */ export declare class ReplicaSet extends pulumi.CustomResource { /** * Get an existing ReplicaSet resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ReplicaSetState, opts?: pulumi.CustomResourceOptions): ReplicaSet; /** * Returns true if the given object is an instance of ReplicaSet. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ReplicaSet; /** * A list of subnet IP addresses for the domain controllers in this Replica Set, typically two. */ readonly domainControllerIpAddresses: pulumi.Output; /** * The ID of the Domain Service for which to create this Replica Set. Changing this forces a new resource to be created. */ readonly domainServiceId: pulumi.Output; /** * The publicly routable IP address for the domain controllers in this Replica Set. */ readonly externalAccessIpAddress: pulumi.Output; /** * The Azure location where this Replica Set should exist. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * The current service status for the replica set. */ readonly serviceStatus: pulumi.Output; /** * The ID of the subnet in which to place this Replica Set. Changing this forces a new resource to be created. */ readonly subnetId: pulumi.Output; /** * Create a ReplicaSet resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ReplicaSetArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ReplicaSet resources. */ export interface ReplicaSetState { /** * A list of subnet IP addresses for the domain controllers in this Replica Set, typically two. */ domainControllerIpAddresses?: pulumi.Input[]>; /** * The ID of the Domain Service for which to create this Replica Set. Changing this forces a new resource to be created. */ domainServiceId?: pulumi.Input; /** * The publicly routable IP address for the domain controllers in this Replica Set. */ externalAccessIpAddress?: pulumi.Input; /** * The Azure location where this Replica Set should exist. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The current service status for the replica set. */ serviceStatus?: pulumi.Input; /** * The ID of the subnet in which to place this Replica Set. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; } /** * The set of arguments for constructing a ReplicaSet resource. */ export interface ReplicaSetArgs { /** * The ID of the Domain Service for which to create this Replica Set. Changing this forces a new resource to be created. */ domainServiceId: pulumi.Input; /** * The Azure location where this Replica Set should exist. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The ID of the subnet in which to place this Replica Set. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; }