DEV Community

Smallsun2025
Smallsun2025

Posted on

Deploy a Windows VM with NSG and IIS using Terraform

#terraform

🧭 Introduction
When deploying infrastructure on Azure, Terraform allows you to build repeatable, automated, and secure environments. In this post, we’ll demonstrate how to deploy a Windows Virtual Machine (VM) with a Network Security Group (NSG) and install IIS via a startup script. This setup is ideal for beginners or cloud engineers exploring infrastructure as code (IaC) for web services on Windows.

📁 Project Structure

azure-windows-iis-demo/
├── main.tf # Core resource definitions (VM, NSG, IP, NIC)
├── variables.tf # Input variables declaration
├── terraform.tfvars # Variable values
├── outputs.tf # Outputs like public IP
├── iis-install.ps1 # Startup script to install IIS
Each file keeps the configuration modular, clear, and easy to maintain.

Terraform Configuration Breakdown

  1. Virtual Network, Subnet, and NSG

resource "azurerm_network_security_group" "nsg" {
name = "win-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name

security_rule {
name = "allow_http"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = ""
destination_port_range = "80"
source_address_prefix = ""
destination_address_prefix = "*"
}
}

Opens port 80 to allow web traffic (IIS access)

  1. Windows VM + IIS Script resource "azurerm_virtual_machine" "vm" { ... os_profile { computer_name = "webvm" admin_username = var.admin_username admin_password = var.admin_password custom_data = filebase64("iis-install.ps1") } } custom_data runs PowerShell to install IIS after boot.
  2. Output output "public_ip_address" { description = "The public IP address of the Windows VM" value = azurerm_public_ip.vm_pip.ip_address } After deployment, this will show the VM’s public IP so you can test IIS.

How to Deploy
Make sure you have Terraform installed and configured locally.

Step 1: Login to Azure

az login

Step 2: Initialize

terraform init

Step 3: Preview changes

terraform plan

Step 4: Deploy

terraform apply
Type yes when prompted. After deployment, access the IIS default page by visiting the outputted public IP in a browser.
✅ ConclusionThis project helps you understand:

How to securely deploy Windows VMs with NSGs

How to run PowerShell scripts during provisioning

How to automate web server setup via Terraform

Top comments (0)