try-bridgecrew · schosterbarak · Jun 25, 2020 · Jun 16, 2020 · Jun 16, 2020 · Jun 17, 2020
diff --git a/.github/template.md b/.github/template.md
@@ -1,18 +1,20 @@
-# TerraGoat - Vulnerable Terraform Infrastructure 
+# TerraGoat - Vulnerable Terraform Infrastructure
+
 [![Maintained by Bridgecrew.io](https://img.shields.io/badge/maintained%20by-bridgecrew.io-blueviolet)](https://bridge.dev/2WBms5Q)
 ![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.12.0-blue.svg)
 
 TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.
-[![Terragoat](terragoat-logo.png)](#)
+![Terragoat](terragoat-logo.png)
 
 TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.
 TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
 
-
 ## Table of Contents
 
 * [Introduction](#introduction)
 * [Getting Started](#getting-started)
+  * [AWS](#aws-setup)
+  * [Azure](#azure-setup)
 * [Contributing](#contributing)
 * [Support](#support)
 
@@ -23,23 +25,30 @@ TerraGoat was built to enable DevSecOps design and implement a sustainable misco
 TerraGoat follows the tradition of existing *Goat projects that provide a baseline training ground to practice implementing secure development best practices for cloud infrastructure.
 
 ## Important notes
+
 * **Where to get help:** the [Bridgecrew Community Slack](https://codified-security.herokuapp.com/)
 
 Before you proceed please take a not of these warning:
 > :warning: TerraGoat creates intentionally vulnerable AWS resources into your account. **DO NOT deploy TerraGoat in a production environment or alongside any sensitive AWS resources.**
 
 ## Requirements
-* Terraform 0.12 
+
+* Terraform 0.12
 * aws cli
+* azure cli
 
-To prevent vulnerable infrastructure from arriving to production 
-see: [checkov](https://github.com/bridgecrewio/checkov/), the open source static analysis tool for infrastructure as code. 
+To prevent vulnerable infrastructure from arriving to production see: [checkov](https://github.com/bridgecrewio/checkov/), the open source static analysis tool for infrastructure as code.
 
 ## Getting started
-### Installation
-You can deploy multiple TerraGoat stacks in a single AWS account using the parameters `TF_VAR_environment` and `TF_VAR_environment`.
-
-#### Create an S3 bucket backend to keep Terraform state
+
+### AWS Setup
+
+#### Installation (AWS)
+
+You can deploy multiple TerraGoat stacks in a single AWS account using the parameter `TF_VAR_environment`.
+
+#### Create an S3 Bucket backend to keep Terraform state
+
 ```bash
 export TERRAGOAT_STATE_BUCKET="mydevsecops-bucket"
 export TF_VAR_company_name=acme
@@ -49,7 +58,7 @@ export TF_VAR_region="us-west-2"
 aws s3api create-bucket --bucket $TERRAGOAT_STATE_BUCKET \
     --region $TF_VAR_region --create-bucket-configuration LocationConstraint=$TF_VAR_region
 
-# Enable versioning    
+# Enable versioning
 aws s3api put-bucket-versioning --bucket $TERRAGOAT_STATE_BUCKET --versioning-configuration Status=Enabled
 
 # Enable encryption
@@ -64,9 +73,10 @@ aws s3api put-bucket-encryption --bucket $TERRAGOAT_STATE_BUCKET --server-side-e
 }'
 ```
 
-#### Apply TerraGoat
+#### Apply TerraGoat (AWS)
+
 ```bash
-cd terraform/
+cd terraform/aws/
 terraform init \
 -backend-config="bucket=$TERRAGOAT_STATE_BUCKET" \
 -backend-config="key=$TF_VAR_company_name-$TF_VAR_environment.tfstate" \
@@ -75,48 +85,95 @@ terraform init \
 terraform apply
 ```
 
-#### Remove TerraGoat
+#### Remove TerraGoat (AWS)
+
 ```bash
 terraform destroy
 ```
 
-#### Creating multiple TerraGoat stacks 
-```bash
+#### Creating multiple TerraGoat AWS stacks
 
-cd terraform/
+```bash
+cd terraform/aws/
 export TERRAGOAT_ENV=$TF_VAR_environment
 export TERRAGOAT_STACKS_NUM=5
 for i in $(seq 1 $TERRAGOAT_STACKS_NUM)
 do
-    export TF_VAR_environment=$TERRAGOAT_ENV$i   
+    export TF_VAR_environment=$TERRAGOAT_ENV$i
     terraform init \
     -backend-config="bucket=$TERRAGOAT_STATE_BUCKET" \
     -backend-config="key=$TF_VAR_company_name-$TF_VAR_environment.tfstate" \
-    -backend-config="region=$TF_VAR_region" 
-    
+    -backend-config="region=$TF_VAR_region"
+
     terraform apply -auto-approve
 done
 ```
 
-#### Deleting multiple TerraGoat stacks 
-```bash
+#### Deleting multiple TerraGoat stacks (AWS)
 
-cd terraform/
+```bash
+cd terraform/aws/
 export TF_VAR_environment = $TERRAGOAT_ENV
 for i in $(seq 1 $TERRAGOAT_STACKS_NUM)
 do
-    export TF_VAR_environment=$TERRAGOAT_ENV$i   
+    export TF_VAR_environment=$TERRAGOAT_ENV$i
     terraform init \
     -backend-config="bucket=$TERRAGOAT_STATE_BUCKET" \
     -backend-config="key=$TF_VAR_company_name-$TF_VAR_environment.tfstate" \
-    -backend-config="region=$TF_VAR_region" 
-    
+    -backend-config="region=$TF_VAR_region"
+
     terraform destroy -auto-approve
 done
 ```
 
+### Azure Setup
+
+#### Installation (Azure)
+
+You can deploy multiple TerraGoat stacks in a single Azure subscription using the parameter `TF_VAR_environment`.
+
+#### Create an Azure Storage Account backend to keep Terraform state
+
+```bash
+export TERRAGOAT_RESOURCE_GROUP="TerraGoatRG"
+export TERRAGOAT_STATE_STORAGE_ACCOUNT="mydevsecopssa"
+export TERRAGOAT_STATE_CONTAINER="mydevsecops"
+export TF_VAR_environment="dev"
+export TF_VAR_region="westus"
+
+# Create resource group
+az group create --location $TF_VAR_region --name $TERRAGOAT_RESOURCE_GROUP
+
+# Create storage account
+az storage account create --name $TERRAGOAT_STATE_STORAGE_ACCOUNT --resource-group $TERRAGOAT_RESOURCE_GROUP --location $TF_VAR_region --sku Standard_LRS --kind StorageV2 --https-only true --encryption-services blob
+
+# Get storage account key
+ACCOUNT_KEY=$(az storage account keys list --resource-group $TERRAGOAT_RESOURCE_GROUP --account-name $TERRAGOAT_STATE_STORAGE_ACCOUNT --query [0].value -o tsv)
+
+# Create blob container
+az storage container create --name $TERRAGOAT_STATE_CONTAINER --account-name $TERRAGOAT_STATE_STORAGE_ACCOUNT --account-key $ACCOUNT_KEY
+```
+
+#### Apply TerraGoat (Azure)
+
+```bash
+cd terraform/azure/
+terraform init -reconfigure -backend-config="resource_group_name=$TERRAGOAT_RESOURCE_GROUP" \
+    -backend-config "storage_account_name=$TERRAGOAT_STATE_STORAGE_ACCOUNT" \
+    -backend-config="container_name=$TERRAGOAT_STATE_CONTAINER" \
+    -backend-config "key=$TF_VAR_environment.terraform.tfstate"
+
+terraform apply
+```
+
+#### Remove TerraGoat (Azure)
+
+```bash
+terraform destroy
+```
+
+## Bridgecrew's IaC herd of goats
 
-## Bridgecrew's IaC heard of goats:
 * [CfnGoat](https://github.com/bridgecrewio/cfngoat) - Vulnerable by design Cloudformation template
 * [TerraGoat](https://github.com/bridgecrewio/terragoat) - Vulnerable by design Terraform stack
 
@@ -132,4 +189,4 @@ We would love to hear about more ideas on how to find vulnerable infrastructure-
 
 If you need direct support you can contact us at [[email protected]](mailto:[email protected]).
 
-# Existing vulnerabilities (Auto-Generated)
+## Existing vulnerabilities (Auto-Generated)