Deploy Azure Resources with Terraform Cloud

1 CommentAzure, Devops, ,

Azure Virtual Network & Subnet with NSG and Sample Security Rules via Terraform Cloud ( Free Tier)

Let’s have a look into IaC, shall we? Ok the purpose of this post is to understand that IaC allows us to deploy fast, secure and at-scale our resources on demand, perform our tasks, and remove those billable units, while keeping the template in Terraform files. Any tools of IaC can do the same, Terraform is used mostly for the Cloud part! You see, our state, can stay on Terraform Cloud !

Let’s create a service principal to Authenticate Terraform to Azure using Cloud Shell:

az ad sp create-for-rbac --name "terra1" --role Contributor --scopes /subscriptions/xxxxxxxxxxxxxxx

Keep the Exported Values, and open Terraform Cloud

https://app.terraform.io/session

Create an Organization and a Workspace

We are logged in to an Organization and here we have our workspaces. Before anything go to Settings, API Tokens cerate a User Token and copy it in a txt file.

Create a Variable Set for the Azure Subscription and the Service Principal values we have kept. Pay attention to the Variable settings, as of the Sensitive Value and Category.

Take a look the Set can be applied to multiple workspaces.

Besides Variable Sets we will create Variables on our Workspace, like location or prefix:

Now we have to install terraform or open Vscode and install it

Install the Azure Terraform Visual Studio Code extension | Microsoft Docs

Create the file below with the token

  • On Windows, the file must be named terraform.rc and placed in the relevant user’s %APPDATA% directory. The physical location of this directory depends on your Windows version and system configuration; use $env:APPDATA in PowerShell to find its location on your system.
  • On all other systems, the file must be named .terraformrc (note the leading period) and placed directly in the home directory of the relevant user.
credentials "app.terraform.io" {
token = "TokenWeCreated.atlasv1.xxxx"
}
Create your Folder on your Filesystem e.x
c:\hashi\vnetexample
And the files

clouds.tf – Used to select Workpsace and Org ( it can have any name)

terraform {
  cloud {
    organization = "sponsors"

    workspaces {
      name = "azurepass"
    }
  }
}

providers.tf – The mandatory providers file, it can contain all of our Cloud Providers 

terraform {

  required_version = ">=1.0"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
  }
}

provider "azurerm" {
  features {}
}

variables.tf – Here we have our variables file we can declare them also here: 

variable "prefix" {
  type        = string
  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}

variable "location" {
  type        = string
  description = "Location of the resource group."
}

main.tf – The core configuration file for our Azure Subscription:

resource "azurerm_resource_group" "rsg-az-north1" {
  name     = "${var.prefix}-resource-group"
  location = var.location

  tags = {
    Type = "Development"
  }
}

resource "azurerm_virtual_network" "vnet-north" {
  resource_group_name = azurerm_resource_group.rsg-az-north1.name
  name                = "${var.prefix}-vnet-north"
  location            = var.location

  address_space = [
    "192.168.20.0/24",
  ]
  tags = {
    Type = "Development"
  }
}

resource "azurerm_subnet" "snet-north" {
  resource_group_name  = azurerm_resource_group.rsg-az-north1.name
  virtual_network_name = azurerm_virtual_network.vnet-north.name
  name                 = "${var.prefix}-snet-north"
  address_prefixes     = ["192.168.20.0/26"]
}

resource "azurerm_network_security_group" "nsg-north" {
  resource_group_name = azurerm_resource_group.rsg-az-north1.name
  name                = "nsg-north"
  location            = var.location
  tags = {
    Type = "Development"
  }
}

resource "azurerm_network_security_rule" "rulenet" {
  resource_group_name         = azurerm_resource_group.rsg-az-north1.name
  network_security_group_name = azurerm_network_security_group.nsg-north.name
  source_port_range           = "*"
  source_address_prefix       = "*"
  protocol                    = "Tcp"
  priority                    = "110"
  name                        = "FTP"
  direction                   = "Inbound"
  destination_port_ranges      = "["21","8088"]
  destination_address_prefix  = "*"
  description                 = "Remote Desktop"
  access                      = "Allow"

}

When we are ready on our Folder root e.x c:\my\terra-az\ , we run in Bash or Powershell,

terraform init

terraform plan

terraform apply , and we write yes for the Deployment to execute

Our screen displays all the resources which are going to be deployed and only yes will deploy them

Also we can observe the run from terraform cloud, we are given the link once the plan and once the apply begins:

The Cloud Console is showing the Plan phase

While terraform waits for the Yes user input the cloud console can also discard or accept the apply run:

The Cloud Console can also confirm or discard the run

In a few minutes we can see our Environment ready to work ! In our example

The Rules are in place
Associated with our Subnet

Now we can erase all the folders that terraform created, among them is the State file, a standstill , a frame of the current config , which can have versions and we can re deploy as is. The state file is now stored only on Terraform Cloud, we can go to States from the Workspace Menu :

We can also download our state file and scrolling down we can see if any changes are there from older runs.

And that’s it!

Helpful Links :

Infrastructure as a Code

Spread the word. Share this post!

1 Comments

  1. Pingback: Synapse Analytics deployment with Terrafrom Cloud – CloudBlogger@2022

Leave Comment