New Azure setup with Terraform
Azure
Azure tenant
- Create and Azure tenant
- Or get the TenantID if tenant already exist
Azure subscription
- Create a subscription
- Or get the subscriptionID if subscription already exist
AAD
Azure AD
- Create an Azure AD
Azure AD rights
Requirements
- Maintainer role
Required for lock, unlock and write to state via:
terraform apply
- Developer role
Required for read to state via:
terraform plan -lock=false
Check your access
When you have your access rights in Azure AD you'll be able to see the subscription with:
az account list
If it doesn't show up you may need to login again. Try:
az login
And try to list again..
Git
Create file structure in Repo
- Clone or Create a Repo
git clone https://test@dev.azure.com/project/azure/_git/terraform
- Create a branch for the project
git checkout -b "name"
It's in this branch you will be working in until you want to merge to main brance with a Pull Request.
Terraform
Create remote-state.tf
- Log in to Azure
Log in with your Azure account that have the correct access rights.
az login
- Find out the subscriptionID via Azure Portal or CLI.
az account list
- Switch to the correct subscriptionID.
az account set --subscription ID
- Dubble check you're in the correct subscription.
az account show
- Create
provider.tf
In the brach you created in git (Ex. customername) createprovider.tf
as below.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "= 3.32.0"
}
}
}
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you are using version 1.x, the "features" block is not allowed.
features {}
subscription_id = "0000000-0000-0000-0000-0000000000000"
}
provider "azurerm" {
features {}
subscription_id = "0000000-0000-0000-0000-0000000000000"
#client_id = "client-id"
#client_secret = "client-secret"
alias = "prodcustormername"
}
- Skapa
remote-state.tf
I den branch du skapade i git (Ex. customername) så skapar duremote-state.tf
enligt nedan.
module "remote_state" {
source = "git@ssh.dev.azure.com:v3/gdmkonsult/gdm-terraform-modules/azurerm_remote_state_storage"
rg_name = "rg-customershortname-prod-location-tfstate-001"
storage_account_name = "sttfstatecustomershortnameprod001"
}
terraform {
backend "azurerm" {
storage_account_name = "sttfstatecustomershortnameprod001"
container_name = "tfstate"
key = "customershortnameprod.tfstate"
subscription_id = "0000000-0000-0000-0000-0000000000000"
resource_group_name = "rg-rcustomershortname-prod-location-tfstate-001"
}
}
- Comment the lines below from your
remote-state.tf
that you just creared.
#terraform {
# backend "azurerm" {
# storage_account_name = "sttfstatecustomershortnameprod001"
# container_name = "tfstate"
# key = "customershortnameprod.tfstate"
# subscription_id = "0000000-0000-0000-0000-0000000000000"
# resource_group_name = "rg-rcustomershortname-prod-location-tfstate-001"
# }
#}
Make sure you are in the correct catalog where you created your terraform files and run the commands below.
- Intialize terraform that will pull down modules and resources and create local state files.
terraform init
- Let terraform test.
terraform plan
- If all went well, run apply.
terraform apply
Log in to Azure Portal and check that you have a resource group and storage account with a container.
Uncomment the lines you commented earlier, and replace the vaules with the correct ones you can find in Azure Portal.
terraform {
backend "azurerm" {
storage_account_name = "sttfstatecustomershortnameprod001"
container_name = "tfstate"
key = "customershortnameprod.tfstate"
subscription_id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
resource_group_name = "rg-rcustomershortname-prod-location-tfstate-001"
}
}
- Initialize terraform again. At this init terraform will ask you of you want to use the remote state. Say yes to this!
terraform init
- Let terraform test.
terraform plan
- If all went well, do an apply.
terraform apply
You can now remove the local state files that where created earlier because terraform now have a remote state.
DevOps
Upload remote-state.tf
to customers Repo
- Add the files to your Repo.
git add .
- Create the commit commit
git commit -m "commit message"
- Push the commit
git push origin customername
- Possibly create a Pull Request if you want to mege to main branch.