New Azure setup with Terraform

2 min read terraformazure
New Azure setup with Terraform

Azure

Azure tenant

  • Create and Azure tenant
  • Or get the TenantID if tenant already exist

Azure subscription

  • Create a subscription
  • Or get the subscriptionID if subscription already exist

AAD

Azure AD

  • Create an Azure AD

Azure AD rights

Requirements

  • Maintainer role
    Required for lock, unlock and write to state via:
terraform apply
  • Developer role
    Required for read to state via:
terraform plan -lock=false

Check your access

When you have your access rights in Azure AD you'll be able to see the subscription with:

az account list

If it doesn't show up you may need to login again. Try:

az login

And try to list again..

Git

Create file structure in  Repo

  • Clone or Create a Repo
git clone https://test@dev.azure.com/project/azure/_git/terraform
  • Create a branch for the project
git checkout -b "name"

It's in this branch you will be working in until you want to merge to main brance with a Pull Request.

Terraform

Create remote-state.tf

  • Log in to Azure
    Log in with your Azure account that have the correct access rights.
az login
  • Find out the subscriptionID via Azure Portal or CLI.
az account list
  • Switch to the correct subscriptionID.
az account set --subscription ID
  • Dubble check you're in the correct subscription.
az account show
  • Create provider.tf
    In the brach you created in git (Ex. customername) create provider.tf as below.
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "= 3.32.0"
    }
  }
}

provider "azurerm" {
  # The "feature" block is required for AzureRM provider 2.x.
  # If you are using version 1.x, the "features" block is not allowed.
  features {}
  subscription_id = "0000000-0000-0000-0000-0000000000000"
}

provider "azurerm" {
  features {}
  subscription_id = "0000000-0000-0000-0000-0000000000000"
  #client_id       = "client-id"
  #client_secret   = "client-secret"
  alias = "prodcustormername"
}
  • Skapa remote-state.tf
    I den branch du skapade i git (Ex. customername) så skapar du remote-state.tf enligt nedan.
module "remote_state" {
  source               = "git@ssh.dev.azure.com:v3/gdmkonsult/gdm-terraform-modules/azurerm_remote_state_storage"
  rg_name              = "rg-customershortname-prod-location-tfstate-001"
  storage_account_name = "sttfstatecustomershortnameprod001"
}

terraform {
  backend "azurerm" {
    storage_account_name = "sttfstatecustomershortnameprod001"
    container_name       = "tfstate"
    key                  = "customershortnameprod.tfstate"
    subscription_id      = "0000000-0000-0000-0000-0000000000000"
    resource_group_name  = "rg-rcustomershortname-prod-location-tfstate-001"
  }
}
  • Comment the lines below from your remote-state.tf that you just creared.
#terraform {
#  backend "azurerm" {
#    storage_account_name = "sttfstatecustomershortnameprod001"
#    container_name       = "tfstate"
#    key                  = "customershortnameprod.tfstate"
#    subscription_id      = "0000000-0000-0000-0000-0000000000000"
#    resource_group_name  = "rg-rcustomershortname-prod-location-tfstate-001"
#  }
#}

Make sure you are in the correct catalog where you created your terraform files and run the commands below.

  • Intialize terraform that will pull down modules and resources and create local state files.
terraform init
  • Let terraform test.
terraform plan
  • If all went well, run apply.
terraform apply

Log in to Azure Portal and check that you have a resource group and storage account with a container.

Uncomment the lines you commented earlier, and replace the vaules with the correct ones you can find in Azure Portal.

terraform {
  backend "azurerm" {
    storage_account_name = "sttfstatecustomershortnameprod001"
    container_name       = "tfstate"
    key                  = "customershortnameprod.tfstate"
    subscription_id      = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
    resource_group_name  = "rg-rcustomershortname-prod-location-tfstate-001"
  }
}
  • Initialize terraform again. At this init terraform will ask you of you want to use the remote state. Say yes to this!
terraform init
  • Let terraform test.
terraform plan
  • If all went well, do an apply.
terraform apply

You can now remove the local state files that where created earlier because terraform now have a remote state.

DevOps

Upload remote-state.tf to customers Repo

  • Add the files to your Repo.
git add .
  • Create the commit commit
git commit -m "commit message"
  • Push the commit
git push origin customername
  • Possibly create a Pull Request if you want to mege to main branch.
Joakim Nordin

Joakim Nordin

More posts
Previous Post

You might also like...