SlideShare a Scribd company logo

Working with Terraform on Azure

T
tombuildsstuff

This document discusses various techniques for working with Terraform on Azure, including authenticating to Azure using different methods, working across subscriptions, referencing existing resources, using modules, and common gotchas. It covers authenticating via the Azure CLI, CloudShell, MSI, and service principals. It also discusses using local variables, multiple provider instances to work across subscriptions, data sources to reference existing resources, and importing resources. Techniques for working with preview functionality and resources not natively supported are presented. The document concludes with suggestions for using and testing modules.

Technology
1 of 47
Download to read offline
Copyright © 2018 HashiCorp Working with Terraform on Azure Tom Harvey Terraform Engineer, HashiCorp
+
s Copyright © 2018 HashiCorp Azure CLI, CloudShell, MSI & Service Principal !3 Authenticating to Azure
Copyright © 2018 HashiCorp ▪ The AzureRM Provider supports authenticating via: ▪ Azure CLI ▪ CloudShell ▪ MSI ▪ Service Principal !4 Supported methods of authenticating to Azure from Terraform Authentication Methods
Copyright © 2018 HashiCorp $ az login !5 Authenticating using your Azure CLI credentials Using the Az CLI
Copyright © 2018 HashiCorp $ az login Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code" You have logged in. Now let us find all subscriptions you have access to... [ { "cloudName": "AzureCloud", "id": "00000000-0000-0000-0000-000000000000", "isDefault": true, # ... } ] !6 Using the Az CLI Authenticating using your Azure CLI credentials
Copyright © 2018 HashiCorp $ terraform plan An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + azurerm_resource_group.test id: <computed> location: "centralus" name: "tharvey-dev3" tags.%: <computed> Plan: 1 to add, 0 to change, 0 to destroy. !7 Using the Az CLI Authenticating using your Azure CLI credentials
Copyright © 2018 HashiCorp $ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000" $ export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000" $ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000" $ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000" !8 Authenticating via a Service Principal. Service Principal
Copyright © 2018 HashiCorp $ terraform plan An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + azurerm_resource_group.test id: <computed> location: "centralus" name: "tharvey-dev3" tags.%: <computed> Plan: 1 to add, 0 to change, 0 to destroy. !9 Service Principal Authenticating via a Service Principal.
s Copyright © 2018 HashiCorp Lesser-known areas of Terraform !10 Working with Terraform
Copyright © 2018 HashiCorp ▪ Local Variables are similar to regular variables, except they're scoped within a module ▪ Certain resources in Azure (for example Application Gateway) require self-references to names; this is a good example of where a Local Variable could be helpful. ▪ Also nice: supports interpolations (which can be used to help improve readability) !11 Variables scoped within a module Local Variables
Copyright © 2018 HashiCorp resource "azurerm_virtual_machine" "test" { name = "${var.prefix}-vm" # ... os_profile { computer_name = "${var.prefix}-vm" admin_username = "testadmin" admin_password = "Password1234!" } } !12 Variables scoped within a module Local Variables
Copyright © 2018 HashiCorp locals { virtual_machine_name = "${var.prefix}-vm" } resource "azurerm_virtual_machine" "test" { name = "${local.virtual_machine_name}" # ... os_profile { computer_name = "${local.virtual_machine_name}" admin_username = "testadmin" admin_password = "Password1234!" } } !13 Variables scoped within a module Local Variables
Copyright © 2018 HashiCorp ▪ Why? e.g. creating a two-way VPN between two Azure Subscriptions ▪ Outside of Terraform you could do this via the Azure CLI / PowerShell / in the Azure Portal !14 Working across subscriptions Using multiple instances of a Provider
Copyright © 2018 HashiCorp ▪ Terraform supports instantiating multiple versions of a Provider ▪ Each instance of a Provider just needs a `subscription_id` set to know which subscription to target !15 Using multiple instances of a Provider Working across subscriptions
Copyright © 2018 HashiCorp provider "azurerm" { version = "=1.15.0" subscription_id = "00000000-0000-0000-0000-000000000000" } !16 Working across subscriptions Using multiple instances of a Provider
Copyright © 2018 HashiCorp provider "azurerm" { version = "=1.15.0" alias = "first" subscription_id = "00000000-0000-0000-0000-000000000000" } !17 Working across subscriptions Using multiple instances of a Provider
Copyright © 2018 HashiCorp provider "azurerm" { version = "=1.15.0" alias = "first" subscription_id = "00000000-0000-0000-0000-000000000000" } provider "azurerm" { version = "=1.15.0" alias = "second" subscription_id = "11111111-1111-1111-1111-111111111111" } !18 Working across subscriptions Using multiple instances of a Provider
Copyright © 2018 HashiCorp provider "azurerm" { ... } provider "azurerm" { ... } resource "azurerm_resource_group" "first" { name = "first-rg" location = "West Europe" provider = "azurerm.first" } resource "azurerm_resource_group" "second" { name = "second-rg" location = "North Europe" provider = "azurerm.second" } !19 Working across subscriptions Using multiple instances of a Provider
s Copyright © 2018 HashiCorp Provisioned via some other means !20 Working with your existing resources
Copyright © 2018 HashiCorp ▪ Existing Resources can be referenced in one of two ways: ▪ Dynamically constructing the Resource ID /subscriptions/{id}/provider/{thing}/resourceGroups/ {name}/thing/{name} ▪ Use a Data Source and Reference the ID ${azurerm_resource_group.test.id} !21 Referencing resources within Terraform Working with existing resources
Copyright © 2018 HashiCorp data "azurerm_virtual_network" "existing" { name = "example-network" resource_group_name = "example-resources" } !22 Using Data Sources to get information about existing resources Working with existing resources
Copyright © 2018 HashiCorp data "azurerm_virtual_network" "existing" { name = "example-network" resource_group_name = "example-resources" } resource "azurerm_subnet" "new" { name = "tom-dev" resource_group_name = "$ {azurerm_virtual_network.existing.name}" virtual_network_name = "$ {azurerm_virtual_network.existing.resource_group_name}" address_prefix = "10.0.1.0/24" } !23 Using Data Sources to get information about existing resources Working with existing resources
Copyright © 2018 HashiCorp ▪ Existing Resources can also be imported into Terraform ▪ This allows changes to them to be tracked / treated as a regular resource - whereas a Data Source which references information only ▪ Currently requires writing matching Terraform Configuration !24 Bringing your existing resources under Terraform's control Working with existing resources
Copyright © 2018 HashiCorp $ terraform import azurerm_resource_group.test / subscriptions/ 00000000-0000-0000-0000-000000000000/ resourceGroups/example !25 Bringing your existing resources under Terraform's control Working with existing resources
Copyright © 2018 HashiCorp $ terraform import azurerm_resource_group.test /subscriptions/ 00000000-0000-0000-0000-000000000000/resourceGroups/example azurerm_resource_group.test: Importing from ID "/subscriptions/ 00000000-0000-0000-0000-000000000000/resourceGroups/tom-manual"... azurerm_resource_group.test: Import complete! Imported azurerm_resource_group (ID: /subscriptions/ 00000000-0000-0000-0000-000000000000/resourceGroups/tom-manual) azurerm_resource_group.test: Refreshing state... (ID: / subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ tom-manual) Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform. !26 Bringing your existing resources under Terraform's control Working with existing resources
s Copyright © 2018 HashiCorp Working with Preview functionality and things not natively supported by Terraform !27 Using the new shiny
Copyright © 2018 HashiCorp ▪ New services/functionality are initially launched in "Preview" ▪ Once it reaches Public Preview - it's generally unlikely to have major breaking changes. ▪ The Azure Provider's started adopting functionality once it hits Public Preview (and users can register for it) !28 Working with Preview functionality The New Shiny
Copyright © 2018 HashiCorp ▪ It's also possible to have Terraform provision functionality not natively supported by Terraform: ▪ Using a `local-exec` provisioner to shell out to the Azure CLI ▪ Deploying an ARM Template from within Terraform !29 Working with functionality not supported by Terraform The New Shiny
Copyright © 2018 HashiCorp resource "null_resource" "example" { provisioner "local-exec" { command = "az aks create ..." } } !30 Shelling out to the Azure CLI using a local- exec provisioner The New Shiny
Copyright © 2018 HashiCorp resource "azurerm_resource_group" "test" { name = "example-resources" location = "West US" } resource "azurerm_template_deployment" "test" { name = "example-template" resource_group_name = "${azurerm_resource_group.test.name}" template_body = "${file("arm-template.json")}" parameters { "storageAccountType" = "Standard_GRS" } deployment_mode = "Incremental" } !31 Provisioning via an ARM Template The New Shiny
s Copyright © 2018 HashiCorp Lesser known things about working with Azure !32 Common got-ya's
Copyright © 2018 HashiCorp ▪ Virtual Machine Extensions allow one "Custom Script" extension per Virtual Machine, but which execute at Azure's end. ▪ Terraform supports running multiple provisioners against a Virtual Machine, however these execute from where Terraform runs. !33 Virtual Machine Extensions vs Provisioners Common Got-ya's
Copyright © 2018 HashiCorp ▪ Azure doesn't assign a IP Address to a `Dynamic` assignment (for a Public IP/Network Interface) until it's attached to a `running` thing. ▪ As such - the Public IP & Network Interface resources will return an empty value on the initial Terraform run for these values. ▪ It's possible to use the Data Sources for both resources to obtain the IP Addresses once the (e.g.) Virtual Machine's booted to get the Dynamic IP Address ▪ (alternatively you could use a Static IP) !34 Dynamic IP Addresses Common Got-ya's
Copyright © 2018 HashiCorp resource "azurerm_public_ip" "test" { # ... } resource "azurerm_virtual_machine" "test" { # ... } data "azurerm_public_ip" "test" { # ... depends_on = ["azurerm_virtual_machine.test"] } output "dynamic_public_ip_address" { value = "${data.azurerm_public_ip.test.ip_address}" } !35 Common Got-ya's Dynamic IP Addresses
s Copyright © 2018 HashiCorp Reusing Terraform Code !36 Working with Modules
Copyright © 2018 HashiCorp ▪ Terraform Modules are just regular Terraform Code, with `inputs` and `outputs` ▪ Can be sourced from the local file system, a Git repo or a Module Registry. !37 Working with Modules Modules
Copyright © 2018 HashiCorp # from the local file system module "example" { source = "./modules/example" } !38 Working with Modules Modules
Copyright © 2018 HashiCorp # from the local file system module "example" { source = "./modules/example" } # from a Git repository (a specific Tag) module "example" { source = "git::https://example.com/vpc.git?ref=v1.2.0" } !39 Working with Modules Modules
Copyright © 2018 HashiCorp # from the local file system module "example" { source = "./modules/example" } # from a Git repository (a specific Tag) module "example" { source = "git::https://example.com/vpc.git?ref=v1.2.0" } # from a Module Registry module "consul" { source = "hashicorp/consul/aws" version = "0.1.0" } !40 Working with Modules: A Module Registry Modules
Copyright © 2018 HashiCorp !41 Working with Modules: Public Module Registry Modules
Copyright © 2018 HashiCorp ▪ Modules still care about State - so refactoring requires a little thought (e.g. `terraform state mv`) ▪ Whilst tempting to modularize from the start - sometimes differences appear over a short-period of time (e.g. between environments) ▪ Create smaller, opinionated modules rather than generic modules ▪ Allows for clearer intentions ▪ Consider creating multiple smaller modules rather than a larger one ▪ Example: module to create a VPN Peering between two subscriptions, with a separate module for security rules !42 Suggestions for using Modules Modules
Copyright © 2018 HashiCorp ▪ Consider using Semantic Versioning ▪ Testing modules: ▪ TerraTest ▪ github.com/gruntwork-io/terratest ▪ Primarily for AWS/GCP at this point ▪ Kitchen-Terraform ▪ github.com/newcontext-oss/kitchen-terraform !43 Testing Modules Modules
Copyright © 2018 HashiCorp ▪ Suggestions for good modules in Azure-land: ▪ App Services ▪ Function Apps ▪ Load Balancers ▪ Virtual Network Peerings (e.g. VPN's) ▪ Virtual Machine Extensions ▪ e.g. Binding a Virtual Machine to a Domain !44 Suggestions for good modules with Azure Modules
October 22-24, 2018 | San Francisco
Copyright © 2018 HashiCorp !46 Questions?
Thank you. hello@hashicorp.comwww.hashicorp.com

Recommended

Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & Introduction
Lee Trout
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and Terraform
Alex Mags
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code
Amazon Web Services
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
Julien Corioland
 
Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021
TomStraub5
 

Recommended

Terraform: An Overview & Introduction
Terraform: An Overview & IntroductionTerraform: An Overview & Introduction
Terraform: An Overview & Introduction
Lee Trout
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and Terraform
Alex Mags
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code
Amazon Web Services
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
Julien Corioland
 
Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021Developing Terraform Modules at Scale - HashiTalks 2021
Developing Terraform Modules at Scale - HashiTalks 2021
TomStraub5
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
Mithun Shanbhag
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
WinWire Technologies Inc
 
Terraform
TerraformTerraform
TerraformPathum Fernando ☁
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
Ami Mahloof
 
Best practices for Terraform with Vault
Best practices for Terraform with VaultBest practices for Terraform with Vault
Best practices for Terraform with Vault
Mitchell Pronschinske
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
Katherine Golovinova
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
Yevgeniy Brikman
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
Julien Pivotto
 
Azure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp TerraformAzure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp Terraform
Alex Mags
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko
 
Azure virtual machines & Terraform
Azure virtual machines & Terraform Azure virtual machines & Terraform
Azure virtual machines & Terraform
Juan Jose Gazzola
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Learn Terraform on Azure
Learn Terraform on AzureLearn Terraform on Azure
Learn Terraform on Azure
Jorn Jambers
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup Simplifies
Tanawit Chansuchai
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
Stenio Ferreira
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
Yevgeniy Brikman
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
soniasnowfrog
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 
Terraform & Azure
Terraform & AzureTerraform & Azure
Terraform & Azure
tombuildsstuff
 
Demystifying Terraform 012
Demystifying Terraform 012Demystifying Terraform 012
Demystifying Terraform 012
Stenio Ferreira
 

More Related Content

What's hot

Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
Mithun Shanbhag
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
WinWire Technologies Inc
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
Ami Mahloof
 
Best practices for Terraform with Vault
Best practices for Terraform with VaultBest practices for Terraform with Vault
Best practices for Terraform with Vault
Mitchell Pronschinske
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
Katherine Golovinova
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
Yevgeniy Brikman
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
Julien Pivotto
 
Azure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp TerraformAzure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp Terraform
Alex Mags
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko
 
Azure virtual machines & Terraform
Azure virtual machines & Terraform Azure virtual machines & Terraform
Azure virtual machines & Terraform
Juan Jose Gazzola
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Learn Terraform on Azure
Learn Terraform on AzureLearn Terraform on Azure
Learn Terraform on Azure
Jorn Jambers
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup Simplifies
Tanawit Chansuchai
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
Stenio Ferreira
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
Yevgeniy Brikman
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
soniasnowfrog
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 

What's hot (20)

Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
 
Terraform
TerraformTerraform
Terraform
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
 
Best practices for Terraform with Vault
Best practices for Terraform with VaultBest practices for Terraform with Vault
Best practices for Terraform with Vault
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
 
Azure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp TerraformAzure Infrastructure as Code and Hashicorp Terraform
Azure Infrastructure as Code and Hashicorp Terraform
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
 
Azure virtual machines & Terraform
Azure virtual machines & Terraform Azure virtual machines & Terraform
Azure virtual machines & Terraform
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 
Learn Terraform on Azure
Learn Terraform on AzureLearn Terraform on Azure
Learn Terraform on Azure
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup Simplifies
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 

Similar to Working with Terraform on Azure

Terraform & Azure
Terraform & AzureTerraform & Azure
Terraform & Azure
tombuildsstuff
 
Demystifying Terraform 012
Demystifying Terraform 012Demystifying Terraform 012
Demystifying Terraform 012
Stenio Ferreira
 
Meetup bangalore aug31st2019
Meetup bangalore aug31st2019Meetup bangalore aug31st2019
Meetup bangalore aug31st2019
D.Rajesh Kumar
 
Introduction to GraphQL and AWS Appsync on AWS - iOS
Introduction to GraphQL and AWS Appsync on AWS - iOSIntroduction to GraphQL and AWS Appsync on AWS - iOS
Introduction to GraphQL and AWS Appsync on AWS - iOS
Amazon Web Services
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
Alejandro Fernandez
 
AWS CloudFormation macros: Coding best practices - MAD201 - New York AWS Summit
AWS CloudFormation macros: Coding best practices - MAD201 - New York AWS SummitAWS CloudFormation macros: Coding best practices - MAD201 - New York AWS Summit
AWS CloudFormation macros: Coding best practices - MAD201 - New York AWS Summit
Amazon Web Services
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
Moisés Elías Araya
 
Build a Node.js Client for Your REST+JSON API
Build a Node.js Client for Your REST+JSON APIBuild a Node.js Client for Your REST+JSON API
Build a Node.js Client for Your REST+JSON API
Stormpath
 
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIBuild A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON API
Stormpath
 
AppSync and GraphQL on iOS
AppSync and GraphQL on iOSAppSync and GraphQL on iOS
AppSync and GraphQL on iOS
Amazon Web Services
 
Azure arm templates
Azure arm templatesAzure arm templates
Azure arm templates
sachinkalia15
 
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Amazon Web Services
 
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Amazon Web Services
 
Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...
Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...
Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...
Amazon Web Services
 
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Amazon Web Services
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Amazon Web Services
 
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
Cobus Bernard
 
The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...
The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...
The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...Amazon Web Services
 
AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...
AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...
AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...
Chris Munns
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
DataWorks Summit/Hadoop Summit
 

Similar to Working with Terraform on Azure (20)

Terraform & Azure
Terraform & AzureTerraform & Azure
Terraform & Azure
 
Demystifying Terraform 012
Demystifying Terraform 012Demystifying Terraform 012
Demystifying Terraform 012
 
Meetup bangalore aug31st2019
Meetup bangalore aug31st2019Meetup bangalore aug31st2019
Meetup bangalore aug31st2019
 
Introduction to GraphQL and AWS Appsync on AWS - iOS
Introduction to GraphQL and AWS Appsync on AWS - iOSIntroduction to GraphQL and AWS Appsync on AWS - iOS
Introduction to GraphQL and AWS Appsync on AWS - iOS
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
 
AWS CloudFormation macros: Coding best practices - MAD201 - New York AWS Summit
AWS CloudFormation macros: Coding best practices - MAD201 - New York AWS SummitAWS CloudFormation macros: Coding best practices - MAD201 - New York AWS Summit
AWS CloudFormation macros: Coding best practices - MAD201 - New York AWS Summit
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
 
Build a Node.js Client for Your REST+JSON API
Build a Node.js Client for Your REST+JSON APIBuild a Node.js Client for Your REST+JSON API
Build a Node.js Client for Your REST+JSON API
 
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON APIBuild A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON API
 
AppSync and GraphQL on iOS
AppSync and GraphQL on iOSAppSync and GraphQL on iOS
AppSync and GraphQL on iOS
 
Azure arm templates
Azure arm templatesAzure arm templates
Azure arm templates
 
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
Build AWS CloudFormation Custom Resources (DEV417-R2) - AWS re:Invent 2018
 
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
Beyond the Basics: Advanced Infrastructure as Code Programming on AWS (DEV327...
 
Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...
Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...
Hands-On with Advanced AWS CloudFormation Techniques and New Features (DEV335...
 
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
 
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
AWS SSA Webinar 30 - Getting Started with AWS - Infrastructure as Code - Terr...
 
The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...
The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...
The Best Practices and Hard Lessons Learned of Serverless Applications - AWS ...
 
AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...
AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...
AWS Startup Day - Boston 2018 - The Best Practices and Hard Lessons Learned o...
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
 

Recently uploaded

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

Working with Terraform on Azure

  • 1. Copyright © 2018 HashiCorp Working with Terraform on Azure Tom Harvey Terraform Engineer, HashiCorp
  • 2. +
  • 3. s Copyright © 2018 HashiCorp Azure CLI, CloudShell, MSI & Service Principal !3 Authenticating to Azure
  • 4. Copyright © 2018 HashiCorp ▪ The AzureRM Provider supports authenticating via: ▪ Azure CLI ▪ CloudShell ▪ MSI ▪ Service Principal !4 Supported methods of authenticating to Azure from Terraform Authentication Methods
  • 5. Copyright © 2018 HashiCorp $ az login !5 Authenticating using your Azure CLI credentials Using the Az CLI
  • 6. Copyright © 2018 HashiCorp $ az login Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code" You have logged in. Now let us find all subscriptions you have access to... [ { "cloudName": "AzureCloud", "id": "00000000-0000-0000-0000-000000000000", "isDefault": true, # ... } ] !6 Using the Az CLI Authenticating using your Azure CLI credentials
  • 7. Copyright © 2018 HashiCorp $ terraform plan An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + azurerm_resource_group.test id: <computed> location: "centralus" name: "tharvey-dev3" tags.%: <computed> Plan: 1 to add, 0 to change, 0 to destroy. !7 Using the Az CLI Authenticating using your Azure CLI credentials
  • 8. Copyright © 2018 HashiCorp $ export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000" $ export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000" $ export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000" $ export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000" !8 Authenticating via a Service Principal. Service Principal
  • 9. Copyright © 2018 HashiCorp $ terraform plan An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + azurerm_resource_group.test id: <computed> location: "centralus" name: "tharvey-dev3" tags.%: <computed> Plan: 1 to add, 0 to change, 0 to destroy. !9 Service Principal Authenticating via a Service Principal.
  • 10. s Copyright © 2018 HashiCorp Lesser-known areas of Terraform !10 Working with Terraform
  • 11. Copyright © 2018 HashiCorp ▪ Local Variables are similar to regular variables, except they're scoped within a module ▪ Certain resources in Azure (for example Application Gateway) require self-references to names; this is a good example of where a Local Variable could be helpful. ▪ Also nice: supports interpolations (which can be used to help improve readability) !11 Variables scoped within a module Local Variables
  • 12. Copyright © 2018 HashiCorp resource "azurerm_virtual_machine" "test" { name = "${var.prefix}-vm" # ... os_profile { computer_name = "${var.prefix}-vm" admin_username = "testadmin" admin_password = "Password1234!" } } !12 Variables scoped within a module Local Variables
  • 13. Copyright © 2018 HashiCorp locals { virtual_machine_name = "${var.prefix}-vm" } resource "azurerm_virtual_machine" "test" { name = "${local.virtual_machine_name}" # ... os_profile { computer_name = "${local.virtual_machine_name}" admin_username = "testadmin" admin_password = "Password1234!" } } !13 Variables scoped within a module Local Variables
  • 14. Copyright © 2018 HashiCorp ▪ Why? e.g. creating a two-way VPN between two Azure Subscriptions ▪ Outside of Terraform you could do this via the Azure CLI / PowerShell / in the Azure Portal !14 Working across subscriptions Using multiple instances of a Provider
  • 15. Copyright © 2018 HashiCorp ▪ Terraform supports instantiating multiple versions of a Provider ▪ Each instance of a Provider just needs a `subscription_id` set to know which subscription to target !15 Using multiple instances of a Provider Working across subscriptions
  • 16. Copyright © 2018 HashiCorp provider "azurerm" { version = "=1.15.0" subscription_id = "00000000-0000-0000-0000-000000000000" } !16 Working across subscriptions Using multiple instances of a Provider
  • 17. Copyright © 2018 HashiCorp provider "azurerm" { version = "=1.15.0" alias = "first" subscription_id = "00000000-0000-0000-0000-000000000000" } !17 Working across subscriptions Using multiple instances of a Provider
  • 18. Copyright © 2018 HashiCorp provider "azurerm" { version = "=1.15.0" alias = "first" subscription_id = "00000000-0000-0000-0000-000000000000" } provider "azurerm" { version = "=1.15.0" alias = "second" subscription_id = "11111111-1111-1111-1111-111111111111" } !18 Working across subscriptions Using multiple instances of a Provider
  • 19. Copyright © 2018 HashiCorp provider "azurerm" { ... } provider "azurerm" { ... } resource "azurerm_resource_group" "first" { name = "first-rg" location = "West Europe" provider = "azurerm.first" } resource "azurerm_resource_group" "second" { name = "second-rg" location = "North Europe" provider = "azurerm.second" } !19 Working across subscriptions Using multiple instances of a Provider
  • 20. s Copyright © 2018 HashiCorp Provisioned via some other means !20 Working with your existing resources
  • 21. Copyright © 2018 HashiCorp ▪ Existing Resources can be referenced in one of two ways: ▪ Dynamically constructing the Resource ID /subscriptions/{id}/provider/{thing}/resourceGroups/ {name}/thing/{name} ▪ Use a Data Source and Reference the ID ${azurerm_resource_group.test.id} !21 Referencing resources within Terraform Working with existing resources
  • 22. Copyright © 2018 HashiCorp data "azurerm_virtual_network" "existing" { name = "example-network" resource_group_name = "example-resources" } !22 Using Data Sources to get information about existing resources Working with existing resources
  • 23. Copyright © 2018 HashiCorp data "azurerm_virtual_network" "existing" { name = "example-network" resource_group_name = "example-resources" } resource "azurerm_subnet" "new" { name = "tom-dev" resource_group_name = "$ {azurerm_virtual_network.existing.name}" virtual_network_name = "$ {azurerm_virtual_network.existing.resource_group_name}" address_prefix = "10.0.1.0/24" } !23 Using Data Sources to get information about existing resources Working with existing resources
  • 24. Copyright © 2018 HashiCorp ▪ Existing Resources can also be imported into Terraform ▪ This allows changes to them to be tracked / treated as a regular resource - whereas a Data Source which references information only ▪ Currently requires writing matching Terraform Configuration !24 Bringing your existing resources under Terraform's control Working with existing resources
  • 25. Copyright © 2018 HashiCorp $ terraform import azurerm_resource_group.test / subscriptions/ 00000000-0000-0000-0000-000000000000/ resourceGroups/example !25 Bringing your existing resources under Terraform's control Working with existing resources
  • 26. Copyright © 2018 HashiCorp $ terraform import azurerm_resource_group.test /subscriptions/ 00000000-0000-0000-0000-000000000000/resourceGroups/example azurerm_resource_group.test: Importing from ID "/subscriptions/ 00000000-0000-0000-0000-000000000000/resourceGroups/tom-manual"... azurerm_resource_group.test: Import complete! Imported azurerm_resource_group (ID: /subscriptions/ 00000000-0000-0000-0000-000000000000/resourceGroups/tom-manual) azurerm_resource_group.test: Refreshing state... (ID: / subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ tom-manual) Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform. !26 Bringing your existing resources under Terraform's control Working with existing resources
  • 27. s Copyright © 2018 HashiCorp Working with Preview functionality and things not natively supported by Terraform !27 Using the new shiny
  • 28. Copyright © 2018 HashiCorp ▪ New services/functionality are initially launched in "Preview" ▪ Once it reaches Public Preview - it's generally unlikely to have major breaking changes. ▪ The Azure Provider's started adopting functionality once it hits Public Preview (and users can register for it) !28 Working with Preview functionality The New Shiny
  • 29. Copyright © 2018 HashiCorp ▪ It's also possible to have Terraform provision functionality not natively supported by Terraform: ▪ Using a `local-exec` provisioner to shell out to the Azure CLI ▪ Deploying an ARM Template from within Terraform !29 Working with functionality not supported by Terraform The New Shiny
  • 30. Copyright © 2018 HashiCorp resource "null_resource" "example" { provisioner "local-exec" { command = "az aks create ..." } } !30 Shelling out to the Azure CLI using a local- exec provisioner The New Shiny
  • 31. Copyright © 2018 HashiCorp resource "azurerm_resource_group" "test" { name = "example-resources" location = "West US" } resource "azurerm_template_deployment" "test" { name = "example-template" resource_group_name = "${azurerm_resource_group.test.name}" template_body = "${file("arm-template.json")}" parameters { "storageAccountType" = "Standard_GRS" } deployment_mode = "Incremental" } !31 Provisioning via an ARM Template The New Shiny
  • 32. s Copyright © 2018 HashiCorp Lesser known things about working with Azure !32 Common got-ya's
  • 33. Copyright © 2018 HashiCorp ▪ Virtual Machine Extensions allow one "Custom Script" extension per Virtual Machine, but which execute at Azure's end. ▪ Terraform supports running multiple provisioners against a Virtual Machine, however these execute from where Terraform runs. !33 Virtual Machine Extensions vs Provisioners Common Got-ya's
  • 34. Copyright © 2018 HashiCorp ▪ Azure doesn't assign a IP Address to a `Dynamic` assignment (for a Public IP/Network Interface) until it's attached to a `running` thing. ▪ As such - the Public IP & Network Interface resources will return an empty value on the initial Terraform run for these values. ▪ It's possible to use the Data Sources for both resources to obtain the IP Addresses once the (e.g.) Virtual Machine's booted to get the Dynamic IP Address ▪ (alternatively you could use a Static IP) !34 Dynamic IP Addresses Common Got-ya's
  • 35. Copyright © 2018 HashiCorp resource "azurerm_public_ip" "test" { # ... } resource "azurerm_virtual_machine" "test" { # ... } data "azurerm_public_ip" "test" { # ... depends_on = ["azurerm_virtual_machine.test"] } output "dynamic_public_ip_address" { value = "${data.azurerm_public_ip.test.ip_address}" } !35 Common Got-ya's Dynamic IP Addresses
  • 36. s Copyright © 2018 HashiCorp Reusing Terraform Code !36 Working with Modules
  • 37. Copyright © 2018 HashiCorp ▪ Terraform Modules are just regular Terraform Code, with `inputs` and `outputs` ▪ Can be sourced from the local file system, a Git repo or a Module Registry. !37 Working with Modules Modules
  • 38. Copyright © 2018 HashiCorp # from the local file system module "example" { source = "./modules/example" } !38 Working with Modules Modules
  • 39. Copyright © 2018 HashiCorp # from the local file system module "example" { source = "./modules/example" } # from a Git repository (a specific Tag) module "example" { source = "git::https://example.com/vpc.git?ref=v1.2.0" } !39 Working with Modules Modules
  • 40. Copyright © 2018 HashiCorp # from the local file system module "example" { source = "./modules/example" } # from a Git repository (a specific Tag) module "example" { source = "git::https://example.com/vpc.git?ref=v1.2.0" } # from a Module Registry module "consul" { source = "hashicorp/consul/aws" version = "0.1.0" } !40 Working with Modules: A Module Registry Modules
  • 41. Copyright © 2018 HashiCorp !41 Working with Modules: Public Module Registry Modules
  • 42. Copyright © 2018 HashiCorp ▪ Modules still care about State - so refactoring requires a little thought (e.g. `terraform state mv`) ▪ Whilst tempting to modularize from the start - sometimes differences appear over a short-period of time (e.g. between environments) ▪ Create smaller, opinionated modules rather than generic modules ▪ Allows for clearer intentions ▪ Consider creating multiple smaller modules rather than a larger one ▪ Example: module to create a VPN Peering between two subscriptions, with a separate module for security rules !42 Suggestions for using Modules Modules
  • 43. Copyright © 2018 HashiCorp ▪ Consider using Semantic Versioning ▪ Testing modules: ▪ TerraTest ▪ github.com/gruntwork-io/terratest ▪ Primarily for AWS/GCP at this point ▪ Kitchen-Terraform ▪ github.com/newcontext-oss/kitchen-terraform !43 Testing Modules Modules
  • 44. Copyright © 2018 HashiCorp ▪ Suggestions for good modules in Azure-land: ▪ App Services ▪ Function Apps ▪ Load Balancers ▪ Virtual Network Peerings (e.g. VPN's) ▪ Virtual Machine Extensions ▪ e.g. Binding a Virtual Machine to a Domain !44 Suggestions for good modules with Azure Modules
  • 45. October 22-24, 2018 | San Francisco
  • 46. Copyright © 2018 HashiCorp !46 Questions?