Build Infrastructure - Terraform Azure Example
In this tutorial, you will create a Terraform configuration to deploy an Azure resource group. This resource group is the foundation for the infrastructure you will build in the subsequent tutorials.
Prerequisites
- An Azure subscription. If you do not have an Azure account, create one now. This tutorial can be completed using only the services included in an Azure free account.
If you are using a paid subscription, you may be charged for the resources needed to complete the tutorial.
Terraform 0.14.9 or later
The Azure CLI Tool installed
Install the Azure CLI tool
You will use the Azure CLI tool to authenticate with Azure.
Open your PowerShell prompt as an administrator and run the following command:
Authenticate using the Azure CLI
Terraform must authenticate to Azure to create infrastructure.
In your terminal, use the Azure CLI tool to setup your account permissions locally.
Your browser will open and prompt you to enter your Azure login credentials. After successful authentication, your terminal will display your subscription information.
Find the id
column for the subscription account you want to use.
Once you have chosen the account subscription ID, set the account with the Azure CLI.
Create a Service Principal
Next, create a Service Principal. A Service Principal is an application within Azure Active Directory with the authentication tokens Terraform needs to perform actions on your behalf. Update the <SUBSCRIPTION_ID>
with the subscription ID you specified in the previous step.
Set your environment variables
HashiCorp recommends setting these values as environment variables rather than saving them in your Terraform configuration.
In your Powershell terminal, set the following environment variables. Be sure to update the variable values with the values Azure returned in the previous command.
For more information on Service Principal authentication, visit the Azure provider documentation.
Write configuration
Create a folder called learn-terraform-azure
.
Create a new file called main.tf
and paste the configuration below.
Note
The location
of your resource group is hardcoded in this example. If you do not have access to the resource group location westus2
, update the main.tf
file with your Azure region.
This is a complete configuration that Terraform can apply. In the following sections you will review each block of the configuration in more detail.
Terraform Block
The terraform {}
block contains Terraform settings, including the required
providers Terraform will use to provision your infrastructure. For each provider, the
source
attribute defines an optional hostname, a namespace, and the provider
type. Terraform installs providers from the Terraform
Registry by default. In this example
configuration, the azurerm
provider's source is defined as hashicorp/azurerm
, which
is shorthand for registry.terraform.io/hashicorp/azurerm
.
You can also define a version constraint for each provider in the
required_providers
block. The version
attribute is optional, but we
recommend using it to enforce the provider version. Without it, Terraform will
always use the latest version of the provider, which may introduce breaking
changes.
To learn more, reference the provider source documentation.
Providers
The provider
block configures the specified provider, in this case azurerm
.
A provider is a plugin that Terraform uses to create and manage your resources.
You can define multiple provider blocks in a Terraform configuration to manage
resources from different providers.
Resource
Use resource
blocks to define components of your infrastructure. A
resource might be a physical component such as a server, or it can be a logical
resource such as a Heroku application.
Resource blocks have two strings before the block: the resource type and the
resource name. In this example, the resource type is azurerm_resource_group
and the name is rg
. The prefix of the type maps to the name of the provider. In the
example configuration, Terraform manages the azurerm_resource_group
resource with the
azurerm
provider. Together, the resource type and resource name form a unique ID
for the resource. For example, the ID for your network is
azurerm_resource_group.rg
.
Resource blocks contain arguments which you use to configure the resource. The Azure provider documentation documents supported resources and their configuration options, including azurerm_resource_group and its supported arguments.
Initialize your Terraform configuration
Initialize your learn-terraform-azure
directory in your terminal. The
terraform
commands will work with any operating system. Your output should
look similar to the one below.
Format and validate the configuration
We recommend using consistent formatting in all of your configuration files. The
terraform fmt
command automatically updates configurations in the current
directory for readability and consistency.
Format your configuration. Terraform will print out the names of the files it modified, if any. In this case, your configuration file was already formatted correctly, so Terraform won't return any file names.
You can also make sure your configuration is syntactically valid and internally
consistent by using the terraform validate
command.
Validate your configuration. The example configuration provided above is valid, so Terraform will return a success message.
Apply your Terraform Configuration
Run the terraform apply
command to apply your configuration.
This output shows the execution plan and will prompt you for approval before
proceeding. If anything in the plan seems incorrect or dangerous, it is safe to
abort here with no changes made to your infrastructure. Type yes
at the
confirmation prompt to proceed.
Navigate to the Azure portal in your web browser to validate the resource group.
Inspect your state
When you apply your configuration, Terraform writes data into a file called terraform.tfstate
. This
file contains the IDs and properties of the resources Terraform created
so that it can manage or destroy those resources going forward. Your state file contains all of the data in your configuration and could also contain sensitive values in plaintext, so do not share it or check it in to source control.
For teams or larger projects, consider storing your state remotely. Remote stage storage enables collaboration using Terraform but is beyond the scope of this tutorial.
Inspect the current state using terraform show
.
When Terraform created this resource group, it also gathered the resource's properties and meta-data. These values can be referenced to configure other resources or outputs, which you will encounter in later tutorials.
To review the information in your state file, use the state
command. If you have a long state file, you can see a list of the resources you created with Terraform by using the list
subcommand.
If you run terraform state
, you will see a full list of available commands to view and manipulate the configuration's state.
Next Steps
For more detail on the concepts used in this tutorial:
- Read about the Terraform configuration language in the Terraform documentation.
- Learn more about Terraform providers.
- Review usage examples of the Terraform Azure provider from Terraform provider engineers