Important things first
- Repo is here
If you just started to learn Terraform take a look at my blog Get started with Terraform.
Now clone project from Azure DevOps, we created in previous blog and open folder with Visual Studio Code.
If you want to look at my public project TerraformConfiguration, run following command
git clone https://[email protected]/sergeydotnet/TerraformConfiguration/_git/WebApp
We are starting to create resource group and create new file main.tf. Resource group is a good way to collect resources in Azure. Typically you have resource group per environment f.ex. Development, Test and Production.
Paste following code to main.tf file
resource "azurerm_resource_group" "rg" {
name = "${var.resource_group_name}"
location = "${var.location}"
}
Take a note here we start to use variables. Add new file and call it variables.tf and paste following code
variable "resource_group_name" {
type = "string"
description = "The name of resource group "
}
variable "location" {
type = "string"
description = "Location "
}
Otherwise it is just name of the resource group and the location where you live.
To check all available locations in your subscription use Azure CLI. Install Azure CLI from here
az account list-locations
Create new file in the same folder, call it provider.tf
This file should include key information about you subscription, tenant and Service Principle. To create Service Principle you can read my blog Create Service Principle
Paste following code to this file
provider "azurerm" {
subscription_id = "${var.subscription_id}"
tenant_id = "${var.tenant_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
}
This values we define also in the variables.tf file.
Add following code to variables.tf
variable "subscription_id" {
type = "string"
description = "Subscription id"
}
variable "tenant_id" {
type = "string"
description = "Tenant id"
}
variable "client_id" {
type = "string"
description = "Client id"
}
variable "client_secret" {
type = "string"
description = "Client secret"
}
Now we have to get this values using Azure CLI
az login
log in using correct account and you get the list of all subscriptions, connected to this account
The output looks something like this
id is subscription_id and tenantId is tenant_id.
To get client_id og client_secret read my blog Create Service Principle
The structure looks like this
main.tf
resource "azurerm_resource_group" "rg" {
name = "${var.resource_group_name}"
location = "${var.location}"
}
provider.tf
provider "azurerm" {
subscription_id = "${var.subscription_id}"
tenant_id = "${var.tenant_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
}
variables.tf
provider "azurerm" {
subscription_id = "${var.subscription_id}"
tenant_id = "${var.tenant_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
}
Now we are ready to run some magic terraform command and start with
terraform init
Then
terraform plan
to see any changes that are required for your infrastructure
provide now values for your variables
You get output something like this
Terraform telling you that one Resource Group will be created.
Then run
terraform apply
Now you have to specify your variables again.
Then Terraform ask you
and you have to say yes
It's kind of cumbersome to provide all this variables each time you want to run plan or apply commands. To simplify that create another file and call it terraform.tfvars
Run
terraform apply
If your values are correct you get your brain new resource group
Then we have to modify our .gitignore file to ignore some auto generated files and secrets
Open your .gitignore file and add
#Terraform
**/*.tfstate*
**/*.tfvars
.terraform/
We are just telling to git to ignore files generated by Terraform and all our secrets. Important point here that file terraform.tfstate generated by Terraform, includes all id's Terraform generates for you and terraform.tfvars including sensitive information. That's why these files is your secrets and shouldn't be in the source control.
Now we can commit and push changes we have done.
Next we are going to use Azure DevOps to run our Terraform configuration we just created. Read my next blog Using Terraform with Azure DevOps.