Important things first

If you just started to learn Terraform take a look at my blog Get started with Terraform.

Now clone project from Azure DevOps, we created in previous blog and open folder with Visual Studio Code.

If you want to look at my public project TerraformConfiguration, run following command

git clone https://[email protected]/sergeydotnet/TerraformConfiguration/_git/WebApp

We are starting to create resource group and create new file main.tf. Resource group is a good way to collect resources in Azure. Typically you have resource group per environment f.ex. Development, Test and Production.

Paste following code to main.tf file

resource "azurerm_resource_group" "rg" {
 name     = "${var.resource_group_name}"
 location = "${var.location}"
}

Take a note here we start to use variables. Add new file and call it variables.tf and paste following code

variable "resource_group_name" {
 type        = "string"
 description = "The name of resource group "
}

variable "location" {
 type        = "string"
 description = "Location "
}

Otherwise it is just name of the resource group and the location where you live.

To check all available locations in your subscription use Azure CLI. Install Azure CLI from here

az account list-locations

Create new file in the same folder, call it provider.tf

This file should include key information about you subscription, tenant and Service Principle. To create Service Principle you can read my blog Create Service Principle

Paste following code to this file

provider "azurerm" {
  subscription_id = "${var.subscription_id}"
  tenant_id       = "${var.tenant_id}"
  client_id       = "${var.client_id}"
  client_secret   = "${var.client_secret}"
}

This values we define also in the variables.tf file.

Add following code to variables.tf

variable "subscription_id" {
  type        = "string"
  description = "Subscription id"
}

variable "tenant_id" {
  type        = "string"
  description = "Tenant id"
}

variable "client_id" {
  type        = "string"
  description = "Client id"
}

variable "client_secret" {
  type        = "string"
  description = "Client secret"
}

Now we have to get this values using Azure CLI

az login

log in using correct account and you get the list of all subscriptions, connected to this account

The output looks something like this

id is subscription_id and tenantId is tenant_id.

To get client_id og client_secret read my blog Create Service Principle

The structure looks like this

Structure

main.tf

resource "azurerm_resource_group" "rg" {
  name     = "${var.resource_group_name}"
  location = "${var.location}"
}

provider.tf

provider "azurerm" {
  subscription_id = "${var.subscription_id}"
  tenant_id       = "${var.tenant_id}"
  client_id       = "${var.client_id}"
  client_secret   = "${var.client_secret}"
}

variables.tf

provider "azurerm" {
  subscription_id = "${var.subscription_id}"
  tenant_id       = "${var.tenant_id}"
  client_id       = "${var.client_id}"
  client_secret   = "${var.client_secret}"
}

Now we are ready to run some magic terraform command and start with

terraform init

Then

terraform plan

to see any changes that are required for your infrastructure

provide now values for your variables

You get output something like this

Terraform plan

Terraform telling you that one Resource Group will be created.

Then run

terraform apply

Now you have to specify your variables again.

Then Terraform ask you

and you have to say yes

It's kind of cumbersome to provide all this variables each time you want to run plan or apply commands. To simplify that create another file and call it terraform.tfvars

Run

terraform apply

If your values are correct you get your brain new resource group

Then we have to modify our .gitignore file to ignore some auto generated files and secrets

Open your .gitignore file and add

#Terraform
**/*.tfstate*
**/*.tfvars
.terraform/

We are just telling to git to ignore files generated by Terraform and all our secrets. Important point here that file terraform.tfstate generated by Terraform, includes all id's Terraform generates for you and terraform.tfvars including sensitive information. That's why these files is your secrets and shouldn't be in the source control.

Now we can commit and push changes we have done.

Next we are going to use Azure DevOps to run our Terraform configuration we just created. Read my next blog Using Terraform with Azure DevOps.


Create Service Principle

Using Terraform with Azure DevOps

Terraform Configuration Azure DevOps project