Deploying Infrastructure with Terraform on Azure

In this article, we'll walk through deploying a simple Azure infrastructure using Terraform, featuring a resource group, an app service plan, two Linux-based web apps (for frontend and backend), and a MySQL flexible server. We'll use the provided main.tf and variables.tf files to achieve this, detailing each step and including essential Terraform commands.

Overview of the Configuration Files

  1. main.tf File: This file defines the Azure provider and resources to be deployed, including.
    • An Azure resource group
    • An app service plan
    • Two Linux web apps (frontend and backend)
    • A MySQL flexible server
  2. variables.tf File: This file defines various configurable parameters, such as the resource location, resource group name, service plan name, web app names, and MySQL server credentials.

For more detailed Terraform tutorials and guides on getting started with Azure deployments, refer to the officialTerraform documentation.

Setting Up Authentication with a Service Principal

Before using Terraform to deploy resources to Azure, it is recommened to create a service principal to provide Terraform with access credentials.

Step 1. Create a Service Principal.

To create a service principal with az ad sp create-for-RBAC, execute the following command in the Azure CLI. This command creates a new service principal with a Contributor role on the subscription.

az ad sp create-for-rbac --name "<NAME>" \
  --role="Contributor" \
  --scopes="/subscriptions/<SUBSCRIPTION_ID>"
  • Replace <NAME> with a name for your service principal.
  • Replace <SUBSCRIPTION_ID> with your Azure subscription ID.
az ad sp create-for-rbac --name "terraform-sp" \
  --role="Contributor" \
  --scopes="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

This command will output the following details (make note of these).

{
  "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "displayName": "terraform-sp",
  "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
  • appId is the client ID.
  • password is the client's secret.
  • tenant is your Azure AD tenant ID.

Step 2. Configure the Azure Provider with the Service Principal.

To authenticate Terraform with Azure using the service principal, modify your provider block in the main.tf (or set environment variables).

provider "azurerm" {
  features {}

  client_id       = "<CLIENT_ID>"
  client_secret   = "<CLIENT_SECRET>"
  tenant_id       = "<TENANT_ID>"
  subscription_id = "<SUBSCRIPTION_ID>"
}

Alternatively, you can export these values as environment variables.

export ARM_CLIENT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export ARM_CLIENT_SECRET="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export ARM_TENANT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export ARM_SUBSCRIPTION_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Deploying the Infrastructure with Terraform
 

Step-by-Step Process with Terraform Commands

Step 1. Login to Azure (Optional, but useful for initial setup).

az login

If you're working with multiple Azure subscriptions, set the active subscription.

az account set --subscription "<SUBSCRIPTION_ID>"

Step 2. Initialize the Terraform Working Directory: This command initializes the working directory by downloading the Azure provider plugin specified in main.tf.

terraform init

Step 3. Validate the Terraform Files: It's good practice to validate configuration files before applying any changes.

terraform validate

Step 4. Generate and Review the Execution Plan.

terraform plan

Step 5. Apply the Changes to the Infrastructure.

terraform apply

To bypass the confirmation prompt.

terraform apply -auto-approve

Step 6. Verify the Output: View the URLs of the frontend and backend web apps as well as the MySQL server hostname using output blocks defined in main.tf.

Managing the Infrastructure

Updating Resources

To update existing infrastructure, modify main.tf or variables.tf, and run.

terraform plan
terraform apply

Destroying the Infrastructure

To remove all resources.

terraform destroy

To bypass the confirmation prompt.

terraform destroy -auto-approve

Additional References

For more detailed information on Terraform's Azure provider and resources, visit the Terraform AzureRM Provider documentation.

Conclusion

This guide demonstrated how to set up Azure resources using Terraform with a service principal for secure, automated deployments. By managing infrastructure as code, Terraform provides scalable and repeatable processes for deploying and updating cloud resources efficiently. Enjoy building reliable cloud infrastructure!

Refer to the git repo for this code here https://github.com/vipulm124/terraform-structure-basic.