Introduction
In the past I’ve noticed a lot of people are afraid of “Azure Resource Manager Templates“. I can imagine that a bulk of JSON code isn’t always that user friendly… So today we’ll take a look at another IaC (Infrastructure-as-Code) approach you might like. We’re going to do a small demo where we’ll be using “Terraform” to deploy a network on Azure. So how to get started?
- We’ll be creating a kind of service user in Azure which Terraform will use to log in.
- We’ll be authoring a small configuration file that will serve as the input for our network
- We’ll be applying that configuration file.
Seem simple enough? Let’s get started!
Setting up your subscription : Creating a “Service”-user
The first thing we’ll be doing is to create the “service”-user. If you are not familiar with that part, browse to your Azure Active Directory. Then “App Registrations”, and click “Add”
Now create a “Web app / API”-application registration for Terraform ;
Once created, select it…
And browse to “keys” ;
Here you’ll be creating a “secret” (aka “password”) for this application ;
Once you press “Save”, you’ll see the “password” ;
Note down this password, as you won’t be able to see it afterwards anymore! Also note down the Application ID from the earlier blade. And don’t forget to note down the tenant id from your Azure Active Directory too…
Setting up your subscription : Granting privileges to our “Service”-user
Next up, we’ll be granting this service user the rights to do the magic later on… Go to your subscription (and note down the subscription id too!) ;
Browse to “Access control (IAM)” and press “Add” ;
Browse for our “Terraform”-user ;
And grant it “contributor” rights. (In the screenshot I selected “Owner”, which is also capable of granting rights to users).
Sample Configuration File
Now that we have our service user, let’s create a configuration file
# Configure the Microsoft Azure Provider provider "azurerm" { subscription_id = "your-subscription-id" client_id = "your-application-d" client_secret = "your-application-password" tenant_id = "your-tenant-id" } resource "azurerm_resource_group" "RGNETPRD" { name = "kvaes-network-production" location = "West Europe" tags { environment = "Production" } } resource "azurerm_virtual_network" "VNETPRD001" { name = "VNETPRD001" resource_group_name = "${azurerm_resource_group.RGNETPRD.name}" address_space = ["10.0.0.0/16"] location = "West Europe" dns_servers = ["10.0.0.254", "10.0.0.253"] subnet { name = "SUBNET001" address_prefix = "10.0.1.0/24" } subnet { name = "SUBNET002" address_prefix = "10.0.2.0/24" } subnet { name = "SUBNET003" address_prefix = "10.0.3.0/24" } tags { environment = "Production" } }
Let’s save this piece as code as “test.tf” for later on.
How did I come by this syntax? By reading the straight forward documentation… 😉
Test Run
The proof of te pudding is in the eating… Yeah, an annoying expression, but let’s get down to testing this! I’m assuming you already installed Terraform itself. For windows it’s just a binary, where you can leave it anywhere, just as long as it’s in your “PATH”.
Navigate to the directory where you stored your “test.tf”-file. Now execute the following command there ; “terraform plan”.
This will generate a plan which can be executed (“applied”). Here you’ll also get a summary of what will be done… I’m happy with what is suggested, so I’m going to apply it. We can do this by executing the following command “terraform apply” ;
Here we can see our apply was complete. Let’s verify if all went well in the Azure portal…
That looks just like we wanted it! Even the tags were set…
In addition, we’ll also notice that some new files were created.
The backup will have the config from just before our apply
and the tfstate will represent the state after our apply…
Closing Thoughts
Terraform looks very nice! The syntax / DSL is very clean and easy to comprehend. There are other “providers” (plugins, extensions, … whatever) available for other technologies too ; like for instance vSphere. So the technology investment you make can be leveraged later on for other things too.
Is there a way to create Application Gateway in azure using Terraform?
You can find the supported resources here ; https://www.terraform.io/docs/providers/azurerm/
The Application Gateway does not seem to be natively supported. Though you could leverage the template deployment resource ; https://www.terraform.io/docs/providers/azurerm/r/template_deployment.html
And use it to deploy an ARM template containing an Application Gateway ; https://github.com/Azure/azure-quickstart-templates/tree/master/101-application-gateway-create