In Part 3 of this Terraform Azure Automation series, we focus on authenticating Terraform with Azure to manage infrastructure. First, use the Azure CLI to log in and set your subscription ID. Then, create a Service Principal in Azure Active Directory with Contributor permissions. Set the required environment variables for Terraform to use, including the client ID, secret, subscription ID, and tenant ID. Next, create a terraform-azure directory and configure the Azure provider in a main.tf file. After initializing the Terraform directory, run terraform plan to preview the changes, followed by terraform apply to implement the changes to your Azure infrastructure
Terraform must authenticate to Azure to create infrastructure, In your terminal, use the Azure CLI tool to setup your account permissions locally.
az login
Find the id column for the subscription account you want to use, Once you have chosen the account subscription ID, set the account with the Azure CLI.
az account set --subscription "35akss-subscription-id"
Next, create a Service Principal. A Service Principal is an application within Azure Active Directory with the authentication tokens Terraform needs to perform actions on your behalf. Update the <SUBSCRIPTION_ID> with the subscription ID you specified in the previous step.
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<SUBSCRIPTION_ID>"
Set your environment variables
HashiCorp recommends setting these values as environment variables rather than saving them in your Terraform configuration.
$ $Env:ARM_CLIENT_ID = "<APPID_VALUE>"
$ $Env:ARM_CLIENT_SECRET = "<PASSWORD_VALUE>"
$ $Env:ARM_SUBSCRIPTION_ID = "<SUBSCRIPTION_ID>"
$ $Env:ARM_TENANT_ID = "<TENANT_VALUE>"
Create a directory called terraform-azure.
mkdir terraform-azure
cd terraform-azure
Create a new file called
main.tfand paste the configuration below.
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.2"
}
}
required_version = ">= 1.1.0"
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "rg" {
name = "myTFResourceGroup"
location = "westus2"
}
In Terraform, a “block” refers to a section of configuration code that is used to define and configure a specific resource, data source, provider, or other elements within the Terraform configuration language. Blocks are fundamental units of Terraform syntax, and they are structured using a specific syntax that includes the block type, block label, and a set of nested configuration settings.
Providers
The provider block configures the specified provider, in this case azurerm. A provider is a plugin that Terraform uses to create and manage your resources. You can define multiple provider blocks in a Terraform configuration to manage resources from different providers.
Resource
Use resource blocks to define components of your infrastructure. A resource might be a physical component such as a server
Initialize your terraform-azure directory in your terminal. The terraform commands will work with any operating system. Your output should look similar to the one below.
terraform init
terraform plan:
- The
terraform plancommand is used to preview the changes that Terraform will make to the infrastructure. It provides a detailed summary of what actions Terraform will take based on the current configuration and state.
terraform apply:
- The
terraform applycommand is used to apply the changes proposed in the execution plan generated byterraform plan. When you are satisfied with the changes previewed in the plan, you can executeterraform applyto make those changes to the infrastructure.
