Terraform the Azure!!
Lab — Creating Resource group in Azure using Terraform
Earlier, I posted a write-up called “Terraform the cloud”, which talks about “why” and “what” of terraform. Now I started brushing up the basics and implement the learning using a ‘pay As You Go’ plan in Azure. So let's take it slow and start by setting up the Terraform in our system and creating a resource group in Azure using terraform.
Setup and Configuration of Terraform
I downloaded the terraform executable for windows through the official HashiCorp website. The terraform works through a single executable file, which doesn’t even needs to be installed through an installer file.
I placed the terraform executable file in the SYSTEM32 folder. you can also place it anywhere, but if you do, then don't forget to add the file path in $PATH variable under system environments.
later I added Terraform extension in VS Code along with Azure Terraform extension which enables us with suggestions and debugging capabilities for Azure.
Creating “main.tf”
The terraform uses its own file extension called “.tf”. Consider this “main.tf” as a script file where we define the functions and actions.
As shown in the above screenshot, the file contains schema and actions which will be performed when the terraform apply command is used.
From line 1 to line 8 we define the terraform providers along with version. Here, we have defined azurerm provider with latest available version. (As it’s a lab we can use latest versions, but in production we will have some tested version which will normally lag behind the latest version)
From line 10 to line 19 we have defined various parameters which enables our terraform to authenticate using azurerm module to the azure portal. I have blurred the details of these parameters for obvious reasons.
From line 21 to line 25 we have defined the action or desired outcome which is to have a resource group with name “terraform-rg” (line 22) and in azure location of “South India” (line 23).
In the portal, I have created an Application registration with name terraform and applied RBAC through IAM and Entra ID. The built-in Contributor role is assigned to this application under users and service principal which allows terraform application to manage resources and other services on azure. (In actual production environment, you will have a dedicated and managed custom role designed for such automation tasks and technologies). We will also need to create a client secret for terraform application through portal, which will be used to authenticate to our subscription. (line14).
Once the main.tf file is created, we will run “terraform init” command, which will take the details from the “.tf” file and download the required plugins mentioned in the file. It will initialize the plugins and will create files named “.terraform” and a lock file along with it.
Now we will execute the “terraform plan” command which will create a “.tfplan” file, and it will show us what actions are planned according to the original “main.tf” file. As seen in the screenshot above, it shows us that we will create a resource with the given parameters. This will not actually create the resource group yet, but only shows us the actions which will be taken.
Now we will execute the apply command, which will go ahead and use azurerm module to authenticate to the portal and interact to achieve the desired state / outcome. (In this case, it's to create a resource group).
The action performed by the terraform can be seen in the logs on the portal.
Now we have a state file created automatically on the system which is used to keep track of the state of our infrastructure, which is managed and deployed using terraform. Each time you execute a plan command, terraform will compare the actions to this state file and not with the portal. Hence, it is a good practice to manage the infrastructure through terraform and not using other methods otherwise it will create a discrepancy with the state file.
PS — The lab is followed along using a YouTube playlist.
