Production-ready Terraform project scaffolding for Azure
Many modern applications are built with Cloud Native patterns in mind and therefore rely on Cloud resources and infrastructure. However, you also need to think about how to build and manage these resources. This is where Infrastructure as Code and Terraform (and many others) come in. In this post, we will provide you with everything you need to know to scaffold a production-ready Terraform project for Azure.
But let’s start with the basics first.
„Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes.“
The main idea is to describe our infrastructure as code to be able to store and version it via Git. The code is written in a declarative manner and therefore easy to read, self-documented, and also reusable. Furthermore, Infrastructure as Code is fully automated without any manual intervention needed. With this in place Infrastructure as Code brings us many great benefits like testing our infrastructure, easy and fast rollbacks/restores, configuration drift prevention, and many more.
That said, we also need a toolchain that supports us in maintaining and declaring our Cloud resources. This is where Terraform comes into play.
„Terraform is an Infrastructure as Code tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.“
Terraform & Azure
Terraform contains of a CLI and a domain-specific language called HCL (Hashicorp Configuration Language) that are used to define and manage Cloud resources. Terraform itself is open-source and is actively maintained by Hashicorp. It is flexible and supports tons of Cloud providers and resources. Talking of the Azure ecosystem, we can use Terraform to manage:
Scaffold a production-ready Terraform Project
When scaffolding a new Terraform project you of course need to think about your Cloud resources itself but there are also some other things you should care about:
- Where to store the Terraform state file?
- Which Identity should Terraform use to manage the Cloud resources?
- How to run Terraform in my CI/CD pipeline and how to manage secrets/authentication securely?
This is why we created an open-source project called „Terraform scaffold for Azure„. The intention of this project is to support you with the above mentioned questions. The project scaffolds everything you need to be ready to start using Terraform to manage Azure & Azure AAD resources in a production-ready and secure manner. To do so, you will just have to run a single script (available for Bash and Powershell). This is what you will get:
- A service principal used to run Terraform on behalf. The service principal will be added as owner to the defined subscription and also gets all required access levels to manage App Registration and Groups in Azure AD.
- One Storage Container used to securly store the Terraform state file.
- All secrets are stored in a Key Vault to allow easy and secure access from your local client or CI/CD.
So don’t miss to check out our project. We also provide you with details and sample code on how to integrate Terraform into your CI/CD tool. Doesn’t matter which one you use. Don’t mind creating an issue in case of any questions.
The official Terraform documentation will also provide you with further details. Also, don’t miss to review my slides from one of my last Meetup talks to gain further insights: