Git Product home page Git Product logo

create-azure-storage-terraform's Introduction

Create Azure Storage Account

Azure Storage Account Terraform Terraform Cloud

This is my first attempt at creating a storage account with terraform hcl to be used as a backend state file storage. I have tried to use common/good/best practices and also verified with different lint tools to find bad practices and/or security problems.

Unfortunately, I haven't been able to "fix" all the checks because I choose to use the simplest Azure options on the storage which aren't the best options if the storage is supposed to be used in a production environment. Another problem I had was that I choose terraform cloud for the backend state file (can't use what I am creating, right? catch 22 ๐Ÿ˜Š) which uses a runner with a dynamic ip address (different every apply) so I can't whitelist it (you need to upgrade to Business Plan to solve that problem) in the security rules.

Prerequisites

  • You need an Azure account and if you don't have one, get a free one here.

  • Create a service principal (replace [ServicePrincipalName] with a name and [subscription-id] with your id) and copy the JSON output:

    az ad sp create-for-rbac --name [ServicePrincipalName] --role Contributor --scopes /subscriptions/[subscription-id] --sdk-auth

  • Create a local backend file:

    1. Create a terraform API token.
    2. Create a new Terraform Cloud workspace.
    3. Create a terraform backend file, e.g. config-terraform.tfbackend. (Make sure to NOT commit this file in your repo!!)
    hostname     = "app.terraform.io"
organization = "[your-terraform-cloud-organization]"
workspaces { name = "[your-newly-created-workspace]" }
token = "[your-terraform-api-token]"

  • Create variables in your Terraform Cloud workspace (values in the json output)

    1. ARM_CLIENT_ID = [clientId]
    2. ARM_CLIENT_SECRET = [clientSecret] Mark it as sensitive
    3. ARM_SUBSCRIPTION_ID = [subscriptionId]
    4. ARM_TENANT_ID = [tenantId]

  • If you don't want to change the variables in variables.tf you can use a terraform.tfvars file to set the variables.

Execution

  1. Execute below terraform commands to deploy the storage
  terraform init -backend-config=config.terraform.tfbackend
  terraform fmt
  terraform validate
  terraform plan
  terraform apply

Resources

MS Learn: Store Terraform state in Azure Storage

MS Learn: Customer-managed keys for Azure Storage encryption

create-azure-storage-terraform's People

Contributors

mrgyllen avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.