This past week I started working on a new proof of concept in Azure. Since I had not really done any Terraform in Azure before, I figured this would be a good project to try it out with. When working in AWS, I have generally used S3 as the backend, so I decided to look at using Azure Storage for this project. As with AWS, there is a little bit of a chicken and egg problem, where the storage needs to be created prior to Terraform being able to use it.
I suppose I could have written some Terraform to run locally and create it, but I decided to just use the Azure CLI to get more familiar with it.
Preparing the Environment
Since the Azure CLI is written in Python, the first thing that I did was create a virtual environment with Virtualenvwrapper and install the azure-cli package.
mkvirtualenv -p python3 azure
pip install azure-cli
Once the azure-cli package is installed you need to authenticate with Azure.
az login
Create the Storage Account and Container to Use with Terraform
Once authenticated, configuring Azure to use as a Terraform backend is relatively straight forward. I decided to created a separate resource group just for my Terraform state files. This way I can lock the resource and prevent accidental deletion. You can create the resource group via the CLI:
az group create --location eastus --name terraform-state
The next step is to create the storage account. Since it has to be globally unique string between 3 and 24 characters, I generated something unique rather than mess around with trying to figure out a name that works.
cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-z0-9' | head -c 24
b4go1zc0ih6swsus92beh8a6
az storage account create --resource-group terraform-state --name b4go1zc0ih6swsus92beh8a6
Now that the storage account is created, we can create the storage container.
az storage container create --name tfstate --account-name b4go1zc0ih6swsus92beh8a6
Finally, you can lock the resource group to prevent changes. Locks are inherited from parent resources, so I just lock the resource group.
az lock create --name LockTfResource --lock-type CanNotDelete --resource-group terraform-state
Configure Terraform to use Azure Storage
With the storage for the tfstate files set up, we can now configure Terraform to use it. Start by creating a file called backend.tf and adding the following to it:
terraform {
backend "azurerm" {
storage_account_name = "b4go1zc0ih6swsus92beh8a6"
container_name = "tfstate"
}
}
Next, create a file called provider.tf and add the following. You can get the subscription-id by running the command az account list --query '[].[name, id]' --output tsv
and selecting the ID for the subscription you are working with.
provider "azurerm" {
subscription_id = "cbe70a88-0da5-4bca-88b8-c8b9c0350557"
}
Once the files are created, you will need to get the storage access key and then initialize the backend.
export AZURE_ACCESS_KEY=$(az storage account keys list -n b4go1zc0ih6swsus92beh8a6 --query [0].value --output tsv)
terraform init \
-backend-config="access_key=${AZURE_ACCESS_KEY}" \
-backend-config="key=hackathon-poc2.terraform.tfstate"
That’s it. Now you can start creating resources in your main.tf file and building out your Azure infrastructure.
Comments