Welcome Back!

Today, we’re going into the basics of Terraform and deploying a resource group in Azure.

If you're new here, make sure to check out our previous posts, which detail how we can set up a Dev Container with AZ CLI and Terraform both installed.

What is Terraform?

Terraform is an infrastructure-as-code (IaC) tool.

Instead of manually configuring our resources in the Azure portal, Terraform automates that process, making our deployment faster and reducing the chance of errors. It's incredibly useful for creating consistent environments across development, staging, and production.

If you remember the previous blog post, where we go through setting up a key vault in Azure through the portal, that was a very manual process, prone to human error. Terraform eliminates this by using code to define and deploy infrastructure, ensuring that the process is repeatable, efficient, and less error-prone. This approach not only saves time but also allows teams to collaborate more effectively by storing infrastructure configurations in version control systems.

How to Use Terraform to Automate Azure Deployments

Step 1: Understand Providers and Setup

Before writing our configuration, we need to know which providers we'll need. For Azure, we'll be using the AzureRM provider. We’ll also add another provider called random, as in future our project requires generating unique GUIDs.

Thus, we will set up the following providers:

terraform {
  required_version = ">=1.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
    random = {
      source  = "hashicorp/random"
      version = "~>3.0"
    }
  }
}

Explanation of the Code

• required_version - Specifies the minimum version of Terraform required to use this configuration. This ensures compatibility with Terraform features and prevents issues caused by using outdated versions.

• required_providers - Lists the providers that Terraform will use. Each provider has a source (the namespace and name of the provider) and a version constraint to ensure consistency.

• azurerm - This is the Azure Resource Manager provider, which allows us to manage Azure resources.

• random - This provider generates random data, such as unique identifiers, which can be useful for creating resources with unique names or properties.

By defining these providers, we ensure that Terraform can download and use the correct plugins to interact with Azure and other required services.

Step 2: Write Our Terraform Configuration

When we define resources in Terraform, we describe the desired state of infrastructure. These resources in Terraform act as abstractions of real-world components in Azure.

For example, we will be adding the following Terraform resource block, which declares an Azure resource group:

resource "azurerm_resource_group" "ci_cd_key_vault" {
  name     = "ci-cd-key-vault-rg"
  location = "UK South"
}

To create or modify resources in Azure, you must have the appropriate role-based access control (RBAC) permissions. For example, to deploy a resource group, you need to ensure you have the appropriate RBAC permissions, such as the Contributor or Owner role, for the subscription or resource group scope… I have the Owner role for the subscription assigned to my account.

Without these permissions, Terraform will fail to authenticate or apply configurations.

But Why is it Called a Resource in Terraform?

In Terraform, everything that Terraform can manage is referred to as a resource, regardless of what it is in the underlying platform. Even though Azure refers to this as a "resource group," Terraform treats it as a resource because it encapsulates a single unit of infrastructure to be managed. Resources in Terraform have specific types (like azurerm_resource_group) that define their purpose and behaviour. This abstraction makes it easier to manage different kinds of infrastructure consistently across various platforms.

By abstracting these components, Terraform allows us to use the same terminology and approach regardless of whether we’re managing a resource group in Azure, a bucket in AWS, or a virtual machine in Google Cloud.

Step 3: Authenticate and Select Our Subscription

To deploy resources, execute the az login command. If you have multiple tenants, you may need to execute az login --tenant <tenant-id>. You will also need to make sure to select the correct Azure subscription, as Terraform will deploy resources to the active subscription. We should always double-check this to avoid deploying to the wrong account.

Step 4: Initialise and Apply the Configuration

Run terraform init to prepare our directory and download necessary provider plugins. Then, terraform plan will show us what Terraform intends to create. Finally, terraform apply will execute the plan and deploy our resource group in Azure.

Understanding Terraform State

Terraform state is a critical part of managing our infrastructure. It keeps track of the resources Terraform manages, ensuring consistency between our configuration and the actual environment.

State files store metadata about our resources, and this allows Terraform to know what’s already deployed. This way, when we update our infrastructure, Terraform can determine what changes need to be made instead of re-creating everything from scratch.

By keeping our state organised, we avoid issues like duplicate resources or unintentional deletions.

Wrap-Up

With Terraform, we gain more control and automation over our infrastructure deployments. Once set up, it makes deploying and managing complex environments much easier and more reliable.

Thanks for checking out this blog! If you found it useful, like and subscribe to follow our series for more insights on infrastructure as code and cloud management. In the next blog post, we’ll be showing you how to deploy a key vault and assign the appropriate RBAC permissions.