If you haven't already done so, configure Terraform using one of the following options:
- Configure Terraform in Azure Cloud Shell with Bash
- Configure Terraform in Azure Cloud Shell with PowerShell
- Configure Terraform in Windows with Bash
- Configure Terraform in Windows with PowerShell
Before you use Azure Storage as a backend, you must create a storage account. Run the following commands or configuration to create an Azure storage account and container:
Powershell
$RESOURCE_GROUP_NAME='tfstate'
$STORAGE_ACCOUNT_NAME="tfstate$(Get-Random)"
$CONTAINER_NAME='tfstate'
# Create resource group
New-AzResourceGroup -Name $RESOURCE_GROUP_NAME -Location eastus
# Create storage account
$storageAccount = New-AzStorageAccount -ResourceGroupName $RESOURCE_GROUP_NAME -Name $STORAGE_ACCOUNT_NAME -SkuName Standard_LRS -Location eastus -AllowBlobPublicAccess $true
# Create blob container
New-AzStorageContainer -Name $CONTAINER_NAME -Context $storageAccount.context -Permission blob
Alternatively, the Terraform Dependencies actions workflow can provision the Terraform remote state storage account and container. Customize the deployment by updating the environment variables on lines 6-11:
env:
location: 'westus2'
resource_prefix: "backend-appsrvc"
environment: "dev"
suffix: "001"
container_name: "tfstate"For additional reading around remote state:
To configure your Terraform deployment to use the newly provisioned storage account and container, edit the ./backend.tf file at lines 8-12 as below:
backend "azurerm" {
resource_group_name = "my-rg-name"
storage_account_name = "mystorageaccountname"
container_name = "tfstate"
key = "myapp/terraform.tfstate"
}resource_group_name: Name of the Azure Resource Group that the storage account resides in.storage_account_name: Name of the Azure Storage Account to be used to hold remote state.container_name: Name of the Azure Storage Account Blob Container to store remote state.key: Path and filename for the remote state file to be placed in the Storage Account Container. If the state file does not exist in this path, Terraform will automatically generate one for you.
As you configured the backend remote state with your live Azure infrastructure resource values, you must also provide them for your deployment.
- Review the available variables with their descriptions and default values in the variables.tf file.
- Provide any custom values to the defined variables by creating a
terraform.tfvarsfile in this direcotry (reference-implementations/LOB-ILB-ASEv3/terraform/terraform.tfvars)
-
Navigate to the Terraform directory
reference-implementations/LOB-ILB-ASEv3/terraform -
Initialize Terraform to install
required_providersspecified within thebackend.tfand to initialize the backend remote state- to run locally without the remote state, comment out the
backend "azurerm"block inbackend.tf(lines 8-13)
terraform init
- to run locally without the remote state, comment out the
-
See the planned Terraform deployment and verify resource values
terraform plan
-
Deploy
terraform apply
| Name | Version |
|---|---|
| terraform | >=1.3 |
| azurecaf | >=1.2.23 |
| azurerm | >=3.66.0 |
| Name | Version |
|---|---|
| azurecaf | 1.2.26 |
| azurerm | 3.67.0 |
| Name | Source | Version |
|---|---|---|
| app_service | ../../shared/terraform-modules/app-service | n/a |
| bastion | ../../shared/terraform-modules/bastion | n/a |
| devops_vm | ../../shared/terraform-modules/windows-vm | n/a |
| jumpbox_vm | ../../shared/terraform-modules/windows-vm | n/a |
| private_dns_zones_ase | ../../shared/terraform-modules/private-dns-zone | n/a |
| vnetHub | ../../shared/terraform-modules/network | n/a |
| vnetSpoke | ../../shared/terraform-modules/network | n/a |
| Name | Type |
|---|---|
| azurecaf_name.caf_name_ase_rg | resource |
| azurecaf_name.caf_name_ase_v3 | resource |
| azurecaf_name.caf_name_law | resource |
| azurecaf_name.caf_name_network_rg | resource |
| azurecaf_name.caf_name_shared_rg | resource |
| azurecaf_name.law | resource |
| azurerm_app_service_environment_v3.ase | resource |
| azurerm_log_analytics_workspace.law | resource |
| azurerm_resource_group.ase | resource |
| azurerm_resource_group.network | resource |
| azurerm_resource_group.shared | resource |
| azurerm_app_service_environment_v3.existing | data source |
| azurerm_private_dns_zone.existing | data source |
| azurerm_virtual_network.existing_spoke_vnet | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| CICDAgentNameAddressPrefix | CIDR prefix to use for Spoke VNet | list(string) |
[ |
no |
| app_service_environment_name | [Optional] The NAME of an already existing App Service Environment to deploy the App Service Plan to. | string |
null |
no |
| app_service_environment_resource_group_name | [Optional] The Resource Group NAME of an already existing App Service Environment to deploy the App Service Plan to. Will create a new ASE v3 if not provided. | string |
null |
no |
| application_name | A short name for the workload being deployed | string |
n/a | yes |
| aseAddressPrefix | CIDR prefix to use for ASE | list(string) |
[ |
no |
| bastionAddressPrefix | CIDR prefix to use for Hub VNet | list(string) |
[ |
no |
| deployment_options | [Optional] Deployment options to configure each module with the appropriate features. | map |
{} |
no |
| environment | The environment for which the deployment is being executed | string |
"dev" |
no |
| global_settings | [Optional] Global settings to configure each module with the appropriate naming standards. | map |
{} |
no |
| hubVNetNameAddressPrefix | CIDR prefix to use for Hub VNet | list(string) |
[ |
no |
| jumpBoxAddressPrefix | CIDR prefix to use for Jumpbox VNet | list(string) |
[ |
no |
| location | The Azure location where all resources should be created | string |
"westus2" |
no |
| numberOfWorkers | numberOfWorkers for ASE | number |
3 |
no |
| owner | [Required] Email or unique ID of the owner(s) for this deployment | string |
n/a | yes |
| private_dns_zone_name | [Optional] The NAME of an already existing Private DNS Zone to deploy the App Service Plan to. | string |
null |
no |
| private_dns_zone_resource_group_name | [Optional] The Resource Group NAME of an already existing Private DNS Zone to deploy the App Service Plan to. Will create a new ASE v3 if not provided. | string |
null |
no |
| spokeVNetNameAddressPrefix | CIDR prefix to use for Spoke VNet | list(string) |
[ |
no |
| spoke_vnet_name | [Optional] The VNET NAME of an already existing spoke VNET. | string |
null |
no |
| spoke_vnet_resource_group_name | [Optional] The Resource Group NAME of an already existing spoke VNET. | string |
null |
no |
| tags | [Optional] Additional tags to assign to your resources | map(string) |
{} |
no |
| vmAdminPassword | admin password for the virtual machine (devops agent, jumpbox). If none is provided, will be randomly generated and stored in the Key Vault | string |
null |
no |
| vmAdminUsername | admin username for the virtual machine (devops agent, jumpbox) | string |
"vmadmin" |
no |
| vm_aad_admin_object_id | The Azure AD username for the VM admin account. If vm_aad_admin_username is not specified, this value will be used. | string |
null |
no |
| vm_aad_admin_username | [Optional] The Azure AD username for the VM admin account. If vm_aad_admin_object_id is not specified, this value will be used. | string |
null |
no |
| workerPool | workerPool for ASE | number |
1 |
no |
| Name | Description |
|---|---|
| app_service_default_hostname | n/a |
| app_service_name | n/a |
| aseId | ID of the App Service Environment. |
| aseName | Name of the App Service Environment. |
| hubVNet | Name of the provisioned Hub virtual network. |
| shared-vms | Private IP Addresses and IDs of the provisioned shared virtual machines (DevOps and Jumpbox VMs). |
| spokeVNet | Name of the provisioned Hub virtual network. |