Using Terraform to deploy infrastructure on Microsoft Azure

Using Terraform to deploy infrastructure on Microsoft Azure

In this article, we will provide a practical end-to-end example of using Terraform to deploy infrastructure on Microsoft Azure. We will also share some best practices, common problems you might encounter when first starting, and how to troubleshoot them. Let’s go!

What we will cover:

• What is Terraform?
• What is Microsoft Azure?
• Why use Terraform on Azure?
• How to run Terraform with Azure
• Best practices for using Terraform with Azure
• Troubleshooting common issues when running Terraform on Azure
• Example: Kubernetes deployment with Terraform on Azure
• What is Terraform?

Terraform is an infrastructure-as-code (IaC) tool that allows you to define and provision data center infrastructure using a declarative configuration language. It supports multiple cloud providers, including Microsoft Azure. Using Terraform on Azure, you can create, manage, and update resources like virtual machines, storage accounts, and networking interfaces, ensuring consistent and reproducible infrastructure deployment across different environments. 

Terraform integrates well with automation tools and CI/CD pipelines. As part of your development workflow, you can leverage Terraform scripts to automate infrastructure provisioning and configuration changes.

A typical Terraform workflow involves three main steps: writing the infrastructure as code in configuration files, initializing and planning to preview the changes, and applying those changes to provision the infrastructure.

Basic Terraform commands — quick reference

Here are some common commands you will use in Terraform:

terraform init — Initialize the Terraform working directory. It fetches required plugins and prepares the environment for other commands.

terraform plan — Generate an execution plan outlining the changes Terraform will make based on your configuration files. It shows what will be created, updated, or destroyed.

terraform apply — Apply the planned changes to your infrastructure based on the Terraform configuration. Review the plan carefully before applying.

terraform destroy — Destroy the infrastructure managed by Terraform. Use with caution, as it can permanently remove resources.

terraform show — Show details about a specific resource or the current state of your infrastructure.

terraform state rm <resource name> — Remove a resource from Terraform state management.

terraform state refresh — Refresh the Terraform state to match the actual state of your infrastructure in the cloud provider.

terraform fmt — Reformat your Terraform configuration files to follow the standard coding style.

terraform validate — Validate your Terraform configuration for syntax errors.

terraform get <provider> — Download and install plugins for specific providers (optional argument to specify a provider).

What is Microsoft Azure?

Microsoft Azure is a cloud computing platform developed by Microsoft. It offers a wide range of services, including computing, analytics, storage, and networking, that allow you to build, deploy, and manage applications across a global network of data centers. Users pick and choose from these services to develop and scale new applications or run existing ones.

Common use cases for the Azure public cloud include building and deploying web and mobile applications, developing and deploying cloud-native applications, storing and managing data, and creating and managing virtual machines.

Microsoft Azure features

• Microsoft Azure offers over 200 products and services.
• Azure supports all languages and frameworks, allowing you to develop how you want and deploy where you need to.
• Whether on-premises or across multiple clouds, Azure meets you where you are. It provides services designed for hybrid cloud environments.
• Azure prioritizes security, compliance, and privacy.

Why use Terraform on Azure?

Terraform allows you to define your infrastructure in code, making it versionable, repeatable, and auditable. You can manage your Azure resources using declarative configuration files. Compared with Azure Resource Manager (ARM) templates, Terraform can be more concise and easier to maintain for complex infrastructure deployments.

Note that Terraform is cloud-agnostic, so you can use the same language to provision resources across Azure, AWS, Google Cloud, and other providers. It also supports hybrid scenarios, seamlessly integrating on-premises and cloud environments. This flexibility is a key reason why many organizations choose to use Terraform as their preferred IaC tool. 

Terraform has a dedicated Azure provider (azurerm) that supports a wide range of Azure resources, allowing you to manage Azure services comprehensively, and it also integrates well with Azure DevOps, enabling you to create CI/CD pipelines for automated deployment and management of your Azure infrastructure.

Terraform ensures consistent resource provisioning. You define the desired state, and Terraform handles the actual deployment, reducing configuration drift. At the same time, Terraform automatically manages resource dependencies. For example, if you create a virtual machine that requires a virtual network, Terraform ensures the network is provisioned first.

Terraform maintains a state file that tracks the actual Azure infrastructure state. This helps with tracking changes, collaboration, and understanding the current environment.

Lastly, Terraform has a vibrant community and a rich ecosystem of providers and modules. You can find pre-built modules for common Azure services, saving time and effort.

How to run Terraform with Azure

To run Terraform with Azure, follow the steps below:

1. Install the Azure CLI tool.
2. Install Terraform.
3. Connect to Azure.
4. Configure the Terraform Azure provider.
5. Create and add an Azure resource group.
6. Verify the results.
7. Clean up.

1. Install the Azure CLI tool

First, we need to install the Azure CLI tool.

Windows:

Head to the Microsoft download page.

Choose the appropriate installer for your system (32-bit or 64-bit) and download the installer file (.msi).

macOS or Linux:

Open a terminal window and run the following command:

curl -sL https://aka.ms/install-azure-cli | bash

Or using homebrew: 

brew install azure-cli

After installation, confirm it has been successful:

az --version

If the installation was successful, you should see the installed Azure CLI version displayed.

2. Install Terraform

Visit the official Terraform download page.

Select the appropriate version for your operating system (Windows, macOS, or Linux) and architecture (32-bit or 64-bit). Download the installer file (typically a .zip archive for Windows/macOS or a .tar.gz archive for Linux).

Most distributions also offer Terraform packages through package managers. This can be a convenient way to install and update Terraform.

Ubuntu/Debian: sudo apt install terraform

RedHat/CentOS: sudo yum install terraform

macOS (Homebrew): brew tap hashicorp/tap && brew install hashicorp/tap/terraform

chocolatey (Windows): choco install terraform

Verify Terraform is installed:

terraform --version

If the installation was successful, you should see the installed Terraform version displayed.

If you need more help with your Terraform installation, check out How to Download & Install Terraform on Windows, MacOS, Linux.

3. Connect to Azure

After installing the Azure CLI, you need to log in to your Azure account using the az login command. Follow the prompts to authenticate and complete the login process.

az login

If you have multiple Azure subscriptions, you can set your subscription to use for subsequent commands:

az account set --subscription <subscription_id_or_name>

4. Configure the Terraform azurerm provider

The Azure provider is configured in a Terraform configuration file using the azurerm provider configuration block. Create a Terraform configuration file named main.tf (or a name of your choosing) in your project directory.

provider "azurerm" {
  features {}
  # Replace with your Azure subscription ID
  subscription_id = "<your_subscription_id>"
  # Optional: Choose the desired Azure environment from [AzureCloud, AzureChinaCloud, AzureUSGovernment, AzureGermanCloud]
  # environment = "AzureCloud"
  # Optional: Set the Azure tenant ID if using Azure Active Directory (AAD) service principal authentication
  # tenant_id = "<your_tenant_id>"
  # Optional: Set the client ID of your AAD service principal
  # client_id = "<your_client_id>"
  # Optional: Set the client secret of your AAD service principal
  # client_secret = "<your_client_secret>"
}

You can optionally configure authentication using an Azure Active Directory (AAD) service principal by providing tenant_id, client_id, and client_secret. This is a more secure approach compared with using your Azure subscription credentials directly. To avoid hardcoding these in the configuration file, you can set them as environment variables:

export ARM_CLIENT_ID="xxxxx"
export ARM_CLIENT_SECRET="xxxxx"
export ARM_SUBSCRIPTION_ID="xxxxx"
export ARM_TENANT_ID="xxxxx"

5. Create and add an Azure resource group

Add the configuration for the Azure resource group to your configuration file using the azurerm_resource_group block.

resource "azurerm_resource_group" "example_group" {
  name     = "my-resource-group"
  location = "uksouth"
  tags = {
    environment = "dev"
  }
}

In your terminal window, navigate to your Terraform project directory.

Run the command terraform init to initialize Terraform.

Run the command terraform plan to see the changes Terraform will make. This will show you the creation of the resource group. If the plan looks good, run terraform apply to create the resource group in your Azure subscription.

6. Verify the results

Log into the Azure portal and navigate to the Resource Groups section to see your newly created resource group with the specified name and location.

7. Clean up

If you no longer need the resource group, you can remove it using Terraform by running terraform destroy.