terraform azure

Introduction

Hi Welcome to this article, My Name is Ford, I am starting to get hands on experience on DevOps and came across the 10 week cloud ops challenge posted by Piyush Sachdeva

This is week 3 of my 10weekscloudops challenge, And in this article we will automate the deployment of a resilient 2 tier architecture using Terraform and Azure.

What is Terraform?

Terraform is an open-source tool that allows users to safely and efficiently develop, modify, and version infrastructure components:

What it is

Terraform is an Infrastructure as Code (IaC) tool that uses configuration files to describe the desired state of infrastructure. It's used to manage infrastructure across public and private clouds, as well as SaaS services.
How it works

Terraform uses a high-level configuration language called HashiCorp Configuration Language (HCL) to describe the desired infrastructure. It then generates a plan to reach that state and runs the plan to provision the infrastructure.
What it can do

Terraform can:
- Manage infrastructure components, including compute, storage, networking resources, and DNS entries
- Automate the provisioning of firewall policies, databases, and servers
- Implement security and compliance guardrails
- Utilize standardized workflows for consistent infrastructure provisioning, collaboration, and reuse
Who created it

Terraform was created by HashiCorp.
Where it can be used

Terraform can be used on various cloud providers, including AWS, Azure, and GCP, as well as other platforms like VMware and OpenStack

Prerequisites

To follow along in this guide you would need the following:

Azure Account - Azure offers free account. much better if you have a Pay-as-you-go subscription

💡

Note: Azure Account (Free trial) - in a free trial subscription you are limited to use only 4 VCPUs

Terraform Installed - download the latest version from the Terraform website and follow the installation instructions.
Visual Studio Code - install the necessary extensions specially terraform
Azure CLI or WSL - (if using windows machine install wsl)
Git (Optional but Recommended)

Let’s get started

I have a github repository for this guide and on that repository we will use the Week3 subdirectory only that contains the terraform files and modules and necessary items to make this work. but if you wish to download the whole repository you may do so.

git clone https://github.com/annoyedalien/10weekscloudchallenge.git

In case you want to download the week3 subdirectory only you may follow the commands below

#git sparse-checkout

mkdir (your directory)
cd (your directory)
git init 
git remote add -f origin https://github.com/annoyedalien/10weekscloudchallenge.git
git config core.sparseCheckout true
git sparse-checkout set Week3
git pull origin main
cd Week3

Run the initial_setup.sh file

./initial_setup.sh

This will generate a ssh key on the main folder named 'host_key'
create a resource group for the storage account
create a storage account
create a container

You can also modify the parameters for the shell script according to your preference by using vim or nano

The backend.tf file is configured to store that state files on the azure storage account created by the initial_setup.sh.

What are terraform state files

Terraform state files are essential components in Terraform's infrastructure as code (IaC) workflow. They serve several important functions:

Tracking Infrastructure: The state file keeps track of the resources that Terraform manages. It maps the configuration you define in your Terraform scripts to the actual resources in your cloud environment.
Storing Metadata: It stores metadata about your infrastructure, such as resource IDs, dependencies, and attributes. This helps Terraform understand the current state of your infrastructure and plan updates accurately.
Enabling Plan and Apply: When you run terraform plan or terraform apply, Terraform uses the state file to determine what changes need to be made to your infrastructure. It compares the current state (from the state file) with the desired state (from your configuration) to create an execution plan.
Facilitating Collaboration: By storing the state file in a remote backend (like an Azure Storage Account), multiple team members can work on the same infrastructure without conflicts, ensuring consistency and collaboration.
Ensuring Idempotency: The state file helps ensure that Terraform operations are idempotent, meaning that applying the same configuration multiple times will produce the same result without unintended changes.

Storing the Terraform state file in an Azure Storage Account offers several key benefits:

State Locking: When you run terraform apply, Terraform creates a file lock on the state file, preventing other operations from being executed simultaneously. This helps avoid conflicts and ensures consistency
Encryption at Rest: Data stored in Azure Blob Storage is encrypted before being persisted. This adds an extra layer of security, protecting sensitive information contained in the state file
Redundancy and High Availability: Azure Blob Storage replicates data to ensure durability and high availability. This means your state file is protected against data loss and can be accessed reliably
Collaboration: Storing the state file in a remote backend like Azure Storage allows multiple team members to work on the same Terraform configuration without conflicts, facilitating better collaboration

Why use modules in Terraform?

Using Terraform modules is like having a set of reusable building blocks. Once you create a block, you can use it in different projects, which saves you time and keeps everything consistent. Modules also help you stay organized by breaking down your work into smaller, more manageable pieces, rather than having one big, messy file.

They ensure that everything is built the same way every time, like following a recipe to make sure your dish turns out perfect each time. And when you need to make changes, modules make it easy. You update the module, and all the places that use it get updated too, just like updating a template.

Using modules in Terraform offers several advantages:

Reusability: Modules allow you to define reusable components. You can use the same module across different projects, saving time and ensuring consistency.
Organization: They help organize your code by breaking down complex configurations into smaller, manageable pieces. This makes your Terraform code easier to read and maintain.
Consistency: By using modules, you can enforce standards and best practices across your infrastructure. This ensures that resources are created in a consistent manner.
Simplified Management: Modules encapsulate resource configurations, making it easier to manage and update infrastructure. Changes to a module can be propagated across all instances where it's used.
Collaboration: Modules facilitate collaboration by allowing different team members to work on separate parts of the infrastructure without interfering with each other.
Scalability: They make it easier to scale your infrastructure. You can use modules to replicate resources across different environments or regions with minimal effort.

Breakdown of the directory folder

main.tf: This file brings together all the modules you've defined and sets up any additional resources that span across multiple modules, like global networking components.
variables.tf: Just like module-level variables, root-level variables let you customize the overall configuration of your project.
terraform.tfvars: Use this file to store variable values, making it easy to manage and share different configurations.
backend.tf: This file is key for remote state management. It sets up the backend settings, like where and how the Terraform state should be stored remotely, often in cloud storage like Azure Storage, which we've already set up.
providers.tf: Here, you specify the providers you're using, along with any provider-specific settings.

💡

if using a newer version of provider you might need to fill in the details such as subscription, client id, tenant id and etc. You may follow these steps to set it up https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure?tabs=bash#create-a-service-principal
```
  terraform {
    required_providers {
      azurerm = {
        source  = "hashicorp/azurerm"
        version = "4.9.0"
      }
    }
  }

  provider "azurerm" {
    subscription_id = ""
    client_id       = ""
    client_secret   = ""
    tenant_id       = ""

    features {}
  }
```
Deployment of the Infrastructure
1. The terraform init command is the first step you take when working with Terraform. Initializing makes sure that Terraform has all the tools and information it needs to manage your infrastructure properly. Without this step, Terraform wouldn't know how to connect to your cloud provider or where to store its state, and it wouldn't be able to use any modules you've defined.
2. terraform fmt and terraform validate
  - terraform fmt: This command automatically formats your Terraform configuration files to follow a consistent style. It makes your code easier to read and maintain by organizing it in a standard way. Think of it like a spell-checker, but for your Terraform code.
  - terraform validate: This command checks your Terraform configuration files for syntax errors and other issues. It ensures that your code is syntactically correct and that all required variables and resources are properly defined. It's like a pre-flight check to make sure everything is in order before you apply any changes.
3. terraform plan is like a dress rehearsal for your infrastructure changes. It lets you see what will happen without making any actual changes, so you can proceed with confidence.
4. The terraform apply command is where the magic happens in Terraform. Here's what it does:
  - Applies Changes: It takes the execution plan generated by terraform plan and applies those changes to your infrastructure. This means creating, updating, or deleting resources as specified.
  - Interactive Approval: By default, terraform apply will show you the plan and ask for your approval before making any changes. This gives you a final chance to review and confirm the actions Terraform will take.
  - State Update: After applying the changes, Terraform updates the state file to reflect the current state of your infrastructure. This ensures that future plans and applies are based on the most up-to-date information.

In simple terms, terraform apply is like pressing the "go" button. It takes the plan you've reviewed and turns it into reality, making the necessary changes to your infrastructure.

You may go to azure portal to check the deployed resources.

Navigate to the application gateway and copy the public ip address created and paste it on a browser to check if it shows the website hosted by our web VMSS

In my case I used a custom DNS and added an A record to redirect it to the public ip of the application gateway

Clean up

The terraform destroy command is used to completely remove all the resources that Terraform manages. Here's what it does:

Deletes Resources: It identifies all the resources defined in your Terraform configuration and removes them from your infrastructure.
Interactive Confirmation: By default, terraform destroy will show you a plan of what will be destroyed and ask for your confirmation before proceeding. This gives you a chance to review and confirm the deletions.
State Update: After destroying the resources, Terraform updates the state file to reflect that the resources no longer exist. This keeps your state file accurate and up-to-date.

In simple terms, terraform destroy is like hitting the reset button. It removes everything that Terraform has created, allowing you to start fresh if needed.

Special Thanks to
Joel Oduyemi for providing the guide, since it was last year I have modified some of the terraform script to make it up to date.
piyush sachdeva for the 10weekscloudopschallenge

Utilizing Terraform to automate the deployment of a Resilient 2-Tier Architecture On Azure

Table of contents