Transcription
Managing Microsoft Azure Applications and Infrastructure with TerraformCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Next Sect ion s
Managing Microsoft Azure Applications and Infrastructure with TerraformCourse NavigationDeployin g VM sSection 6Deployin g WebApplicat ion sDeployin g Dat abaseI n st an cesSection 7Section 8Back t o M ain
IntroductionCou r se I n t r oCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Next Sect ion sCour se IntroInt roCourseCou r se I n t r odu ct ionAbou t t h e Tr ain in g Ar ch it ectThis is an interm ediate level course so prior Azure Cloudadm inistration, DevOps knowledge, and concept fam iliarity isrecom m ended, however, no prior experience with Terraform isneccessary to com plete this course. The m ajority of this coursewill focus on standard Azure infrastructure resourcedeployem ent as well as som e basic Azure DevOps operations.Additionally, we will cover a few best-practices to help you useTerraform in a way that will best suit your use requirem ents.Hi there, m y nam e is Russell Croft and I've been in IT for over 25years. I began m y career as a bench tech, m oved quickly intosystem adm inistration and I've been supporting IT infrastructureat all levels of the enterprise ever since.I was an IT contractor for m any years, working with com paniesas sm all as a two person dentist office to m ulti-nationalcorporate enterprises.The last fourteen years I've been working in higher education,focussed prim arily on infrastrucure and security, with the lastfew years as a Cloud Architect.In m y career, I've com e to value the im portance of good trainingm aterials and I'm very happy to have the opportunity to helpprovide the tools and techniques you need to advance in yourchosen field.Thank you for taking this course. Now let 's get started!Ru ssell Cr of tAzure Training ArchitectBack t o M ain
Terraform Installation and Configuration in an Azure Environm entBasic Ter r af or m I n st allat ionCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Basic TerraformBasicTer r af or mInstallationI n st allat ionTerraform State Storage: Local vs. Rem oteDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Terraform Authorization Methods in AzureNext Sect ion sBack t o M ainShared State Files: Security and EncryptionInstalling Terraform is a pretty straightforward procedure. Just go to https://www.terraform .io/downloads.htm l and download the version that fits your OS.Unpack the file, add the location to your PATH, and you?re ready to go.It also happens that Azure supports Terraform natively within the Azure CLI, so that ?s what we?re going to focus on for m uch of this course. Feel free to usewhatever text editor you prefer for writing in Terraform's HCL. I generally use VSCode, but plenty of folks out there use Notepad , VIM, or even one ofthe text editors native to the CLI itself. Also, m ake sure you have a resource group and (I recom m end) a dedicated storage account in order touse the Azure CLI.
Terraform Installation and Configuration in an Azure Environm entTer r af or m St at e St or age: Local vs. Rem ot eCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Basic Terraform InstallationTerTerraformr af or m StateSt at eStorage:St or age:LocalLocalvs.vs.RemRemoteot eDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Terraform Authorization Methods in AzureShared State Files: Security and EncryptionLocal St at ePros:- Only one person m aking state file changes- Sim pler file location to rem em ber- Reasonably secure (workstation access only)Cons:- State files not easily shared with other adm ins- Workstations are m ore prone to being com prom ised due to hardware issues or loss of personnel- Others m ay have elevated access to a workstation that m ay not be Azure adm ins. (Dom ain adm ins, desktop support personnel, etc.)- Workstations are not com m only backed upRem ot e St at ePros:- One source/repository for state files. (Ensures the team is using the sam e source files for operations)- Greater security options (encryption, (IAM) role access, restricted network access)- More options for backups/redundancy- Less susceptible to hardware or personnel loss- Allows m ore users access to Terraform files and allows for version controlCons:- Adds com plexity to configurations and file access (creation of service principal or m anaged for access)- Version control becom es m ore im portant/problem atic- Access to rem ote state files are subject to service outagesNext Sect ion sBack t o M ain
Terraform Installation and Configuration in an Azure Environm entTer r af or m Au t h or izat ion M et h ods in Azu r eCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Basic Terraform InstallationTerraform State Storage: Local vs. Rem oteDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Terr af or m AuthorizationAu t h or izat ionMethodsM et h odsAzu r eTerraformin inAzureNext Sect ion sBack t o M ainShared State Files: Security and EncryptionTer r af or m su ppor t s a f ew dif f er en t m et h ods f or Azu r e au t h en t icat ion :The sim plest and quickest m ethod is to use the Azu r e CLI . Terraform is supported natively by the CLI, and state files live in the storage account used by the accountthat was used for logging in. By default, this has the benefit of saving your production files in Azure, thereby elim inating m any of the concerns of having Terraformfiles stored locally. However, it also m eans that each adm in logging in to CLI to use Terraform will be doing so with an independent Terraform code base. This isn'treally a problem for single-adm in shops, one-off deploym ents for short term environm ents, or where adm ins have clearly defined (separate) areas of work. Two orm ore adm inistrators working in the sam e space, however, and there can be confusion.The standard (best practice) for Terraform authentication is to use a Ser vice Pr in cipal. This allows users and developers to deploy resources via Terraform withouttheir personal accounts needing perm ission to m ake changes to the Azure environm ent. Use of a Service Principle also supports Rem ote State storage and"backend" features, such as state locking (preventing conflicting changes to occur sim ultaneously) and rem ote operations, which allow larger deploym ents to runindependently of the workstation that applied them . When using the Azure CLI or a single workstation, the "backend" is considered to be local.M an aged Ser vice I den t it ies are another way for Terraform to authenticate with Azure. This is a relatively new feature that som ewhat sim plifies the auth processbut still creates a Service Principal to support its functionality. It still has lim itations as to what applications are supported, so the extra steps (like key exchange) aregenerally considered worth it for advanced Terraform users.For this course, we'll be using the Azure CLI to perform the Terraform operations since the focus is on what Terraform does as its core functionality ? deployinginfrastructure!Click here for a link to AzureRM Backend configurations.
Terraform Installation and Configuration in an Azure Environm entTer r af or m Au t h or izat ion M et h ods in Azu r eCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Basic Terraform InstallationTerraform State Storage: Local vs. Rem oteAn easy way to set up rem ote state file storage in Azure is to attach it to a blobstorage container. An im m ediate benefit to this is that Azure providesautom atic encryption at rest. To set up rem ote state storage, create aTerraform "backend" statem ent to designate the rem ote location of your statefile. Just put the resource group, storage account, and storage containernam e in the mai n. t f file in the form at below and rerun Ter r af or m i ni t ,answering "yes" to the prom pt asking if you wish to copy the local state file tothe new location. Make sure to run Ter r af or m i ni t before updating themai n. t f file with the backend storage configuration. It 's likely you havealready done this if you used Terraform to create the storage container youintended on using as the "backend" storage for the t er r af or m. t f st at e file.To m ove the state file back to local storage, sim ply # the Terraform "backend"section you added initially, again answering "yes" to the copy question.# Edit the m ain.tf for rem ote state storageprovider "azurerm" {version 1.38}terraform {backend "azurerm" {resource group nam e "TFResourceGroup"storage account nam e "storage4terraform"container nam e "statefile"key "terraform .tfstate"}}Click here for a link to AzureRM Backend configurations.Deployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Terraform Authorization Methods in AzureNext Sect ion sBack t o M ainSharedSh ar edStateSt at eFiles:Files:SecuritySecu r itandy anEncryptiond En cr ypt ionState File SecurityOnce rem ote state file storage is in place, you have a num ber of options to protect your state file data:En cr ypt ion at r est - All Azure blob storage is AES 256 encrypted.Sn apsh ot s of st at e f ile dat a - Routine snapshotting of the state file protects against accidental file deletion.Apply a Delet e Lock t o t h e st or age accou n t - Only accounts with "Owner " role access will be able to rem ove the lock and deletethe state file blob. If you ensure that you never perform Terraform activity with an "Owner " account, you'll prevent accidentaldeletion.Role Access (I AM ) r est r ict ion s - If a Service Principle or Managed Service Identity is being used for Terraform activity, you canrestrict storage account access to only those accounts. As m entioned above, m ake sure not to set those accounts with "Owner "access.Select ed Net w or k Access t o t h e St or age Accou n t - If using Terraform from a specific VM or VMs, you can restrict access to onlythose VNETs and Subnets that contain those VMs. Additionally, you can "whitelist " specific IP addresses both inside and outsideyour on-prem ise networks.Su ggest ion : Use your preferred GIT Repo or version control software to keep your "working" Terraform files organized andunder control. Additionally, you can use Terraform Cloud for version control, found at:https://www.terraform .io/docs/cloud/index.htm l
Deploying Azure Resource Groups and TagsDeploy Resou r ce Gr ou psCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deploy ResourceDeployResou r ceGroupsGr ou psDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Next Sect ion sBack t o M ainTaggingDeploying a Resource Group is a pretty standard procedure. The exam ple below shows the m inim um inputs necessary for Resource Group creation.provider "azurerm" {}resource "azurerm resource group" "rg" {name "TFResourceGroup"location "eastus"}
Deploying Azure Resource Groups and TagsTaggin gCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deploy Resource GroupsDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Next Sect ion sBack t o M ainTagginTagginggWhen you want to add a tag to a resource you're deploying, sim ply add a t ags value to the resource as seen in the red box below. You'll use this sam e form at for anything youdeploy with Terraform . Rem em ber to close t h e br ack et s after your tag variables!If you want to update a resource you've already deployed, you can add the tag variables to the original. t f file you used to create it, and run t er r af or m pl an to ensure yourchanges will take place and then apply it again.provider "azurerm" {}resource "azurerm resource group" "rg" {nam e "TFResourceGroup"location "eastus"tags {environm ent "Terraform"deployedby "Adm in"}}
Deploying Azure Storage ResourcesDeploy Azu r e St or age Accou n t sCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deploy AzureDeployAzu r eStorageSt or ageAccountsAccou n t sDeploying Recovery Service VaultsDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Here is a sam ple of code where you enter in the r esou r ce n am es without creating a prom pt whenappl y is run. This is m ore appropriate when Terraform is being used to m anage infrastructure.Please note, as long as you have the variable declarations in your . t f file, Terraformwill prom pt you for them ever y t im e you run an appl y job. This can cause you tounintentionally destroy the resources you created the first tim e you ran appl y . If youuse this to create a m ore perm anent resource, you'll want to go back and rem ove thevariable calls and enter the actual nam es of the resource you created. This form at ishandy when creating one-off resources such as in dev/test environm ents as well aswhen handing over a . t f file to less technical users.variable "ResourceGroup" {}variable "Storage Account Nam e" {}resource "azurerm storage account " "sa" {nam e var.Storage Account Nam eresource group nam e var.ResourceGrouplocation var.regionaccount tier "Standard"account replication type "GRS"resource "azurerm storage account " "sa" {nam e "Storage Account Nam e"resource group nam elocationaccount tier "Resource Group" "Location/Region" "Standard"account replication type "GRS"tags {environm ent "Terraform Storage"tags {environm ent "Terraform Storage"CreatedBy "TF Adm in"}}Back t o M ainDeploy File Shares and BlobsBelow is an exam ple of Terraform code that will prom pt you for the Region, ResourceGroup Nam e, and the Storage Account nam e you're going to use to create the storageaccount. The v ar i abl e declaration triggers the prom pt when you run eitherTer r af or m plan or Ter r af or m apply.variable "region" {}Next Sect ion sCreatedBy "TF Adm in"}}
Deploying Azure Storage ResourcesDeployin g Recover y Ser vice Vau lt sCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deploy Azure Storage AccountsDeployinDeployingg RecoverRecoveryy ServiceSer viceVaultsVau lt sDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Deploy File Shares and BlobsRecover y Ser vice Vau lt s are the next step after storage account creation. As with storageaccounts, you'll only need som e basic inform ation to set up deploym ent.Below is an exam ple of a Recovery Service Vault referencing a pre-existing resource groupin which to deploy the vault.resource "azurerm recovery services vault " "vault " {nam e "Terraform -recovery-vault "location "East US"resource group nam e "TFResourceGroup"sku} "Standard"Next Sect ion sBack t o M ain
Deploying Azure Storage ResourcesDeploy Azu r e File Sh ar eCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deploy Azure Storage Accountsvariable"resgrp"{variable"resgrp"Deploying Recovery Service VaultsDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Back t o M ainDeployDeployFileFileShSharesar es anandd BlobsBlobs{description "Copy and paste the resource group nam e from the portal."} description "Copy and paste the resource group nam e from the portal."variable"storageaccount " {}description "Enter a unique nam e for the storage account that will be used for the file share"variable"sharenam e" {}variable"container " { "Enter the nam e of the file share to be created"descriptiondescription "Enter container nam e"}}variable "storageaccount " {resource "azurerm storage account " "new " {description "Entera unique nam e for the storage account that will be used for the file share"nam e var.storageaccountresource group name var.resgrp}location"eastus"resource"azurerm storage account" "exam ple" {account tier "Standard"name var.storageaccountaccount replication type "LRS"} resource group nam e var.resgrplocation "eastus"resource "azurerm storage container " "new " {name var.containeraccount tier "Standard"storage account nam e var.storageaccountaccount replication type "LRS"container access type "private"}}resource "azurerm storage blob" "new " {resource"azurerm storage share""exam ple" {nam e "newTFblob"resource group name var.resgrpnam e var.sharenam estorage container nam e var.containerstorage account name azurerm storage account.exam ple.nam etype "Block"} quota 50}Next Sect ion sIn this section, we're going to create a 50GB file share as well as som eblob storage. If you already know what resource group, storageaccount, and file share nam e to use, then you can skip the variabledeclarations so that the code for the file share would read m ore likethis:resource "azurerm storage account " "exam ple" {nam e "awesom estorageaccount "resource group nam e "resourcegroupforstorage"location "eastus"account tier "Standard"account replication type "LRS"}resource "azurerm storage share" "exam ple" {nam e "awesom eshare"storage account nam e azurerm storage account.exam ple.nam equota 50
Deploying Network ResourcesDeployin g VNETs an d Su bn et sCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deployingg VirtualDeployinVir t u alNetworksNet w or kands anSubnetsd Su bn et sDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Next Sect ion sBack t o M ainCreate and Configure Network Security GroupsMany IT departm ents will m aintain a "tem plate" for VNET/Subnet configurations to allowfor rapid deploym ent of their virtual network infrastructure for infrastructure exapansion orfor dev/test environm ents or even ad hoc networks for dem os or UAT, User AcceptanceTesting. Just change the network addressesThe only prerequisite for deploying a virtualnetwork (VNET) is a resource group.Below is an exam ple of a standalone VNETdeploym ent.Subnets require an existing VNET withsufficient address space.Below is an exam ple of a Subnet deploym entwith a pre-existing VNET.# Create virtual network# Create subnetresource "azurerm virtual network" "m yterraform network"{nam e "m yVnet "address space ["10.0.0.0/16"]location "westus"resource group nam e "TFResourceGroup"}resource "azurerm subnet " "tfsubnet " {nam e "m ySubnet "resource group nam e "TFResourceGroup"virtual network nam e "m yVnet "address prefix "10.0.1.0/24"}If you wish to create the vnet and subnet together,use the form at:azu r er m vir t u al n et w or k .TFNet .n am e (as below )for the value of "virtual network nam e" andTerraform will ensure that the vnet is created beforeit continues with the subnet creation. If you were tosim ply put the first and second exam ples together,the subnet creation would fail as it would notrecognize the vnet dependency.resource "azurerm virtual network" "TFNet " {nam e "m yVnet "address space ["10.0.0.0/16"]location "East US"resource group nam e "TFResourceGroup"}resource "azurerm subnet " "m yterraform subnet " {nam e "m ySubnet "resource group nam e "TFResourceGroup"virtual network nam e azurerm virtual network.TFNet.nam eaddress prefix "10.0.1.0/24"}
Deploying Network ResourcesCr eat e an d Con f igu r e Net w or k Secu r it y Gr ou psCourse NavigationI n t r odu ct ionSection 1Ter r af or m I n st allat ionan d Con f igu r at ion inan Azu r e En vir on m en tDeployin g Azu r eResou r ce Gr ou ps an dTagsSection 2Section 3Deploying Virtual Networks and SubnetsDeployin g Azu r eSt or age Resou r cesDeployin g Net w or kResou r cesSection 4Section 5Next Sect ion sBack t o M ainCreateCreat e andan dConfigureCon f igu r eNetworkNet w or Securityk Secu r itGroupsy Gr ou psSetting up an NSG is less about the NSG itself and m ore about the Inbound/Outbound rulem anagem ent. Azure doesn?t let you renum ber network security group inbound/outboundrules easily. You have to delete them and recreate them if you need to renum ber them . Thishas sent m any an Adm in into fits of rage and has m ore than once been the justification forintegrating m ore costly software and/or virtual appliances for subnet traffic rules.If Ter r af or m is used to deploy NSG rules, then an Adm in can renum ber a given set of trafficrules very quickly.Take the exam ple to the right. Let 's suppose we've deployed som e inbound rules for webtraffic into an NSG, but later discover that we need to insert a rule in between the 1000 and1001 priority. Sim ply by re-ordering the priorities on the rules affected by the change andre-running the Ter r af or m Apply, the NSG will get updated with m inim al im pact to thenetwork. It 's m uch easier to edit a . t f file than to go through what m ay be hundreds ofm anual NSG rule changes.Go to network security rule.html for the list ofoptional settings for NSG rules.r esour ce " azur er m net wor k secur i t y gr oup" " nsg" {name " Test NSG"l ocat i on " East US"r esour ce gr oup name " TFResour ceGr oup"}r esour ce " azur er m net wor k secur iname pr i or i t y di r ect i on access pr ot ocol sour ce por t r ange dest i nat i on por t r ange sour ce addr ess pr ef i x dest i nat i on addr ess pr ef i x r esour ce gr oup name net wor k secur i t y gr oup name }t y r ul e" " exampl e1" {" Web80"1001" I nbound"" Al l ow"" Tcp""*"" 80""*""*"" TFResour ceGr oup"azur er m net wor k secur i t y gr oup. nsg. namer esour ce "azurerm network security rule" " exampl e2" {name " Web8080"pr i or i t y 1000di r ect i on " I nbound"access " Deny"pr ot ocol " Tcp"sour ce por t r ange "*"dest i nat i on por t r ange " 8080"sour ce addr ess pr ef i x "*"dest i nat i on addr ess pr ef i x " * "r esour ce gr oup name " TFResour ceGr oup"net wor k secur i t y gr oup name azur er m net wor k secur i t y gr oup. nsg. name}
Deploying VMsDeployin g Azu r e VM sCourse NavigationDeployin g VM sSection 6Deployin g WebApplicat ion sDeployin g Dat abaseI n st an cesSection 7Section 8Back t o M ainDeployingg AzureDeployinAzu r eVMsVM sdata "azurerm subnet " "tfsubnet " {nam e "m ySubnet "virtual network nam e "m yVnet "resource group nam e "TFResourceGroup"}resource "azurerm public ip" "exam ple" {nam e "pubip1"location "East US"resource group nam e "TFResourceGroup"allocation m ethod "Dynam ic"sku "Basic"}resource "azurerm network interface" "exam ple" {nam e "forge-nic" #var.nic idlocation "East US"resource group nam e "TFResourceGroup"ip configuration {nam esubnet idprivate ip address allocationpublic ip address id "ipconfig1" azurerm subnet.tfsubnet.id "Dynam ic" azurerm public ip.exam ple.id}}resource "azurerm storage account " "sa" {nam e "forgebootdiags123" #var.bdiagresource group nam e "TFResourceGroup"location "East US"account tier "Standard"account replication type "LRS"}This section assigns the .id value for theazur er m subnet . t f s ubnet callduring the i p c onf i gur at i on section.Creates a public IP address that can beadded to the VM NIC with m anualentries for the nam e, location, andresource group.This section creates the NIC.This section sets the IP info for the NICthat is being created. Note that thesubnet i d value calls the nam e set bythe data assignm ent set at thebeginning.This section creates the boot diagnosticstorage account for the VM.resource "azurerm virtual m achine" "exam ple" {nam e "forge" #var.servernam elocation "East US"resource group nam e "TFResourceGroup"network interface ids [azurerm network interface.exam ple.id]vm size "Standard B1s"delete os disk on term ination truedelete data disks on term ination falsestorage im age reference {publisher "Canonical"offer "UbuntuServer "sku "16.04-LTS"version "latest "Now that the prerequisites set in the}storage os disk {previous sections have been created,nam e "osdisk1"can now deploy the actual VM.disk size gb "128"caching "ReadWrite"create option "From Im age"m anaged disk type "Standard LRS"}os profile {com puter nam e "forge"adm in usernam e "vm adm in"adm in password "Password12345!"}os profile linux config {disable password authentication false}boot diagnostics {enabled "true"storage uri azurerm storage account.sa.prim ary blob endpoint}}we
Deploying Web ApplicationsDeployin g a Web Applicat ionCourse NavigationDeployin g VM sSection 6Deployin g WebApplicat ion sDeployin g Dat abaseI n st an cesSection 7Section 8Back t o M ainDeployingg aaWebDeployinWebApplicationApplicat ionresource "azurerm app service plan" "svcplan" {nam e "newweb-appserviceplan"location "eastus"resource group nam e "TFResourceGroup"Here we have a deploym ent for a dot NET w eb applicat ion .sku {Just as via the Azure portal, an app service plan needs to be created for theapplication, with the Tier and SKU size indicated as well.tier "Standard"size "S1"}}resource "azurerm app service" "appsvc" {nam e "custom -tf-webapp-for-thestudent "location "eastus"resource group nam e "TFResourceGroup"app service plan id azurerm app service plan.svcplan.idsite config {dotnet fram ework version "v4.0"scm type}} "LocalGit "The si t e conf i g section in this exam ple is optional since these settings canbe configured after the application service has been deployed. However, them ore inform ation you have about how to configure the app, the quicker yourdevelopers will be up and running.Additional inform ation about the optional settings available for applicationdeploym ents can be found here.
Deploying Database InstancesDeployin g Dat abase I n st an cesCourse NavigationDeployin g VM sSection 6Deployin g WebApplicat ion sDeployin g Dat abaseI n st an cesSection 7Section 8Back t o M ainDeployingg DatabaseDeployinDat abaseInstancesI n st an cesr es our c e " az ur er m my s ql s er v er " " ex ampl e" {name " my s ql - t er r af or ms er v er - 1"l oc at i on " eas t us "r es our c e gr oup name " TFRes our c eGr oup"sku {name " B Gen5 2"c apac i t y 2t i er " Bas i c "f ami l y " Gen5"}MariaDB is virtually identical to MySQL. Only the azurerm resource(azu r er m m ar iadb ser ver ) and the version num ber (as appropriate toMariaDB) are different.s t or age pr of i l e {s t or age mb 5120bac k up r et ent i on day s 7geo r edundant bac k up " Di s abl ed"}admi ni s t r at or l ogi nadmi ni s t r at or l ogi n pas s wor dv er s i ons s l enf or c ement " my s ql admi nun"" eas y t ol ogi n4onc e! "" 5. 7"" Enabl ed"}r es our c e " az ur er m my s ql dat abas e" " ex ampl e" {name " ex ampl edb"r es our c e gr oup name " TFRes our c eGr oup"s er v er name az ur er m my s ql s er v er . ex ampl e. namec har s et " ut f 8"c ol l at i on " ut f 8 uni c ode c i "}Alert!Terraform 0.12 does not currently support m anaged SQLinstance creation in Azure. It can only be used to createMySQL databases on existing servers.
Terraform Installation and Configuration in an Azure Environment. Back to Main. Basic Terraform Installation Terraform State Storage: Local vs. Remote Terraform Authorization Methodsdin Azure. Terraform Installation and Configuration in an Azure Environment. Section 2. Deploying Azure Resource Groups and Tags. Section 3. Deploying Azure Storage .
