I authored ten unique Azure deployments with terraform available in my GitHub repo. To recap, Infrastructure as Code (IAC) is the ability to create/manage your Azure infrastructure in files. You have options available for writing out an Azure infrastructure. Azure provides ARM templates and bicep to build your infrastructure. Terraform simplifies writing basic to complex Azure deployments. I prefer Terraform as it makes writing an Azure configuration simple.
Each Azure Deployment is available for your own personal development or as part of your enterprise CI/CD pipelines. My GitHub repo is available here: RussMaxwell/MyAzure-TerraformTemplates: Azure Terraform Templates Created by Russmax (github.com) Each environment includes a readme with more details including setup.
This is a very basic setup for an Application Gateway that’s load balancing web traffic to two Azure virtual machine’s running Windows 2016 with IIS installed.
This deployment showcases Azure Firewall by putting it in front of an Azure Virtual Machine to secure inbound and outbound traffic. For inbound traffic, a DNat rule forwards all traffic going to port 4000 to the private IP of the Azure virtual machine via port 3389. For outbound traffic, an Azure Firewall rule allows http/https traffic coming from the Azure virtual network to the internet. In addition, only .com sites can be accessed while (.org/.gov/.net) sites will be blocked.
This deploys an Azure Hub and Scope architecture. It contains a Hub Virtual Network, Scope Virtual Network, and On-Premises environment. The On-Premises environment is simulated in Azure as a Virtual Network. Both site-to-site and peering connections are used to the hub virtual network. Azure Bastion provides connectivity to spoke virtual machine.
This deployment showcases Azure Load Balancer by putting it in front of two Azure Virtual Machines that are part of the same availability set. Inbound web traffic comes in from the internet to Azure Load Balancer and load balanced to one of the Azure Virtual Machines.
This creates an Azure Application Insights resource and Azure Log Analytics Workspace.
AZ_VNET_Peering_Simple and AZ_VNET_Peering_Advanced
Both of these deployments’ setup peering between two virtual networks. The difference between simple and advanced is how I authored them in terraform. Simple contains a single file while advanced makes use of Terraform modules.
This deployment highlights Azure Virtual WAN by routing traffic between two connected virtual networks. No S2S or Peering connections are setup between Azure Virtual Networks. Instead, resources in both Virtual Networks rely on Azure Virtual WAN. Azure Virtual WAN facilitates communication with resources that reside in the remote Virtual Network.
This deployment is ready to host a containerized web application. It includes an App Service Plan and Azure Web Application.
This deployment showcases a traditional frontend and backend. Azure Web Application serves as the frontend while Azure SQL database acts as the backend. It’s ready to host your ASP.Net core application that leverages an Azure SQL Database.
Each Terraform deployment should be setup to run against your desired Azure environment. Most of the deployments include a varitables.tf file where you need to update subscription id, tenant id, and virtual machine credentials. In enterprise scenarios, I would change the credentials portion to ensure you are leveraging Azure Key Vault. Each deployment includes a readme with additional details around what attributes need to be updated.
To deploy a particular Azure environment with terraform, you have several options. The simple approach is using Azure Cloud shell which comes with terraform installed. Azure Cloud Shell requires a storage account. You can upload the terraform files to this storage account’s file share. Launch Azure Cloud Shell which comes with terraform installed. Within Azure Cloud Shell, navigate to the directory containing your terraform files and run the following:
terraform plan -out example.tfplan
terraform apply “example.tfplan”