Terraform - Automate Infrastructure on Any Cloud. https://www.terraform.io/
Preparation:
Visual Studio Code + HashiCorp Terraform extension
Provider
Provider for the environment is always in the first position. We take Azure Provider as an example. The Azure Provider can be used to configure infrastructure in Microsoft Azure using the Azure Resource Manager API's. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs. We could create a "provider.tf" to cover the configuration:
# We strongly recommend using the required_providers block to set the
# Azure Provider source and version being used
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=3.0.0"
}
}
}
# Configure the Microsoft Azure Provider
provider "azurerm" {
features {}
}
# Create a resource group
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
# Create a virtual network within the resource group
resource "azurerm_virtual_network" "example" {
name = "example-network"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
address_space = ["10.0.0.0/16"]
}
Provider Data
How to access current provider data? That's Data Source: azurerm_client_config. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config. Define the data and use it like the code shows.
data "azurerm_client_config" "current" {
}
output "account_id" {
value = data.azurerm_client_config.current.client_id
}
Resources
Define resources you want, like:
# Resource Group
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group
resource "azurerm_resource_group" "example" {
name = "example"
location = "West Europe"
}
# Key Vault
resource "azurerm_key_vault" "kv" {
name = "KV"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = false
enabled_for_deployment = true
enabled_for_template_deployment = true
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "standard"
network_acls {
default_action = "Allow"
bypass = "AzureServices"
}
}
# Service bus namespace
resource "azurerm_servicebus_namespace" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = "Standard"
}
# Service bus topic
resource "azurerm_servicebus_topic" "example" {
name = "example"
namespace_id = azurerm_servicebus_namespace.metro60_namespace.id
enable_partitioning = true
}
Variables
https://developer.hashicorp.com/terraform/language/values/variables
Each input variable accepted by a module must be declared using a variable block:
variable "image_id" {
type = string
description = "The id of the machine image (AMI) to use for the server."
default = "abc"
validation {
condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-"
error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
}
}
# Local variables within modules
locals {
image_id_len = length(var.image_id)
}
Then we could use "var.image_id" and "local.image_id_len" for institution in the codes.
Git ignore
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Local .terraform directories
**/.terraform/*
# Local .tfstate files
*.tfstate
*.tfstate.*
**/override.tf
*.terraform.lock.hcl
Top comments (0)