Terraform Libraries for Azure — Blog 1
This is the first in a short series of stories about the terraform-azurerm module library that we have open-sourced on github. The repository contains common elements that we deploy on Azure and allows us to quickly stand up new Azure deployments.
Background:
I work as a Cloud Architect at Persistent Systems, where we implement Cloud and Code deployments for clients. We have DevOps engineers and Coders working both ends of the deployment. We strive to be cloud native using the latest of Kubernetes and Serverless designs and using SaaS cloud offerings to accelerate time to market for our clients.
In the last couple of years we have been getting more requests for deployments on Azure Cloud. While I view myself as “AWS Native” I’ve spent the last 2 years implementing Azure Architectures with Terraform. We have found that Terraform mostly covers the bases with Azure infrastructure. What is often missing is any real world examples of what all of the parameters to Azure resource mean and what is their syntax. We have spent hours reading blogs, looking through GitHub reports, and have occasionally submitted code to fix AzureRM problems.
As a team we have created a Terraform module library for Azure that can either be used as-is, or can be dissected and studied to learn how to use the Azure resource manager.
We have open sourced our library that we are using to lay down real production infrastructure. We have made a sharp division and created modules that are generic deployments of infrastructure that we intend to use over and over. Unlike a lot of other examples we have found, are modules are designed for production use: We will write to logs wherever possbile, we will enable as many security checkmarks as possible. After deploying our modules, when you look at Azure Security recommendations you should see ‘Green, Green, Green’, and not a laundry list of remediations that you need to implement.
There are some ‘landing-zone’ type modules, that create Azure Resource Groups, configure Azure monitor, Key Vault, etc. Building on top of those landing zones we have a series of modules that create specific parts of infrastructure on top of those landing zone components.
The components that we have modules for is not massive at this point, we are building it as we need for internal projects, and the module library is targeted right now creating an API server.
Azure resources that are pretty well covered at this time are:
- Azure Active Directory (including making “Service Accounts”)
- Azure Kubernetes Services
- Azure API Management (very good coverage of that)
- Azure Application Insights
- Azure Function Applications
- Cosmos Database
- Front Door
- Key Vault
- Log Analytics
- Azure Monitor
- Resource Groups
- Azure Storage
There are 2 git repositories that the team has created:
The main repository is persistent/terraform-azurerm and there is a companion repository with examples of how to use the modules called persistent/terraform-azurerm-samples.
Conclusion:
This story is just to introduce the topic. There will be a series of stories to ease you into using terraform-azurerm and to demonstrate how to deploy specific items using terraform.