My journey learning Terraform to deploy workloads in Microsoft Azure continues. If you missed the previous posts, please visit the links below.
Part 1: Terraform with Azure – How to install Terraform
Part 2: Terraform with Azure – How to install Azure cli
Part 3: Terraform with Azure – How to Install Visual Studio Code
Part 4: Terraform with Azure – How to install Azure Terraform Plugin in Visual Studio Code
Part 5: Terraform with Azure – Install Git and initialise repository
Part 6: Terraform with Azure – Deploy resources in Azure
Part 7: Terraform with Azure – Deploy a variables file in Terraform
Part 8: Terraform with Azure – Deploy terraform.tfvars file
In this blog post I will go through the process of deploying a VNET, Subnet and a NSG in Azure.
Reminder:
Terraform documentation is great to get started with deploying resources in Microsoft Azure. Check out the following Terraform link for sample code – Docs overview | Terraform Registry
Let’s get started,
- Access the Terraform Registry website and locate virtual network – Terraform Virtual Network
- Below is the sample code provided by Terraform (link provided in step 1 above). I don’t require the resource group block as I have created one as part of my previous blog post, therefore, it has been removed from the code below.
resource "azurerm_network_security_group" "example" {
name = "example-security-group"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
subnet {
name = "subnet1"
address_prefix = "10.0.1.0/24"
}
subnet {
name = "subnet2"
address_prefix = "10.0.2.0/24"
security_group = azurerm_network_security_group.example.id
}
tags = {
environment = "Production"
}
}
3. I will replace some of the code so it fits with what what I am doing, such as to include my existing resource group, location (UK South) and to make use of additional variables.
I’ll work through each block of code starting with the Network Security Group (NSG)
- Line 2: I replace “example”, with “demo”
- Line 3: I create a variable in my variables.tf file and include the value in my terraform.tfvars file. I then replace “example-security-group” with my newly created variable.
- Line 4: I use an existing variable I created in a previous blog post
- Line 5: I use an existing variable I created in a previous blog post
1. #Create Network Security Group (NSG)
2. resource "azurerm_network_security_group" "demo" {
3. name = var.nsg_name
4. location = resource_group_location
5. resource_group_name = resource_group_name
}
Below are screenshots of my variables.tf and terraform.tfvars file
4. Save changes. I move onto the next block of code I copied from the Terraform website. The virtual network (VNET),
- Line 2: Replace “example” with “demo”
- Line 3: Create a variable for network name, I replace “example network” with var.network_name
- Line 4: I use my existing resource group location variable
- Line 5: I use my existing resource group name variable
- Line 7: I remove dns_server as I won’t need these for now
- Line 10: I replace the name “subnet1” with a newly created variable var.subnet_name
- Line 12: I replace “azurerm_network_security_group.example.id” replacing example.id with demo.id
1.# Create virtual network and address space IP address
2: resource "azurerm_virtual_network" "demo" {
3: name = var.network_name
4: location = var.resource_group_location
5: resource_group_name = var.resource_group_name
6: address_space = ["10.0.0.0/16"]
7: dns_servers = ["10.0.0.4", "10.0.0.5"]
8:
9: subnet {
10: name = var.subnet_name
11: address_prefix = "10.0.1.0/24"
12. security_group = azurerm_network_security_group.demo.id
5. I’ll make use of tags, so add a tag named demo
tags = {
environment = "demo"
}
}
My variables.tf and terraform.tfvars file below,
6. Before continuing I’ll commit the changes to Git. Note that Git is not a requirement to deploy resources in Azure, but a great versioning tool that is popular. I covered Git in previous blog posts. Continue to step 7 if you do not wish to commit changes to the local Git repository.
- Execute the command below
git stage .
- To confirm the files have been staged, type the command below and press enter,
git status
- Type a short but meaningful description of your choice
git commit -m "Added VNET Subnet and NSG"
- Finally, the below command to list your commits
git log --oneline
7. Save. Next i run terraform validate to check for errors
Looks good
8. Next, I run terraform plan and the output is shown below,
9. Click save. Next, I run terraform apply, review and then type ‘yes’ to allow Terraform to continue.
10. I log into the Azure Portal and access my resource group, I have a new Virtual Network and Network Security Group located in region UK South.
I click on the new virtual network demo-vnet1, click subnets, and I see my subnet.
I click on demo_subnetA and can see my NSG (ng1demo) attached to demo_subnetA
Finally, here is my tag. I used the name demo
That’s it for now
I hope the journey has been useful to allow you to get started with Terraform.
Thanks for following