Using Terraform, you create configuration files using HCL syntax.The HCL syntax allows you to specify the cloud provider - such as Azure - and the elements that make up your cloud infrastructure. We have an existing Azure Resource Group called late-motiv-rg, in the Azure Portal… Here, we retained network monitoring, Active Directory assessment and replication, DNS analytics, and Key Vault analytics.Next, we configured the alert parameters for Azure Security Center.After you've reviewed the configuration, you can deploy the configuration as you would deploy a Terraform environment. The following steps outline how you can switch between your subscriptions:If you have access to multiple available Azure subscriptions, use To use a specific Azure subscription for the current Cloud Shell session, use In this section, you learn how to create a Terraform configuration file that creates an Azure resource group.Change directories to the mounted file share where your work in Cloud Shell is persisted.
Terraform enables the definition, preview, and deployment of cloud infrastructure. This article uses the built-in Once you create your configuration files, this section explains how to create an Terraform shows you what will happen if you apply the execution plan and requires you to confirm running it. Azure provides native services for deploying your landing zones. (This is the subscription that terraform will use later as well.) Create a Service Principal
One such tool that customers and partners often use to deploy landing zones is Terraform by HashiCorp.
For Terraform-specific support, use one of HashiCorp's community support channels to Terraform:If you aren't already logged in, the Azure portal displays a list of available Microsoft accounts.
This landing zone uses standard components known as Terraform modules to enforce consistency across resources deployed in the environment.Reuse of components is a fundamental principle of infrastructure as code. The example below is from Terraform version 2.0.0. provider "azurerm" { version = "2.0.0" features {} } The final part of the main.tf configuration is resource creation.
You have now set the Azure CLI to use your subscription.
Purpose of the landing zone The Cloud Adoption Framework foundations landing zone for Terraform provides features to … Possible values include: EventGridSchema, CloudEventSchemaV1_0, CustomInputSchema.
This article uses the Bash environment.Cloud Shell is automatically authenticated under the Microsoft account you used to log into the Azure portal.
Changing this forces a new resource to be created.
It is now time to create the terraform template that we will use to deploy our VM.
We recommend that you use the rover, which is a Docker container that allows deployment from Windows, Linux, or macOS.
Modules are instrumental in defining standards and consistency across resource deployment within and across environments. Select a Microsoft account associated with one or more active Azure subscriptions and enter your credentials to continue.If you haven't previously used Cloud Shell, configure the environment and storage settings. In that scenario, you can log in using your user credentials and then create a service principal. Find your subscription ID and copy the GUID to the clipboard; Search for the documentation to create an Azure service principal for use with Terraform; Follow the guide and create a populated provider.tf file; Add provider.tf to your .gitignore file; Log on to azure as the service principal using the CLI
The second section is the azurerm provider, which connects Terraform with Azure. Instead of having applications log in as a fully privileged user, Azure offers service principals. This section shows how to use a sample landing zone to deploy foundational governance, accounting, and security capabilities for an Azure subscription.The Cloud Adoption Framework foundations landing zone for Terraform provides features to enforce logging, accounting, and security.