+44 (0)115 933 8474 hello@n4stack.co.uk

Terraform Azure Deployments

by Sep 21, 2021

I have just finished working on a few large Terraform Azure deployments and thought I would stick a few notes down in a blog post in the hope that they are useful to others.

Azure Diagnostic Settings

The azurerm_monitor_diagnostic_setting resource can be used to apply diagnostic settings to pretty much any other resource, however, as each resource has different logs and metrics figuring them out can be a chore. This is where the azurerm_monitor_diagnostic_categories data source comes in.

The azurerm_monitor_diagnostic_categories data source can be used to target an existing resource to gather information on the logs and metrics which need to be applied, you can then take this data and apply to a dynamic block in your azurerm_monitor_diagnostic_setting resource. Let’s look at how this would work for a virtual network.

The code below will create a Resource Group, launch a Log Analytics Workspace and also create a Virtual Network:

Now that the resources have been defined, we can grab the information on what logs and metrics we need to be enabled on the Virtual Network itself by passing the azurerm_monitor_diagnostic_categories data source the ID of our virtual network:

Finally, we can take the information gathered above and apply it using two dynamic blocks, one for the log and the other for the metric:

In the case of the Virtual Network there is just a single output for each type of diagnostic setting,

Now while this may seem a little overkill, some resources can have up to half a dozen different diagnostic settings so taking this approach means you don’t have to really care what they are as they will just be applied.

Expiry Dates

The next thing isn’t really anything to do with Azure – but is useful when you need to set an expiry date – in my case I have been using it for setting the expiration date for Azure Virtual Desktop host pool tokens.

Let’s look at an example first:

This will give the following output:

While the above is a really basic example, using it for something like a azurerm_virtual_desktop_host_pool resource would look something like:

You can then take the token generated above and add it to an Azure Key Vault using azurerm_key_vault_secret:

Azure Automation Account Web Hook

Next up we have what was the bane of my life for a good few days, Azure Automation Accounts. While they are supported by the Terraform Azure provider there are some notable omissions – the creation of Webhooks is one.

Before we look at creating the web hook we are going to need an Automation Account and Runbook, the following code adds these with a really basic configuration:

You may be thinking to yourself, if Terraform doesn’t support web hooks then how can we add them? Luckily Terraform allows you to execute ARM templates – which does support the creation and assignment of a web hook. There are a few things we are going to have to generate first before running the ARM template though.

  • webhook_expiry_time = you must assign an expiry date to a webhook, luckily we have just covered how to do that
  • webhook_token1 and webhook_token2 = these are two random strings which will go to make up part of the webhook URL

Next we need to create the webook URL itself as this is not done for us. To do this I am setting a local variable so I can reuse it if needed:

As you can see, this is using as much dynamically generated content as possible to fill in gaps of the URL.

*Warning! Please note: As I am launching my resources in UK South the short location for this is uks, depending on the location you are using you may have alter the code above to change the number of characters being used or hardcode the short region ID.

Now that we have everything needed to generate the URL we can deploy the ARM template by using:

This gives the following output:

All of which means that the following command, updating it to match your URL, can be used to trigger the web hook:

This should return some JSON with the job ID:


Full Example Code

The full example code to accompany this post can be found at russmckendrick/some-terraform-azure-notes on GitHub.

Further Insights

Tracking Costs in Terraform Using Infracost Blog

In this blog post, Russ McKendrick gives you step-by-step instructions on how you can track costs in Terraform using Infracost.

Read blog.

Do you require a DevOps Managed Service?

Our DevOps Managed Services are designed for customers who require a modern operational model for cloud native applications.

Find out more.

How Not to Screw Up Your Move to Azure

A deep dive into our experience of delivering hundreds of cloud migration projects, including lessons learned and must-do activities.

Watch video.

Russ McKendrick

Russ McKendrick

Practice Manager (SRE & DevOps)

Russ heads up the SRE & DevOps team here at N4Stack.

He's spent almost 25 years working in IT and related industries and currently works exclusively with Linux.

When he's not out buying way too many records, Russ loves to write and has now published six books.

To find out more about Russ click here!

Share This