Terraform enables infrastructure to be deployed on the Azure DevOps Pipeline. Find out everything you need to know about this alternative to Azure Resource Manager, and the strengths of this solution!
Each cloud provider has its own infrastructure deployment method. For example, Microsoft Azure uses the JSON configuration language, while AWS and Google Cloud Platform use YAML.
At a time when businesses are using multiple cloud platforms, these cloud-specific features can be restrictive. Fortunately, Hashicorp is remedying this problem with Terraform.
This open source Infrastructure as Code (IaC) software enables infrastructure to be deployed and managed on all the major public clouds, including AWS, Azure, Google Cloud Platform, Oracle Cloud, VMware vSphere and Alibaba.
Infrastructure configuration is carried out using the Hashicorp Configuration Language (HCL). This means that users only need to learn one language for all the public clouds. All they have to do is describe the desired state of the infrastructure in a configuration file, and Terraform takes care of the rest.
This software makes it very easy to create, modify and delete IT resources.
How can I deploy resources on Azure DevOps with Terraform?
To deploy resources on Azure DevOps Pipelines with Terraform, you will need a Microsoft Azure account with Azure DevOps. Download and install Terraform on the machine used to run Azure DevOps Pipelines, or use a virtual machine image pre-configured with Terraform.
💡Related articles:
You then need to create a project on Azure DevOps, and create a folder in the repositories to download the Terraform resource deployment file. This is the file that describes the desired state of the infrastructure. You will then need to create a new relax pipeline and add the Terraform file as an artefact from the Azure repository.
The next step is to add the Terraform Init, Plan and Apply execution build steps. The Init command is used to initialise the infrastructure, the Plan command to plan the changes to be made to the infrastructure and the actions required to achieve the desired state, and the Apply command to apply these changes.
It is best to store the Terraform configuration file in a Git repository. You will then need to configure the Azure DevOps pipeline so that it uses this Git repository. This allows you to track changes to the infrastructure centrally. You can also collaborate on infrastructure configuration with a team.
On the other hand, avoid including sensitive information such as access identifiers and passwords in the Terraform configuration file. It is preferable to configure environment variables in Azure DevOps, in order to protect them.
Terraform vs Azure Ressource Manager
For infrastructure configuration on the Microsoft Azure cloud, Terraform can be used as an alternative to the Azure Resource Manager offered by default on the platform. There are several differences between these two tools.
Firstly, Terraform uses the HCL language, whereas Azure Ressource Manager relies on the JSON language for infrastructure definition.
With Terraform, the dependency between resources is defined automatically, whereas it must be specified explicitly in the ARM templates.
Terraform uses variables, while Azure Resource Manager templates use parameters. In both cases, these are values entered by the user for the deployment and defined as a separate file.
The values defined within the template are called local variables on Terraform and variables on ARM. To deploy a particular resource, Terraform uses modules and Azure uses nested templates.
Tips and best practice
To make the most of Terraform and Azure DevOps Pipelines, there are several recommended practices you can apply. Firstly, use YAML rather than traditional pipelines to create new pipelines.
On the other hand, it’s better to use the command prompt than YAML tasks. This will give you a better understanding of how Terraform works. Make sure you are using the latest version of Terraform.
The Terraform documentation also recommends using partial configuration and using a Service Principal or Managed Service Identity for authentication. This second point concerns the non-interactive execution of Terraform, for example on a CI server. On the other hand, for local execution, you can use the Azure CLI.
Be sure to keep the pipeline variables in the form of secrets, so that they are encrypted. To go even further, you can use the Azure Key Vault service for even greater security and the ability to reuse secrets.
Finally, create a custom role for the service principal used by Terraform. This will simplify the configuration of permissions such as the Key Vault access policy, without having to give the service principal the permissions of the owner role. In particular, it is important not to give Terraform permission to delete infrastructure, in order to comply with data protection rules.
How do you master Terraform and Azure DevOps?
If you want to master Terraform, Azure and all the best DevOps tools, you can choose DataScientest training courses. Our Data Engineer course will teach you best practice and how to handle software and solutions.
You’ll learn about Python programming, CI/CD with Git, databases and Big Data, Machine Learning, and automation and deployment with Docker and Kubernetes.
All our courses are delivered entirely by distance learning, in BootCamp or Continuing Education.
At the end of the course, you will have all the skills required to work as a Data Engineer and will receive certification from Mines ParisTech PSL Executive Education.
You will also be able to validate block 3 of the RNCP 36129 “Artificial Intelligence Project Manager” certification, and prepare to take the Microsoft AZ-900 certification.
As far as funding is concerned, our organisation is eligible for funding options. Find out more about DataScientest today!
