Overview

All in one finance infrastructure as code, specific to an environment (Dev, QA, Stage, Prod, etc.)

How to run it

Below are instructions on how to run the aiof-iac terraform scripts

Local

In order to run it locally, there must be an existing environment variable name TF_VAR_storage_account_access_key. This is an access key and it references the remote storage of the terraform.tfstate files. This state file exists per workspace (environment). The approach is used to keep it out of source control as it's a secret and used to access the storage account. In the current infrastructure, this is Azure storage account access key. Best practices for this will be to rotate the keys once in a month

terraform init -lock -backend-config="access_key=$env:TF_VAR_storage_account_access_key"

After the terraform init command runs successfully, then you can proceed with running terraform plan and subsequently terraform apply (if needed)

terraform plan -lock=false -out=tfplan -input=false

Apply

terraform apply -lock=false tfplan

Documentation

All documentation for this specific repository

Import

Import is used to import existing infrastructure into the terraform state. More information on the command itself can be found here

terraform import -lock=false {Terraform Resource}.{Terraform Alias} {Azure Resource Id}

Module import

Module import is a little different

terraform import -lock=false module.{Module Name}.{Terraform Resource}.{Terraform Alias} {Azure Resource Id}

State rm

You can use terraform state rm in the less common situation where you wish to remove a binding to an existing remote object without first destroying it, which will effectively make Terraform "forget" the object while it continues to exist in the remote system

terraform state rm -lock=false {Terraform Resource}.{Terraform Alias}

Terraform reference

• azurerm_resource_group
• azurerm_network_security_group
• azurerm_network_security_rule
• azurerm_virtual_network
• azurerm_subnet
• azurerm_key_vault
• azurerm_application_insights
• azurerm_app_service_plan
• azurerm_app_service
• azurerm_container_registry

GitHub Repositories

• jcorioland/tf-aks-kubenet - example of how Kubernetes is deployed to Azure

Terraform

• Upgrading to Terraform v0.14
• Upgrading to Terraform v0.13
• Upgrade Guides
• Older versions of Terraform
• Backends
• Backends Data Source Configuration
• Workspaces
• GitHub Provider

Versioning

Terraform undergoes a lot of versioning and new updates. In order to keep this updated, we can look at the latest release on their GitHub. The current version used is ~> 2.39.0

Variables

The sensitive variables for this are stored in a .tfvars file locally. Currently, this is what's in there

subscription_id = ""
tenant_id = ""
client_id = ""
client_secret = ""
location = "eastus"
environment = "dev"

db_admin_username = ""
db_admin_password = ""
db_admin_start_ip = ""

appsettings_auth_jwt_private_key_value  = ""
appsettings_auth_jwt_public_key_value   = ""

Resources

Networking

• Network security group
• Network security group rules
• DDOS protection plan
• Virtual network
• Subnet: backend

Database

• PostgreSQL server
• PostgreSQL database

Container registry

• Azure Container Registry