Configure terraform on azure devops
July 29, 2021
Install terraform tasks: link
Application code, infrastructure, CI/CD pipeline all in the same repository.
Login into azure in order to run terraform:
az login az logout
We don’t want that for automating - setup a service principal which is an automated user that terraform can access. It is a system account that can be created in azure devops.
Service principal environment variables:
These values are very sensitive. See docs
A service principal will be created when creating a service connection to ARM automatically on azure devops. It is possible to create a service principal manually and use it in a service connection when choosing service principal (manual):
az login az account list # id is subscription_id az account set -s "SUBSCRIPTION_ID" az ad sp create-for-rbac -n "NAME" --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID" az ad sp delete --id
Create a new project. Setup service connections to azure: project settings -> service connections. Create service connections to azure resource manager. Service connections - connections to other systems.
- create a new pipeline
Deploy a storage account and create a container within it to hold the state json files. SAS Token to access it.
az storage account create \ --name terraformstorageacc \ --resource-group storageRg \ --kind StorageV2 \ --sku Standard_LRS \ --https-only true \ --allow-blob-public-access false
Terraform remote state via backend. Azure blob storage locking and workspaces.
Init with backend:
terraform init -backend-config=backend-config.txt
 Per branch development  Automate creating storage account with terraform