Maximizing Performance: A Step-by-Step Guide to Setting Up Azure Virtual Machines with Terraform
Prerequisites
An Azure account - Create one here
Install Azure CLI - Visit this link to install
Install Terraform - Follow the guidelines here
Install Visual Studio Code (recommended) - Download here
What is Terraform?
Terraform is a tool used by developers and system administrators to create and manage infrastructure, such as virtual machines, in the cloud. It allows you to define the resources you need in a file, called a "configuration file," which Terraform can then use to automatically provision and manage those resources for you.
Set up Azure Virtual Machine with Terraform
Create a terraform file
Define the provider
Create a resource group
Define a virtual network
Define a subnet
Create a public key
Create a public IP
Define a network interface
Define a network security group
Define a network security rule
Define a network interface security group association
Create a virtual machine
Build the virtual machine
Conclusion
1. Create a terraform file
touch main.tf
2. Define the provider
In the main.tf file add the following code block to define the provider
You can open the file in VsCode or with any text editor such as Vim
To use Vim, use the command
vim main.tf
Now enter the following code in the main.tf file
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.0.0"
}
}
}
provider "azurerm" {
features {}
}
3. Create a resource group
Add the following code block to define a resource group where all your resources are going to be organized.
In this example, the resource group is named "myAzureDevOps"
resource "azure_resource_group" "rg" {
name = "myAzureDevOps"
location = "East US2"
}
4. Define a virtual network
In this example, our virtual network is named "test-network". A virtual network will help you provide security so that only authorized traffic flows in and out.
resource "azurerm_virtual_network" "azureVN" {
name = "test-network"
location = azurerm_resource_group.rg.location
address_space = ["10.0.0.0/16"]
resource_group_name = azurerm_resource_group.rg.name
}
5. Define a subnet
resource "azurerm_subnet" "azureSub" {
name = "test-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.azureVN.name
address_prefixes = ["10.0.2.0/24"]
}
6. Create a public key
To create a public key, you need to create an SSH key from your terminal.
This would provide you with both public and private keys.
Create an SSH key in a different terminal
ssh-keygen -m PEM -t rsa -b 4096
Now insert the following code in addition to the already added codes to upload your public key to Azure.
resource "azurerm_ssh_public_key" "azureSSH" {
name = "test-public-key"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
public_key = file("~/.ssh/id_rsa.pub")
}
7. Create public IP
resource "azurerm_public_ip" "azureIP" {
name = "test-public-ip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Dynamic"
}
8. Define network interface
resource "azurerm_network_interface" "azureNI" {
name = "test-interface"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "test-config"
subnet_id = azurerm_subnet.azureSub.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.azureIP.id
}
}
9. Define network security group
resource "azurerm_network_security_group" "azureNS-group" {
name = "test-Security-group"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
10. Define network security rule
This security rule allows inbound traffic on port 22.
resource "azurerm_network_security_rule" "azureNSG-rule" {
name = "test-Security-rule"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
source_address_prefix = "*"
destination_port_range = "22"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.rg.name
network_security_group_name = azurerm_network_security_group.azureNS-group.name
}
11. Define a network interface security group association
resource "azurerm_network_interface_security_group_association" "azureNSG-asc" {
network_interface_id = azurerm_network_interface.azureNI.id
network_security_group_id = azurerm_network_security_group.azureNS-group.id
}
12. Create a virtual machine
Finally, create your virtual machine with these parameters. In this example, the minimum size of a virtual machine is chosen as well as a Linux operating system.
Let's name our virtual machine test-virtual-machine.
resource "azurerm_linux_virtual_machine" "azureVM" {
name = "test-virtual-machine"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = "Standard_B2s"
admin_username = "angelotheman"
admin_password = "theman_angelo@2020!"
network_interface_ids = [
azurerm_network_interface.azureNI.id,
]
admin_ssh_key {
username = "angelotheman"
public_key = azurerm_ssh_public_key.azureSSH.public_key
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
}
If you use Vim, make sure to save and exit your file with this command
Press the ESQ key and then
:wq
13. Build the virtual machine
You must first log in to Azure from the terminal
az login
You would be sent to a web browser to log in to your account. After successful authentication, your terminal will display your subscription information.
Create a service principal. Replace "SUBSCRIPTION_ID" with the id printed on the terminal.
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<SUBSCRIPTION_ID>"
Next, set your environment variables. Replace the values in anchor braces with the values printed after the previous steps
export ARM_CLIENT_ID="<APPID_VALUE>"
export ARM_CLIENT_SECRET="<PASSWORD_VALUE>"
export ARM_SUBSCRIPTION_ID="<SUBSCRIPTION_ID>"
export ARM_TENANT_ID="<TENANT_VALUE>"
Once you have your Azure account set up from the terminal, it's time to configure the backend of your Terraform configuration.
Initialize your backend
terraform init
Format and validate the configuration
terraform fmt
terraform validate
Use terraform plan to find out what changes would be made to your infrastructure.
terraform plan
Finally, apply your configurations. Use the "--auto-approve" flag to skip the prompt from Terraform to accept or reject the proceedings.
terraform apply --auto-approve
When you are done provisioning the infrastructure you might want to clean up your resources to prevent unnecessary charges
Delete your resources
terraform delete
14. Conclusion
Using Terraform (IaC) is a simple way to provision infrastructure in our cloud services with ease. It makes it easier to track resources and make changes where necessary.
If you love this content, tap the like button, comment and follow me for more awesome content such as this.