terraformでAzure(その1 resource group作成)

今後仕事ではAzureを使うため、terraform使って構築してみる。

#環境

macOS Catalina 10.15.2
Terraform v0.12.18
azurerm 1.39.0

#目的
terraformを使ってAzureを構築する

#事前準備
Azureアカウントを持っていること、利用できること
terraformがインストールされていること

tf定義ファイル作成〜構築

Authenticating to Azure using the Azure CLI (which is covered in this guide)
Authenticating to Azure using Managed Service Identity
Authenticating to Azure using a Service Principal and a Client Certificate
Authenticating to Azure using a Service Principal and a Client Secret

terraformでAzureを認証するには上記の4パターンがあるが、今回はAzure CLIで実施

その為、ローカルでログインしていない場合はazureにログイン

% az login

定義ファイルの作成、下記の定義ファイル意味は

• プロバイダーを『1.39.0』を使用
• リソース名は『myTFResourceGroup』
• リージョンは『japaneast』

■定義ファイル

provider "azurerm" {
    version = "=1.39.0"
}

resource "azurerm_resource_group" "rg" {
    name     = "myTFResourceGroup"
    location = "japaneast"
}

作成後、プラグイン等のインストール

% terraform init           

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "azurerm" (hashicorp/azurerm) 1.39.0...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

構築予定の環境確認

• 作成予定は『myTFResourceGroup』のみ

% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_resource_group.rg will be created
  + resource "azurerm_resource_group" "rg" {
      + id       = (known after apply)
      + location = "japaneast"
      + name     = "myTFResourceGroup"
      + tags     = (known after apply)
    }

構築実施

% terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_resource_group.rg will be created
  + resource "azurerm_resource_group" "rg" {
      + id       = (known after apply)
      + location = "japaneast"
      + name     = "myTFResourceGroup"
      + tags     = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_resource_group.rg: Creating...
azurerm_resource_group.rg: Creation complete after 0s [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

環境確認

% terraform show
# azurerm_resource_group.rg:
resource "azurerm_resource_group" "rg" {
    id       = "/subscriptions/*****************/resourceGroups/myTFResourceGroup"
    location = "japaneast"
    name     = "myTFResourceGroup"
    tags     = {}
}

Azure CLIで確認

% az group list --query "[?name=='myTFResourceGroup']"
[
  {
    "id": "/subscriptions/*****************/resourceGroups/myTFResourceGroup",
    "location": "japaneast",
    "managedBy": null,
    "name": "myTFResourceGroup",
    "properties": {
      "provisioningState": "Succeeded"
    },
    "tags": {},
    "type": "Microsoft.Resources/resourceGroups"
  }
]

#お片付け

% terraform destroy
azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # azurerm_resource_group.rg will be destroyed
  - resource "azurerm_resource_group" "rg" {
      - id       = "/subscriptions/*****************/resourceGroups/myTFResourceGroup" -> null
      - location = "japaneast" -> null
      - name     = "myTFResourceGroup" -> null
      - tags     = {} -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

azurerm_resource_group.rg: Destroying... [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup]
azurerm_resource_group.rg: Still destroying... [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup, 10s elapsed]
azurerm_resource_group.rg: Still destroying... [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup, 20s elapsed]
azurerm_resource_group.rg: Still destroying... [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup, 30s elapsed]
azurerm_resource_group.rg: Still destroying... [id=/subscriptions/*****************/resourceGroups/myTFResourceGroup, 40s elapsed]
azurerm_resource_group.rg: Destruction complete after 45s

Destroy complete! Resources: 1 destroyed.
% 
% 
% terraform show
%

#コマンドリファレンス

コマンド	説明
terraform init	プラグイン等のインストール
terraform plan	構築予定の環境確認
terraform apply	構築実行
terraform show	構築した環境確認
terraform destory	構築した環境を削除

#参考

Terraform 公式ドキュメント
Terraform get started
Terraform Azure Provider