![Page 1: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/1.jpg)
@Ale
xM
ags
Microsoft AzureInfrastructure as Code
and Hashicorp Terraform
@alexmags #winops
![Page 3: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/3.jpg)
@Ale
xM
ags
This talk
• DIY on premises vs Infrastructure as a Service
• Hashicorp Terraform
• Terraform Workflow
• Demo
• Operations, Security, Development teams
• Microsoft & Hashicorp News
![Page 4: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/4.jpg)
@Ale
xM
ags
![Page 5: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/5.jpg)
@Ale
xM
ags
https://azure.microsoft.com/en-gb/regions/
![Page 6: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/6.jpg)
@Ale
xM
ags
![Page 7: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/7.jpg)
@Ale
xM
ags
Microsoft’s Backbone WAN
![Page 8: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/8.jpg)
@Ale
xM
ags
https://www.atomia.com/2016/11/24/comparing-the-geographical-coverage-of-aws-azure-and-google-cloud/
![Page 9: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/9.jpg)
@Ale
xM
ags
“We’re expanding!”
![Page 10: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/10.jpg)
@Ale
xM
ags
Brexit
![Page 11: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/11.jpg)
@Ale
xM
ags
Managing Azure
![Page 12: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/12.jpg)
@Ale
xM
ags
![Page 13: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/13.jpg)
@Ale
xM
ags
What is Terraform?
https://www.terraform.io/docs/providers/azurerm/
![Page 14: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/14.jpg)
@Ale
xM
ags
What is Terraform?• A way to manage Azure
• Domain Specific Language
• Declarative
• Easy to read and write
• Drives the Azure API
• Runs on Windows & Linux
• Open Source
• Free
• Yes, seriously, it’s free
![Page 15: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/15.jpg)
@Ale
xM
ags
What is Terraform NOT?• Not OS configuration management
• Not an abstraction layer for any cloud
![Page 16: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/16.jpg)
@Ale
xM
ags
https://www.terraform.io/docs/providers - September 2017
AlicloudArchiveArukasAWSBitbucketCenturyLinkCloudChefCirconusCloudflareCloudStackCobblerConsulDatadogDigitalOceanDNSDNSMadeEasyDNSimpleDockerDynExternalFastly
GitHubGitlabGoogle CloudGrafanaHerokuHTTPIcinga2IgnitionInfluxDBKubernetesLibratoLocalLogentriesMailgunNew RelicNomadNS1Microsoft AzureMySQL1&1Oracle Public Cloud
OpenStackOpsGenieOVHPacketPagerDutyPostgreSQLPowerDNSProfitBricksRabbitMQRancherRandomSpotinstTemplateTerraformTerraform EnterpriseTLSTritonUltraDNSVaultVMware vCloud DirectorVMware vSphere
![Page 17: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/17.jpg)
@Ale
xM
ags
Resource Groups
App Service (web apps)
App Insights
Content Delivery Network
Containers
CosmosDB (Document DB)
DNS records
Event Hubs
Key vault
Event Hub
Virtual Network Resources
Load Balancers
Managed Disk
Redis cache
Azure Search
ServiceBus
Azure SQL
Storage
ARM templates
Virtual Machines
https://www.terraform.io/docs/providers/azurerm - September 2017
Terraform these Azure Resources
![Page 18: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/18.jpg)
@Ale
xM
ags
https://www.terraform.io/docs/providers/azurerm/
![Page 19: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/19.jpg)
@Ale
xM
ags
https://www.terraform.io/docs/providers/azurerm/
![Page 20: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/20.jpg)
@Ale
xM
ags
Terraform Workflow
![Page 21: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/21.jpg)
@Ale
xM
ags
Terraform Workflow
Edit CodeTerraform.exe
PlanTerraform.exe
Deploy
Execution Plan
![Page 22: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/22.jpg)
@Ale
xM
ags
Terraform Workflow
Edit CodeTerraform
PlanTerraform.exe
Deploy
![Page 23: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/23.jpg)
@Ale
xM
ags
Terraform Workflow
Edit CodeTerraform
PlanTerraform.exe
Deploy
Execution Plan
![Page 24: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/24.jpg)
@Ale
xM
ags
Terraform Workflow
Edit CodeTerraform
PlanTerraform
Deploy
Execution Plan
![Page 25: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/25.jpg)
@Ale
xM
ags
Terraform Workflow
Edit CodeTerraform
PlanTerraform
Deploy
Execution Plan
![Page 26: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/26.jpg)
@Ale
xM
ags
Terraform Workflow
Edit Code
TerraformPlan
TerraformDeploy
![Page 27: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/27.jpg)
@Ale
xM
ags
Terraform Workflow
Edit Code
TerraformPlan
TerraformDeploy
![Page 28: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/28.jpg)
@Ale
xM
ags
Terraform Workflow
Edit Code
TerraformPlan
TerraformDeploy
TerraformDestroy
![Page 29: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/29.jpg)
@Ale
xM
ags
Demo TimeShut up and prove it!
![Page 30: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/30.jpg)
@Ale
xM
ags
Terraform For Operations
• Deploy, change, manage IaaS (any cloud!)
• With source control you can roll back to previous state
• Delegate dev environments to dev teams
• Give your execution plan to someone else to apply out of hours
![Page 31: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/31.jpg)
@Ale
xM
ags
Terraform For Security
• Enforce configuration
• Git commit history - See WHO changed WHAT and WHY
• Delegate Azure access to a scheduler (Jenkins/Teamcity)
• Security concerns – long lived API access keys with privileged access• Don’t store keys in code or source control
• Don’t store keys in config files in default locations
• Don’t store keys in user or machine environment variables
• Use short key expiry times (1 hour)
![Page 32: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/32.jpg)
@Ale
xM
ags
Avoid long lived API access keys
https://www.terraform.io/docs/providers/azurerm/index.html
![Page 33: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/33.jpg)
@Ale
xM
ags
Plain text keys in default locations unsafe
http://theburningmonk.com/2017/07/slides-for-my-serverless-security-talk (65)
![Page 34: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/34.jpg)
@Ale
xM
ags
Terraform For Developers
Ops Terraform
• Resource groups
• vNets
• Subnets
• VPNs
• Shared infra services
• Security groups
• Ops state file
Dev Terraform
• Read only Ops state file
• Dev VMs and Apps
• Dev state file
![Page 35: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/35.jpg)
@Ale
xM
ags
Terraform For Developers
Ops Resource Group Dev Resource Group
![Page 36: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/36.jpg)
@Ale
xM
ags
Terraform For Developers
Ops Resource Group Dev Resource Group
![Page 37: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/37.jpg)
@Ale
xM
ags
Windows PowerShellCopyright (C) 2016 Microsoft Corporation. All rights reserved.
PS H:\> cd MyEnvironment
PS H:\MyEnvironment\> terraform apply
PS H:\MyEnvironment\> terraform destroy
![Page 38: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/38.jpg)
@Ale
xM
ags
Terraform For Your Budget
• Terraform is open source and free
• Tear up & tear down easily – only pay when required
• Let terraform clean up. Avoid wasteful cruft
• Don’t write your own cloud infra management tooling!
![Page 39: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/39.jpg)
@Ale
xM
ags
Why Now?
![Page 40: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/40.jpg)
@Ale
xM
ags
Microsoft Hashicorp
![Page 41: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/41.jpg)
@Ale
xM
ags
March 2016"HashiCorp has set a high standard for infrastructure automation across public and private clouds.
We're excited that HashiCorp tools now fully support managing Microsoft Azure resources, and look forward to our enterprise customers leveraging these tools to improve their operator workflows across large teams and global infrastructure.“ Corey Sanders, Director of Program Management, Azure, Microsoft Corp.
http://www.marketwired.com/press-release/hashicorp-announces-full-support-for-microsoft-azure-across-its-products-2108249.htm
![Page 42: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/42.jpg)
@Ale
xM
ags
https://www.hashicorp.com/blog/azure-resource-manager-support-for-packer-and-terraform/
![Page 43: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/43.jpg)
@Ale
xM
ags
Microsoft Channel 9
![Page 44: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/44.jpg)
@Ale
xM
ags
August 2017
“I am excited to announce that we are greatly increasing our investment in Terraform, partnering closely with HashiCorp, a well-known voice in the DevOps and cloud infrastructure management space.”
Corey Sanders, Director of Program Management, Azure, Microsoft Corp.
HashiCorp, a leader in cloud infrastructure automation, today announced a multi-year collaboration with Microsoft to deepen support for the provisioning of Microsoft Azure cloud services with HashiCorp Terraform.http://www.marketwired.com/press-release/hashicorp-extend-work-with-microsoft-multi-year-collaboration-that-enables-hashicorp-2230675.htm
![Page 45: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/45.jpg)
@Ale
xM
ags
September 2017
https://azure.microsoft.com/en-us/blog/more-and-more-fun-with-terraform-on-azure https://cloudplatform.googleblog.com/2017/09/HashiCorp-and-Google-expand-collaboration-easing-secret-and-infrastructure-management.html
![Page 46: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/46.jpg)
@Ale
xM
ags
Takeaways & Tips From the Field
• Don’t mix manual deploy and Terraform
• Start simple and build up iteratively
• Establish a resource naming convention quickly
• Tag everything ‘deployed_by=terraform’
• Use comments liberally
• Use modules, variablise everything, set sensible defaults
• Use remote backend/remote state file
• Ops need to learn source control tools (Git)
• Stay safe: Avoid long lived API access keys
![Page 47: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/47.jpg)
@Ale
xM
ags
Resources
terraform.io/docs
GitHub Hashicorp Terraform examplesgithub.com/hashicorp/terraform/tree/master/examples
TerraformBook.com
meetup.com/London-HashiCorp-User-Group
![Page 48: Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform](https://reader030.vdocuments.net/reader030/viewer/2022013120/5aacd0f37f8b9a1f368b457d/html5/thumbnails/48.jpg)
@Ale
xM
ags
Go forth and Terraform deploy!