Introduction to Terraform

  • 3 minutes

The Terraform open-source IaC tool enables you to define and provision cloud infrastructure by using a high-level configuration language known as HashiCorp Configuration Language (HCL). Terraform codifies infrastructure in configuration files that describe the desired state for your infrastructure. Terraform can manage any infrastructure--such as public clouds, private clouds, and SaaS services--by using Terraform providers.

Terraform providers for Azure infrastructure

Several Terraform providers enable the management of Azure infrastructure:

  • AzureRM: Manage Azure Resource Manager resources such as virtual machines, storage accounts, and network interfaces.
  • AzureAD: Manage Microsoft Entra resources such as groups, users, service principals, and applications.
  • AzureDevOps: Manage Azure DevOps resources such as agents, repositories, projects, pipelines, and queries.
  • AzAPI: Manage Azure resources by using the Azure Resource Manager APIs directly. This provider complements the AzureRM provider by enabling the management of the newest Azure resources.
  • Azure Stack: Manage Azure Stack resources such as virtual machines, DNS, virtual networks, and storage.

Create a storage account

All Terraform configurations must contain a provider block. The following HCL code specifies the Azure Resource Manager provider (azurerm). An Azure resource group named storageaccountexamplerg is defined in the eastus location. An Azure storage account is created within the resource group. The storage account name is the first 24 characters of a number generated via the md5 function.

terraform {
  required_version = ">=0.12"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>2.0"
    }
  }
}
provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  location = "eastus"
  name     = "storageaccountexamplerg"
}

resource "azurerm_storage_account" "example" {
  name                     = substr(md5(azurerm_resource_group.rg.id), 0, 24)
  resource_group_name      = azurerm_resource_group.rg.name
  location                 = azurerm_resource_group.rg.location
  account_kind             = "StorageV2"
  account_tier             = "Standard"
  account_replication_type = "LRS"
  access_tier              = "Hot"
}

Run the Terraform code

Run terraform init to download the required Azure modules for managing your Azure resources:

terraform init

Run terraform plan to determine what actions are necessary to create the configuration that you specified in your configuration files. Running the command creates an execution plan but doesn't apply it. This pattern allows you to verify if the execution plan matches your expectations before you make any changes to actual resources.

terraform plan -out main.tfplan

After you verify the execution plan, run terraform apply to apply the plan. This command creates the defined resources.

terraform apply main.tfplan

Verify the storage account

To verify the Azure storage account, you can use the terraform state show command. This command shows the current state of the specified resource.

In the case of the storage account that you created in this module, the command shows the generated name, along with a complete list of storage account attributes and their values.

terraform state show 'azurerm_storage_account.example'

Clean up resources

When you no longer need the resources that you created in this module, run terraform apply with the -destroy flag:

terraform plan -destroy -out main.destroy.tfplan

Run terraform apply to apply the execution plan:

terraform apply main.destroy.tfplan