Bemærk
Adgang til denne side kræver godkendelse. Du kan prøve at logge på eller ændre mapper.
Adgang til denne side kræver godkendelse. Du kan prøve at ændre mapper.
Azure Developer CLI (azd) supports multiple infrastructures as code (IaC) providers, including:
By default, azd assumes Bicep as the IaC provider. Refer to the Comparing Terraform and Bicep article for help with deciding which IaC provider is best for your project.
Note
Terraform is still in beta. Read more about alpha and beta feature support on the feature versioning and release strategy page
Pre-requisites
- Install and configure Terraform.
- Install Azure CLI (v 2.38.0+).
- Review the architecture diagram and the Azure resources you deploy in the Node.js or Python Terraform template.
Important
Terraform deployments require an Azure CLI sign-in even when you use azd. The Terraform azurerm provider authenticates through Azure CLI by default and doesn't read tokens from the azd credential cache. If you only run azd auth login, azd up fails at the provision step with ERROR: Please run 'az login' to setup account. See Authenticate to Azure for the recommended sign-in flow.
Authenticate to Azure
Because Terraform uses Azure CLI for authentication, you need to be signed in to both azd and az before you run azd up. You can do that in one of two ways.
Option 1: Sign in once with Azure CLI (recommended)
Configure azd to delegate authentication to Azure CLI. This setting lets you sign in once with az login and use the same credentials for both tools.
azd config set auth.useAzCliAuth true
az login
If you work with multiple tenants, include the --tenant parameter:
az login --tenant <tenant-id>
Option 2: Sign in to each tool separately
If you prefer to keep azd and Azure CLI authentication independent, sign in to each tool with its own command:
azd auth login
az login
You need to refresh both sessions when either token expires.
Configure Terraform as the IaC provider
Open the
azure.yamlfile found in the root of your project and make sure you have the following lines to override the default, which is Bicep:infra: provider: terraformAdd all your
.tffiles to theinfradirectory found in the root of your project.Run
azd up.
Note
Check out these two azd templates with Terraform as IaC Provider: Node.js and Terraform and Python and Terraform.
azd pipeline config for Terraform
Terraform stores state about your managed infrastructure and configuration. Because of this state file, you need to enable remote state before you run azd pipeline config to set up your deployment pipeline in GitHub.
By default, azd assumes the use of local state file. If you ran azd up before enabling remote state, you need to run azd down and switch to remote state file.
Local vs remote state
Terraform uses persisted state data to keep track of the resources it manages.
Scenarios for enabling remote state:
- To allow shared access to the state data, and allow multiple people work together on that collection of infrastructure resources
- To avoid exposing sensitive information included in state file
- To decrease the chance of inadvertent deletion because of storing state locally
Enable remote state
Make sure you configure a remote state storage account.
Add a new file called
provider.conf.jsonin theinfrafolder.{ "storage_account_name": "${RS_STORAGE_ACCOUNT}", "container_name": "${RS_CONTAINER_NAME}", "key": "azd/azdremotetest.tfstate", "resource_group_name": "${RS_RESOURCE_GROUP}" }Update
provider.tffound in theinfrafolder to set the backend to be remote# Configure the Azure Provider terraform { required_version = ">= 1.1.7, < 2.0.0" backend "azurerm" { }Run
azd env set <key> <value>to add configuration in the.envfile. For example:azd env set RS_STORAGE_ACCOUNT your_storage_account_name azd env set RS_CONTAINER_NAME your_terraform_container_name azd env set RS_RESOURCE_GROUP your_storage_account_resource_groupRun the next
azdcommand as per your usual workflow. When remote state is detected,azdinitializes Terraform with the configured backend configuration.To share the environment with teammates, make sure they run
azd env refresh -e <environmentName>to refresh environment settings in the local system, and perform Step 4 to add configuration in the.envfile.
See also
- Learn more about Terraform's dependency on Azure CLI.
- For more on remote state, see store Terraform state in Azure Storage.
- Template: React Web App with Node.js API and MongoDB (Terraform) on Azure