Hi there

In this article I’m covering a summary of 3 topics we talked about

1. Prerequisites
   1. Terraform latest version
   2. PATH variable configure (you can call terraform from anywhere in cmd.exe and powershell or from Visual Studio Code)
   3. Visual Studio Code or notepad++ or any other text editor you’d like to use
2. Basic Azure LAB
   1. Azure resource group
   2. VNET
   3. VM (IAAS) – Linux UbuntuServer
   4. Apache2 running on the deployed VM
      1. I’ll show how to install apache2 without logging in the VM (out of Terraform)
   5. Resources with TAGs by default (MY subscription has policy enforcement for 2 tags: environment and costcenter and location:canadacentral)
3. How do deploy it
   1. copy main.tf to your working folder.
   2. rename from plan1-main.tf to main.tf
   3. open it and have a look
   4. having your plan saved plan1 run the following:
      1. az login (proceed with Azure logon process on browser and close it , or leave that it will close in 10 seconds) return to the working folder
      2. terraform init
      3. terraform apply “plan1”
      4. check the output
         az login
         
         Terraform init
         Terraform plan -out plan1
         
         
4. How to update its deployment (check Learn More section below)
   1. make changes on your environment
      1. add tags to all resources published
      2. run terraform plan -out planX
      3. run terraform -apply planX
5. How to destroy it
   1. having finished your testing destroy it to save money$
      1. run terraform destroy
         WARNING: everything will be destroyed from this specific deployment on Azure

Learn More

Time to improve what you have deployed

• after your deployment is done check the Resourse Group resources. You should see 1 virtual machine, 1 virtual network, 1 disk, 1 public IP (Dynamic), 1 network interface and 1 network security group
• go to the public IP and copy its IP Address
  
• try to access it on port 22, what’s the error?
  • user@IPaddress (check main.tf for default username and password under the VM resource creation)
• TIP: navigate to your Azure Resource Group \ Network security group \ interfaces blade – what’s missing?
• 
• click here to copy main.tf for plan2 on terraform
• replace your initial main.tf file content by the new one (open plan2-main.tf file and copy its content, open main.tf select all and paste copied content into it)
• Plan2
  • search for “associating NSG to NIC”  without the “”, you should get into a line with comments #associating NSG to NIC
  • run terraform plan -out plan2
  • run terraform apply “plan2”
  • go to your Azure portal , Resource Group “” and check if the Network security group \ interfaces had been populated
  • now try to access the vm on Port 22
  • user@IPaddress
  • after you get into the VM check its internal ip: ifconfig
  • logout your vm session
  • try to access the VM on port 80 http://publicIPaddress , what’s the output? – Go to Plan3
• Plan3
  • click here to copy main.tf for plan3 on terraform
  • replace your initial main.tf file content by the new one (open plan3-main.tf file and copy its content, open main.tf select all and paste copied content into it)
  • search for “adding port 80” without the “”, you should get into a line with comments #adding port 80
  • run terraform plan -out plan3
  • run terraform apply “plan3”
  • go to your Azure portal , Resource Group “Name” and check if the Network security group \ Inbound security rules has a firewall rule to allow TCP PORT 80 from any to any with priority 1002
  • try to access the VM on port 80 http://publicIPaddress, what’s missing?
  • TIP: go to your Azure portal , Resource Group “Name” , select the VM, under Operations (left blade) \ Run command
    • • select RunShellScript
      • on the next blade paste the following command: apt-get install apache2 -y and wait until is completed then issue another command: service apache2 start
      • go back to the http://publicIPaddress and you should see Apache default web site
        
      • video: when apache setup and start command is running and your browser (chrome with auto refresh plugin is waiting for apache to comes up)

     

    • click here to check its azure resources csv file.

Working on Next article #1: Customize the latest main.tf (plan3) adding the apache2 installation and its initial index.html setup from custom files.

Working on Next article #2: Basic Azure LAB with 02 VMS with WAF (Web Application Firewall)

Working on Next article #3: Basic Azure LAB with 02 VMS with WAF (Web Application Firewall) and Azure Front Door

References
https://www.terraform.io/docs/providers/azurerm/r/network_interface_security_group_association.html

Thanks,

Thiago Beier
Share this article if you liked it.