Skip to content

ARM template that creates an Azure Storage account to store Terraform state files

License

Notifications You must be signed in to change notification settings

equinor/azure-terraform-backend-template

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Azure Terraform Backend Template

GitHub License GitHub Release Conventional Commits SCM Compliance

Deploy to Azure

Azure Resource Manager (ARM) template that creates an Azure Storage account to store Terraform state files:

  • Creates a storage account with the specified name.
  • Configures the storage account according to security recommendations.
  • Creates a blob container with the specified name.
  • Grants access to the storage account for specified user, group and service principals.
  • Creates a read-only lock to prevent changes to the storage account.

Prerequisites

Usage

Create Azure Storage account

  1. Login to Azure:

    az login
  2. Set active subscription:

    az account set --name <SUBSCRIPTION_NAME>
  3. Create resource group:

    az group create --name <RESOURCE_GROUP_NAME> --location <LOCATION>

    Requires Azure role Contributor at subscription.

  4. Create a deployment at resource group from the template URI:

    az deployment group create --name terraform-backend --resource-group <RESOURCE_GROUP_NAME> --template-uri https://raw.githubusercontent.com/equinor/azure-terraform-backend-template/refs/heads/main/azuredeploy.json --parameters storageAccountName=<STORAGE_ACCOUNT_NAME>

    Requires Azure role Owner at resource group.

Configure Terraform backend

  1. Create a Terraform configuration file main.tf and add the following backend configuration:

    terraform {
      backend "azurerm" {
        resource_group_name  = "<RESOURCE_GROUP_NAME>"
        storage_account_name = "<STORAGE_ACCOUNT_NAME>"
        container_name       = "tfstate"
        key                  = "terraform.tfstate"
        use_azuread_auth     = true
      }
    }
  2. Initialize Terraform backend:

    terraform init

Parameters

Name Description Type Default
storageAccountName The name of the storage account to create. string
containerName The name of the blob container to create. string tfstate
ipRules An array of IP addresses or ranges that should be granted access to the storage account. If empty, all IP addresses and ranges will be granted access to the storage account. array []
principalIds An array of object IDs for user, group or service principals that should be granted access to the storage account. array []

Tip

Rather than passing parameters as inline values, create a parameter file.

Outputs

Name Description Type
storageAccountName The name of the storage account that was created. string
containerName The name of the blob container that was created. string

References

Contributing

See contributing guidelines.

License

This project is licensed under the terms of the MIT license.

About

ARM template that creates an Azure Storage account to store Terraform state files

Resources

License

Security policy

Stars

Watchers

Forks

Languages