Terraform Azure Patterns
Terraform snippets for provisioning Azure resources including resource groups, AKS, networking, and state management.
Provider & Backend Configuration
terraform {
required_version = ">= 1.5"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.80"
}
}
backend "azurerm" {
resource_group_name = "tf-state-rg"
storage_account_name = "tfstatesa"
container_name = "tfstate"
key = "prod.terraform.tfstate"
}
}
provider "azurerm" {
features {}
subscription_id = var.subscription_id
}Resource Group & Virtual Network
resource "azurerm_resource_group" "main" {
name = "rg-${var.project}-${var.environment}"
location = var.location
tags = local.common_tags
}
resource "azurerm_virtual_network" "main" {
name = "vnet-${var.project}-${var.environment}"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "app" {
name = "snet-app"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "aks" {
name = "snet-aks"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.2.0/22"]
}AKS Cluster
resource "azurerm_kubernetes_cluster" "main" {
name = "aks-${var.project}-${var.environment}"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
dns_prefix = "aks-${var.project}"
kubernetes_version = var.kubernetes_version
default_node_pool {
name = "system"
vm_size = "Standard_D4s_v5"
min_count = 2
max_count = 5
enable_auto_scaling = true
vnet_subnet_id = azurerm_subnet.aks.id
os_disk_size_gb = 128
upgrade_settings {
max_surge = "33%"
}
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "azure"
network_policy = "calico"
load_balancer_sku = "standard"
service_cidr = "10.1.0.0/16"
dns_service_ip = "10.1.0.10"
}
oms_agent {
log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
}
tags = local.common_tags
}Variables & Locals
variable "project" {
type = string
description = "Project name"
}
variable "environment" {
type = string
description = "Environment (dev, staging, prod)"
validation {
condition = contains(["dev", "staging", "prod"], var.environment)
error_message = "Environment must be dev, staging, or prod."
}
}
variable "location" {
type = string
default = "eastus2"
}
locals {
common_tags = {
project = var.project
environment = var.environment
managed_by = "terraform"
}
}Outputs
output "aks_cluster_name" {
value = azurerm_kubernetes_cluster.main.name
}
output "aks_kube_config" {
value = azurerm_kubernetes_cluster.main.kube_config_raw
sensitive = true
}
output "resource_group_name" {
value = azurerm_resource_group.main.name
}Common Commands
# Initialize
terraform init
# Plan with variable file
terraform plan -var-file="environments/prod.tfvars" -out=plan.tfplan
# Apply saved plan
terraform apply plan.tfplan
# Import existing resource
terraform import azurerm_resource_group.main /subscriptions/<sub-id>/resourceGroups/my-rg
# State management
terraform state list
terraform state show azurerm_kubernetes_cluster.main
terraform state mv azurerm_resource_group.old azurerm_resource_group.new
# Destroy specific resource
terraform destroy -target=azurerm_kubernetes_cluster.main
# Format and validate
terraform fmt -recursive
terraform validate