Terraform locally run from Windows with State file in Azure Storage

Running Terraform locally in Windows along with the Azure CLI gives you a bit more flexibility in large corporates due to eliminating the need to connect to Azure Cloud Shell from VS Code, which in itself can be a challenge with things like conditional access which may block authentication from remote locations where Azure Cloud Shell runs from. 

 

To get things setup remotely, you need a few things. 

 

Five easy steps:

1. Install Terraform locally
2. Install Bash (optional)
   1. Can use PowerShell or the Command Prompt
3. Install the Azure CLI
4. Setup the Terraform State in Azure Blob Storage
5. Sign into Azure CLI from VS Code

 

1. Install Terraform

Installing Terraform is not really an install, it's more of a download and a binary which you run. Download from here.

 

Later when running Terraform commands (e.g. Terraform -init or Terraform -apply), ensure the Terraform.exe binary is in the path, either system path or working directory path in bash.

2. Install Bash

This step is optional, as the Azure CLI and the Terraform binary will work in either PowerShell or the Command Prompt.

1. Install Git from https://git-scm.com/download/win

2. Open Visual Studio Code and press and hold Ctrl + ` to open the terminal.

3. Open the command palette using Ctrl + Shift + P.

4. Type - Select Default Profile

5. Select Git Bash from the options

6. Click on the + icon in the terminal window

7. The new terminal now will be a Git Bash terminal. Give it a few seconds to load Git Bash

3. Install Azure CLI

It's super easy to install the Azure CLI. Once complete, close and restart VS Code. 

3. Setup the Terraform State in Azure Blob Storage

The state for Terraform should live in a stateful place which is central, common, secure and accessible to everything. E.g. Azure Storage is a perfect candidate. You’ll need to setup a separate, dedicated Azure Storage account with a container. Recommendation would be to apply Azure resource locking on this storage account so that it doesn’t get deleted accidentally. Also, maybe apply some tags to this storage account, clearly specifying what it’s used for.

 

Edit the terraform.tf and change the values for backend "azurerm" to suit your own Azure Storage Account. key = "prod.terraform.tfstate" the same.

 

You can keep key = "prod.terraform.tfstate" as is, no change.

 

 

 

 

terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = ">= 2.68.0" # was 2.46.1 } } backend "azurerm" { resource_group_name = "TerraformState_CloudShell" storage_account_name = "tfstatecloudshell2021" container_name = "tfstate" key = "prod.terraform.tfstate" } }

 

 

 

4. Azure Storage Key

While the terraform.tf file has all the other information for the Azure Storage account, one piece is missing, this is the Azure Storage account key. This is sensitive! So we use the Azure CLI environment variables to help us.

 

Azure CLI configuration

The Azure CLI allows for user configuration for settings such as logging, data collection, and default argument values. The Azure CLI offers a convenience command for managing some defaults, az config. Other values can be set in a configuration file or with environment variables.

Terraform needs the Azure Storage account key in order to read/write the Terraform state file. In order to not store the Azure storage account key to disk, we will make use of the Azure CLI environment variable access_key.

 

Environment Variable

Name	Type	Description
access_key	String	The default access key to use for az batch commands. Only used with aad authorization

 

Run the following 2 lines. This will grab the Azure Storage account key and apply it’s value to the access_key environment variable in the Azure CLI:

 

 

 

export ACCOUNT_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv) echo $ACCOUNT_KEY

 

 

 

4. Sign into Azure CLI from VS Code

Using either Bash, PowerShell or the command prompt - you just need to sign-in to the Azure CLI, run az login from the prompt. Once signed in, navigate to the folder, where you'll find your Terraform files. Also ensure that the Terraform.exe file can be found in the path, then simply run your normal Terraform commands (e.g. Terraform -init or Terraform -apply).