Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Azure icon
Labs

Build an Azure DevOps Pipeline for Terraform

Welcome to the Build an Azure DevOps Pipeline for Terraform lab. In this lab, we will cover six objectives: 1. Create an Azure DevOps Project 1. Prepare the Remote State Backend 1. Connect to the Azure Subscription 1. Create a Planning Pipeline 1. Create an Apply Pipeline 1. Deploy Infrastructure with the Pipelines By the end of this lab, you'll be ready to create and deploy Infrastructure as Code using Azure DevOps and Terraform.

Try for free Contact sales
Azure icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 0m
Published
Clock icon May 02, 2024

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create an Azure DevOps Project

    In this objective, you will create a new Azure DevOps project and import the existing repository into Azure Repos.

    1. Create a new account or log into Azure DevOps. NOTE: If you are creating a new account, you may not be allocated any parallel jobs for pipelines. Check the additional information section of the lab for potential workarounds.
    2. Create a new private project called tacowagon-network.
    3. Inside the new project navigate to Repos.
    4. Import the GitHub repository: https://github.com/ned1313/azure-simple-vnet.git

  2. Challenge

    Prepare the Remote State Backend

    In this objective, you will retrieve the values to use for setting up the azurerm remote backend for the Terraform configuration. The values will be stored in a variable group in the Pipelines Library.

    1. Log into the Azure CLI or Portal using the provided username and password credentials. (Do not use the service principal)
    2. Retrieve the resource group and storage account names from the lab.
    3. Retrieve the subscription ID, name, and tenant ID from the lab.
    4. Create a variable group in the Pipelines Library called state-data with entries for the following:
      • Resource group name
      • Storage account name
      • Storage account container name (tfstate)
      • Storage account key
      • Client ID (Service Principal - Application Client ID)
      • Client secret (Service Principal - Secret)
      • Subscription ID
      • Tenant ID

  3. Challenge

    Connect to the Azure Subscription

    In this objective, you will create and verify a service connection between the Azure DevOps project and the Azure Subscription using the provided service principal.

    1. Navigate to the Project settings.
    2. Create a new Service Connection called tacowagon-dev of type Azure Resource Manager.
    3. Select Service principal (manual).
    4. Fill out the fields using the provided service principal and values collected in the previous objective.
    5. Verify and save the Service Connection.

  4. Challenge

    Create a Planning Pipeline

    In this objective, you will create a pipeline in Azure DevOps that runs when a pull request is created targeting the main branch and produces an execution plan to save for deployment later.

    1. Install the Terraform extension from the Visual Studio Marketplace.
    2. Create a new pipeline using Azure Repos Git and the project's repository.
    3. Pick the Starter pipeline.
    4. Change the name to pr-plan.yml.
    5. Configure the pipeline to trigger on all branches except main.
    6. Add the state-data variable group and a local variable with the service connection name.
    7. Create a validation stage which runs a terraform fmt -check and terraform validate against the code using the TerraformInstaller@0 and bash or pwsh tasks.
    8. Create a planning stage that installs Terraform, initializes the configuration, and creates an execution plan saved to a local file. Use the TerraformInstaller@0 using the TerraformTaskV4@4 tasks.
    9. Publish the execution plan file as a pipeline artifact using the PublishPipelineArtifact@1 task.
    10. Rename the pipeline pr-plan.

  5. Challenge

    Create an Apply Pipeline

    In this objective, you will create a pipeline in Azure DevOps that runs when a commit is made on the main branch, running a terraform apply action using the stashed execution plan.

    1. Create a new pipeline using Azure Repos Git and the project's repository.
    2. Pick the Starter pipeline.
    3. Change the name to merge-apply.yml.
    4. Configure the pipeline to trigger only on the main branch.
    5. Add the state-data variable group and a local variable with the service connection name.
    6. Create an apply stage that downloads the saved execution plan, installs Terraform, and applies the plan to the Azure subscription. Use the DownloadPipelineArtifact@2, TerraformInstaller@0, and TerraformTaskV4@4 tasks.
    7. Rename the pipeline merge-apply.

  6. Challenge

    Deploy Infrastructure with the Pipelines

    In this objective, you will promote a change to the Terraform configuration causing both pipelines to run and deploy the VNet in the target resource group.

    1. Go to the state-data variable group and grant the two pipelines access to the group.
    2. Navigate to the Repositories section of the Project Settings.
    3. Add a Build Validation policy for the pr-plan pipeline.
    4. Navigate to the Repos section of the project.
    5. Create a new branch called first-deploy.
    6. Edit the terraform.tfvars file to give the resource_group_name the correct value.
    7. Commit the edit directly to the first-deploy branch.
    8. Create a pull request to merge first-deploy into main.
    9. Verify the pr-plan pipeline fires and completes successfully. Adjust as needed.
    10. Merge the pull request and verify that the merge-apply pipeline fires and completes successfully. Adjust as needed.
A Cloud Guru - Labs - Build an Azure DevOps Pipeline for Terraform
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans