- Naming convention based on each environments workspace
- No manual changes approach and immutable infrastructure: force to use pipeline for infra deployment only
- Manage resources changes via
state
(Terraform) - Modules development: Able to deploy specific resoures on each environments
- No more manual tasks when deploying new environment
Features | Terraform | ARM Templates | Bicep |
---|---|---|---|
Naming Convention | YES | YES | YES |
Modules development | YES | Via Seperated Template Files | YES |
Storing state | YES | NO | NO |
Infrastructure targets | Support On-premises Workloads | Azure Only | Azure Only |
CLI tools | terraform |
az deployment |
az deployment or az bicep |
Update current state | Azure Terrafy or terraform import |
YES | YES |
Community and Support | OK | OK | Quite New Tool |
- Modular and multiple tfstate backends based on workspaces
- Versioning modules
- Working with
state
- Hiding sensitive data on
state
- Compare Azure AppService settings between environment via
state
- Hiding sensitive data on
- Network module
- Example VNET (1 VNET per environment)
- Subnets for each functionality
- Private and service endpoint enabled
- App Insight module
- 1 Log analytic workspace for entire environment
- Multiple App Insights
- Storage Account module
- Multiple storage accounts
- Blob services properties
- Allow access from specified subnets
- Backup policy
- Private endpoints
- Appservices and Functions module
- Keyvault module
Update env_vars.yaml
and locals.tf
for env_vars declaration. For example:
# For Network infra
vnetPrefix: "10.0.0.0/16"
subnetPrefixes:
storage: "10.0.1.0/24"
backend: "10.0.2.0/24"
engine: "10.0.3.0/24"
# For AppInsight infra type
appInsightsNames:
- "platform"
- "frontend"
- "backend"
logAnalyticSKU: "PerGB2018"
# For Storage infra type
storageAccountNames:
- "pub"
- "backend"
- "report"
- "payment"
Use below commands to initialize backends, modules and the specific environment's deployment.
terraform init
terraform workspace <new/select> <env>
Use below commands to plan
and apply
deployments.
terraform plan
terraform apply -auto-approve