revision-1.0

Author: adminph-de

.devcontainer/Dockerfile

@@ -0,0 +1,84 @@
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+
+# Pick any base image, but if you select node, skip installing node. 😊
+FROM debian:9
+
+# Terraform and tflint versions
+ARG TERRAFORM_VERSION=0.12.16
+ARG TFLINT_VERSION=0.8.2
+
+# This Dockerfile adds a non-root user with sudo access. Use the "remoteUser"
+# property in devcontainer.json to use it. On Linux, the container user's GID/UIDs
+# will be updated to match your local UID/GID (when using the dockerFile property).
+# See https://aka.ms/vscode-remote/containers/non-root-user for details.
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+# Configure apt and install packages
+RUN apt-get update \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
+    #
+    # install git iproute2, required tools installed
+    && apt-get install -y \
+    git \
+    openssh-client \
+    less \
+    curl \
+    procps \
+    unzip \
+    apt-transport-https \
+    ca-certificates \
+    gnupg-agent \
+    software-properties-common \
+    lsb-release 2>&1 \
+    #
+    # [Optional] Install Node.js for Azure Cloud Shell support 
+    # Change the "lts/*" in the two lines below to pick a different version
+    && curl -so- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash 2>&1 \
+    && /bin/bash -c "source $HOME/.nvm/nvm.sh \
+    && nvm install lts/* \
+    && nvm alias default lts/*" 2>&1 \
+    #
+    # [Optional] For local testing instead of cloud shell
+    # Install Docker CE CLI. 
+    && curl -fsSL https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/gpg | apt-key add - 2>/dev/null \
+    && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" \
+    && apt-get update \
+    && apt-get install -y docker-ce-cli \
+    #
+    # [Optional] For local testing instead of cloud shell
+    # Install the Azure CLI
+    && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list \
+    && curl -sL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - 2>/dev/null \
+    && apt-get update \
+    && apt-get install -y azure-cli \
+    #
+    # Install Terraform, tflint, and graphviz
+    && mkdir -p /tmp/docker-downloads \
+    && curl -sSL -o /tmp/docker-downloads/terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    && unzip /tmp/docker-downloads/terraform.zip \
+    && mv terraform /usr/local/bin \
+    && curl -sSL -o /tmp/docker-downloads/tflint.zip https://github.com/wata727/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_amd64.zip \
+    && unzip /tmp/docker-downloads/tflint.zip \
+    && mv tflint /usr/local/bin \
+    && cd ~ \ 
+    && rm -rf /tmp/docker-downloads \
+    && apt-get install -y graphviz \
+    #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Add sudo support for the non-root user
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME\
+    && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
+    # Clean up
+    && apt-get autoremove -y \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/*

.devcontainer/devcontainer.json

@@ -0,0 +1,32 @@
+// For format details, see https://aka.ms/vscode-remote/devcontainer.json or this file's README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.128.0/containers/azure-terraform-0.12
+{
+	"name": "Azure Terraform 0.12",
+	"dockerFile": "Dockerfile",
+	"mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ],
+
+	// Set *default* container specific settings.json values on container create.
+	"settings": { 
+		"terminal.integrated.shell.linux": "/bin/bash"
+	},
+
+	// Add the IDs of extensions you want installed when the container is created.
+	"extensions": [
+		"hashicorp.terraform",
+		"ms-azuretools.vscode-azureterraform",
+		"ms-vscode.azurecli",
+		"ms-azuretools.vscode-docker"
+	]
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "terraform --version",
+
+	// Uncomment when using a ptrace-based debugger like C++, Go, and Rust
+	// "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
+
+	// Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
+	// "remoteUser": "vscode"
+}

.gitignore

@@ -0,0 +1,42 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Special credential files
+# Exclude all files with credentials stored in
+# Defined credentil files are: [somename]cred.conf and files with [somename].cred
+*creds.conf
+*cred.conf
+*.creds
+*.cred

.images/logo.png

@@ -0,0 +1,103 @@
+[![Contributors][contributors-shield]][contributors-url]
+[![Forks][forks-shield]][forks-url]
+[![Stargazers][stars-shield]][stars-url]
+[![Issues][issues-shield]][issues-url]
+[![MIT License][license-shield]][license-url]
+[![LinkedIn][linkedin-shield]][linkedin-url]
+
+<!-- PROJECT LOGO -->
+<br />
+<p align="center">
+  <a href="https://github.com/adminph-de/repo">
+    <img src=".images/logo.png" alt="Logo">
+  </a>
+  <h3 align="center">Deploy a Remote Backend to Azure with Terraform</h3>
+</p>
+
+<!-- TABLE OF CONTENTS -->
+## Table of Contents
+
+* [About the Project](#about-the-project)
+* [Deployment](#deployment)
+* [Contact](#contact)
+* [Referenzes](#referenzes)
+
+## About The Project
+
+Using Terraform to deploy a StorageAccount in Azure to use it as a [Terraform Remote Backend](https://www.terraform.io/docs/backends/types/remote.html) to store your future tfstate files. Part of the reposotory is a folder called ```.devcontainer``` it contains the Docker container configuration to use it with [Microsoft Visial Studio Code](https://code.visualstudio.com/download) and the [Remote-Container](https://code.visualstudio.com/docs/remote/containers) technologie. [Terraform](https://www.terraform.io/downloads.html) and [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) is installed, if you run the container. You need apart of [Microsoft Visial Studio Code](https://code.visualstudio.com/download) [Docker Desktop](https://www.docker.com/get-started) installed on your PC, MAC or Linux to use [Remote-Container](https://code.visualstudio.com/docs/remote/containers). This is only optional and not requited to run the Terraform scripts.
+
+
+### Deployment
+ 
+1. Clone the repo
+```sh
+git clone https://github.com/adminph-de/tf-azure-backend.git
+```
+2. Azure Credential file:
+Create an addinal file in your cloned repo, called: ```azurecert.conf``` with your spezific ```TENANT_ID```, ```SUBSCRIPTION_ID``` and a ```Azure Service Principal (SPN)``` ```CLIENT_ID``` and ```CLIENT_SECRET``` variable. Find the HowToBuild a SPN in the referenzes below.
+
+Content of the file:
+```
+ARM_TENANT_ID="0000000-0000-0000-0000-000000000000"
+ARM_SUBSCRIPTION_ID="0000000-0000-0000-0000-000000000000"
+ARM_CLIENT_ID="0000000-0000-0000-0000-000000000000"
+ARM_CLIENT_SECRET="0000000-0000-0000-0000-000000000000"
+```
+
+3. Terraform Variables file: 
+Create a ```terraform.tfvars``` file in your cloned repo with the variable values like this:
+```
+project     = "Remote Backend for tfstate files"
+environment = "PROD"
+location    = "westus2"
+```
+
+4. Run Terraform Init:
+```
+terraform init -backend-config=azurecreds.conf
+```
+
+5. Run Terraform Plan:
+```
+terraform plan
+```
+
+6. Run Terraform Apply:
+```
+terraform apply -auto-approve
+```
+
+7. Check your result in your Azure Subscription
+
+<!-- CONTACT -->
+## Contact
+
+[LinkedIN](https://www.linkedin.com/in/patrickhayo/?locale=en_US) - [Twitter](https://twitter.com/N00ky2010) - [Email](patrick.hayo@flsmidth.com)
+
+Project Link: [https://github.com/adminph-de/repo](https://github.com/adminph-de/repo)
+
+<!-- REFERENZES -->
+## Referenzes
+
+Author of the scrpit source is [Guillermo Musumeci](https://medium.com/@gmusumeci). Find detaild docmentation and explainations in his article:
+* [How to Create an Azure Remote Backend for Terraform](https://medium.com/@gmusumeci/how-to-create-an-azure-remote-backend-for-terraform-67cce5da1520)
+
+Addinaly to this article, check:
+* [How to manage Terraform state in Azure Blob Storage](https://medium.com/developingnodes/how-to-manage-terraform-state-in-azure-blob-storage-870a80917450)
+* [Terraform CLI (azurerm)](https://www.terraform.io/docs/backends/types/azurerm.html)
+
+<!-- MARKDOWN LINKS & IMAGES -->
+<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->
+[contributors-shield]: https://img.shields.io/github/contributors/adminph-de/tf-azure-backend.svg?style=flat-square
+[contributors-url]: https://github.com/adminph-de/tf-azure-backend/graphs/contributors
+[forks-shield]: https://img.shields.io/github/forks/adminph-de/tf-azure-backend.svg?style=flat-square
+[forks-url]: https://github.com/adminph-de/tf-azure-backend/network/members
+[stars-shield]: https://img.shields.io/github/stars/adminph-de/tf-azure-backend?style=flat-square
+[stars-url]: https://github.com/adminph-de/tf-azure-backend/stargazers
+[issues-shield]: https://img.shields.io/github/issues/adminph-de/tf-azure-backend.svg?style=flat-square
+[issues-url]: https://github.com/adminph-de/tf-azure-backend/issues
+[license-shield]: https://img.shields.io/github/license/adminph-de/tf-azure-backend.svg?style=flat-square
+[license-url]: https://github.com/adminph-de/tf-azure-backend/blob/master/LICENSE.txt
+[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=flat-square&logo=linkedin&colorB=555
+[linkedin-url]: https://www.linkedin.com/in/patrickhayo/?locale=en_US
+[product-screenshot]: images/screenshot.png

README.md

@@ -0,0 +1,47 @@
+# Generate a random storage name
+resource "random_string" "tf-name" {
+  length  = 8
+  upper   = false
+  number  = true
+  lower   = false
+  special = false
+}
+# Create a Resource Group for the Terraform State File
+resource "azurerm_resource_group" "state-rg" {
+  name     = "terraform-tfstate-${lower(var.location)}"
+  location = var.location
+  lifecycle {
+    prevent_destroy = true
+  }  
+  tags = {
+    Environment = var.environment
+    Description = "Created by Terraform"
+  }
+}
+# Create a Storage Account for the Terraform State File
+resource "azurerm_storage_account" "state-sta" {
+  depends_on = [azurerm_resource_group.state-rg]
+  #name = "${lower(var.company)}tf${random_string.tf-name.result}"
+  name = "tfstate${random_string.tf-name.result}"
+  resource_group_name = azurerm_resource_group.state-rg.name
+  location = azurerm_resource_group.state-rg.location
+  account_kind = "StorageV2"
+  account_tier = "Standard"
+  access_tier = "Hot"
+  account_replication_type = "LRS"
+  enable_https_traffic_only = true
+  lifecycle {
+    prevent_destroy = true
+  }  
+  tags = {
+    Project      = var.project
+    Environment  = var.environment
+    Description  = "Created by Terraform"
+  }
+}
+# Create a Storage Container for the Core State File
+resource "azurerm_storage_container" "core-container" {
+  depends_on = [azurerm_storage_account.state-sta]
+  name                 = "core-tfstate"
+  storage_account_name = azurerm_storage_account.state-sta.name
+}

az-remote-backend-main.tf

@@ -0,0 +1,9 @@
+output "terraform_state_resource_group_name" {
+  value = azurerm_resource_group.state-rg.name
+}
+output "terraform_state_storage_account" {
+  value = azurerm_storage_account.state-sta.name
+}
+output "terraform_state_storage_container_core" {
+  value = azurerm_storage_container.core-container.name
+}

az-remote-backend-output.tf

@@ -0,0 +1,15 @@
+# environment
+variable "environment" {
+  type        = string
+  description = "This variable defines the environment to be built"
+}
+# azure region
+variable "location" {
+  type        = string
+  description = "Azure region where the resource group will be created"
+  default     = "north europe"
+}
+variable "project" {
+  type        = string
+  description = "Name of the Terraform Project"
+}

az-remote-backend-variables.tf

@@ -0,0 +1,5 @@
+# Configure the Azure provider
+provider "azurerm" {
+    version = "~>2.00"
+    features {}
+}