Use azurerm as remote backend

Author: moazrai

Diff for: .gitignore

@@ -1,5 +1,5 @@
 # Local .terraform directories
-**/.terraform/*
+**/.terraform
 
 # .tfstate files
 *.tfstate
@@ -27,3 +27,5 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+*.conf

Diff for: README.md

@@ -1,2 +1,9 @@
 # terraform-basics
+
 A git repository that I use to try terraform.
+
+## Configuring the Remote Backend to use Azure Storage with Terraform
+
+Use Microsoft Azure Storage to create a Remote Backend for Terraform to store the state file and lock the file to avoid mistakes or damage the existing infrastructure.
+
+Use Terraform to create the storage account in Azure Storage.

Diff for: backend.tf

@@ -1,7 +1,7 @@
 resource "azurerm_linux_virtual_machine" "vm" {
   name                = "tutorial-vm"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.vm-rg.location
+  resource_group_name = azurerm_resource_group.vm-rg.name
   size                = "Standard_D2ads_v5"
   admin_username      = var.vm_admin_username
   network_interface_ids = [

Diff for: computes.tf

@@ -1,31 +1,31 @@
 # Create a virtual network and a subnet
 resource "azurerm_virtual_network" "vnet" {
   name                = "tutorial-vnet"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.vm-rg.location
+  resource_group_name = azurerm_resource_group.vm-rg.name
   address_space       = ["10.0.0.0/16"]
   tags                = var.tags
 }
 
 resource "azurerm_subnet" "subnet" {
   name                 = "tutorial-subnet"
-  resource_group_name  = azurerm_resource_group.rg.name
+  resource_group_name  = azurerm_resource_group.vm-rg.name
   virtual_network_name = azurerm_virtual_network.vnet.name
   address_prefixes     = ["10.0.1.0/24"]
 }
 
 resource "azurerm_public_ip" "vm_public_ip" {
   name                = "vm-public-ip"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.vm-rg.location
+  resource_group_name = azurerm_resource_group.vm-rg.name
   allocation_method   = "Dynamic"
   tags                = var.tags
 }
 
 resource "azurerm_network_interface" "nic" {
   name                = "vm-nic"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.vm-rg.location
+  resource_group_name = azurerm_resource_group.vm-rg.name
 
   ip_configuration {
     name                          = "internal"

Diff for: main.tf

@@ -1,5 +1,7 @@
+## VM Outputs
+
 output "resource_group_id" {
-  value = azurerm_resource_group.rg.id
+  value = azurerm_resource_group.vm-rg.id
 }
 
 output "tls_private_key" {
@@ -10,3 +12,18 @@ output "tls_private_key" {
 output "vm_public_ip" {
   value = azurerm_public_ip.vm_public_ip.ip_address
 }
+
+
+## State Outputs
+
+output "terraform_state_resource_group_name" {
+  value = azurerm_resource_group.state-rg.name
+}
+
+output "terraform_state_storage_account" {
+  value = azurerm_storage_account.state-sta.name
+}
+
+output "terraform_state_storage_container_core" {
+  value = azurerm_storage_container.core-container.name
+}

Diff for: networks.tf

@@ -7,6 +7,13 @@ terraform {
     }
   }
 
+  backend "azurerm" {
+    resource_group_name  = "tutorial-tfstate-rg"
+    storage_account_name = "tutorialtfhj8tetzd"
+    container_name       = "tutorial-core-tfstate"
+    key                  = "core.tutorial.tfstate"
+  }
+
   required_version = ">= 1.1.0"
 }
 

Diff for: outputs.tf

@@ -1,13 +1,13 @@
-resource "azurerm_resource_group" "rg" {
+resource "azurerm_resource_group" "vm-rg" {
   name     = var.resource_group_name
   location = var.location
   tags     = var.tags
 }
 
 resource "azurerm_network_security_group" "nsg" {
   name                = "tutorial-network-security-group"
-  location            = azurerm_resource_group.rg.location
-  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.vm-rg.location
+  resource_group_name = azurerm_resource_group.vm-rg.name
 
   security_rule {
     name                       = "allow-ssh"

Diff for: providers.tf

@@ -0,0 +1,42 @@
+# Create a Resource Group for the Terraform state file
+resource "azurerm_resource_group" "state-rg" {
+  name     = "${lower(var.company)}-tfstate-rg"
+  location = var.location
+  tags     = var.tags
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+# Generate a random storage name
+resource "random_string" "state-sta-name" {
+  length  = 8
+  upper   = false
+  numeric = true
+  lower   = true
+  special = false
+}
+
+# Create a Storage Account for the Terraform state file
+resource "azurerm_storage_account" "state-sta" {
+  name                      = "${lower(var.company)}tf${random_string.state-sta-name.result}"
+  resource_group_name       = azurerm_resource_group.state-rg.name
+  location                  = azurerm_resource_group.state-rg.location
+  account_kind              = "StorageV2"
+  account_tier              = "Standard"
+  access_tier               = "Hot"
+  account_replication_type  = "ZRS"
+  enable_https_traffic_only = true
+  tags                      = var.tags
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+# Create a Storage Container for the state file
+resource "azurerm_storage_container" "core-container" {
+  name                 = "${lower(var.company)}-core-tfstate"
+  storage_account_name = azurerm_storage_account.state-sta.name
+}

Diff for: resource-groups.tf

@@ -1,13 +1,17 @@
-resource "random_id" "rg_storage_account" {
-  keepers = {
-    resource_group = azurerm_resource_group.rg.name
-  }
-  byte_length = 8
+
+# Generate a random storage name
+resource "random_string" "vm-sta-name" {
+  length  = 8
+  upper   = false
+  numeric = true
+  lower   = true
+  special = false
 }
-resource "azurerm_storage_account" "storage_account" {
-  name                     = "storage${random_id.rg_storage_account.hex}"
-  location                 = azurerm_resource_group.rg.location
-  resource_group_name      = azurerm_resource_group.rg.name
+
+resource "azurerm_storage_account" "vm-sta" {
+  name                     = "${lower(var.company)}tf${random_string.vm-sta-name.result}"
+  location                 = azurerm_resource_group.vm-rg.location
+  resource_group_name      = azurerm_resource_group.vm-rg.name
   account_tier             = "Standard"
   account_replication_type = "LRS"
   tags                     = var.tags

Diff for: state-storage.tf

@@ -1,4 +1,5 @@
-resource_group_name = "my-rg"
+resource_group_name = "vm-rg"
+company             = "tutorial"
 location            = "centralus"
 tags = {
   environment = "dev"

Diff for: storage.tf

@@ -1,11 +1,19 @@
 variable "resource_group_name" {
   type    = string
-  default = "tutorial-rg"
+  default = "vm-rg"
+}
+
+# company
+variable "company" {
+  type        = string
+  description = "This variable defines the name of the company"
+  default     = "tutorial"
 }
 
 variable "location" {
-  type    = string
-  default = "westus"
+  type        = string
+  description = "Azure region where the resource group will be created"
+  default     = "westus"
 }
 
 variable "tags" {