These are the exercises we will try to get through during our dojo coding session.

• Look up the resource type needed in AzureRM Provider Docs and work from there.
• If you have Hashicorp Terraform extension in VSCode you can enable code completion.
• There are pre-created users for you to authenticate to the lab.
• The lab allows only creation of the resources mentioned in this exercise.
• Please avoid creation of extremes (such as many VMs or databases). The lab is not free.
• Users will be deactivated end of working day 2024-02-24.
• All resources created in the lab environment will be forcefully deleted end of working day 2024-02-24.
• Absolutely no bitcoin mining or any other shenanigans! Microsoft detects this and blocks the Azure tenant without notice.
• Use git for version control if you want, this is not covered in our workshop.
• In all tasks you can, and should, use some form of formatting tool. This can either be autoformat or manually with terraform fmt.
• In all tasks you should try terraform validate before plan and apply to see that you have the syntax correct.

You can find solutions here some time during the workshop (not immediately).

Objective: Install prerequisites and configure it to use the AzureRM provider.

Tasks:

1. Install Terraform on your machine (required for running Terraform actions).
2. Install Azure CLI on your machine (required for authenticating Terraform to Azure).
3. Install Hashicorp Terraform extension in VSCode.
4. Create a folder for your Terraform project (c:\terraform\dojo-coding) or something similar. Avoid using spaces in the name as this can cause issues.
5. Configure your Terraform and provider terraform and provider versions with a version.tf file.
6. Configure Terraform to use the AzureRM provider by creating a provider.tf file.
7. Initialize your Terraform configuration.
8. Run terraform plan and apply to see if there are changes needed and the config is valid.

• Hint: Use the Terraform documentation to find the syntax for declaring providers and version constraints.
• Hint: Use the documentation to find how this is configured.
• Hint: Use winget (or another package manager) to install Terraform and Azure CLI. This simplifies future software updates.

Do these exercises if you are not familiar with Terraform to get a feel for the syntax.

Objective: Getting to know functions, expressions, variable types.

There are ten tasks defined here. Do them at your own pace, and if you feel like getting to know the HCL syntax before starting some resource creation in Azure.

Objective: Learn to declare variables, locals, and outputs.

Tasks:

1. Create a variables.tf file to declare variables.
2. Define a variable called prefix in your variables.tf file.
3. Define a variable called resource_group_name in your variables.tf file.
4. Define a local variable in locals.tf to concatenate the prefix with the resource group name.
5. Create an output in outputs.tf to display the full resource group name.
6. Run terraform plan to see changes.
7. Run terraform apply to output values.

• Hint: Explore Terraform documentation on variables, locals, and outputs.

You need to log in for this exercise. Use the provided service principal credentials with the following cli command:

• Replace myServicePrincipalId with appId
• Replace myServicePrincipalPassword with password

az login --service-principal \
         --username myServicePrincipalId \
         --password myServicePrincipalPassword \
         --tenant myOrganizationTenantID

You also have access to a portal user if you want to view changes there. This user only has reader access on the subscription and in Entra ID. Log in here with credentials provided. Remember to use private or incognito browser window.

Objective: Use Terraform to create an Azure Resource Group, and create a Virtual Network within the Resource Group.

Tasks:

1. Using the variable and local from Exercise 2, define a resource in main.tf to create an Azure Resource Group.
2. Add another variable in variables.tf called location. You can add a sensible default value if you want.
3. Validate the location variable to allow only locations: "norwayeast", "norwaywest", "westeurope", "northeurope"
4. Add new variables for the Virtual Network settings (address space, location, default subnet).
5. Define a resource in your Terraform configuration to create a Virtual Network in the previously created Resource Group.
6. Plan and apply your configuration to create the resource group in Azure.

• Hint: Refer to the AzureRM provider documentation for the syntax to create a resource group.
• Hint: Terraform validation for variables documentation here
• Hint: Look into the AzureRM Virtual Network resource documentation.

Objective: Move the state from locally on your client to remotely on Azure Storage Account

Tasks:

1. Configure your AzureRM remote backend with information provided.
2. Try to plan and apply configuration. What happens?
3. Fix the issues.
4. Apply your configuration with the new remote state.

• Hint: Look into terraform init -migrate-state.

Objective: Create more subnets within your Virtual Network.

Tasks:

1. Declare a map variable for subnet configurations.
2. Reference the virtual network with a property lookup and not a hardcoded vnet name.
3. Update your Terraform configuration to include subnets in your Virtual Network.
4. Apply your changes to Azure.
5. Remove a subnet from your config. What happens when you plan and apply?

• Hint: Each subnet will be a separate resource linked to your Virtual Network.
• Hint: Explore for_each to create more subnets without repeating your code.
• Alternative solution: Try creating the same subnets inside the virtual network resource with a dynamic block. Is this easier? Harder? Same?

Objective: Deploy an Azure Key Vault for secret storage. You should always store secrets in a secure vault.

Tasks:

1. Create variables for Key Vault configuration.
2. Use RBAC for authorization.
3. Add role assignment for terraform user.
4. Enable retrieval of secrets on VM deployment.

• Hint: Avoid purge protection as this can prevent removal of key vault.
• Hint: Remember role assignment for your Terraform user. Key Vault Reader combined with Key Vault Secrets User should be sufficient (least privilege), but you can also use Key Vault Administrator in this fictional setting.

Objective: Deploy an Azure Virtual Machine (with public IP address).

Tasks:

1. Create variables for VM configuration (image, size, etc.).
2. Determine connection method (SSH for linux, RDP for windows).
3. Determine authentication method (SSH key pair or password for linux, user/pass for windows).
4. Provide credentials in a secure way (not hardcoded). Use Key Vault from previous task for secrets storage and retrieval if using passwords.
5. Define a resource for an Azure VM, placing it within your subnet. Public IP required for external access.
6. Apply your Terraform configuration to deploy the VM.

• Hint: Avoid the deprecated azurerm_virtual_machine resource. Use linux or windows.

Objective: Create an Azure SQL Database instance.

Tasks:

1. Declare variables for the SQL Database configuration (server name, database name, etc.).
2. Define resources for an Azure SQL Server and a SQL Database.
3. Apply your Terraform configuration to create the SQL Database.

• Hint: The database requires an SQL server to be defined first.
• Hint: Use a small SKU, preferrably S0 or S1.

Objective: Implement a Network Security Group (NSG) with security rules.

Tasks:

1. Define a NSG resource with security rules in Terraform.
2. The NSG should allow HTTPS, SSH and RDP from your client ip to the entire subnet range.
3. Define the NSG rules with a map of objects.
4. Associate the NSG with one or more subnets from Exercise 5.
5. Apply your configuration.

• Hint: Use dynamic blocks for your NSG rules.
• Hint: Get your public ip curl api.ipify.org or (invoke-webrequest api.ipify.org).content

Objective: Create a module out of one of the previous resources you made.

Tasks:

1. Create a new folder for the module and copy the terraform files you need from previous exercises.
2. Declare variables for the module. Make it as flexible as possible.
3. Define a resource with your module.
4. Apply your Terraform configuration to create the resource(s).

• Hint: Think about flexibility and reuse when creating modules.
• Hint: Define smart defaults to allow minimal variable input when using module.
• Hint: Conditional expressions allows you to handle input missing from module calls.

Objective: Set up an Application Gateway to route traffic to your VM.

Tasks:

1. Define variables for the Application Gateway configuration.
2. Create an Application Gateway resource in Terraform, configuring backend pools, listeners, and rules.
3. Apply your configuration to establish the Application Gateway.

• Hint: Use the AzureRM documentation for Application Gateway to understand the required components and dependencies.