We are looking to "reset" a resource group, deleting everything but the necessary infrastructure in it. The problem is we are still immature in our IAC practices and a lot of resources are deployed via the portal. My initial thought is to have the only necessary infra defined in an ARM template and running it in complete mode when we want to reset it. Does Terraform have a complete mode feature? From what I understand, Terraform will only manage stuff in state. Since we wont really respecting the state after initial deployment, the resources deployed via the portal wont be destroyed on a TF destroy. Any thoughts? Thanks!
Does Terraform have a complete mode feature?
AFAIK, No , Terraform doesn't have complete Mode like ARM template has.
From what I understand, Terraform will only manage stuff in state.
Since we wont really respecting the state after initial deployment,
the resources deployed via the portal wont be destroyed on a TF
destroy.
Yes , You are correct the Terraform will only manage the the
resources which are in state file only .
So, by default Terraform will only store the resources deployed through it in the state file but if you want to create some resources from the portal , then also you can use the import resources feature of terraform. Using which Terraform will be able to manage the resources created from Terraform and Portal as well.
Reference:
Import - Terraform by HashiCorp
No, Terraform does not have such a feature.
There is a feature request which mainly covers the "reporting" aspect, but also would allow acting upon it.
You might be able to build something around the import feature of Terraform, as suggested here. However, this would require some effort.
You could also use Terraform to deploy an ARM template in complete mode, but then you might loose most of why you wanted to use Terraform in the first place.
Related
I'm looking for a way to automatically generate new instances of my manually created Azure resources. The resources already exist and destroying everything + rebuilding with an IaC framework is not an option at this stage. The existing infrastructure is rather simple (a few VMs, networks, network interfaces, disks, etc), nothing too fancy, and should serve as a blueprint for future deployments. I'd be happy with either generating a list of CLI commands that lead to the desired infrastructure or generating code for the Azure Resource Manager for the same purpose. I heard there are native tools to achieve this but could not find anything.
Is there a way to achieve this or do I have to go the error-prone way of manually writing the code, hoping I don't have any mismatch between the configuration of my coded infrastructure and my current infrastructure?
you can use Azure Portal to export the templates and check see if you ready to use Bicep - decompile to refactor variables/parameters practices, and use it as blueprint repository for future deployments (e.g starter- templates etc etc)
When working with Terraform, what features of Azure services are there that cannot be scripted in Terraform or require embedding ARM?
Currently, there is no resource to create Data Sync Group in Azure using Terraform
An ARM template configures the Azure PaaS resources to send their diagnostic data to Log Analytics. There is no functionality for this in Terraform when used with Azure
There is a zone to zone disaster recovery for Azure VM but terraform only provides single instance and target availability set in the azure site recovery
Almost all the new features added in Azure cannot be created using Terraform
The landscape for both Azure and Terraform is constantly changing, so it would not make much sense to list what is supported/not supported in a Stack Overflow context.
I have been working with Terraform in Azure for more than 5 years, and the AzureRM provider is being updated almost on a biweekly basis. In general, it is very much up to date - not only with new resources and data sources that are being added constantly but also updates on existing components functionality and when the Azure API changes. This provider rocks!
Take a look at the changelog here to get an overview of the intense activity on the AzureRM provider: https://github.com/hashicorp/terraform-provider-azurerm/blob/main/CHANGELOG.md
I believe that instead of asking what is not supported, take a look at the landscape you want to create, and see if the components exist in the documentation, which is very good IMO. I think that the latest AzureRM provider (2.91.0) has around 950+ resources and data sources.
Documentation: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Usually, when something does not exist there will be an issue in the Github repo. E.g. to follow the example that #RamaroAdapa-MT mentions, you can find the issue here (by a simple Google search):
https://github.com/hashicorp/terraform-provider-azurerm/issues/6425
Looking through that, you can see the the reason is actually not a Terraform AzureRM provider issue, but lack of support in the Azure API:
https://github.com/Azure/azure-rest-api-specs/issues/11061
I am new to Terraform and was wondering if we can use Terraform to implement a kind of disaster recovery for Azure API manager.
I know there is disaster recovery implementation by Microsoft for API manager but I wanted to explore if I can just recreate the whole thing using Terraform.
I am able to recreate the API manager using Terraform with the same configuration/APIs etc.
The only thing which is unclear to me how to back up and recreate the same subscriptions/products in API manager using Terraform.
For example, if someone deletes the API manager, I want to recreate it using Terraform and import all the existing products/subscriptions (keys).
Any ideas?
Similar to using ARM Templates, you can use Terraform to deploy Azure APIM as well. You refer the azurerm provider docs for more information.
But for all runtime data like users & subscriptions, you will have to consider setting up a backup/restore system utilizing the built-in feature.
After deploying APIM using terraform, you will have to restore the runtime data separately. Also, depending on your Recovery Time Objective, you will have to take frequent backups.
PS: Logic Apps are a great way to setup automatic backups. There is an official sample that you can refer to for this.
I am new to Azure as well as Devops, ARM template etc..I have deployed an ARM template for key valut with a name "ABC" via DevOPs. Now I would like to change some parameters. I don't have access to do it via portal and I am forced to use only ARM template. How can this be achieved via devops? Should I delete that resource and start from the scratch or any SOP to update resource parameters via ARM templates. For example I want to enable "“enabledForDeployment” for already deployed kay-vault. Thanks.
generally speaking you just re-run the same template with the changes you've introduced to the template. there are many ways of deploying the template (az cli, powershell, built-in steps, various sdk's).
just keep in mind, some properties are settable only at creation time, so effectively read only, you wouldn't be able to update those after the resource is created, some resource providers do not play well with idempotent behavior and this will also lead to issues when you try to redeploy the same template, some providers offer dodgy behavior when you need to use a completely different api call to update something compared to creating it.
So there's no single answer, but for what you are doing, just updating the template and running it again should work just fine.
You can do it through PowerShell,
Update a resource in an Azure Resource Manager template
I have a wonderful terraform plan that perfectly describes my infrastructure in Google Cloud Platform, however, I have a problem: since my repository isn't perfectly private, some steps of my plan are encrypted and must be decrypted using Google Key Management Service.
This means my plan must be broken down into two terraform phases:
Setup the Google Cloud Project and create a Key Ring and Key (after this, I encrypt secrets and put them in a variables.tf file)
Apply the entire plan.
Does Terraform support a way to break down my plan into phases? How should I go around implementing this?
Though terraform enables us to automate the resources creation, some preliminary steps need to be done manually, like account creation, billing setup, etc. Similarly for Google cloud setup, the project needs to be created prior running terrform scripts since terraform google provider requires the project details.
The project creation and terraform variables for the keys (as environment variables) can be generated through shell scripts. Then the shell script and the terraform scripts can be sequenced in execution using a make file.
The below link might be helpful for you to create GCP project through shell scripts.
https://medium.com/google-cloud/how-to-automate-project-creation-using-gcloud-4e71d9a70047