Tutorial: Create a Linux VM with a managed identity from the Azure Marketplace image using Terraform

This article shows you how to use a Terraform Marketplace image to create an Ubuntu Linux VM (16.04 LTS) with the latest Terraform version installed and configured using managed identities for Azure resources. This image also configures a remote back end to enable remote state management using Terraform.

The Terraform Marketplace image makes it easy to get started using Terraform on Azure, without having to install and configure Terraform manually.

There are no software charges for this Terraform VM image. You pay only the Azure hardware usage fees based on the provisioned VM's size.

For more information about the compute fees, see the Linux VM pricing page.

Prerequisites

Before you can create a Linux Terraform VM, you must have an Azure subscription. If you don't already have one, see Create your free Azure account today.

Create your Terraform VM

Here are the steps to create an instance of a Linux Terraform VM:

  1. In the Azure portal, go to the Create a Resource listing.

  2. In the Search the Marketplace search bar, search for Terraform.

  3. Select the Create.

  4. The following sections provide inputs for each of the steps in the wizard to create the Terraform Linux VM. The following section lists the inputs that are needed to configure each of these steps.

Details on the Create Terraform tab

Enter the following details on the Create Terraform tab:

  1. Basics

    • Name: The name of your Terraform VM.
    • User Name: The first account sign-in ID.
    • Password: The first account password. (You can use an SSH public key instead of a password.)
    • Subscription: The subscription on which the machine is to be created and billed. You must have resource creation privileges for this subscription.
    • Resource group: A new or existing resource group.
    • Location: The datacenter that is most appropriate. Usually it's the datacenter that has most of your data, or the one that's closest to your physical location for fastest network access.
  2. Additional settings

    • Size: Size of the VM.
    • VM disk type: SSD or HDD.
  3. Summary Terraform

    • Verify that all information that you entered is correct.
  4. Buy

    • To start the provisioning process, select Buy. A link is provided to the terms of the transaction. The VM doesn't have any additional charges beyond the compute for the server size that you chose in the size step.

The Terraform VM image does the following steps:

  • Creates a VM with system-assigned identity that's based on the Ubuntu 16.04 LTS image.
  • Installs the managed identities for Azure resources extension on the VM to allow OAuth tokens to be issued for Azure resources.
  • Assigns RBAC permissions to the managed identity, granting owner rights for the resource group.
  • Creates a Terraform template folder (tfTemplate).
  • Pre-configures a Terraform remote state with the Azure back end.

Access and configure a Linux Terraform VM

After you create the VM, do the following steps:

  1. Sign in to the VM using SSH. Use the account credentials that you created in the previous section. On Windows, you can download an SSH client tool like Putty.

  2. Grant contributor permissions for the entire subscription to managed identities for Azure resources on the VM.

    Contributor permission helps managed identities for Azure resources on VM to use Terraform to create resources outside the VM resource group. Do this action by running the following script:

    . ~/tfEnv.sh
    

    This script uses the Azure CLI interactive log-in mechanism to authenticate with Azure. This process assigns the Managed Identity Contributor permission for the entire subscription.

  3. The VM has a Terraform remote state back end. To enable it on your Terraform deployment, you must copy the remoteState.tf file to the root of the Terraform scripts.

    cp  ~/tfTemplate/remoteState.tf .
    

    For more information about Remote State Management, see Terraform remote state. The storage access key is exposed in this file. Exclude it before committing Terraform configuration files into source control.

Next steps