Use an Azure Marketplace image to create a Terraform Linux virtual machine with Managed Service Identity
This article shows you how to use a Terraform Marketplace image to create an Ubuntu Linux VM (16.04 LTS) with the latest Terraform version installed and configured using Managed Service Identity (MSI). This image also configures a remote back end to enable remote state management using Terraform.
The Terraform Marketplace image makes it easy to get started using Terraform on Azure, without having to install and configure Terraform manually.
There are no software charges for this Terraform VM image. You pay only the Azure hardware usage fees that are assessed based on the size of the virtual machine that's provisioned. For more information about the compute fees, see the Linux virtual machines pricing page.
Before you can create a Linux Terraform virtual machine, you must have an Azure subscription. If you don't already have one, see Create your free Azure account today.
Create your Terraform virtual machine
Here are the steps to create an instance of a Linux Terraform virtual machine:
In the Azure portal, go to the Create a Resource listing.
In the Search the Marketplace search bar, search for Terraform. Select the Terraform template.
On the Terraform details tab on the lower right, select the Create button.
The following sections provide inputs for each of the steps in the wizard to create the Terraform Linux virtual machine. The following section lists the inputs that are needed to configure each of these steps.
Details on the Create Terraform tab
Enter the following details on the Create Terraform tab:
- Name: The name of your Terraform virtual machine.
- User Name: The first account sign-in ID.
- Password: The first account password. (You can use an SSH public key instead of a password.)
- Subscription: The subscription on which the machine is to be created and billed. You must have resource creation privileges for this subscription.
- Resource group: A new or existing resource group.
- Location: The datacenter that is most appropriate. Usually it's the datacenter that has most of your data, or the one that's closest to your physical location for fastest network access.
- Size: Size of the virtual machine.
- VM disk type: SSD or HDD.
- Verify that all information that you entered is correct.
- To start the provisioning process, select Buy. A link is provided to the terms of the transaction. The VM does not have any additional charges beyond the compute for the server size that you chose in the size step.
The Terraform VM image performs the following steps:
- Creates a VM with system-assigned identity that's based on the Ubuntu 16.04 LTS image.
- Installs the MSI extension on the VM to allow OAuth tokens to be issued for Azure resources.
- Assigns RBAC permissions to the managed identity, granting owner rights for the resource group.
- Creates a Terraform template folder (tfTemplate).
- Pre-configures a Terraform remote state with the Azure back end.
Access and configure a Linux Terraform virtual machine
After you create the VM, you can sign in to it by using SSH. Use the account credentials that you created in the "Basics" section of step 3 for the text shell interface. On Windows, you can download an SSH client tool like Putty.
After you use SSH to connect to the virtual machine, you need to give contributor permissions for the entire subscription to Managed Service Identity on the virtual machine.
Contributor permission helps MSI on VM to use Terraform to create resources outside the VM resource group. You can easily achieve this action by running a script once. Use the following command:
The previous script uses the AZ CLI v 2.0 interactive log-in mechanism to authenticate with Azure and assign the virtual machine Managed Service Identity contributor permission on the entire subscription.
The VM has a Terraform remote state back end. To enable it on your Terraform deployment, copy the remoteState.tf file from tfTemplate directory to the root of the Terraform scripts.
cp ~/tfTemplate/remoteState.tf .
For more information about Remote State Management, see this page about the Terraform remote state. The storage access key is exposed in this file and needs to be excluded before commiting Terraform configuration files into source control.
In this article, you learned how to set up a Terraform Linux virtual machine on Azure. Here are some additional resources to help you learn more about Terraform on Azure: