The ‘azurerm‘ Terraform provider allows you to build a Windows server in Microsoft’s Azure hyperscaler.
However, in order to use this provisioner, you must first install the Azure CLI. And in line with automation best practices we will use a Service Account (Principal) to create the networks, security rules, and compute instances.
When complete, you’ll be able to reach your Windows server via RDP at a public IP address assigned by Azure.
Prerequisite: Install Azure CLI
See my previous article on installing the Azure CLI.
Prerequisite: Install Terraform
See my previous article on installing Terraform.
Prerequisite: Create Azure Service Principal
For a local test, we could allow Terraform to operate under our identity directly. But in order to accommodate non-interactive/headless usage in build and deployment stages, let’s create a Service Principal that Terraform uses for all its infrastructure building.
Here are the basic commands for the creation of the Service Principal.
az login subscriptionId=$(az account show --query id -o tsv) # create Service Principal az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$subscriptionId"
However, use my create-azure-service-account.sh because it creates a ‘terraform.tfvars’ that gets you ready for the terraform provisioning in the next step.
# grab project git clone https://github.com/fabianlee/simple-azure-terraform.git cd simple-azure-terraform # login to azure as self as bootstrap az login # create Service Principal account ./create-azure-service-account.sh # shows subscription, tenant, client_id, and client_secret # ready for use by terraform cat terraform.tfvars
Provision with Terraform
Now armed with a Service Principal, you can allow Terraform to build the resource groups, network security groups, networks, and compute instance.
WARNING: Azure will bill you for this usage!
# initialize providers terraform init # create infrastructure. terraform apply -auto-approve
This will output the connection string for RDP as well as the username and password to use as credentials.
Apply complete! Resources: 10 added, 0 changed, 0 destroyed. Outputs: local_win_credentials = "Windows user/pass = adminuser/**redacted**" rdp_connection_string = "mstsc.exe /v:x.x.x.x:3389"
You can use any RDP client such as mstsc.exe on Windows or Remmina on Linux to connect to this Windows server.
When done, to remove all infrastructure:
# remove extension state that will not delete properly terraform state rm azurerm_virtual_machine_extension.startup_script # destroy all terraform destroy -auto-approve
REFERENCES
terraform, authenticate with a service principal, creating
markheath.net, creating azure service principal
microsoft, creating service principal
kpatnayakuni, terraform example of azure vm with boot diagnostics
stackoverflow, terraform azure vm with boot diagnostics and winrm port
microsoft, install azure cli on windows
microsoft, install azure cli on linux