From 323c50d153c8d5d9caca840db2402ad4aaeb614a Mon Sep 17 00:00:00 2001 From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> Date: Thu, 20 Jun 2024 16:38:38 +0100 Subject: [PATCH] Switch to using a Service Principal for Terraform deployments --- terraform/README.md | 4 ++++ terraform/backend.tf | 6 ++++-- terraform/providers.tf | 5 +++++ terraform/variables.tf | 21 +++++++++++++++++++++ 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/terraform/README.md b/terraform/README.md index 2cd85acc0..4d43fc3d7 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -149,7 +149,11 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [azure\_client\_id](#input\_azure\_client\_id) | Service Principal Client ID | `string` | n/a | yes | +| [azure\_client\_secret](#input\_azure\_client\_secret) | Service Principal Client Secret | `string` | n/a | yes | | [azure\_location](#input\_azure\_location) | Azure location in which to launch resources. | `string` | n/a | yes | +| [azure\_subscription\_id](#input\_azure\_subscription\_id) | Service Principal Subscription ID | `string` | n/a | yes | +| [azure\_tenant\_id](#input\_azure\_tenant\_id) | Service Principal Tenant ID | `string` | n/a | yes | | [cdn\_frontdoor\_custom\_domains](#input\_cdn\_frontdoor\_custom\_domains) | Azure CDN Front Door custom domains. If they are within the DNS zone (optionally created), the Validation TXT records and ALIAS/CNAME records will be created | `list(string)` | n/a | yes | | [cdn\_frontdoor\_enable\_rate\_limiting](#input\_cdn\_frontdoor\_enable\_rate\_limiting) | Enable CDN Front Door Rate Limiting. This will create a WAF policy, and CDN security policy. For pricing reasons, there will only be one WAF policy created. | `bool` | n/a | yes | | [cdn\_frontdoor\_forwarding\_protocol](#input\_cdn\_frontdoor\_forwarding\_protocol) | Azure CDN Front Door forwarding protocol | `string` | `"HttpsOnly"` | no | diff --git a/terraform/backend.tf b/terraform/backend.tf index 3bd95444b..40e5c4331 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,3 +1,5 @@ terraform { - backend "azurerm" {} -} \ No newline at end of file + backend "azurerm" { + use_azuread_auth = true + } +} diff --git a/terraform/providers.tf b/terraform/providers.tf index 874095c71..1f88c3e54 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -1,6 +1,11 @@ provider "azurerm" { features {} skip_provider_registration = true + storage_use_azuread = true + client_id = var.azure_client_id + client_secret = var.azure_client_secret + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id } provider "azapi" { diff --git a/terraform/variables.tf b/terraform/variables.tf index 2fc43c92b..ad65a7b9b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,3 +1,24 @@ +variable "azure_client_id" { + description = "Service Principal Client ID" + type = string +} + +variable "azure_client_secret" { + description = "Service Principal Client Secret" + type = string + sensitive = true +} + +variable "azure_tenant_id" { + description = "Service Principal Tenant ID" + type = string +} + +variable "azure_subscription_id" { + description = "Service Principal Subscription ID" + type = string +} + variable "environment" { description = "Environment name. Will be used along with `project_name` as a prefix for all resources." type = string