Running Terraform locally in Windows along with the Azure CLI gives you a bit more flexibility in large corporates due to eliminating the need to connect to Azure Cloud Shell from VS Code, which in itself can be a challenge with things like conditional access which may block authentication from remote locations where Azure Cloud Shell runs from.
To get things setup remotely, you need a few things.
Five easy steps:
Install Terraform locally
Install Bash (optional)
Can use PowerShell or the Command Prompt
Install the Azure CLI
Setup the Terraform State in Azure Blob Storage
Sign into Azure CLI from VS Code
1. Install Terraform
Installing Terraform is not really an install, it's more of a download and a binary which you run. Download from here.
Later when running Terraform commands (e.g. Terraform -init or Terraform -apply), ensure the Terraform.exe binary is in the path, either system path or working directory path in bash.
2. Install Bash
This step is optional, as the Azure CLI and the Terraform binary will work in either PowerShell or the Command Prompt.
3. Setup the Terraform State in Azure Blob Storage
The state for Terraform should live in a stateful place which is central, common, secure and accessible to everything. E.g. Azure Storage is a perfect candidate. You’ll need to setup a separate, dedicated Azure Storage account with a container. Recommendation would be to apply Azure resource locking on this storage account so that it doesn’t get deleted accidentally. Also, maybe apply some tags to this storage account, clearly specifying what it’s used for.
Edit the terraform.tf and change the values for backend "azurerm" to suit your own Azure Storage Account. key = "prod.terraform.tfstate" the same.
You can keep key = "prod.terraform.tfstate" as is, no change.
While the terraform.tf file has all the other information for the Azure Storage account, one piece is missing, this is the Azure Storage account key. This is sensitive! So we use the Azure CLI environment variables to help us.
Azure CLI configuration
The Azure CLI allows for user configuration for settings such as logging, data collection, and default argument values. The Azure CLI offers a convenience command for managing some defaults, az config. Other values can be set in a configuration file or with environment variables.
Terraform needs the Azure Storage account key in order to read/write the Terraform state file. In order to not store the Azure storage account key to disk, we will make use of the Azure CLI environment variable access_key.
The default access key to use for az batch commands. Only used with aad authorization
Run the following 2 lines. This will grab the Azure Storage account key and apply it’s value to the access_key environment variable in the Azure CLI:
Using either Bash, PowerShell or the command prompt - you just need to sign-in to the Azure CLI, run az login from the prompt. Once signed in, navigate to the folder, where you'll find your Terraform files. Also ensure that the Terraform.exe file can be found in the path, then simply run your normal Terraform commands (e.g. Terraform -init or Terraform -apply).