A comprehensive collection of reusable Terraform modules for Azure cloud infrastructure deployment. This repository contains modular, production-ready infrastructure components that follow Azure best practices and security standards.
This repository provides a set of Terraform modules for deploying and managing Azure resources in a consistent, secure, and maintainable way. The modules are designed to be reusable, configurable, and follow infrastructure-as-code best practices.
To get started with these Terraform modules, you'll need to:
- Install Terraform (>= 1.5.0)
- Install Azure CLI (>= 2.50.0)
- Configure your Azure credentials (
az login) - Clone this repository or reference modules directly from Git
For detailed information about using Terraform with these modules, including common commands and best practices, see our Terraform Commands Guide.
New to Terraform or need a quick reference? Check out our comprehensive Terraform Commands Guide which includes:
- Basic Commands:
init,plan,apply,fmt,validate - Advanced Operations: State management, importing resources, troubleshooting
- Best Practices: Formatting, validation, environment management
- Common Issues: Solutions for state locks, plugin issues, and more
- Team Workflows: Remote state, workspaces, and collaboration tips
The guide provides practical examples and explanations for all the Terraform commands you'll need when working with these modules.
apim-api- Azure API Management API configurationapim-cors-policy-fragment- CORS policy fragment for API Managementapim-jwtvalidate-policy-fragment- JWT validation policy fragment for API Management
container-app- Azure Container Apps deploymentcontainer-app-custom-domain- Custom domain configuration for Container Appscontainer-app-custom-domain-complete- Complete custom domain setup for Container Appscontainer-registry- Azure Container Registry deployment
cosmos-db-account- Cosmos DB account setupcosmos-db-sql-db- Cosmos DB SQL database configurationpostgresql-flex-server- PostgreSQL Flexible Server deployment
ai-search- Azure AI Search service setupai-search-cosmos-index-simple- Simplified Cosmos DB index configuration for Azure AI Searchcognitive-deployment- Azure OpenAI and Cognitive Services deployment
eventhub-namespace- Event Hub Namespace configurationservicebus-namespace- Service Bus Namespace setupservicebus-queue- Service Bus Queue configurationservicebus-topic- Service Bus Topic setupservicebus-subscription- Service Bus Subscription configurationservicebus-subscription-rule- Service Bus Subscription Rules
storage-account- Azure Storage Account configurationstorage-container- Storage Container setup
frontdoor-cdn-endpoint-with-origin- Azure Front Door CDN configurationdns-apex-domain-record- DNS Apex Domain Record setupdns-mx-record- DNS MX Record configurationdns-sub-domain-record- DNS Subdomain Record setupdns-txt-record- DNS TXT Record configuration
key-vault- Azure Key Vault setupappinsights-availability-test- Application Insights availability testing
communication-service- Azure Communication Services setupemail-communication-service- Email Communication Service configuration
- Terraform - Infrastructure as Code (IaC) tool
- Azure Cloud Services:
- Azure API Management
- Azure Container Apps
- Azure Container Registry
- Azure Cosmos DB
- Azure Cognitive Services
- Azure Event Hub
- Azure Service Bus
- Azure Storage
- Azure Front Door
- Azure Key Vault
- Azure Application Insights
- Azure Communication Services
- Azure DNS
- Azure PostgreSQL Flexible Server
- Azure AI Search
- TLS 1.2 enforcement
- Private endpoints where applicable
- Network security rules
- Role-based access control (RBAC)
- Key Vault integration
- Secure secret management
- Terraform >= 1.5.0
- Azure CLI >= 2.50.0
- Azure subscription
- Appropriate Azure permissions
Each module can be used independently. Here's a basic example of how to use a module:
module "storage_account" {
source = "git::ssh://git@github.com/mtnvencenzo/terraform-modules.git//modules/storage-account"
sub = "vec"
region = "eus"
environment = "prod"
domain = "myapp"
name_discriminator = "storage"
sequence = "001"
resource_group_name = "my-resource-group"
resource_group_location = "East US"
}All modules follow a consistent naming convention for Azure resources:
- Format:
{service}-{sub}-{region}-{environment}-{domain}-{name_discriminator}-{sequence} - Example:
st-vec-eus-prod-myapp-storage-001
Common Variables:
sub- Subscription identifier (default: "vec")region- Azure region abbreviation (default: "eus" for East US)environment- Environment name (dev, test, prod)domain- Application or project domainname_discriminator- Resource-specific identifiersequence- Sequential number for uniqueness
For production use, it's recommended to pin modules to specific versions or tags:
module "storage_account" {
source = "git::ssh://git@github.com/mtnvencenzo/terraform-modules.git//modules/storage-account?ref=v1.0.0"
# module variables...
}To access these modules from a GitHub workflow, you'll need to set up SSH authentication. Here's an example workflow configuration:
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: Add ssh key to ssh-agent
uses: webfactory/ssh-agent@v0.7.0
with:
ssh-private-key: ${{ secrets.terraform_module_repo_access_key_secret }}
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.5.0"
- name: Terraform Init
run: terraform initMake sure to:
- Add your SSH private key as a repository secret named
terraform_module_repo_access_key_secret. This should match the corresponding public key in the repository. - Ensure the workflow has the necessary permissions to access the secrets
This project is licensed under the MIT License - see the LICENSE file for details.
These modules are provided as-is, without warranty of any kind. Always review the configuration before deploying to production environments.