Skip to content

Terraform Cloud - CLI-Driven Workflow

Step-01: Introduction

  • Learn and practically implement CLI-Driven Workflow in Terraform Cloud

Step-02: Review Terraform Configuration Files


Step-03: Create Workspace with CLI Driven Workflow

  • Login to Terraform Cloud
  • Select Organization -> hcta-azure-demo1
  • Click on New Workspace
  • Choose your workflow: CLI-Driven Workflow
  • Workspace Name: cli-driven-azure-demo
  • Workspace Description: Terraform Cloud CLI Driven Workflow Azure Demo
  • Click on Create Workspace

Step-04: Add backend block in Terraform Settings

terraform {
  backend "remote" {
    organization = "hcta-azure-demo1"

    workspaces {
      name = "cli-driven-azure-demo"

Step-05: Verify

# Before
  source  = ""
# After
  source  = "<YOUR_ORGANIZATION>/staticwebsitepr/azurerm"   

Step-06: Execute Terraform Commands

# Terraform Login
terraform login
Token Name: clidemoapitoken1
Token value: wtMhS66BJORvLg.atlasv1.GzmOyLo8ih9RDP3j6zXMLjBB0lyIYKiLo8Mu7aSYvfwCmu1X6pIBWh0y1ZJziYgQU2c
1) Should see message |Retrieved token for user stacksimplify
2) Verify Terraform credentials file
cat /Users/<YOUR_USER>/.terraform.d/credentials.tfrc.json
cat /Users/kdaida/.terraform.d/credentials.tfrc.json
Additional Reference:

# Terraform Initialize
terraform init
1. Should pass and download Private Registry modules from Terraform Cloud and providers
2. Verify Private Registry module downloaded. 

# Terraform Validate
terraform validate

# Terraform Format
terraform fmt

# Terraform Plan
terraform plan
1. Should fail with error due to Azure Provider credential configuration not done on Terraform Cloud for this respective workspace

# Sample Output
Initializing Terraform configuration...
│ Error: Error building AzureRM Client: obtain subscription() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│   with module.azure_static_website.provider[""],
│   on .terraform/modules/azure_static_website/ line 2, in provider "azurerm":
│    2: provider "azurerm" {

Step-08: Terraform Cloud to Authenticate to Azure using Service Principal with a Client Secret

# Azure CLI Login
az login

# Azure Account List
az account list
1. Make a note of the value whose key is "id" which is nothing but your "subscription_id"

# Set Subscription ID
az account set --subscription="SUBSCRIPTION_ID"
az account set --subscription="82808767-144c-4c66-a320-b30791668b0a"

# Create Service Principal & Client Secret
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/82808767-144c-4c66-a320-b30791668b0a"

# Sample Output
  "appId": "99a2bb50-e5a1-4d72-acd3-e4697ecb5308",
  "displayName": "azure-cli-2021-06-15-15-41-54",
  "name": "http://azure-cli-2021-06-15-15-41-54",
  "password": "0ed3ZeK0DijKvhat~a5NnaQ_bpG_uv_-Xh",
  "tenant": "c81f465b-99f9-42d3-a169-8082d61c677a"

# Observation
"appId" is the "client_id" defined above.
"password" is the "client_secret" defined above.
"tenant" is the "tenant_id" defined above.

# Verify
az login --service-principal -u CLIENT_ID -p CLIENT_SECRET --tenant TENANT_ID
az login --service-principal -u 99a2bb50-e5a1-4d72-acd3-e4697ecb5308 -p 0ed3ZeK0DijKvhat~a5NnaQ_bpG_uv_-Xh --tenant c81f465b-99f9-42d3-a169-8082d61c677a
az account list-locations -o table
az logout

Step-09: Configure Environment Variables in Terraform Cloud

  • Go to Organization -> hcta-azure-demo1 -> Workspace -> cli-driven-azure-demo -> Variables
  • Add Environment Variables listed below

Step-10: Execute Terraform Commands

# Terraform Plan
terraform plan
1. Open Plan using link specified in CLI output
2. Terraform plan should pass now. 

# Terraform Apply
terraform apply 
1. Go to Terraform Cloud -> Organization: hcta-azure-demo1 -> Workspace: cli-driven-azure-demo -> Runs Tab
2. Review the plan
3. Provide confirmation "yes" in Terraform CLI (Terminal)
4. Observe TF Cloud Runs tab

# Upload Static Content
1. Go to Storage Accounts -> staticwebsitexxxxxx -> Containers -> $web
2. Upload files from folder "static-content"

# Verify 
1. Azure Storage Account created
2. Static Website Setting enabled
3. Verify the Static Content Upload Successful
4. Access Static Website

Step-11: Verify the following

  • Select Organization -> hcta-azure-demo1
  • Workspace Name: cli-driven-azure-demo
  • Runs
  • States
# Key Observation
1. Running the Terraform Commands on your local desktop but they are running on Terraform Cloud and you can see the same in Runs
2. State is also maintained in Terraform Cloud. 

Step-12: Destroy and Clean-Up

# Terraform Destroy
terraform destroy 

# Delete Terraform files 
rm -rf .terraform*

Additional References