Terraform KeyVault and Access Policy

Поделиться
HTML-код
  • Опубликовано: 18 сен 2024
  • EPISODE 30
    We will start building a DevOps infrastructure project where we'll deploy a KeyVault and SSH key that can be used by multiple applications. We'll setup a Git repository on Azure DevOps and Terraform Plan and Apply pipelines for both our DEV and PROD Azure Subscriptions. Finally, we'll learn about first-time-apply failures and how we should use the "depends_on" attribute to resolve these implicit relationships between resources.
    Follow me on Twitter for quick code snippets and thoughts on Cloud, Automation and other things!
    / marktinderholt
    Keep the knowledge flowing!
    www.buymeacoff...
    Source Code:
    github.com/mar...
    Azure ARM Resources Provider
    registry.terra...
    v3.41.0
    registry.terra...
    Additional Providers:
    - Random Provider (registry.terra...)
    Terraform Resource List:
    - random_string
    - azurerm_resource_group
    - azurerm_storage_account
    - azurerm_log_analytics_workspace
    Azure Resource Naming Conventions
    learn.microsof...

Комментарии • 4

  • @artisticcheese
    @artisticcheese Год назад

    How do you effectively debug/develop when you are running under your local account locally while your code references azurerm_client_config and it's completely different account when the same code is deployed to AzDo and as a result state file keeps changing depending how you run the code

    • @azure-terraformer
      @azure-terraformer  Год назад

      Good question, you have options, IF you don't hard code your backend :) Which is why I am a firm believer that backend config should be passed in from the outside. Locally, I can either configure the backend to point at a shared dev environment or a temporary environment just for me. run my testing locally using my own identity, once i'm happy i can destroy this temporary environment and submit a PR to carry forward the changes to the real environments and real backend...

    • @azure-terraformer
      @azure-terraformer  Год назад

      Ah. I see your point now. You can't deploy to the terraform managed environments because it will change the access policy. If you notice in these AzDO pipeline episodes, I never deploy locally. I always let the pipeline run my code. If I needed to do something crazy like state manipulation, this is a break glass moment, and I'd have to break the glass by creating a new Client Secret and setting up the Terraform SP locally to really mess with the environment. This can be hard to do in very regulated environments.

    • @artisticcheese
      @artisticcheese Год назад

      @@azure-terraformer I keep thinking there must be a way to do it reliably locally somehow under different accounts with use of `override` files but failed to make it work so far.

Следующие
Автовоспроизведение
Terraform AAD Group & KeyVault Access Policy24:16Terraform AAD Group & KeyVault Access Policy
Terraform AAD Group & KeyVault Access PolicyAzure Terraformer
Просмотров 582
What's New in the AzureRM Terraform Provider Version 4.0.0?!?16:36What's New in the AzureRM Terraform Provider Version 4.0.0?!?
What's New in the AzureRM Terraform Provider Version 4.0.0?!?Azure Terraformer
Просмотров 1,1 тыс.
Why You NEED To Learn Terraform | Practical Tutorial27:33Why You NEED To Learn Terraform | Practical Tutorial
Why You NEED To Learn Terraform | Practical TutorialTravis Media
Просмотров 117 тыс.
Moving Away and Starting All Over | New Beginnings25:26Moving Away and Starting All Over | New Beginnings
Moving Away and Starting All Over | New BeginningsDe'arra Taylor
Просмотров 270 тыс.
I played the awful Avatar game, so you don't have to41:57I played the awful Avatar game, so you don't have to
I played the awful Avatar game, so you don't have toAlpharad
Просмотров 474 тыс.
SIMS NEWS: Project Rene, The Sims 5 not happening, Sims Movie, & more!19:56SIMS NEWS: Project Rene, The Sims 5 not happening, Sims Movie, & more!
SIMS NEWS: Project Rene, The Sims 5 not happening, Sims Movie, & more!lilsimsie
Просмотров 380 тыс.
Why Scientists Are Puzzled By This Virus11:47Why Scientists Are Puzzled By This Virus
Why Scientists Are Puzzled By This VirusKurzgesagt – In a Nutshell
Просмотров 2 млн
How to Manage Secrets in Terraform?15:54How to Manage Secrets in Terraform?
How to Manage Secrets in Terraform?Anton Putra
Просмотров 26 тыс.
Maximizing Microsoft Azure Security with Terraform45:53Maximizing Microsoft Azure Security with Terraform
Maximizing Microsoft Azure Security with TerraformHashiCorp
Просмотров 2 тыс.
No, Einstein Didn’t Solve the Biggest Problem in Physics8:04No, Einstein Didn’t Solve the Biggest Problem in Physics
No, Einstein Didn’t Solve the Biggest Problem in PhysicsSabine Hossenfelder
Просмотров 236 тыс.
Reacting to Azure Terraform Community Call - August 2024: Azure Copilot for Terraform, Q&A and more!2:06:01Reacting to Azure Terraform Community Call - August 2024: Azure Copilot for Terraform, Q&A and more!
Reacting to Azure Terraform Community Call - August 2024: Azure Copilot for Terraform, Q&A and more!Azure Terraformer
Просмотров 308
THANK YOU! 5,000 Subscribers and our MEMBERS!9:44THANK YOU! 5,000 Subscribers and our MEMBERS!
THANK YOU! 5,000 Subscribers and our MEMBERS!Azure Terraformer
Просмотров 86
DevOps Real-time Project #1- Deploy AKS Cluster in Azure With Terraform38:50DevOps Real-time Project #1- Deploy AKS Cluster in Azure With Terraform
DevOps Real-time Project #1- Deploy AKS Cluster in Azure With TerraformTech Tutorials with Piyush
Просмотров 23 тыс.
Run ALL Your AI Locally in Minutes (LLMs, RAG, and more)20:19Run ALL Your AI Locally in Minutes (LLMs, RAG, and more)
Run ALL Your AI Locally in Minutes (LLMs, RAG, and more)Cole Medin
Просмотров 26 тыс.
Azure DevOps Pipelines with Terraform and Stages22:26Azure DevOps Pipelines with Terraform and Stages
Azure DevOps Pipelines with Terraform and StagesTravis Roberts
Просмотров 61 тыс.
Proxy vs Reverse Proxy vs Load Balancer | Simply Explained13:19Proxy vs Reverse Proxy vs Load Balancer | Simply Explained
Proxy vs Reverse Proxy vs Load Balancer | Simply ExplainedTechWorld with Nana
Просмотров 65 тыс.
Рассвет, надежды и успехи. Империя без автомобилей. Эпизод I1:15:07Рассвет, надежды и успехи. Империя без автомобилей. Эпизод I
Рассвет, надежды и успехи. Империя без автомобилей. Эпизод IАсафьев Стас
Просмотров 935 тыс.
Turning Plastic Bottles into a Thriving Beach Business! 💵🌊00:58Turning Plastic Bottles into a Thriving Beach Business! 💵🌊
Turning Plastic Bottles into a Thriving Beach Business! 💵🌊Handmade Heroes
Просмотров 699 тыс.
РОК-ЗВЕЗДА притворился БОТАНОМ на прослушивании в МУЗ. ГРУППУ #2 ЛУЧШАЯ ЧАСТЬ НА КАНАЛЕ!24:19РОК-ЗВЕЗДА притворился БОТАНОМ на прослушивании в МУЗ. ГРУППУ #2 ЛУЧШАЯ ЧАСТЬ НА КАНАЛЕ!
РОК-ЗВЕЗДА притворился БОТАНОМ на прослушивании в МУЗ. ГРУППУ #2 ЛУЧШАЯ ЧАСТЬ НА КАНАЛЕ!AkStar
Просмотров 208 тыс.
Парень Вали Карнавал 😉 #тнт #shorts #юмор #камедиклаб #воля #харламов #валякарнавал #свадьба #жених00:51Парень Вали Карнавал 😉 #тнт #shorts #юмор #камедиклаб #воля #харламов #валякарнавал #свадьба #жених
Парень Вали Карнавал 😉 #тнт #shorts #юмор #камедиклаб #воля #харламов #валякарнавал #свадьба #женихComedy Club
Просмотров 258 тыс.
САМОЕ ГРОМКОЕ ДЕЛО НАШЕГО ШТАТА ИЛИ ЧАС СУДА В ГТА 5 РП (ECLIPSE GTA 5 RP)1:02:15САМОЕ ГРОМКОЕ ДЕЛО НАШЕГО ШТАТА ИЛИ ЧАС СУДА В ГТА 5 РП (ECLIPSE GTA 5 RP)
САМОЕ ГРОМКОЕ ДЕЛО НАШЕГО ШТАТА ИЛИ ЧАС СУДА В ГТА 5 РП (ECLIPSE GTA 5 RP)Joe Speen
Просмотров 374 тыс.
ЭТО САМАЯ ОПАСНАЯ ЖВАЧКА #луана #мультик #анимация00:24ЭТО САМАЯ ОПАСНАЯ ЖВАЧКА #луана #мультик #анимация
ЭТО САМАЯ ОПАСНАЯ ЖВАЧКА #луана #мультик #анимацияЛуана
Просмотров 468 тыс.
WHO IS MORE GREEDY?!00:18WHO IS MORE GREEDY?!
WHO IS MORE GREEDY?!JULI_PROETO
Просмотров 934 тыс.
Как рисовать волосы #рисование #искусство #art #художник #какрисовать #рисунки01:00Как рисовать волосы #рисование #искусство #art #художник #какрисовать #рисунки
Как рисовать волосы #рисование #искусство #art #художник #какрисовать #рисункиCG Speak
Просмотров 372 тыс.