{"id":20376692,"url":"https://github.com/andrebriggs/azure-gen3-tf","last_synced_at":"2026-01-31T22:06:35.580Z","repository":{"id":150973471,"uuid":"338928227","full_name":"andrebriggs/azure-gen3-tf","owner":"andrebriggs","description":null,"archived":false,"fork":false,"pushed_at":"2021-02-15T18:41:58.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-14T12:12:02.847Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andrebriggs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-15T00:00:17.000Z","updated_at":"2021-02-22T16:59:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"47705811-c6cf-4ffe-8427-92f0120ea67d","html_url":"https://github.com/andrebriggs/azure-gen3-tf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/andrebriggs/azure-gen3-tf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrebriggs%2Fazure-gen3-tf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrebriggs%2Fazure-gen3-tf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrebriggs%2Fazure-gen3-tf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrebriggs%2Fazure-gen3-tf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andrebriggs","download_url":"https://codeload.github.com/andrebriggs/azure-gen3-tf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrebriggs%2Fazure-gen3-tf/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28956971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T18:30:42.805Z","status":"ssl_error","status_checked_at":"2026-01-31T18:30:19.593Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T01:39:10.597Z","updated_at":"2026-01-31T22:06:35.552Z","avatar_url":"https://github.com/andrebriggs.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Gen3 Azure Infrastructure Deployment\n\nThis repository contains the [Terraform](https://www.terraform.io/) that fully deploy and configure the infrastructure required to deploy a single instance of [Gen3](http://www.gen3.org) on Azure.\n\n## Requirements\n\n* `terraform` version `v0.14.6` was used for this repo. Version 0.13 and greater should work\n* A shell environment, preferrably bash\n* Necessary Azure subscription role assignments to create service principals and assign roles.\n\n## Configuration\n\nThe [`variables.tf`](./variables.tf) file contains all of configuration options available for this template. All `terraform variables` are configured as `defaults` in [`variables.tf`](./variables.tf) or through Azure DevOps variables. See `bootstrap-gen3-azdo-tf` repository for more information on how those values are configured in Azure DevOps.\n\n## Azure Resources\n\nThis is an overview of the Services deployed through this deployment. The authoritative list will live in the `*.tf` files in this repository, but the tables below give a good overview.\n\n### Managed Services\n\n| Azure Resource | Terraform Resource Type | Description |\n| --- | --- | --- |\n| Managed Kubernetes | `azurerm_kubernetes_cluster` | Azure's managed `k8s` |\n| PSQL Server | `azurerm_postgresql_server` | Azure's managed Postgres DB |\n| KeyVault | `azurerm_key_vault` | Azure's Key Management Service. All secrets required by the application, such as its signing key and DB access credentials, are provisioned automatically using Terraform into this KeyVault. |\n\n\u003c!-- \u003e **Note**: to learn more about the use of Managed Identity in this deployment, refer to the [Managed Identity](./docs/MANAGED_IDENTITY.md) documentation --\u003e\n\n### Security\n\n| Azure Resource | Terraform Resource Type | Description |\n| --- | --- | --- |\n| Role Assignment | `azurerm_role_assignment` | Manages fine-grained security for the Managed Identities under which the `k8s` pods and cluster run |\n\n### Network\n\n| Azure Resource | Terraform Resource Type | Description |\n| --- | --- | --- |\n| PSQL Virtual Network Rule | `azurerm_postgresql_virtual_network_rule` | Enables access from within the VNET that the clsuter runs in |\n| Virtual Network | `azurerm_virtual_network` | A private network that the cluster runs in |\n\u003c!-- | CNAME Records | `azurerm_dns_cname_record` | DNS records for Azure Front Door | --\u003e\n\u003c!-- | PSQL DB Firewall Rule | `azurerm_postgresql_firewall_rule` | Blocks access from external IPs | --\u003e\n\n### Obeservability\n\n| Azure Resource | Terraform Resource Type | Description |\n| --- | --- | --- |\n| Log Analytics Solution | `azurerm_log_analytics_solution` | A collection point for Azure logs and telemetry |\n| Log Analytics Workspace | `azurerm_log_analytics_workspace` | A workspace to create observability dashboards |\n\u003c!-- | Log Analytics Workbook | `azurerm_template_deployment` | ARM template for dashboard | --\u003e\n\n## Automated CICD (TODO)\n\n**NOTE**: We use Terraform [workspaces](https://www.terraform.io/docs/language/state/workspaces.html) to switch between environments\n\n(_More to come_)\n\n## Manual Instructions for \"First Time Run\"\n\n### 1. Disable backend state\n\nFor the **first** deployment, the contents of `backend.tf` will need to be commented out. Don't worry -- we'll uncomment this later.\n\n```bash\n# Comment out all lines in backend.tf\n$ sed -i '' 's/^/#/' backend.tf\n\u003cfile commented\u003e \n\n# Verify file is commented out\n$ cat backend.tf\n```\n\n### 2. Configure your environment\n\n```bash\n# Make a copy of the `.env.template` file named `.env`\n$ cp .env.template .env\n\n# Replace all occurences of \"**REPLACE_ME**\" in .env file using editor of choice (VS Code in this case)\n# NOTE: Reference the bootstrap terraform repo for some values\n$ code .env\n\n# Once the .env has the correct values dot source the file\n$ . .env\n\n# Log into the Azure CLI\n$ az login\n\n# Set your default subscription - this will dictate where resources will be provisioned\n$ az account set --subscription \"\u003cyour subscription ID\u003e\"\n```\n\n### 3. Run the deployment\n\n```bash\n# Initialize the Terraform environment\n$ terraform init\n\n# See what the deployment will do. No changes will be applied, but you can review the changes that will be applied in the next step\n$ terraform plan\n\n# Deploy the changes. Choose 'yes' when prompted\n$ terraform apply\n\n```\n\n### 4. Enable backend state\n\nEnabling backend state will store the deployment state in Azure. This will allow others to run the deployment without you needing to worry about the state configuration.\n\nStart by uncommenting the contents of `backend.tf`\n\n```bash\n# Uncomment all lines in backend.tf\n$ sed -i '' 's/^##*//' backend.tf\n\u003cfile uncommented\u003e \n\n# Verify file is uncommented\n$ cat backend.tf\n```\n\nSet the requested environment variables to access the backend state\n\n```bash\n# Get the access key for the storage account created in the bootstrap process\n$ export ARM_ACCESS_KEY=\u003cREPLACE ME\u003e\n\n# Get the storage account name created in the bootstrap process\n$ export ARM_ACCOUNT_NAME=\u003cREPLACE ME\u003e\n\n# Most likely will be \"tfstate-dev\" if you are using a \"dev\" environment\n$ export ARM_CONTAINER_NAME=\u003cREPLACE ME\u003e\n\n# Initialize the deployment with the backend\n$ terraform init -backend-config \"storage_account_name=${ARM_ACCOUNT_NAME}\" -backend-config \"container_name=${ARM_CONTAINER_NAME}\"\n```\n\nYou should see something along the lines of the following, to which you want to answer `yes`:\n\n```bash\nDo you want to copy existing state to the new backend?\n```\n\nIf things work, you will see the following message and the state file should end up in Azure:\n\n```bash\nSuccessfully configured the backend \"azurerm\"! Terraform will automatically\nuse this backend unless the backend configuration changes.\n```\n\n🎉 **Congratulations!** 🎉 You have now deployed the Azure managed resources needed for a Gen3 data common.\n\n\u003e **Next Steps**: Next get your CI/CD pipelines working to deploy applications. This will be covered in another repo!\n\n## TODO\n\n- [ ] Create pipelines\n- [X] Add Azure KeyVault\n- [ ] Add PSQL DB Firewall Rule\n- [ ] Add Log Analytics Workbook\n- [ ] Add CNAME Records and Frontdoor?\n- [ ] Add Managed Identities for CSI Driver\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrebriggs%2Fazure-gen3-tf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrebriggs%2Fazure-gen3-tf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrebriggs%2Fazure-gen3-tf/lists"}