DEV Community: Greg Oliver The latest articles on DEV Community by Greg Oliver (@sebastus). https://dev.to/sebastus https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F516723%2F48bf1967-cbcc-49d8-93d8-8162c464c939.png DEV Community: Greg Oliver https://dev.to/sebastus en Test your Azure policies in parallel Greg Oliver Wed, 02 Dec 2020 15:46:50 +0000 https://dev.to/cse/test-your-azure-policies-in-parallel-5g2k https://dev.to/cse/test-your-azure-policies-in-parallel-5g2k <p><em>This blog resulted from a customer development engagement. Want to read related blogs? <a href="https://dev.to/cse/secure-azure-as-code-5d9i">Secure Azure as Code</a></em></p> <p>Testing a policy is done with a few steps, each of which is a Terraform script:</p> <ul> <li>Test the positive case, where the bad outcome the policy protects against is not challenged</li> <li>Test the negative case, where the bad outcome is attempted (and hopefully audited or denied)</li> <li>Both create and update use cases</li> </ul> <p>If each test case requires creating a few Azure resources, the time to run these tests one after the other grows rapidly, especially in the case of testing policies. Having &gt;100 policies to test is not unusual. Also, policies are normally defined at the management group level. This step can be done independently of the tests to set the context. Running the tests probably starts out by assigning policies to the test environment - a lower level management group or a subscription. Then the individual tests run on that test environment before it's reset with "terraform destroy".</p> <h3> Define policies and policy initiative in the management group </h3> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">module</span> <span class="s2">"diagnostic_policies"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"github.com/Nepomuceno/terraform-azurerm-monitoring-policies.git?ref=main"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"DiagnosticsInitiative"</span> <span class="nx">management_group_name</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">definition_management_group</span> <span class="p">}</span> </code></pre> </div> <p>The Terraform script in the root folder of the <a href="https://github.com/sebastus/icy-landscape">github repo</a> fully implements this step. It's done once before running any tests.</p> <h3> Run tests </h3> <p>In the tests folder of the <a href="https://github.com/sebastus/icy-landscape">github repo</a> there are two approaches to this. One is implemented serially, the other in parallel. Both run the Terraform in the tests folder to do the policy assignment to the test environment. It also creates a couple of resources to use during tests that will follow.</p> <h4> Serial </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">TestSerial</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="c">// setup the environment by assigning policy to the subscription</span> <span class="n">options</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">terraform</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">TerraformDir</span><span class="o">:</span> <span class="s">"."</span><span class="p">,</span> <span class="p">}</span> <span class="n">terraform</span><span class="o">.</span><span class="n">InitAndApply</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">options</span><span class="p">)</span> <span class="k">defer</span> <span class="n">terraform</span><span class="o">.</span><span class="n">Destroy</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">options</span><span class="p">)</span> <span class="c">// run the first test</span> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"terraform_init_should_succeed"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">terraformTestOptions</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">terraform</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">TerraformDir</span><span class="o">:</span> <span class="s">"./test-01"</span><span class="p">,</span> <span class="o">...</span> <span class="c">// and so on</span> </code></pre> </div> <h4> Parallel </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">TestParallel</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="c">// setup the environment by assigning policy to the subscription</span> <span class="n">options</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">terraform</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">TerraformDir</span><span class="o">:</span> <span class="s">"."</span><span class="p">,</span> <span class="p">}</span> <span class="n">terraform</span><span class="o">.</span><span class="n">InitAndApply</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">options</span><span class="p">)</span> <span class="k">defer</span> <span class="n">terraform</span><span class="o">.</span><span class="n">Destroy</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">options</span><span class="p">)</span> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"group"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="c">// &lt;-- group the tests</span> <span class="n">t</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">"terraform_init_should_succeed"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Parallel</span><span class="p">()</span> <span class="c">// &lt;-- invoke Parallel()</span> <span class="n">terraformTestOptions</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">terraform</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">TerraformDir</span><span class="o">:</span> <span class="s">"./test-01"</span><span class="p">,</span> <span class="o">...</span> <span class="c">// and so on</span> </code></pre> </div> azure go devops terraform Auto-start collection of Azure diagnostic telemetry Greg Oliver Wed, 02 Dec 2020 13:20:43 +0000 https://dev.to/cse/auto-start-collection-of-azure-diagnostic-telemetry-468k https://dev.to/cse/auto-start-collection-of-azure-diagnostic-telemetry-468k <p><em>This blog resulted from a customer development engagement. Want to read related blogs? <a href="https://dev.to/cse/secure-azure-as-code-5d9i">Secure Azure as Code</a></em></p> <p>Infrastructure and platform monitoring are the province of <a href="https://docs.microsoft.com/en-us/azure/azure-monitor/">Azure Monitor</a>. The documentation provides several ways to configure diagnostic profiles on your resources so that the telemetry flows, but doing it onesy-twosy is a tax. Using <a href="https://docs.microsoft.com/en-us/azure/governance/policy/">Azure Policy</a> together with an <a href="https://github.com/Nepomuceno/terraform-azurerm-monitoring-policies">open source Terraform module</a> allows this task to fade into the background - done and dusted.</p> <h3> Define policies and policy initiative in the management group </h3> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">module</span> <span class="s2">"diagnostic_policies"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"github.com/Nepomuceno/terraform-azurerm-monitoring-policies.git?ref=main"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"DiagnosticsInitiative"</span> <span class="nx">management_group_name</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">definition_management_group</span> <span class="p">}</span> </code></pre> </div> <p>The Terraform script in the root folder of the <a href="(https://github.com/sebastus/icy-landscape)">github repo</a> fully implements this step. </p> <h3> Assign policy initiative to your subscription </h3> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"azurerm_policy_assignment"</span> <span class="s2">"diagnostics_initiative"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"diagnostics-initiative-assignment"</span> <span class="nx">scope</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">azurerm_subscription</span><span class="p">.</span><span class="nx">current</span><span class="p">.</span><span class="nx">id</span> <span class="nx">policy_definition_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">azurerm_policy_set_definition</span><span class="p">.</span><span class="nx">DiagnosticsInitiative</span><span class="p">.</span><span class="nx">id</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Policy Assignment created via terraform"</span> <span class="nx">display_name</span> <span class="p">=</span> <span class="s2">"Unit test diagnostic Logs application"</span> <span class="nx">identity</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"SystemAssigned"</span> <span class="p">}</span> <span class="nx">location</span> <span class="p">=</span> <span class="s2">"uksouth"</span> <span class="nx">metadata</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">METADATA</span><span class="sh"> { "category": "Logs" } </span><span class="no">METADATA </span> <span class="nx">parameters</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">PARAMETERS</span><span class="sh"> { "workspaceId": { "value": "${azurerm_log_analytics_workspace.ws.id}" }, "storageAccountName": { "value": "${azurerm_storage_account.storage.name}" } } </span><span class="no">PARAMETERS </span><span class="p">}</span> </code></pre> </div> <h3> Give the SystemAssigned identity defined above rights to remediate </h3> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"azurerm_role_assignment"</span> <span class="s2">"contributor"</span> <span class="p">{</span> <span class="nx">scope</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">azurerm_subscription</span><span class="p">.</span><span class="nx">current</span><span class="p">.</span><span class="nx">id</span> <span class="nx">role_definition_name</span> <span class="p">=</span> <span class="s2">"contributor"</span> <span class="nx">principal_id</span> <span class="p">=</span> <span class="nx">azurerm_policy_assignment</span><span class="p">.</span><span class="nx">diagnostics_initiative</span><span class="p">.</span><span class="nx">identity</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">principal_id</span> <span class="p">}</span> </code></pre> </div> <p>Scenario 01 in <a href="https://github.com/sebastus/icy-landscape/tree/main/scenarios">the scenarios folder</a> fully implements these steps. Test by using a subscription that already has resources in it that do not have diagnostic profile(s) defined, or create new resources after running the above. Scenarios 02 and 03 are provided for convenience. They are dependent on scenario 01, so run scenario 01 first, then 02 or 03, etc.</p> <h3> Explanation and Background </h3> <p>Azure Monitor diagnostic profiles tell the platform what information you want to collect and where to send it. "What information you want to collect" is different for each resource type and there is no "everything" button. And that's the rub - one must make decisions for each resource in the system architecture. Using the module makes it possible to encapsulate all of this into one easy step in the Terraform script.</p> <p>A project frequently equates to an Azure subscription, and there are usually multiple projects within an organization. Managing the resources in these projects is made more convenient through the use of <a href="https://docs.microsoft.com/en-us/azure/governance/management-groups/">Management Group</a> and <a href="https://docs.microsoft.com/en-us/azure/governance/policy/">Azure Policy</a>. From <a href="https://docs.microsoft.com/en-us/azure/governance/management-groups/overview">this page</a>: </p> <p><em>Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called "management groups" and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure Active Directory tenant.</em></p> <p>Using the module, many Azure policies and a policy initiative are defined (usually) at the management group level. Because each project team monitors their own infrastructure and each diagnostic profile designates the destination of the telemetry, it's best to assign the policy initiative at the subscription level. This allows the telemetry collection point to be within that subscription. It is possible to create multiple diagnostic profiles per resource so that telemetry can be directed to a global management point if desired.</p> <p>Each policy defined by the module targets a resource type, such as network security group, virtual machine, network interface card, and so on. If a resource does not meet the requirements of the policy, a remediation task creates the diagnostic profile for the resource. When the module is assigned to the subscription (via terraform apply) the results are not instantaneous - the Azure policy engine may take up to 15 minutes to scan resources and run remediation tasks.</p> azure monitor devops terraform Standardize resource names in Terraform scripts Greg Oliver Tue, 01 Dec 2020 15:08:29 +0000 https://dev.to/cse/standardize-resource-names-in-terraform-scripts-1pl2 https://dev.to/cse/standardize-resource-names-in-terraform-scripts-1pl2 <p><em>This blog resulted from a customer development engagement. Want to read related blogs? <a href="https://dev.to/cse/secure-azure-as-code-5d9i">Secure Azure as Code</a></em></p> <p>When starting a Terraform project for an Azure architecture, it's easy to come up with useful names for the resources in your architecture. They usually look like "my-resource-group', "my-public-ip", "my-vm", "mystorageaccount", and so on. When the architecture grows, or elements of it scale out, it becomes harder to design useful names that meet all requirements. This blog is about a tool that helps with this task. </p> <p>If you agree with the above and just want a link to the tool, here it is: <a href="https://github.com/aztfmod/terraform-provider-azurecaf">terraform-provider-azurecaf</a>.<br><br> Usage samples are fully implemented in the <a href="https://github.com/sebastus/icy-landscape/tree/main/scenarios">scenarios folder</a> of the <a href="https://github.com/sebastus/icy-landscape">github repo</a>. </p> <p>Everyone else, read on. </p> <h3> Requirements that must be met </h3> <ul> <li>for each resource type, rules vary <ul> <li>length</li> <li>accepted characters</li> <li>accepted patterns (e.g. first character must be a lowercase alpha)</li> </ul> </li> <li>It must be possible to override generated names in special cases</li> <li>It must be possible to generate globally unique names</li> <li>Generated names must behave like any other resource in tfstate <ul> <li>names persist across 'terraform apply' runs as long as name resource definition remains the same</li> <li>name resources can be destroyed, tainted, etc just like any other terraform resource</li> </ul> </li> </ul> <h3> Additional nice-to-have features </h3> <ul> <li>a generated name should conform to a regular pattern that becomes familiar and instantly recognizable</li> <li>when there are many resources in list, it should be possible to instantly recognize resource types from the name</li> <li>clear and concise name generation code</li> <li>when an architecture grows or resources scale out horizontally, name generation follows naturally</li> <li>when testing permutations of resource properties, generating names is a very powerful enabling technique</li> </ul> <h3> Solution to the problem </h3> <p>The solution is a Terraform provider that generates resource names. Unsurprisingly, it meets all of the conditions above. Generated resource name configuration options include (in order of precedence):</p> <ul> <li>name - overrides other options</li> <li>slug - a few characters denoting the resource type</li> <li>random - randomly generated chars</li> <li>suffixes - an array of suffixes that are appended</li> <li>prefixes - an array of prefixes that are pre-pended</li> </ul> <p>All configuration options are defined in the <a href="https://github.com/aztfmod/terraform-provider-azurecaf">provider repo</a>.</p> <p>The following examples are fully implemented in the <a href="https://github.com/sebastus/icy-landscape/tree/main/scenarios">scenarios folder</a> of the <a href="https://github.com/sebastus/icy-landscape">github repo</a>.</p> <h4> Generates and implements a resource group name similar to rg-xxxxxxxx (very simple example) </h4> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"azurecaf_name"</span> <span class="s2">"rg_name"</span> <span class="p">{</span> <span class="nx">resource_type</span> <span class="p">=</span> <span class="s2">"azurerm_resource_group"</span> <span class="nx">random_length</span> <span class="p">=</span> <span class="mi">8</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_resource_group"</span> <span class="s2">"rg"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">rg_name</span><span class="p">.</span><span class="nx">result</span> <span class="nx">location</span> <span class="p">=</span> <span class="s2">"uksouth"</span> <span class="p">}</span> </code></pre> </div> <h4> Generates and implements a log analytics workspace name (example of name override) </h4> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"azurecaf_name"</span> <span class="s2">"ws_name"</span> <span class="p">{</span> <span class="nx">resource_type</span> <span class="p">=</span> <span class="s2">"azurerm_log_analytics_workspace"</span> <span class="nx">random_length</span> <span class="p">=</span> <span class="mi">8</span> <span class="nx">suffixes</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"local"</span><span class="p">]</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">substr</span><span class="p">(</span><span class="k">data</span><span class="p">.</span><span class="nx">azurerm_subscription</span><span class="p">.</span><span class="nx">current</span><span class="p">.</span><span class="nx">display_name</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">44</span><span class="p">)</span> <span class="c1"># desired outcome = log-&lt;sub name&gt;-xxxxxxxx-local</span> <span class="c1"># length = 3 + 1 + (44) + 1 + 8 + 1 + 5 = max of 63 characters for log analytics workspace name</span> <span class="c1"># 44 is the max # of chars to get from the subscription name in order to get everything else into the generated name</span> <span class="c1"># because the "name" parameter is an override, if more characters are used, other portions of the generated name will be truncated</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_log_analytics_workspace"</span> <span class="s2">"ws"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">ws_name</span><span class="p">.</span><span class="nx">result</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <p>The resource name rules (such as the max length of 63 characters) for azurerm_log_analytics_workspace are in <a href="https://github.com/aztfmod/terraform-provider-azurecaf/blob/3b5b52b487acf1c338257ced78fe587e2d315029/resourceDefinition.json#L1760">this file</a>. </p> <h4> Generates multiple singleton names with a single azurecaf_name resource </h4> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"azurecaf_name"</span> <span class="s2">"names"</span> <span class="p">{</span> <span class="nx">resource_type</span> <span class="p">=</span> <span class="s2">"azurerm_resource_group"</span> <span class="nx">resource_types</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"azurerm_lb"</span><span class="p">,</span> <span class="s2">"azurerm_public_ip"</span><span class="p">]</span> <span class="nx">random_length</span> <span class="p">=</span> <span class="mi">4</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_resource_group"</span> <span class="s2">"rg"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">names</span><span class="p">.</span><span class="nx">result</span> <span class="nx">location</span> <span class="p">=</span> <span class="s2">"uksouth"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_public_ip"</span> <span class="s2">"pip"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">names</span><span class="p">.</span><span class="nx">results</span><span class="p">[</span><span class="s2">"azurerm_public_ip"</span><span class="p">]</span> <span class="p">...</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_lb"</span> <span class="s2">"lb"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">names</span><span class="p">.</span><span class="nx">results</span><span class="p">[</span><span class="s2">"azurerm_lb"</span><span class="p">]</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <h4> Generates a set of names per vm instance of a cluster of vms </h4> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"azurecaf_name"</span> <span class="s2">"per_instance"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">number_of_servers</span> <span class="nx">resource_type</span> <span class="p">=</span> <span class="s2">"azurerm_windows_virtual_machine"</span> <span class="nx">resource_types</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"azurerm_network_interface"</span><span class="p">]</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"websvr"</span> <span class="nx">random_length</span> <span class="p">=</span> <span class="mi">4</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_network_interface"</span> <span class="s2">"nic"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">number_of_servers</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">per_instance</span><span class="p">[</span><span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">].</span><span class="nx">results</span><span class="p">[</span><span class="s2">"azurerm_network_interface"</span><span class="p">]</span> <span class="p">...</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_network_interface_backend_address_pool_association"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">number_of_servers</span> <span class="nx">network_interface_id</span> <span class="p">=</span> <span class="nx">azurerm_network_interface</span><span class="p">.</span><span class="nx">nic</span><span class="p">[</span><span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">].</span><span class="nx">id</span> <span class="p">...</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_windows_virtual_machine"</span> <span class="s2">"vm"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">number_of_servers</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">azurecaf_name</span><span class="p">.</span><span class="nx">per_instance</span><span class="p">[</span><span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">].</span><span class="nx">result</span> <span class="nx">network_interface_ids</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">azurerm_network_interface</span><span class="p">.</span><span class="nx">nic</span><span class="p">[</span><span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">].</span><span class="nx">id</span><span class="p">,</span> <span class="p">]</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> azure tooling devops terraform