DEV Community

Deepak Sharma
Deepak Sharma

Posted on

🚀 Terraform Azure Infrastructure (Modular Architecture + DevSecOps)

#terraform #devops #architecture #azure

Code Structure 

.
├── azure-pipelines.yml                 # Azure DevOps CI/CD pipeline 
├── main
│   ├── main.tf                         # Module orchestration
│   ├── provider.tf                     # Azure provider configuration
│   ├── terraform.tfvars                # Input variable values
│   └── variable.tf                     # Module variables
├── modules
│   ├── 01_resource_group               # Resource Group creation
│   ├── 02_storage_account              # Storage Accounts
│   ├── 03_storage_container            # Storage Containers
│   ├── 04-Public_IP                    # Public IP
│   ├── 05_Virtual_Net                  # VNet & Subnets
│   ├── 06_sql_server                   # Azure SQL Server
│   ├── 07_sql_database                 # Azure SQL Database
│   ├── 08_net_interface                # Network Interfaces
│   └── 09_Virtual_Machine              # Azure VM
└── README.md
Enter fullscreen mode Exit fullscreen mode

3-Tier Terraform Infra + Azure Pipeline Architecture Diagram

Git Repository URL:

https://github.com/deepak83s143/3-Tier-Application-Infra-with-SAST-Scanning-Azure-Pipeline.git

Features

  • Modular Terraform structure
  • Incremental resource creation
  • Environment-based scalability
  • Azure backend remote state configuration
  • DevSecOps validation:
  • Terraform Validation (terraform validate)
    • tfsec security scan
    • tflint linting
  • Manual approval stage before provisioning

Technologies

  • Terraform — IaC provisioning
  • AzureRM Provider
  • Azure DevOps Pipeline
  • tfsec — Static security scan
  • tflint — Terraform linting and provider validation

Terraform Workflow (Modules)

The root main/main.tf orchestrates creation in dependency order:

  1. Resource Group
  2. Storage Account
  3. Storage Container
  4. Public IP
  5. Virtual Network & Subnets
  6. SQL Server
  7. SQL Database
  8. Network Interface
  9. Virtual Machine

Each module accepts input variables and returns useful outputs such as IDs, names, and connection objects.

Remote State Backend

Azure backend ensures centralized state storage.

backendAzureRmResourceGroupName: "ResourceGroupName"
backendAzureRmStorageAccountName: "StorageAccountName
backendAzureRmContainerName: "StorageContainerName"
backendAzureRmKey: "KeyName"
Enter fullscreen mode Exit fullscreen mode

Azure DevOps Pipeline Overview

  1. Pipeline stages:

    • Integration
    • Terraform init
    • Terraform validate

  2. SanityCheck

    • tfsec security scan
    • tflint recursive lint

  3. CodePlanning

    • terraform plan

  4. ManualValidation

    • Manual approval by reviewer

  5. InfraCreation

    • terraform apply (auto approve)

SAST Tools

tfsec

  • Performs static vulnerability scanning
  • Detects insecure Terraform configurations
  • Ensures cloud compliance

Used with:

task: tfsec@1
dir: $(System.DefaultWorkingDirectory)/main
version: v1.26.0
Enter fullscreen mode Exit fullscreen mode

tflint

  • Validates wrong resource types, regions, and deprecated resources
  • Provider-specific rule sets

Run manually:

tflint --recursive
Enter fullscreen mode Exit fullscreen mode

Variables & tfvars

User inputs are stored in:

main/variable.tf
main/terraform.tfvars
Enter fullscreen mode Exit fullscreen mode

Examples include:

  • Resource Group configuration
  • Storage details
  • VNet CIDR blocks and subnet ranges
  • SQL server credentials
  • VM sizing and OS details

Note! :- Never commit sensitive credentials to Git.

Best Practices

  • Follow module boundaries strictly
  • No direct resource creation in main.tf
  • Use tfsec & tflint before merge
  • Always review plan outputs
  • Store secrets in:
    • Azure KeyVault
    • DevOps Library secure variables

Notes

  • Designed for IaC repeatability
  • Suitable for multi-environment deployments (dev/stg/prod)
  • Scalable due to isolated Terraform modules

👉 Follow me on

GitHub LinkedIn YouTube

Top comments (0)