Forem: Smallsun2025

Create and Assign a Custom Role in Azure Using Terraform

Smallsun2025 — Mon, 21 Jul 2025 13:35:26 +0000

🧭 Introduction
In today's post, we’ll explore how to create a custom role in Azure using Terraform and assign it to a specific resource group. This is a critical step toward managing fine-grained permissions in enterprise-grade Azure deployments.

Whether you're building production systems or just learning Infrastructure as Code (IaC), this project gives you a practical look at customizing access control with Terraform.
🗂 Project Structure
Here’s a quick look at the project files:
azure-custom-role-assignment/
├── main.tf # Define custom role + assignment
├── variables.tf # Input variables
├── terraform.tfvars # Variable values
├── outputs.tf # Outputs (like Role Definition ID)
🔧 What the Terraform Code Does
Creates a Custom Role using azurerm_role_definition
The role is defined in JSON format and includes permissions like Microsoft.Resources/subscriptions/resourceGroups/*.

Assigns the Role to a user, group, or service principal using azurerm_role_assignment.

Scopes the Role Assignment to a specific resource group for tight access control.
🚀 How to Deploy
Make sure you have:

✅ Azure CLI (az login)

✅ Terraform installed

Then follow these steps:

terraform init
terraform plan
terraform apply

When prompted, type yes.

After deployment, your custom role will be created and assigned — scoped to the resource group you specified.

🔍 Example Use Case
Let’s say you want to grant read-only access to a service principal but only within a specific resource group, not across the whole subscription. This setup enables that — all in one Terraform script!

✅ Conclusion
Custom roles are a powerful way to enforce principle of least privilege in Azure. With just a few lines of Terraform, you can define exactly what actions are permitted, where, and by whom.

This example helps solidify your understanding of:

Role Definition JSON structure

Role Assignment best practices

Scoped access control via Terraform

🔜 Coming Next...
Managing Key Vault secrets via Terraform

Building reusable modules for RBAC policies

Advanced Role Assignments using Azure AD groups

If you found this useful, feel free to ⭐ the repo and share your thoughts in the comments!

📝 Ready to post on Dev.to
📦 Repo name suggestion: azure-custom-role-assignment

Deploy Azure Load Balancer and Virtual Machines using Terraform

Smallsun2025 — Sat, 12 Jul 2025 12:12:38 +0000

📘 Post Content

🚀 Deploy Azure Load Balancer and Virtual Machines using Terraform

In this blog, I’ll demonstrate how to use Terraform to deploy a basic Azure infrastructure including:

A resource group
A virtual network and subnet
Two Windows virtual machines
A public Load Balancer with a backend pool and health probe

🔧 Files Overview

File Name	Description
`main.tf`	Defines all resources
`variables.tf`	Declares variables
`terraform.tfvars`	Sets variable values
`outputs.tf`	Outputs the public IP of Load Balancer

📂 `main.tf`


hcl
provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
  location = var.location
}

resource "azurerm_virtual_network" "vnet" {
  name                = "example-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
}

resource "azurerm_subnet" "subnet" {
  name                 = "example-subnet"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_network_interface" "nic" {
  count               = 2
  name                = "example-nic-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_windows_virtual_machine" "vm" {
  count               = 2
  name                = "example-vm-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
  size                = "Standard_B1s"
  admin_username      = var.admin_username
  admin_password      = var.admin_password
  network_interface_ids = [azurerm_network_interface.nic[count.index].id]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsServer"
    offer     = "WindowsServer"
    sku       = "2019-Datacenter"
    version   = "latest"
  }
}

resource "azurerm_public_ip" "lb_public_ip" {
  name                = "example-lb-pip"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
  allocation_method   = "Static"
  sku                 = "Basic"
}

resource "azurerm_lb" "lb" {
  name                = "example-lb"
  location            = var.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "Basic"

  frontend_ip_configuration {
    name                 = "PublicIPAddress"
    public_ip_address_id = azurerm_public_ip.lb_public_ip.id
  }
}

resource "azurerm_lb_backend_address_pool" "bepool" {
  name                = "backend-pool"
  resource_group_name = azurerm_resource_group.rg.name
  loadbalancer_id     = azurerm_lb.lb.id
}

resource "azurerm_lb_probe" "probe" {
  name                = "http-probe"
  resource_group_name = azurerm_resource_group.rg.name
  loadbalancer_id     = azurerm_lb.lb.id
  protocol            = "Tcp"
  port                = 80
}

resource "azurerm_lb_rule" "lbrule" {
  name                           = "http-rule"
  resource_group_name            = azurerm_resource_group.rg.name
  loadbalancer_id                = azurerm_lb.lb.id
  protocol                       = "Tcp"
  frontend_port                  = 80
  backend_port                   = 80
  frontend_ip_configuration_name = "PublicIPAddress"
  backend_address_pool_id        = azurerm_lb_backend_address_pool.bepool.id
  probe_id                       = azurerm_lb_probe.probe.id
}



📂 variables.tf
variable "location" {
  description = "Azure region"
  default     = "japaneast"
}

variable "resource_group_name" {
  description = "Resource Group name"
}

variable "admin_username" {
  description = "VM admin username"
}

variable "admin_password" {
  description = "VM admin password"
  sensitive   = true
}

📂 terraform.tfvars
resource_group_name = "rg-lb-vm-demo"
admin_username      = "azureuser"
admin_password      = "P@ssw0rd1234!"

📂 outputs.tf

output "public_ip" {
  value = azurerm_public_ip.lb_public_ip.ip_address
}

▶️ Deploy Steps
1.Open terminal and navigate to your project folder

2.Initialize Terraform:
terraform init

3.Preview the plan:
terraform plan

4.Apply the configuration:
terraform apply
Once the deployment is done, Terraform will output a public IP. You can access this in your browser to test the Load Balancer after setting up web services on each VM.

✅ What’s Next
In the next post, I’ll show how to automatically install Nginx or IIS on the VM using remote-exec provisioner, so the VMs will instantly become web servers after deployment.

Stay tuned!
Thanks for reading 🙌
If you liked this article, feel free to ⭐️ the repo or leave a comment!

Create Azure Managed Image with Terraform

Smallsun2025 — Sun, 06 Jul 2025 12:21:21 +0000

Automate Managed Image Creation from Windows VM with Terraform on Azure

📌 1. Introduction

Creating a reusable VM image is a key part of cloud infrastructure workflows. In this tutorial, we’ll use Terraform to automate the process of deploying a Windows Virtual Machine (VM), preparing it with necessary configurations, and capturing a Managed Image from it. This is especially useful for building base images for application servers or golden images for dev/test environments.

📁 2. Project Structure

The repository contains the following Terraform files:
azure-windows-image/
├── main.tf # Core resource definitions
├── variables.tf # Input variables
├── terraform.tfvars # Actual variable values
├── outputs.tf # Outputs like image ID
├── sysprep-guide.txt # Reminder on how to generalize VM

🔧 3. Terraform Code Breakdown

This Terraform configuration includes:

Resource Group – a container for all related Azure resources
Virtual Network & Subnet – basic network setup
Windows Virtual Machine – used as the base image
Managed Image Resource – created from the generalized VM disk
Startup script (optional) – to configure software before capturing

Key snippet to define a managed image:


hcl
resource "azurerm_image" "managed_image" {
  name                = var.image_name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  os_disk {
    os_type  = "Windows"
    os_state = "Generalized"
    blob_uri = azurerm_virtual_machine.vm.storage_os_disk[0].vhd_uri
    caching  = "ReadWrite"
  }
}

📦 4. Deployment Steps

1.Login to Azure CLI
az login

2.Initialize Terraform
terraform init

3.Review the execution plan
terraform plan

4.Apply the configuration
terraform apply

5.Generalize the VM using sysprep
Log in to the VM using RDP and run:
C:\Windows\System32\Sysprep\Sysprep.exe /oobe /generalize /shutdown
This will shut down and prepare the VM for image capture.

6.Run apply again to capture image
After the VM is generalized and shut down:
terraform apply -auto-approve


7.Get the image output
Terraform will output the image ID or name, which can be used for future VM creation.

✅ 5. Conclusion

With a few lines of Terraform and a bit of sysprep preparation, you’ve successfully created a reusable Windows managed image on Azure. This is an essential skill for building consistent environments across dev, test, and production.

🔜 Coming Next...

Creating VMs from Managed Images

Adding custom tags and encryption

Building a golden image pipeline with Packer + Terraform

Deploy Load Balanced Windows VMs with IIS on Azure using Terraform

Smallsun2025 — Sun, 29 Jun 2025 12:57:51 +0000

🧭 Introduction

In this guide, we will deploy a pair of Windows Server 2022 virtual machines behind an Azure Load Balancer, automatically install IIS on them using a startup script, and configure NAT rules to allow RDP access. This is a great hands-on example to learn Infrastructure as Code (IaC) and understand how Azure Load Balancers distribute traffic.

本指南将通过 Terraform 创建两个 VM + 负载均衡器 + NAT 规则 + 自动 IIS 安装，适合练习云架构基础。

🗂 Project Structure


bash
terraform-lb-iis-vm/
├── main.tf                # All core infrastructure resources
├── variables.tf           # Input variables (e.g., username/password)
├── terraform.tfvars       # Actual values for variables
├── outputs.tf             # Output info (e.g., Public IP)
├── startup-script.ps1     # Script to install IIS on each VM

🔧 What This Code Does
Creates a Resource Group and Virtual Network

Defines a Public Load Balancer with Backend Pool

Sets up NAT rules for RDP (TCP 50001 & 50002)

Deploys two Windows Server VMs and installs IIS

Associates the VMs with the Load Balancer backend pool

This architecture allows HTTP access via Load Balancer's Public IP, and RDP access via port NAT.

🪜 How to Deploy
Make sure you have:

Azure CLI installed and logged in (az login)

Terraform installed locally

Steps:
terraform init
terraform plan
terraform apply

When prompted, type yes.


🌐 Access Instructions
VM1 RDP: RDP to PublicIP:50001

VM2 RDP: RDP to PublicIP:50002

HTTP Test: http://PublicIP (should show IIS welcome page)



✅ Conclusion
Using only Terraform, we have:

Created two VMs

Configured a Load Balancer and NAT

Installed IIS automatically via startup script

This project demonstrates how to combine multiple Azure services in an automated and repeatable way. It’s a foundational building block for scalable web applications.

🔜 Coming Next...
Use Azure Run Command to manage VMs remotely

Add autoscaling rules for backend VMs

Integrate with Azure Monitor for health probes

If you find this helpful, feel free to ⭐️ the repo and share your feedback!

Automate VM Image Creation on Azure with Terraform

Smallsun2025 — Wed, 25 Jun 2025 11:40:37 +0000

📌 1. Introduction
Creating a reusable VM image is a core part of cloud infrastructure workflows. In this tutorial, we’ll use Terraform to create a Managed Image from an existing Azure VM — fully automated and reproducible. This is especially useful when building base images for application servers, golden images for dev/test, or setting up a repeatable environment base.

📁 2. Project Structure
The project contains the following Terraform files:

azure-managed-image/
├── main.tf # Define VM and image resources
├── variables.tf # Declare input variables
├── terraform.tfvars # Provide actual values for variables
├── outputs.tf # Output the Managed Image ID

⚙️ 3. What the Terraform Code Does

Provisions a temporary Virtual Machine using azurerm_windows_virtual_machine.
Adds a custom script (startup-script.sh) to configure the VM during creation.
After VM is ready, it creates a Managed Image from this VM.
Outputs the image ID, which can be used in future Terraform configurations.

🚀 4. How to Deploy

Make sure you have the Azure CLI installed and logged in (az login), and Terraform installed.

Then follow these commands:

terraform init

terraform plan

terraform apply

After a few minutes, you’ll get the Managed Image ID in the output.

✅ 5. Conclusion
By using Terraform to create a Managed Image, we can simplify our infrastructure pipeline and reuse golden images in future deployments. This is a core DevOps practice that helps ensure consistency and efficiency in cloud environments.

🔜 Coming Next:

Deploying VMs from Managed Images
Creating Image Versions with Shared Image Gallery
Using Packer + Terraform for advanced image pipelines

Thanks for reading! ⭐️ this repo if you found it helpful!

Deploy Windows VM with NSG and IIS using Terraform on Azure

Smallsun2025 — Mon, 23 Jun 2025 10:17:18 +0000

🧭 Introduction（引言）
Deploying a Windows Virtual Machine (VM) with a Network Security Group (NSG) and installing IIS is a common scenario for setting up demo environments or learning web server basics. In this tutorial, we’ll use Terraform to fully automate this setup on Azure — ideal for anyone learning cloud infrastructure as code (IaC).

🗂 Project Structure
Here’s a quick overview of the project files:
terraform-windows-vm-iis/
├── main.tf # Core resource definitions
├── variables.tf # Variable declarations
├── terraform.tfvars # Variable values
├── outputs.tf # Output info (IP address, etc.)
├── iis-install.ps1 # Startup script to install IIS

🔧 What the Terraform Code Does
Creates a Resource Group to hold all the infrastructure.

Deploys a Windows Virtual Machine using azurerm_windows_virtual_machine.

Creates and attaches a Public IP, Network Interface, NSG, and associates everything together.

Installs IIS on the VM automatically by running a PowerShell script (iis-install.ps1) via the custom_data property.

🚀 How to Deploy
Make sure you have:

Azure CLI installed and logged in (az login)

Terraform installed

Then follow these steps:
terraform init
terraform plan
terraform apply

When prompted, type yes.

After a few minutes, you’ll get the public IP output. Paste that into your browser, and you should see the default IIS welcome page!

✅ Conclusion
With just a few lines of Terraform, you've deployed a fully functional IIS server on Azure. This is a perfect beginner-friendly project to understand how to provision VMs, work with NSGs, and automate server initialization.

🔜 Coming Next...
How to manage Azure VMs with Run Command

Adding custom domain and SSL to IIS

Creating reusable Terraform modules

If you found this useful, feel free to ⭐️ the repo and share feedback!

Deploy a Windows VM with NSG and IIS using Terraform

Smallsun2025 — Fri, 20 Jun 2025 13:13:11 +0000

🧭 Introduction
When deploying infrastructure on Azure, Terraform allows you to build repeatable, automated, and secure environments. In this post, we’ll demonstrate how to deploy a Windows Virtual Machine (VM) with a Network Security Group (NSG) and install IIS via a startup script. This setup is ideal for beginners or cloud engineers exploring infrastructure as code (IaC) for web services on Windows.

📁 Project Structure

azure-windows-iis-demo/
├── main.tf # Core resource definitions (VM, NSG, IP, NIC)
├── variables.tf # Input variables declaration
├── terraform.tfvars # Variable values
├── outputs.tf # Outputs like public IP
├── iis-install.ps1 # Startup script to install IIS
Each file keeps the configuration modular, clear, and easy to maintain.

Terraform Configuration Breakdown

Virtual Network, Subnet, and NSG

resource "azurerm_network_security_group" "nsg" {
name = "win-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name

security_rule {
name = "allow_http"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = ""
destination_port_range = "80"
source_address_prefix = ""
destination_address_prefix = "*"
}
}

Opens port 80 to allow web traffic (IIS access)

Windows VM + IIS Script resource "azurerm_virtual_machine" "vm" { ... os_profile { computer_name = "webvm" admin_username = var.admin_username admin_password = var.admin_password custom_data = filebase64("iis-install.ps1") } } custom_data runs PowerShell to install IIS after boot.
Output output "public_ip_address" { description = "The public IP address of the Windows VM" value = azurerm_public_ip.vm_pip.ip_address } After deployment, this will show the VM’s public IP so you can test IIS.

How to Deploy
Make sure you have Terraform installed and configured locally.

Step 1: Login to Azure

az login

Step 2: Initialize

terraform init

Step 3: Preview changes

terraform plan

Step 4: Deploy

terraform apply
Type yes when prompted. After deployment, access the IIS default page by visiting the outputted public IP in a browser.
✅ ConclusionThis project helps you understand:

How to securely deploy Windows VMs with NSGs

How to run PowerShell scripts during provisioning

How to automate web server setup via Terraform

Deploy a Linux VM on Azure with a Custom Startup Script using Terraform

Smallsun2025 — Sun, 15 Jun 2025 13:55:32 +0000

🗂 Project Structure

The Terraform project consists of the following files:

azure-linuxvm-nsg-nginx-demo/
├── main.tf # Main infrastructure definitions
├── variables.tf # Input variable declarations
├── terraform.tfvars # Variable values (location, credentials, etc.)
├── outputs.tf # Outputs like public IP
├── startup-script.sh # Bash script to install and enable nginx

Each file serves a specific purpose to keep the project modular, secure, and easy to manage.

🔧 Terraform Configuration Breakdown

This section explains each component used in the deployment.

1. Resource Group

resource "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
  location = var.location
}
💡 Creates a container to hold all related Azure resources.

2. Virtual Network and Subnet

resource "azurerm_virtual_network" "vnet" {
  name                = "vnet-demo"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
}

resource "azurerm_subnet" "subnet" {
  name                 = "subnet-demo"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}
💡 Defines the internal network where the VM will reside.

3. Public IP Address

resource "azurerm_public_ip" "public_ip" {
  name                = "public-ip-demo"
  location            = var.location
  resource_group_name = var.resource_group_name
  allocation_method   = "Dynamic"
}
💡 Allows the VM to be accessible from the internet.

4. Network Security Group (NSG)
resource "azurerm_network_security_group" "nsg" {
  name                = "nsg-demo"
  location            = var.location
  resource_group_name = var.resource_group_name

  security_rule {
    name                       = "SSH"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }

  security_rule {
    name                       = "HTTP"
    priority                   = 1002
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "80"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}
💡 Allows traffic to ports 22 (SSH) and 80 (HTTP) from any IP.

5. Network Interface + NSG Binding
resource "azurerm_network_interface" "nic" {
  name                = "nic-demo"
  location            = var.location
  resource_group_name = var.resource_group_name

  ip_configuration {
    name                          = "ipconfig"
    subnet_id                     = azurerm_subnet.subnet.id
    private_ip_address_allocation = "Dynamic"
    public_ip_address_id          = azurerm_public_ip.public_ip.id
  }

  network_security_group_id = azurerm_network_security_group.nsg.id
}
💡 Binds the NIC to the subnet and NSG. Associates a public IP.

---

### 6. Startup Script: `startup-script.sh`

bash

!/bin/bash

sudo apt-get update
sudo apt-get install -y nginx
sudo systemctl start nginx
sudo systemctl enable nginx

💡 This script installs and starts nginx automatically when the VM is created.

Linux Virtual Machine resource "azurerm_linux_virtual_machine" "vm" { name = var.vm_name location = var.location resource_group_name = var.resource_group_name network_interface_ids = [azurerm_network_interface.nic.id] size = "Standard_B1s" admin_username = var.admin_username admin_password = var.admin_password disable_password_authentication = false

source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}

os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
name = "osdisk-demo"
}

computer_name = "demo-vm"
provision_vm_agent = true
custom_data = base64encode(file("startup-script.sh"))
}
💡 This creates a Linux VM and runs the startup script to configure the web server.

Outputs output "resource_group_name" { value = azurerm_resource_group.rg.name }

output "public_ip_address" {
value = azurerm_public_ip.public_ip.ip_address
}
💡 After deployment, these outputs help you identify the resource group and access the VM.

✅ Conclusion

With just a few Terraform files, we successfully deployed:

A secure Linux Virtual Machine on Azure
A fully working nginx web server
Automated provisioning via a startup script
Public access through a dynamically assigned IP address

This approach demonstrates the power of Infrastructure as Code (IaC) and how easily repeatable environments can be created using Terraform.

📦 GitHub Repository

You can find the full source code for this project here:

👉 https://github.com/Smallsun2025/azure-linuxvm-nsg-nginx-demo

⭐️ Feel free to star, fork, or leave feedback!

🧠 Coming Next

In future posts, I’ll walk through:

Creating Azure VM images with Packer + Terraform
Setting up 3-tier architecture with Load Balancer
Using Terraform Cloud for remote state & collaboration

Follow for more Azure automation tips!

Deploy Azure VM from Custom Image using Terraform

Smallsun2025 — Wed, 11 Jun 2025 12:52:28 +0000

🗂 Project Structure
This Terraform project consists of the following files:
azure-vm-from-image-demo/
├── main.tf # Core infrastructure resources
├── variables.tf # Input variables
├── terraform.tfvars # Variable values (e.g., image ID, subnet ID)
├── outputs.tf # Useful outputs (e.g., VM ID, IP)

🔧 Terraform Configuration Explained

Resource Group + Network Interface In main.tf, we start by creating a resource group and a network interface that connects to an existing subnet:

resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.location
}

resource "azurerm_network_interface" "nic" {
name = "vm-from-image-nic"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name

ip_configuration {
name = "internal"
subnet_id = var.subnet_id
private_ip_address_allocation = "Dynamic"
}
}

💡 Explanation: This NIC connects the VM to the specified subnet. You’ll need to pass in an existing subnet ID (from a previous project or manual setup).

Virtual Machine from Custom Image

resource "azurerm_linux_virtual_machine" "vm" {
name = var.vm_name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = "Standard_B1s"
admin_username = var.admin_username
admin_password = var.admin_password
network_interface_ids = [azurerm_network_interface.nic.id]
disable_password_authentication = false

source_image_id = var.custom_image_id

os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
}
💡 Explanation: Instead of using a marketplace image, we’re referencing an existing custom image by its full resource ID (e.g., /subscriptions/.../images/demo-vm-image).

Variables + tfvars To keep the project reusable and configurable, we use the following variables in variables.tf and set actual values in terraform.tfvars: variable "custom_image_id" { description = "The resource ID of the custom managed image" type = string }

variable "subnet_id" {
description = "Subnet ID for VM NIC"
type = string
}
And in terraform.tfvars:

custom_image_id = "/subscriptions/xxxxx/resourceGroups/xxx/providers/Microsoft.Compute/images/demo-vm-image"
subnet_id = "/subscriptions/xxxxx/resourceGroups/xxx/providers/Microsoft.Network/virtualNetworks/demo-vnet/subnets/demo-subnet"
🛠 You can get these IDs from previous deployments or from the Azure Portal.

Outputs We output useful values like VM ID and private IP address: output "vm_id" { value = azurerm_linux_virtual_machine.vm.id }

output "private_ip" {
value = azurerm_network_interface.nic.private_ip_address
}

🚀 Deployment Steps
To deploy this project, follow these steps:

az login
terraform init
terraform plan
terraform apply

✅ Summary
This post showed how to:

Deploy a VM from a custom managed image in Azure

Use Terraform to automate the setup

Connect the VM to an existing subnet

Maintain modular, reusable code using variables and outputs

Deploy Azure Snapshot and Managed Image with Terraform

Smallsun2025 — Sun, 08 Jun 2025 13:26:36 +0000

🧭 Introduction

When managing virtual machines in Azure, creating backups and reusable VM images is a crucial part of infrastructure lifecycle management. In this post, we’ll walk through how to use Terraform to create:

A Snapshot (point-in-time backup of a managed disk)
A Managed Image (used to create new VMs from a base configuration)

This is useful for both disaster recovery and automated environment deployment.

🗂 Project Structure

The Terraform project consists of four files:
azure-image-snapshot-demo/
├── main.tf # Resource definitions: snapshot + image
├── variables.tf # Input variables
├── terraform.tfvars # Variable values
├── outputs.tf # Exported resource IDs

🔧 Terraform Resource Overview

Resource Group


hcl
resource "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
  location = var.location
}

2. Managed Disk
resource "azurerm_managed_disk" "os_disk" {
  name                 = "demo-os-disk"
  location             = azurerm_resource_group.rg.location
  resource_group_name  = azurerm_resource_group.rg.name
  storage_account_type = "Standard_LRS"
  create_option        = "Empty"
  disk_size_gb         = 30
}

3. Snapshot
resource "azurerm_snapshot" "vm_snapshot" {
  name                = "demo-vm-snapshot"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  create_option       = "Copy"
  source_uri          = azurerm_managed_disk.os_disk.id
}

4. Managed Image
resource "azurerm_image" "vm_image" {
  name                = "demo-vm-image"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  os_disk {
    os_type          = "Linux"
    os_state         = "Generalized"
    blob_uri         = null
    managed_disk_id  = azurerm_snapshot.vm_snapshot.id
  }
}
⚙️ How to Deploy (Optional)
az login
terraform init
terraform apply
terraform output

✅ Conclusion
With just a few lines of Terraform, we can automate the process of backing up a virtual machine and preparing a custom image. This is especially helpful when building golden images for reproducible environments or setting up disaster recovery strategies.

👉 GitHub Repository:
https://github.com/Smallsun2025/azure-image-snapshot-demo

If you found this helpful, please ⭐️ the repo or leave a comment!

Deploy an Azure VM with Network Security Group (NSG) using Terraform

Smallsun2025 — Sun, 01 Jun 2025 14:47:26 +0000

🧭 Introduction

In this post, we’ll walk through how to use Terraform to deploy a simple Azure virtual machine (VM) along with a Network Security Group (NSG). This is a great hands-on example for beginners looking to understand how Infrastructure as Code (IaC) applies to cloud networking and compute resources.

🗂 Project Structure

The project contains the following Terraform files:

azure-vm-nsg-template/
├── main.tf # Main resource definitions (VM, NSG, NIC, RG)
├── variables.tf # Input variable declarations
├── terraform.tfvars # Variable values (e.g. VM name, location)
├── outputs.tf # Output values like IP address

🔧 Resource Definitions Breakdown

1. Resource Group


hcl
resource "azurerm_resource_group" "rg" {
  name     = var.resource_group_name
  location = var.location
}
2. Network Security Group (NSG)
resource "azurerm_network_security_group" "nsg" {
  name                = "demo-nsg"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  security_rule {
    name                       = "Allow-SSH"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}
3. Virtual Network + Subnet
resource "azurerm_virtual_network" "vnet" {
  name                = "demo-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
}

resource "azurerm_subnet" "subnet" {
  name                 = "demo-subnet"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}
4. Network Interface
resource "azurerm_network_interface" "nic" {
  name                = "demo-nic"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

5. Associate NSG with NIC
resource "azurerm_network_interface_security_group_association" "nsg_assoc" {
  network_interface_id      = azurerm_network_interface.nic.id
  network_security_group_id = azurerm_network_security_group.nsg.id
}
6. Virtual Machine
resource "azurerm_linux_virtual_machine" "vm" {
  name                = var.vm_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  size                = "Standard_B1s"
  admin_username      = var.admin_username

  network_interface_ids = [azurerm_network_interface.nic.id]

  admin_password = var.admin_password
  disable_password_authentication = false

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "18.04-LTS"
    version   = "latest"
  }
}
🚀 How to Deploy (Optional)
az login
terraform init
terraform plan
terraform apply
✅ Conclusion
This example demonstrates how to deploy a basic virtual machine with an associated NSG using Terraform. It’s a great step toward building more complex cloud environments and is especially helpful for those preparing for Azure infrastructure roles or certifications.
👉 GitHub Repository: https://github.com/Smallsun2025/azure-vm-nsg-template

Deploy Azure Infrastructure with Terraform: RG + VNet + Subnet

Smallsun2025 — Sun, 25 May 2025 10:35:55 +0000

🧭 Introduction

When starting with Azure infrastructure as code (IaC), Terraform is one of the most powerful tools available. In this post, we’ll walk through how to use Terraform to create a basic network setup on Azure — including a Resource Group, Virtual Network (VNet), and Subnet. This is an ideal starting point for beginners who want to automate infrastructure deployment.

🗂 Project Structure

The project consists of four core Terraform files:
azure-terraform-infra-demo/
├── main.tf # Main resource definitions
├── variables.tf # Input variable declarations
├── terraform.tfvars # Variable values
├── outputs.tf # Output values

Each file serves a specific purpose and keeps the configuration modular and easy to manage.

🔧 Terraform Configuration Breakdown

1. Resource Group

resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.location
}
This creates a logical container for all other Azure resources.

Virtual Network
resource "azurerm_virtual_network" "vnet" {
name = "demo-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
Defines a virtual network in the specified resource group.
Subnet
resource "azurerm_subnet" "subnet" {
name = "demo-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
Creates a subnet inside the virtual network.

🚀 How to Deploy
Once you have all files ready, you can deploy the infrastructure using the following steps. Make sure you have the Azure CLI and Terraform installed locally.

Step 1: Login to Azure
az login

Step 2: Initialize Terraform
terraform init

Step 3: Preview the Plan
terraform plan

Step 4: Apply the Configuration
terraform apply

Type yes when prompted to confirm, and Terraform will begin creating the resources on Azure.

✅ Conclusion
This simple project is a great starting point for anyone new to Terraform on Azure. By automating the creation of a Resource Group, Virtual Network, and Subnet, you can begin building more advanced infrastructure in a modular and repeatable way.

In future posts, I plan to share:

How to deploy Azure Virtual Machines with NSGs

How to create snapshots and managed images

Comparing Terraform and Bicep for infrastructure as code

Building multi-subnet architectures with internal routing

Thanks for reading! Feel free to ⭐️ the GitHub repo or leave a comment if you found this helpful.

Forem: Smallsun2025

Create and Assign a Custom Role in Azure Using Terraform

Deploy Azure Load Balancer and Virtual Machines using Terraform

🚀 Deploy Azure Load Balancer and Virtual Machines using Terraform

🔧 Files Overview

📂 main.tf

Create Azure Managed Image with Terraform

Automate Managed Image Creation from Windows VM with Terraform on Azure

Deploy Load Balanced Windows VMs with IIS on Azure using Terraform

🧭 Introduction

🗂 Project Structure

Automate VM Image Creation on Azure with Terraform

Deploy Windows VM with NSG and IIS using Terraform on Azure

Deploy a Windows VM with NSG and IIS using Terraform

Step 1: Login to Azure

Step 2: Initialize

Step 3: Preview changes

Step 4: Deploy

Deploy a Linux VM on Azure with a Custom Startup Script using Terraform

🗂 Project Structure

🔧 Terraform Configuration Breakdown

1. Resource Group

!/bin/bash

✅ Conclusion

📦 GitHub Repository

🧠 Coming Next

Deploy Azure VM from Custom Image using Terraform

Deploy Azure Snapshot and Managed Image with Terraform

🧭 Introduction

🗂 Project Structure

🔧 Terraform Resource Overview

Deploy an Azure VM with Network Security Group (NSG) using Terraform

🧭 Introduction

🗂 Project Structure

🔧 Resource Definitions Breakdown

1. Resource Group

Deploy Azure Infrastructure with Terraform: RG + VNet + Subnet

🧭 Introduction

🗂 Project Structure

🔧 Terraform Configuration Breakdown

1. Resource Group

📂 `main.tf`