Documentation on the workflow and terraform code

---

Folder structure

The folder structure leverage the use od module and roots terraform files acting as playbook

project-root/ |-- module |-- providers.tf |-- variables.tf |-- outputs.tf |-- backend.tfvars |-- terraform.tfvars |-- user_data.sh |-- README.MD |-- .gitignore |-- other files (docs, diagrams, etc.) | |__ modules/ |-- compute/ **module for compute resource, VM etc |-- gateway/ **module for gateway resource, app gw, public IP etc. |-- monitor/ **module for monitoring/alerts (Azure Monitor, Action Groups, etc.) |-- network/ **module for networking (VNet, Subnets, NSGs, etc.) |-- rg/ **module for resouce group.

Note: In an Enterprise workplace,the folder structure would be leveraging an environment base structure.

How to use the Module

Calling the resource group, rg, module with:

main.tf
module "coalfire_rg" {
  source = "./modules/rg"

  prefix   = var.prefix
  location = var.location

  tags = var.tags
}

variables.tf

variables "location" { type: string, description: "the location" }
...etc

terraform.tfvars

location = "eastus"

Calling the network module with:

main.tf

module "network" {
  source = "./modules/network"

  prefix              = var.prefix
  location            = var.location
  resource_group_name = module.coalfire_rg.name
  vnet_address_space  = ["10.1.0.0/16"]
  subnets             = var.subnets
  tags                = var.tags
  allowed_ssh_ip      = var.allowed_ssh_ip

  depends_on = [module.coalfire_rg]
}

variables.tf

variables "location" { type: string, description: "the location" }
...etc

terraform.tfvars

location = "eastus"

The other modules are called in a similar manner and either pass the values directly or in a variable method.

Mode of deployment:

I utilized the manual method of running the terraform commands to deploy this resource / infra to my Aazure Cloud account to validate the codes, and the sequence are:

1. Created an App registration to serve as SPN and terraform authenticating account (after az login with the service principal)
2. SPN granted contributor RBAC to subscription and atleast Blob contributor RBAC for backend authentication
3. On the VS Code terminal, ran the following:

a. cd terraform #change dir to terraform code b. az login or az login --service-principal #to sign to azure c. terraform fmt -recursive #to format tf code d. terraform init -backend-config=backend.tfvars #to initialize the dir e. terraform validate #to validate the codes f. terraform plan -var-file=terraform.tfvars -out=cf.out #used this ti play, specifying the variable file to use and passing the out dir g. `terraform apply "cf.out"

Note: On an Enterprise workplace:

1. The use of azure devops YAML pipeline is advisable,
2. Remote back end should be stored securely in a private storage cointainer (otherwise, adopt terraform cloud or relevant solution)
3. To apply the infra changes, terraform apply should be blocked for azure account, to avoid engoneer applying terraform changes from the local terminal, rather, they'd comit the code to a remote repo, and run the pipeline.

---

Challenges Faced:

While performing terraform init all through to terraform apply every error was addressed. Reading the error code line, and finding the suitable way of expression and resolving it.

NOTE

The other answers to the assessment question were provided in the coalfire.md file.

---

Evidence of deployment

---