Deploy Azure DB with Terraform – Part 1

Assumption: Active Azure subscription

Creating a Foundation

This is the first post in what I hope to be a 3 part series that will walk you through getting Terraform setup on your machine, authenticated to a tenant in your Azure subscription and able to deploy resources, specifically an Azure DB. Lets jump into getting the basics of Terraform setup so we can use it to deploy resources to Azure.

I used version 1.3.9 of Terraform on Windows 11 to do this work and write this guide. You can download the latest version of Terraform here. Since I primarily use PowerShell as my primary terminal I like to keep the different versions of Terraform in a folder on my C drive and then use the following to set my path and alias to the version I want to use for my current work.

$env:Path += ';C:\Terraform'
set-alias tf "terraform_1_3_9.exe"

In order for Terraform to create and query resources in Azure, I would suggest creating a Service Principal with the Contributor role that you can use then with either a client secret or certificate to authenticate to Azure. For my work I rely upon the simplicity of a client secret. The below requires the Azure CLI .

az ad sp create-for-rbac --name <service_principal_name> --role Contributor --scopes /subscriptions/<subscription_id>

This command will return the appId, password, and tenant values are used in the following steps. The password can’t be retrieved if lost and should be stored in a secure place.

You can either set these values via environmental variables in your PowerShell session


or add authentication information to the provider block in your Terraform, notice that the client_secret which is sensitive has been variablized and will be entered via a user prompt.

terraform {
  required_version = ">= 1.3.9, < 2.0.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.47.0"
variable "client_secret" {
  type        = string
  sensitive   = true
  description = "Azure Service Principal Password"
# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}
  client_id       = "00000000-0000-0000-0000-000000000000"
  client_secret   = var.client_secret
  tenant_id       = "10000000-0000-0000-0000-000000000000"
  subscription_id = "20000000-0000-0000-0000-000000000000"
#Additional code goes here

You should now have a Terraform on your machine, a Service Principal configured in Azure with the Contributor role, a password for the Service Principal, and understand how we will authenticate to Azure when using Terraform.

Subsequent articles will delve further into the Terraform file that outlines your Infrastructure as Code, along with instructions on how to expedite the process of applying and destroying resources, particularly an Azure DB