Deploying Azure Lab Resources Using Terraform

  • Updated on Apr 4, 2025
  • Published on Mar 28, 2025
  • 5 minute(s) read

Skillable Studio allows resources to be created in Microsoft Azure as part of the lab deployment phase. This allows the resources to be available at the beginning of the lab for the user. The configuration file for building these resources is created in the native Azure configuration file format ARM. This document highlights a Skillable custom solution which allows customers that have invested in Hashicorp's Terraform and Terraform configuration files to use that investment when provisioning Skillable labs.

Best Practices for Terraform Deployment

This custom solution is for using Terraform to deploy resources on lab startup/deployment. This is not for teaching Terraform or for a user running Terraform within a lab as part of the lab instructions. The solution is aimed at customers that have an investment in Terraform already. Due to the Enterprise grade features of Terraform resources deployed in Azure using Terraform will take longer to deploy than if using the native ARM file format that Azure supports.

Requirements

For a customer to be able to use this solution they would require:

  • Access to Skillable
  • Configured to use Microsoft Azure
  • Have an appropriate Azure Cloud Subscription Pool configured

If these requirements have been met a customer could use the Azure with Terraform Deployment public Lab Solution. This can be found by creating a new Lab Profile in Skillable Studio and within the Template Gallery select the following filters on the left All, Cloud - Azure & Base Environment, or alternatively type Terraform in the search box. This will present the Azure with Terraform Deployment (Azure & Docker) Lab Solution:
image.png

How the Lab Solution Works

This Lab Profile runs Terraform in a Docker container using a Life Cycle Action (LCA) which reads the terraform tf files from a Container Volume. The LCA performs the following steps:

  1. Initializes Terraform (terraform init)
  2. Imports the Resource Group created by the Skillable Cloud Slice technology (terraform import)
  3. Deploys the terraform resources defined in the tf file (terraform apply)

Configuring the Template

The template itself contains detailed configuration steps to configure it correctly. These instructions can be view by pressing the 🔍Details button on the Lab Solution tile. The 🚀 Preview function will not work on the Lab Solution because the solution requires additional configuration. Once you have decided the solution is what you require create your own copy using the + Create button.

With your own copy either launch the lab or just edit the instructions to review the modifications required to both the Lab Solution and to the Terraform files you already have and wish to use.

Summary of the Pre-requisite Lab Solution changes required

To use this Lab Profile several configuration steps need to be performed. These steps are:

  1. Modify your Terraform files to accept required parameters
  2. Create a Container Volume
  3. Upload the Terraform files to the Container Volume
  4. Attach the Container Volume to the Lab Profile
  5. Modify the LCA to add any additional variables required by your Terraform deployment for example a Storage Account Name

Detailed changes the Lab Solution requires

To use this Lab Profile a number of pre-requisite configuration steps need to be performed. These steps are:

  1. Modify your tf files to accept required parameters (example below)
    1. For the Terraform deployment to succeed the Terraform process needs to be able to authenticate against Azure. This requires some additional variables to be added to the variables.tf file and then used in the other terraform files where applicable. The variables are:
variable "azureapp_id" {
   description = "Azure Application identifier"
   type        = string
}

variable "azureapp_secret" {
   description = "Azure Application secret"
   type        = string
}

variable "tenant_id" {
   description = "Azure tenant identifier"
   type        = string
}

variable "subscription_id" {
   description = "Subscription identifier"
   type        = string
}

b. These variables also need to be added to your terraform.tf file to enable authentication:

provider "azurerm" {
 features {}

 client_id       = var.azureapp_id
 client_secret   = var.azureapp_secret
 tenant_id       = var.tenant_id
 subscription_id = var.subscription_id
}

  1. Skillable Cloud Slice needs to manage the Resource Group(s) therefore, these also need to be handled as variables and use the appropriate @lab variables. The terraform files will need to be modified to use the variables azure_RG_name and azure_RG_location, as these values are supplied with the terraform init and apply commands as variables.

  2. Create a Container Volume

    1. In Studio select Admin -> Containers -> Container Volumes -> + Create Container Volume
    2. Complete the form with the required information

  3. Upload the modified Terraform files to the Container Volume

    1. From the Container Volume page, click Files in the top right corner
    2. Click Upload and upload the modified Terraform Files

  4. Attach the Container Volume to the Lab Profile

    1. Edit this Lab Profile
    2. From the Volumes page click +Add Container Volume
    3. Find the volume created above and add to the volume
    4. On the Containers page check the Volumes check box and update the Mount Point/ to the value terraform (the LCA assumes this folder)

  5. Modify the LCA to add any additional variables required by your Terraform deployment

    1. If the tf files require any additional values to be supplied as Terraform variables add these values to the terraform import and apply commands.

Example configuration files

The following represents a sample main.tf and variables.tf that have been modified to support the required authentication process and show an example of deploying an Azure Storage Account.

main.tf

# Configure the Azure provider
terraform {
    required_providers {
        azurerm = {
            source = "hashicorp/azurerm"
            version = "~> 3.0.2"
        }
    }
    required_version = ">= 1.1.0"
}
provider "azurerm" {
    features {}
    client_id = var.azureapp_id
    client_secret = var.azureapp_secret
    tenant_id = var.tenant_id
    subscription_id = var.subscription_id
}
# Resource Section
resource "azurerm_resource_group" "rg" {
    name = var.azure_RG_name
    location = var.azure_RG_location
}
resource "azurerm_storage_account" "storaccount1" {
    name = var.storageAccountName
    resource_group_name = azurerm_resource_group.rg.name
    location = azurerm_resource_group.rg.location
    account_kind = "StorageV2"
    account_tier = "Standard"
    account_replication_type = var.replicationType
}

Variables.tf

variable "azure_RG_name" {
    description = "Resource Group name"
    type = string
}
variable "azure_RG_location" {
    description = "Resource Group location"
    type = string
}
variable "storageAccountName" {
    description = "Name of the storage account"
    type = string
}
variable "replicationType" {
    description = "The type of replication"
    type = string
    default = "LRS"
}
variable "azureapp_id" {
    description = "Azure Application identifier"
    type = string
}
variable "azureapp_secret" {
    description = "Azure Application secret"
    type = string
}
variable "tenant_id" {
    description = "Azure tenant identifier"
    type = string
}
variable "subscription_id" {
    description = "Subscription identifier"
    type = string
}
Related articles