Hands-onLesson 13 of 16

Hands-on: Build Azure Foundation

Create a realistic Azure platform base with Terraform: resource group, remote-state-friendly layout, VNet, subnets, tags, and outputs ready for later AKS provisioning.

🎯 Lab Goal

By the end of this lab, you should have a clean Terraform layout that provisions the baseline Azure resources a platform team would build before layering AKS and application delivery on top.

🧱 Suggested Structure

text

terraform-foundation/
  main.tf
  variables.tf
  outputs.tf
  terraform.tfvars
  providers.tf

🛠️ Lab Steps

Configure the AzureRM provider and required Terraform version.
Create variables for environment, location, and address space.
Create a resource group and shared tags.
Create a VNet and at least two subnets.
Output the resource group name and subnet IDs.

Starter Configuration

hcl

terraform {
  required_version = ">= 1.6.0"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}

provider "azurerm" {
  features {}
}

variable "environment" {
  type    = string
  default = "dev"
}

variable "location" {
  type    = string
  default = "eastus"
}

locals {
  name_prefix = "platform-${var.environment}"
  common_tags = {
    environment = var.environment
    managed_by  = "terraform"
    workload    = "foundation"
  }
}

Network Resources

hcl

resource "azurerm_resource_group" "platform" {
  name     = "rg-${local.name_prefix}"
  location = var.location
  tags     = local.common_tags
}

resource "azurerm_virtual_network" "platform" {
  name                = "vnet-${local.name_prefix}"
  location            = azurerm_resource_group.platform.location
  resource_group_name = azurerm_resource_group.platform.name
  address_space       = ["10.30.0.0/16"]
  tags                = local.common_tags
}

resource "azurerm_subnet" "aks" {
  name                 = "snet-aks"
  resource_group_name  = azurerm_resource_group.platform.name
  virtual_network_name = azurerm_virtual_network.platform.name
  address_prefixes     = ["10.30.1.0/24"]
}

resource "azurerm_subnet" "apps" {
  name                 = "snet-apps"
  resource_group_name  = azurerm_resource_group.platform.name
  virtual_network_name = azurerm_virtual_network.platform.name
  address_prefixes     = ["10.30.2.0/24"]
}

Outputs

hcl

output "resource_group_name" {
  value = azurerm_resource_group.platform.name
}

output "aks_subnet_id" {
  value = azurerm_subnet.aks.id
}

✅ Validation Checklist

terraform fmt returns clean formatting.
terraform validate succeeds.
terraform plan shows expected creation only.
Names and tags follow a consistent standard.

🐛 Break/Fix Exercises

Change a subnet CIDR to overlap and see what breaks conceptually.
Rename a resource without thinking about state and inspect the plan.
Remove a shared local tag block and compare readability.

📋 Interview Questions

Scenario Practice

Why start with a foundation module before AKS?▾

Because the cluster depends on network, naming, and shared platform standards. Good foundations reduce later refactoring and failure risk.

What would you output from this lab for later modules?▾

Subnet IDs, resource group name, and possibly shared tag or location conventions if downstream modules need them.

Why is tagging part of IaC quality, not just documentation?▾

Tags support governance, cost attribution, operations, and policy compliance across the platform.

🧾 Summary

This lab builds the stable Azure foundation the rest of the Terraform path depends on. It also reinforces a core platform lesson: get the base right before layering more complex services on top.

PreviousDrift, Testing & Operations ← Back to Course NextProvision AKS Platform Stack