8.3 AzureRM Backend

00:00

So we previously pasted the access key value into our set environment. We're gonna go ahead and cut and paste the storage account name value into our terra form file. This has this randomly generated I. D. So yours is gonna look a little bit different. The container name itself TF state tea Estate.

00:19

That's fine. We can keep that. As is

00:21

the last piece of information is the key. And really, this isn't the access key. This is the name of the Terra form state file. And so we're gonna go ahead and call it a Dev. Terra formed TF State is the name of the file on this where it comes down to having different state files for different environments

00:40

and then even putting different access controls around those state files.

00:44

One thing you may notice is, hey, why are we hard coating the strings and the values of these variables? It wouldn't really be a good idea to make reference to bar, bar, dot storage, account, name, container, name and so forth. I said it would be a good idea. Um,

01:03

and especially when you take into account what we learned about variables and environments and so forth.

01:07

But terra form does not support that. Things do need to be string liberals A to this point, the language for for reasons that are a little deep to discuss at this point. But the way the constructs in the parsing process goes, it can't evaluate the variables at this point.

01:27

So

01:29

we're just gonna leave these hard coded as is I'm gonna come down to the command prompt. We are in the 05 directory. Gonna just run Terra Form and Mitt. Right? So we have this were initializing this very simplistic. It's It's okay. I've got a remote back end, and all I'm gonna do is define a particular resource group, right? So

01:49

I'm running to reform in it. You can see

01:51

Look at this, Successfully configured. Hopefully you're seeing something like this. Configure the back end of zero r M. If you don't have a message successful than it's having a tough time accessing that that remote storage back end. So maybe some of the values you put in here are wrong.

02:07

Also, double check and make sure you have the environment. Variable arm access key.

02:13

At this point, we haven't deployed anything.

02:15

We just took a naturalization and made sure that the remote back in is there.

02:21

What I want to do is shoot over to the user portal and let's take a look at the resource group that was created during the whole bootstrapping process. And sure enough, here we have our storage container. Oh, our storage accounts And then

02:38

you can watch is I'm navigating here. I'm gonna look at the different containers, the blob service,

02:43

and there's the TF state file. So these air the blobs that were set up,

02:49

um, for us, and this is what's gonna be holding the the remote state file.

02:55

As you can see, there are no blobs just yet. We haven't run the actual terra form apply process. We're gonna go ahead and do that right now. So if you can return to the consul, we're gonna run terra form apply Very simplistic, really. Should just say I'm gonna create a resource group. Right? But what we're trying to do here

03:15

is go through the whole exercise of

03:17

having ah, remote back. And sure enough, it's gonna create the resource group were going to say the value of Yes. So what we're expecting to see here when we look back at that blob is a file called the Deaf Terra Form TF state. So the whole the deployment took place successfully.

03:37

And sure enough, there is the tea estate. If we were to examine it,

03:39

it would look very akin to the TF state that we were looking on earlier in this lesson.

03:46

So that

03:47

covers the core things of state.

03:52

Hopefully, you feel pretty comfortable about that. The only other note I really want to make about the Terra form state file is you noticed we looked at it. It was a Jason format.

04:02

It doesn't encrypt anything. So when you have keys and key values,

04:08

they're going to be captured in plain text in the terra Form state file. And when we started out talking about this key and putting some access controls around it,

04:16

that is a very important issue to take into account, especially in your higher level environments, because that state file could very well have keys if you're setting up servers, for example, giving him an SS H key or some other sort of private keys, and you don't want people to have access to view those

04:36

If you open up,

04:38

even if it's not a right access, but just to read only access to your production TF state file. Theoretically, someone can get to it and read the contents of it and then figure out what your keys are. So this is a known shortcoming of the TF state file, something to certainly keep into account