Open in app

Sign in

Write

Sign in

Deploying Azure Application Gateway with Terraform

Si Thu Ye Aung
4 min readSep 27, 2023

--

Azure Application Gateway is a powerful service in Microsoft Azure that helps you manage and optimize the traffic to your web applications. It provides features like load balancing, SSL termination, URL-based routing, and more. To make the deployment and management of Azure Application Gateway easier and more efficient, you can use Terraform, a popular Infrastructure as Code (IaC) tool. In this post, we’ll walk through the steps to deploy Azure Application Gateway using Terraform.

Prerequisites:

Before you begin, make sure you have the following prerequisites in place:

  1. An Azure subscription.
  2. Terraform installed on your local machine.
  3. Azure CLI installed on your local machine.
  4. Basic knowledge of Terraform and Azure.

Step 1: Create an Azure Service Principal

To interact with Azure resources from Terraform, you’ll need to create a service principal. Run the following Azure CLI command to create one:

az ad sp create-for-rbac --name ServicePrincipalName --role Contributor --scopes /subscriptions/{your-subscription-id}Make a note of the appId, password, tenant, and subscription_id values, as you'll need them in the Terraform configuration.

Make a note of the appId, password, tenant, and subscription_id values, as you'll need them in the Terraform configuration.

Step 2: Set up Azure Storage account to store the terraform state file.

az group create --name myResourceGroup --location EastUS
az storage account create --name mystorageaccount --resource-group myResourceGroup --location EastUS --sku Standard_LRS

Step 3: Configure Terraform Variables

Create a variables.tf file to store your Terraform variables. You can use variables to make your configuration more dynamic and reusable.

variable "group_name" {
  description = "A name to use for most resource group."
  default     = "rg-appgw-001"
}

variable "location" {
  description = "The location where to deploy the app-gw."
  default     = "Southeast Asia"
}


variable "vnet_name" {
  description = "A name to use for most vnet."
  default     = "vent-appgw"
}

variable "subnet_name" {
  description = "A name to use for subnet name"
  default     = "snet-agw-external-001"
}

variable "pip_name" {
  description = "A name to use for public ip name"
  default     = "pip-awg-external-sea-001"
}

variable "appgw_name" {
  description = "A name to use for application gateway name"
  default     = "appgw-external-001"
}

variable "backend_address_pool_name" {
    default = "nonprod-k8s-istio-lb-backend-pool"
}

variable "address_space" {
    description = "A subnet to use for address space"
    default = ["10.0.0.0/16"]
}

variable "subnet_name_01" {
    description = "A subnet to use for subnet name"
    default = ["10.0.0.1/24"]
}

variable "subnet_name_02" {
    description = "A subnet to use for subnet name"
    default = ["10.0.0.2/24"]
}

variable "subnet_01" {
    description = "A subnet to use for address space"
    default = ["10.0.0.1/24"]
}

variable "subnet_02" {
    description = "A subnet to use for address space"
    default = ["10.0.0.2/24"]
}

variable "frontend_http_port_name" {
    default = "http"
}

variable "frontend_https_port_name" {
    default = "https"
}

variable "frontend_public" {
    default = "appGwPublicFrontendIp"
}

variable "frontend_private" {
    default = "appGwPrivateFrontendIp"
}

variable "backend_pool_name" {
    default = "myBackenddPort"
}


variable "http_setting_name" {
    default = "myHTTPsetting"
}

variable "listener_name" {
    default = "myListener"
}

variable "request_routing_rule_name" {
    default = "myRoutingRule"
}

Step 4: Configure Terraform for Remote State Storage.

In your Terraform configuration ( versions.tf ), configure remote state storage using the Azure Storage Account you created:

This file will contain your Terraform configuration, backend state file store to Azure Storage Account and Service Account.

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.53.0"
    }
  }

}

terraform {
  backend "azurerm" {
    resource_group_name  = "<your-resource-group-name>"
    storage_account_name = "<your-storage-account-name>"
    container_name       = "<your-storage-container-name>"
    key                  = "<your-storage-account-key-name>"
    sas_token            = "<your-sas-key-value>"
  }
}

provider "azurerm" {
  skip_provider_registration = "true"
  features {}
  subscription_id   = "<your-subscription-id>"
  tenant_id         = "<your-tenant-id>"
  client_id         = "<your-client-id>"
  client_secret     = "<your-secret-id>"
}

Step 5: Set up Terraform Configuration

Create a new directory for your Terraform project and create a (main.tf) file inside it. This file will contain your Terraform configuration for the Azure Application Gateway.

#create the resource group
resource "azurerm_resource_group" "default" {
  name     = var.group_name
  location = var.location
}


#create the Virtual Network, Subnet and associated with NSG.
resource "azurerm_virtual_network" "defualt" {
  name                = var.vnet_name
  location            = var.location
  resource_group_name = var.group_name
  address_space       = [var.address_space]
  

  subnet {
    name           = var.subnet_name_01
    address_prefix = "var.subnet_01"
  }

  subnet {
    name           = var.subnet_name_02
    address_prefix = "var.subnet_02"
  }

  tags = {
    environment = "Non-prod"
  }
} 

#create the public ip address
resource "azurerm_public_ip" "default" {
  resource_group_name = var.group_name
  location            = var.location
  allocation_method   = "Static"
  sku                 = "Standard"
}

#create the app gw-02"
resource "azurerm_application_gateway" "default" {
  name                = 
  resource_group_name = var.group_name
  location            = var.location

  sku {
    name     = "Standard_v2"
    tier     = "Standard_v2"
    capacity = 1
  }
  gateway_ip_configuration {
    name      = "appgw-gateway-ip-configuration"
    subnet_id = "var.subnet_name_01"
  }

 frontend_port {
    name = var.frontend_http_port_name
    port = 80
  }

 frontend_port {
    name = var.frontend_https_port_name
    port = 443
  }

Step 6: Initialize and Apply the Configuration

Run the following Terraform commands to initialize your configuration and apply it:

terraform init
terraform apply

Conclusion:

In this post, we’ve demonstrated how to deploy an Azure Application Gateway using Terraform. By defining your infrastructure as code, you can easily version, share, and automate the deployment of your Azure resources. This approach ensures consistency and repeatability in your Azure deployments, making it easier to manage and maintain your infrastructure.

Remember to clean up your resources when you’re done by running:

terraform destroy

--

--

Si Thu Ye Aung

Written by Si Thu Ye Aung

17 Followers

Azure Solutions Architect Expert| CKA | RHCSA| RHCE |Terraform |VMware Certified Professional 6 | CCNA |Certificate of Cloud Security (CCSK v3)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams