Use multiple Azure subscriptions in Terraform modules

Johnny Morano — Sat, 30 Apr 2022 12:37:27 +0000

Due to billing or organizational structures, certain parts of the infrastructure could be divided over several Azure subscriptions. From an infrastructure management point of view however, it might be interesting to manage the resources in those multiple subscriptions in one Terraform playbook.

In the required_providers section, the configuration_aliases must be configured first (usually in the main.tf file). This parameter must contain the same name (or names as the parameter takes a list of strings as input) as the alias parameter further below in the second provider section. Each provider section can have its own configuration parameters, such as for instance the subscription_id.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.4.0"
      configuration_aliases = [ azurerm.other-sub ]
    }
}

provider "azurerm" {
  subscription_id = var.subscription_id
  features {}
}

provider "azurerm" {
  alias           = "other-sub"
  subscription_id = var.other_subscription_id
  features {}
}

When calling a module, each provider containing an alias and which is required in the module, must be specified in the providers parameter. The key is the name configured in the configuration_aliases in the required_providers section of the module (see below), the value is the name of the provider alias in the playbook.

module "diagnostic_sa_private_endpoint" {
  source = "../terraform_modules/private_endpoint/"
  providers = {
      azurerm.other-sub = azurerm.other-sub
  }

  for_each = { for snet in data.azurerm_subnet.subnets : snet.id => snet }
  ...
}

The module itself (in ../terraform_modules/private_endpoint/) however must again define the alias in a “required_providers” section. This means that a file must be include in the directory ../terraform_modules/private_endpoint which includes:

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      configuration_aliases = [ azurerm.other-sub ]
    }
  }
}

Finally, all Azure resources which require the other Azure subscription, must include a “provider” line similar as:

data "azurerm_private_dns_zone" "dns_zone" {
  provider            = azurerm.other-sub
  name                = var.private_dns_zone_name
}

Terraform: Create a map of subnet IDs in Azure

Johnny Morano — Fri, 04 Mar 2022 11:27:16 +0000

The subnets accessor in the azurerm_virtual_network Terraform data source returns a list of subnet names only. In most cases however, you will need to use a or multiple subnet IDs, for instance when deploying virtual machines. Instead of creating a new datasource (for possibly a small list of subnets) for each virtual machine you want to deploy, creating a locals map, which can be looked up afterwards, is going to be faster on the apply run.

Create a list of the existing virtual network subnets:

data azurerm_subnet "subnets" {
  count = length(data.azurerm_virtual_network.my_vnet.subnets)

  name                 = data.azurerm_virtual_network.my_vnet.subnets[count.index]
  virtual_network_name = var.vnet_name
  resource_group_name  = var.resource_group
}

locals {
  subnets = tomap({
      for snet in data.azurerm_subnet.subnets: snet.name => snet.id
  })
}

In the above example, we first loop over all subnet names, returned by data.azurerm_virtual_network.my_vnet.subnets, to create a list of Azure virtual network subnet objects.

Afterwards we create a locals map called subnets, which contains mapping like “subnet name points to subnet ID”.

Finally, when creating Azure network interfaces with an IP configuration, you can easily lookup the correct subnet ID based on the subnet name (which you might have configured per virtual machine)

resource "azurerm_network_interface" "my_nic" {
...
  ip_configuration {
    ...
    subnet_id = lookup(local.subnets, "my_subnet_name")
  }
...

azurerm – Johnny Morano's Tech Articles

Use multiple Azure subscriptions in Terraform modules

Terraform: Create a map of subnet IDs in Azure