Skip to content

README.md

Latest commit

 

History

History
63 lines (49 loc) · 4.48 KB

README.md

File metadata and controls

63 lines (49 loc) · 4.48 KB

Terraform Deployment

This directory contains Terraform modules and a deployment script for provisioning the sample's Azure resources. For details about the sample application, see Azure Web App with Azure Database for PostgreSQL flexible server.

Prerequisites

pip install azlocal

Architecture Overview

The Terraform configuration provisions:

  1. Azure Resource Group.
  2. Azure Virtual Network with two subnets:
    • app-subnet (delegated to Microsoft.Web/serverFarms for the Web App's VNet integration)
    • pe-subnet (hosts the Private Endpoint to the flex server)
  3. Azure Private DNS Zone privatelink.postgres.database.azure.com, linked to the VNet.
  4. Azure Private Endpoint (group postgresqlServer).
  5. Azure NAT Gateway.
  6. Network Security Groups: one per subnet.
  7. Azure Log Analytics Workspace.
  8. Azure Database for PostgreSQL flexible server: public-access mode, Burstable Standard_B1ms, version 16, 32 GiB, HA disabled. A permissive firewall rule (AllowAllIPs, 0.0.0.0–255.255.255.255) lets the deploy machine reach the server for the post-apply psql bootstrap.
  9. PostgreSQL database PlannerDB.
  10. Azure App Service Plan.
  11. Azure Web App with regional VNet integration. PG_HOST / PG_PORT / PG_DATABASE are written by Terraform; PG_USER and PG_PASSWORD are written by deploy.sh after psql creates the application role.

Provisioning Script

deploy.sh performs:

  • terraform init -upgrade
  • terraform plan -out=tfplan (passing pg_admin_password)
  • terraform apply -auto-approve tfplan
  • Reads outputs (resource_group_name, web_app_name, postgres_server_name, postgres_fqdn, postgres_database_name).
  • Connects to the server as the admin via the public endpoint + firewall rule and creates the testuser role, grants schema rights, creates the activities table, and seeds three rows.
  • Sets PG_USER=testuser + PG_PASSWORD=<app-password> on the Web App via az webapp config appsettings set.
  • Zips the source under ../src and deploys via az webapp deploy.

Variables

Override any of the variables in variables.tf by editing terraform.tfvars or passing -var to terraform plan. Notable PostgreSQL ones:

Variable Default Description
pg_admin_login pgadmin Server administrator login
pg_admin_password P@ssw0rd1234! Server administrator password (sensitive)
pg_version 16 PostgreSQL major version
pg_sku_name B_Standard_B1ms Compute SKU
pg_storage_mb 32768 Storage size in MB
pg_backup_retention_days 7 Backup retention
pg_database_name PlannerDB Application database

For non-dev deployments, set pg_admin_password via env var: PG_ADMIN_PASSWORD=... bash deploy.sh.