• Nathan

How to connect Terraform Cloud with Azure DevOps Services

I really love infrastructure-as-code and I think its a wonderful technology. It helps to simplify and streamline many processes that used to be very manual and labor-intensive. Lately, I have been using Terraform Cloud connected to my Git Repos in Azure DevOps Services in order to automatically deploy and manage my resources in Azure.

Here's a quick high-level overview of my current process:

  • I have multiple Git Repos stored in Azure DevOps Services, and they each contain a different set of Terraform configuration files. I'll clone the repo that I want to work with to my local workstation.

  • I will checkout a new branch on that repo and commit my changes. Then, I'll create a Pull Request in Azure DevOps Repos in order to get those changes back into the master branch.

  • Azure DevOps Repos and Terraform Cloud are connected. So, when a new pull request is approved on the master branch of my repo, Terraform Cloud will automatically see that, and it will perform a "run" of that code.

  • I now go to the Terraform Cloud interface and see the initial output from the run. If everything looks like it should, then I can apply that run. Terraform Cloud will automatically talk to Azure and create or change the resources that I specified in the code.

This article will describe how to configure Terraform Cloud so that it can use Azure DevOps Services as a VCS Provider. Some assumptions that are made:

  1. You have an Azure account

  2. You have an Azure DevOps account (as well as an Organization, a Project, and a Git Repo)

  3. You have a Terraform Cloud account (as well as an Organization)

Create a new Workspace in Terraform Cloud

Step 1 - Connect to VCS

In Terraform Cloud, create a new Workspace and connect it to a version control provider. Pick Azure DevOps and then Azure DevOps Services.

Terraform will now show you some information (see screenshot below). You will use this information to create a new Application in your Azure DevOps Services.

Now, switch over to Azure DevOps Services so we can create the new Application. You have to go to your profile settings, to the Authorizations section. The menu currently doesn't give you a way to go there directly, so first click on Personal access tokens, and once the User settings page loads you can click on Authorizations and then register a new app.

Enter the following information into Azure DevOps Services. Remember, Terraform Cloud shows you exactly which values to use here. When everything is filled out, click on Create Application.

Azure DevOps will show you some information about your newly created app. You'll need to copy the values for both App ID and Client Secret.

Now go back to Terraform Cloud, and enter in the two values from above. Give your VCS connection a name, use whatever makes sense for you and your environment. Finally, click on Connect and continue.

You will get forwarded to Azure DevOps Services for one final approval. Just click Accept.

You will get forwarded again, this time back to Terraform Cloud. You'll be presented with an option to Set Up SSH keypair. We don't need this for now, so just click Skip and finish.

Create a new Workspace in Terraform Cloud

Step 2 - Choose a repository

This is pretty self-explanatory. If you followed the above steps correctly, then Terraform Cloud can now read all of the repos in your Azure DevOps Services.

Select the repo that contains the configuration files to be used by this Terraform Cloud Workspace.

Create a new Workspace in Terraform Cloud

Step 3 - Configure Settings

Now for some final configuration settings.

First, you must specify a Workspace Name. Use whatever makes sense for you and your environment.

Next, you have the option of filling in a Terraform Working Directory. You have two options here:

  • Leave this blank. Terraform will use the root of your repository as the working directory. This also sets the option for Automatic Run Triggering to Always trigger runs and there is no way to change this.

  • Fill in a directory name of your choosing. Terraform will use this as the working directory. And you now have the option to use Only trigger runs when files in specified paths change. You can set the paths for Terraform to check, and a run will only trigger if files in those paths change.

Last, but not least, you can specify the VCS Branch from which to import new versions. Leave this blank and it will default to the Master branch. If you don't want to use the Master branch, then type in another one here.

Finally, click on Create workspace.

That's it. Terraform Cloud is finally connected to Azure DevOps Services.

This is just part one. I have many ideas for future articles, such as:

  • How to create an Azure Service Principal, and how to configure Terraform Cloud to use it.

  • How to utilize the Terraform Cloud remote backend in your configuration files.

  • How to use Modules with your Terraform Cloud Private Module Registry.

  • How to use remote state with Terraform Cloud Workspaces.


  • LinkedIn - White Circle