Production-ready Terraform modules for deploying Azure infrastructure including networking, compute, monitoring, and identity resources.
azure-infra-terraform/
βββ modules/
β βββ azure/
β βββ compute/
β β βββ linux-vm/ # Linux VM with backup & recovery
β βββ network/
β β βββ vnet/ # Virtual Network & Subnets
β β βββ nsg/ # Network Security Groups
β β βββ nat-gateway/ # NAT Gateway
β β βββ routetable/ # Route Tables
β βββ monitoring/
β β βββ log-analytics/ # Log Analytics Workspace
β β βββ app-insights/ # Application Insights
β βββ identity/
β βββ ad-application/ # Azure AD Applications
βββ environments/
β βββ dev/ # Development environment
β βββ prod/ # Production environment
βββ scripts/
β βββ init-backend.sh # Initialize Terraform backend
β βββ deploy.sh # Deployment helper script
βββ examples/
βββ complete/ # Complete deployment example
git clone https://github.com/yourusername/azure-infra-terraform.git
cd azure-infra-terraform
# Login to Azure
az login
az account set --subscription "YOUR_SUBSCRIPTION_ID"# Create Terraform state backend
./scripts/init-backend.sh -s YOUR_SUBSCRIPTION_ID -e dev -p myprojectcd environments/dev
# Initialize Terraform
terraform init \
-backend-config="resource_group_name=myproject-tfstate-rg" \
-backend-config="storage_account_name=myprojecttfstate" \
-backend-config="container_name=tfstate" \
-backend-config="key=dev.terraform.tfstate"
# Plan and Apply
terraform plan -var-file="terraform.tfvars"
terraform apply -var-file="terraform.tfvars"Deploys VNet with public/private subnets, NSG, NAT Gateway, and route tables.
module "network" {
source = "../../modules/azure/network"
prefix = "myapp"
environment = "dev"
location = "eastus"
resource_group_name = azurerm_resource_group.main.name
address_space = "10.0.0.0/16"
create_public_subnets = true
create_private_subnets = true
create_nat_gateway = true
num_public_subnets = 2
num_private_subnets = 2
tags = var.tags
}Deploys Ubuntu/RHEL VM with managed disks, backup, and AAD authentication.
module "linux_vm" {
source = "../../modules/azure/compute/linux-vm"
name = "app-server"
resource_group_name = azurerm_resource_group.main.name
location = "eastus"
subnet_id = module.network.private_subnet_ids[0]
vm_size = "Standard_D4s_v5"
admin_username = "azureadmin"
os_disk_size_gb = 128
data_disk_size_gb = 256
enable_backup = true
enable_aad_login = true
tags = var.tags
}Deploys Log Analytics and Application Insights.
module "monitoring" {
source = "../../modules/azure/monitoring/log-analytics"
name = "myapp-logs"
resource_group_name = azurerm_resource_group.main.name
location = "eastus"
retention_in_days = 30
tags = var.tags
}| Variable | Description | Example |
|---|---|---|
prefix |
Resource naming prefix | myapp |
environment |
Environment name | dev, prod |
location |
Azure region | eastus |
address_space |
VNet CIDR | 10.0.0.0/16 |
prefix = "myapp"
environment = "dev"
location = "eastus"
address_space = "10.0.0.0/16"
tags = {
Environment = "dev"
Project = "MyProject"
ManagedBy = "Terraform"
}- Azure AD Authentication - SSH login via Azure AD for Linux VMs
- Managed Identity - System-assigned identity for VMs
- Network Security Groups - Pre-configured NSG rules
- Key Vault Integration - Secrets stored in Azure Key Vault
- Backup & Recovery - Automated VM backups with retention policies
- Private Endpoints - Optional private connectivity
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Resource Group β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Virtual Network β β
β β βββββββββββββββ βββββββββββββββ β β
β β β Public β β Private β β β
β β β Subnets β β Subnets β β β
β β β (NAT GW) β β (VMs) β β β
β β βββββββββββββββ βββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β Linux VM β β Key Vaultβ β Log β β
β β + Backup β β β β Analyticsβ β
β ββββββββββββ ββββββββββββ ββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Output | Description |
|---|---|
vnet_id |
Virtual Network ID |
vnet_name |
Virtual Network name |
public_subnet_ids |
List of public subnet IDs |
private_subnet_ids |
List of private subnet IDs |
nsg_id |
Network Security Group ID |
| Output | Description |
|---|---|
vm_id |
Virtual Machine ID |
vm_name |
Virtual Machine name |
private_ip |
Private IP address |
public_ip |
Public IP address (if enabled) |
identity_principal_id |
Managed Identity principal ID |
custom_nsg_rules = [
{
name = "allow-https"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
}
]custom_data = base64encode(<<-EOF
#!/bin/bash
apt-get update
apt-get install -y docker.io
systemctl enable docker
systemctl start docker
EOF
)# Format check
terraform fmt -check -recursive
# Validate configuration
terraform validate
# Security scan
tfsec .
# Cost estimation
infracost breakdown --path .- Fork the repository
- Create feature branch (
git checkout -b feature/new-module) - Commit changes (
git commit -am 'Add new module') - Push to branch (
git push origin feature/new-module) - Open Pull Request
MIT License - see LICENSE for details.
Sudhakar Chundu
- GitHub: @schundu007
- LinkedIn: Sudhakar Chundu