Microsoft Open Source Blog 
Many Azure customers have adopted HashiCorp Terraform as their infrastructure provisioning tool of choice. We are working closely in partnership with HashiCorp, the company behind Terraform, to ensure that support for Terraform in Azure is first-class, and momentum we are seeing indicates that we are indeed headed in that direction. As individual usage of Terraform grows within an organization questions about collaboration and governance emerge. HashiCorp Terraform Enterprise is designed to solve the challenges of using Terraform in team environments while operating within the enterprise regulatory constraints.
In this blog post, you will learn the basics of installing and running a private installation of Terraform Enterprise in Azure. We will also cover some of the features available with Terraform Enterprise that address the questions of collaboration and governing policy across organizations. But first, let’s go over why you would want to run Terraform Enterprise in Azure.
Reasons for running private Terraform Enterprise in Azure
There are at least two reasons to run Private Terraform Enterprise in Azure:
- Customer regulatory requirements dictate it. A significant number of joint Microsoft and HashiCorp customers (especially in financial and healthcare services) operate within regulatory environments where they need to tightly control how and where their cloud infrastructure gets deployed. That includes knowing that their data, including data about the infrastructure, is being kept in certain geographic locales, and their infrastructure can be scaled up or down as needed.
- The ability to meet internal SLAs. Having full control of infrastructure where Terraform Enterprise gets deployed allows for compliance with internal enterprise SLAs, giving DevOps and infrastructure teams guarantees that they will be able to do their work.
Installing and running private Terraform Enterprise in Azure
The basics of installing Private Terraform Enterprise in Azure are straightforward – you download an executable, then install and configure it on your infrastructure. HashiCorp has a detailed blog post that walks through the installation and various configuration and availability options in Azure. Below, I am highlighting what I feel are the important parts of the installation process in Azure.
- There are three configuration options for deploying Terraform Enterprise in Azure. They are demo, production and high-availability production (also called Production-External Services). The option you choose will determine how resilient Terraform Enterprise will be. The deployment option will also dictate how involved the installation process will be: from a single-server deployment with no external dependencies for the demo to multiple servers configured with PostgreSQL database for the high-availability scenarios. As always, spending some time planning the deployment out and making sure it conforms to enterprise governance policies is paramount.
- You will need an SSL certificate for clients to securely communicate with the server. You should follow your enterprise policies for obtaining one and have that ready before installation. Try and avoid self-signed certificates; if your enterprise policy allows that, you can use Terraform Enterprise built-in integration with Let’s Encrypt service for getting your certs during the installation process.
- Note the minimum and the recommended requirements for running Terraform Enterprise in Azure. The Azure D-series virtual-machines are recommended, and machines with burstable CPUs (B-series) should be avoided for Terraform Enterprise. Note that you also need at least 50GB of disk storage – if you are installing a demo environment from the Azure portal, remember to change from the default disk size of 30GB.
Once you have decided on the installation type (demo vs prod) and obtained the SSL certificates, follow the HashiCorp Private Terraform Enterprise Setup Guide to install Private Terraform Enterprise on Azure.
Features of Terraform Enterprise
While this might be reHashing the obvious (pun intended), it’s worth emphasizing that Terraform Enterprise builds on top of the open-source version of Terraform. All the features and HCL configs that work with the open source version will continue working with Terraform Enterprise. What you gain with Terraform Enterprise are governance and collaboration features, so let’s look at what those are.
Collaboration features of Terraform Enterprise
Terraform Enterprise has multiple collaboration features that will benefit teams of any size. Here are two that could benefit teams immediately.
First, remote state management and locking. ReHashing the obvious again, Terraform maintains state of your infrastructure and it’s important that this state be shared by multiple team members without stepping on each other’s toes. While not strictly a feature of Terraform Enterprise, remote state management accomplishes this state sharing and gives your team a collaborative, shared environment, pre-configured and ready to use.
Second, version control. Any conversation about code, including Infrastructure as Code, must have a prerequisite conversation about versioning and source control. Terraform Enterprise integrates with your existing version control system, allowing you to visually track, branch and rollback your infrastructure as needed.
Governance with HashiCorp Sentinel
In 2017, HashiCorp introduced Sentinel, a language that can be used across the HashiCorp suite of products (Vault, Nomad and Consul, in addition to Terraform) to ensure that enterprise governance guidelines are adhered to through a policy as code framework. In the case of Terraform, using Sentinel means feeling certain that infrastructure deployments conform to enterprise governance policies. In the simplest example below, Sentinel policy, defined using its own Sentinel language, ensures that all VMs deployed to Azure contain tags.
With Sentinel, you can specify elaborate enterprise infrastructure deployment policies as code and have those live alongside your infrastructure as code (HCL) artifacts, ready versioning and provisioning across the number of dev, stage and production environments. Sentinel is available with Terraform Enterprise running on Azure.
We are looking forward to learning about how you use Terraform and Private Terraform Enterprise in Azure. You can follow the links below to learn more about the products, and their availability and support in Azure:
OSS Terraform in Azure Document Hub
Terraform in Azure Official Documentation
Terraform Enterprise
Questions? Let us know in the comments.