Този браузър вече не се поддържа.
Надстройте до Microsoft Edge, за да се възползвате от най-новите функции, актуализации на защитата и техническа поддръжка.
In this quickstart, you create an Azure resource group and a confidential ledger using Terraform. Azure confidential ledger is a fully managed service that provides a tamper-proof register for storing sensitive data. It's built on Azure confidential computing, which uses hardware-based trusted execution environments to protect data from threats even when it's in use. This ledger is designed to maintain the confidentiality and integrity of the data it stores, making it ideal for use cases that require high levels of data protection. The resources created in this script include the Azure confidential ledger and an Azure resource group.
Terraform enables the definition, preview, and deployment of cloud infrastructure. Using Terraform, you create configuration files using HCL syntax. The HCL syntax allows you to specify the cloud provider - such as Azure - and the elements that make up your cloud infrastructure. After you create your configuration files, you create an execution plan that allows you to preview your infrastructure changes before they're deployed. Once you verify the changes, you apply the execution plan to deploy the infrastructure.
Create an Azure account with an active subscription. You can create an account for free.
Бележка
The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform.
See more articles and sample code showing how to use Terraform to manage Azure resources:
Create a directory in which to test and run the sample Terraform code and make it the current directory.
Create a file named main.tf, and insert the following code:
resource "random_pet" "rg_name" {
prefix = var.resource_group_name_prefix
}
resource "azurerm_resource_group" "rg" {
location = var.resource_group_location
name = random_pet.rg_name.id
}
data "azurerm_client_config" "current" {
}
resource "random_string" "azurerm_confidential_ledger_name" {
length = 13
lower = true
numeric = false
special = false
upper = false
}
resource "azurerm_confidential_ledger" "example" {
name = coalesce(var.confidential_ledger_name, "ledger-${random_string.azurerm_confidential_ledger_name.result}")
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
ledger_type = var.confidential_ledger_type
azuread_based_service_principal {
principal_id = data.azurerm_client_config.current.object_id
tenant_id = data.azurerm_client_config.current.tenant_id
ledger_role_name = var.confidential_ledger_role_name
}
tags = {
IsExample = "True"
}
}
Create a file named outputs.tf, and insert the following code:
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
output "confidential_ledger_name" {
value = azurerm_confidential_ledger.example.name
}
output "confidential_ledger_type" {
value = azurerm_confidential_ledger.example.ledger_type
}
output "confidential_ledger_role_name" {
value = azurerm_confidential_ledger.example.azuread_based_service_principal[0].ledger_role_name
}
Create a file named providers.tf, and insert the following code:
terraform {
required_version = ">=1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.0"
}
}
}
provider "azurerm" {
features {}
}
Create a file named variables.tf, and insert the following code:
variable "resource_group_name_prefix" {
type = string
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "resource_group_location" {
type = string
default = "eastus"
description = "Location of the resource group."
}
variable "confidential_ledger_name" {
type = string
description = "The name of the confidential ledger resource. The value will be randomly generated if blank."
default = ""
}
variable "confidential_ledger_type" {
type = string
default = "Public"
validation {
condition = contains(["Public", "Private"], var.confidential_ledger_type)
error_message = "The confidential ledger type value must be one of the following: Public, Private."
}
description = "Type of the confidential ledger."
}
variable "confidential_ledger_role_name" {
type = string
default = "Administrator"
description = "Role name for the confidential ledger."
}
Run terraform init to initialize the Terraform deployment. This command downloads the Azure provider required to manage your Azure resources.
terraform init -upgrade
Key points:
-upgrade parameter upgrades the necessary provider plugins to the newest version that complies with the configuration's version constraints.Run terraform plan to create an execution plan.
terraform plan -out main.tfplan
Key points:
terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources.-out parameter allows you to specify an output file for the plan. Using the -out parameter ensures that the plan you reviewed is exactly what is applied.Run terraform apply to apply the execution plan to your cloud infrastructure.
terraform apply main.tfplan
Key points:
terraform apply command assumes you previously ran terraform plan -out main.tfplan.-out parameter, use that same filename in the call to terraform apply.-out parameter, call terraform apply without any parameters.Run az confidential-ledger show to view the Azure confidential ledger.
az confidentialledger show --ledger-name <ledger_name> --resource-group <resource_group_name>
You must replace <ledger_name> with the name of your Azure confidential ledger and <resource_group_name> with the name of your resource group.
When you no longer need the resources created via Terraform, do the following steps:
Run terraform plan and specify the destroy flag.
terraform plan -destroy -out main.destroy.tfplan
Key points:
terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources.-out parameter allows you to specify an output file for the plan. Using the -out parameter ensures that the plan you reviewed is exactly what is applied.Run terraform apply to apply the execution plan.
terraform apply main.destroy.tfplan
Обучение
Пътека за обучение
Fundamentals of Terraform on Azure - Training
Learn the fundamentals of how Terraform enables you to manage infrastructure deployments on Azure.
Сертифициране
Microsoft Certified: Azure Fundamentals - Certifications
Demonstrate foundational knowledge of cloud concepts, core Azure services, plus Azure management and governance features and tools.