- app_config
- argocd_app
- azure_blob_storage
- azure_blob_storage_assets
- azure_service_bus
- firebase
- key_vault
- managed_identity
- mssql_database_user
- mssql_server
- posgresql
- tags
Azure modules (azure_blob_storage, azure_service_bus, key_vault) read resource group as a data source. Because azurerm_resource_group.name is known before apply, data sources will fail if the resource group is not yet created. You need to partially apply the resource group or pass it as depends_on. See the example.
MSSQL provider requires the database to be create before plan. You have to use partial apply to create the database first.
Terraform cannot create an AD user for Postgres. Instead it generates a script to be applied on the database. More details in the module readme.
A birds eye view of what is managed by a module and how they would typically interact with each other. For brevity, it ignores the fact that eventually all the modules have outputs that will be stored in app_config (connection strings, access keys, etc).
flowchart BT
subgraph managed_identity
direction LR
managed_identity_identity[Azure Managed Identity]
managed_identity_workload_identity[AKS Workload Identity]
end
subgraph mssql_server
direction LR
mssql_server_server[MSSQL Server]
mssql_server_database[MSSQL Databases]
mssql_server_firewall[Firewall configuration]
mssql_server_admin[MSSQL AD Admin]
end
subgraph mssql_database_user
direction LR
mssql_database_user_user[MSSQL User]
mssql_database_user_role[MSSQL User Roles]
end
subgraph app_config
direction LR
key_vault_secrets[Key Vault Secrets]
access_policy[Key Vault access policy for application]
configmaps[Kubernetes Config Maps]
secrets[Kubernetes Secrets]
end
subgraph key_vault
direction LR
key_vault_vault[Azure Key Vault]
key_vault_deploy_policy[Key Vault access policy for management]
end
subgraph azure_service_bus
direction LR
azure_service_bus_namespace[Azure Service Bus]
azure_service_bus_access[Access role for application]
end
subgraph azure_blob_storage
direction LR
azure_blob_storage_account[Azure Storage Account]
azure_blob_storage_container[Blob Storage Containers]
azure_blob_storage_access[Access role for application]
end
subgraph azure_blob_storage_assets
storage_assets[Files uploaded to Blob Storage]
end
subgraph postgresql
direction LR
postgresql_server[Postgres Flexible Server]
postgresql_database[Postgres Databases]
postgresql_roles[Postgres Roles]
postgresql_admin[Postgres AD Admin]
postgresql_firewall[Firewall configuration]
end
subgraph firebase
firebase_app[Firebase]
end
subgraph argocd
argocd_config[ArgoCD apps setup]
end
mssql_database_user --> managed_identity
app_config --> managed_identity
mssql_database_user --> mssql_server
app_config --> key_vault
azure_blob_storage --> managed_identity
azure_blob_storage_assets --> azure_blob_storage
azure_service_bus --> managed_identity
postgresql --> managed_identity