This project provides Terraform/OpenTofu modules for deploying Azure infrastructure components including RTTM (Real-Time Threat Monitoring) and Managed Identity resources.
- OpenTofu >= 1.6.0
- Azure CLI >= 2.0
- Azure subscription with appropriate permissions
- PowerShell or Bash terminal
Login to Azure and set your subscription:
az login
az account set --subscription "your-subscription-id"Before deploying the main infrastructure, you need to set up Azure Storage for Terraform state management.
cd bootstrap-tfstate
tofu init
tofu plan
tofu applyThis will create:
- Azure Storage Account
- Blob Container for storing Terraform state
- Necessary access permissions
Important: Note down the storage account name and container name from the output - you'll need these for the next step.
After the bootstrap completes, update the backend configuration in deployment/main.tf with your storage account details:
terraform {
backend "azurerm" {
storage_account_name = "your-storage-account-name"
container_name = "tfstate"
key = "infrastructure.tfstate"
resource_group_name = "rg-name"
}
}First create local build of Function App This build will then be packaged by Terraform in zip file to deploy Function App by Zip Deploy method. You need to have Python minimum 3.12 for this
cd modules/rttm/function-app
pip install -r requirements.txt --target="./.python_packages/lib/site-packages"Then
Copy the example variables file and customize it for your environment:
cd deployment
cp tfvars.example terraform.tfvarsEdit terraform.tfvars with your specific values:
# Example values - customize for your environment
resource_group_name = "rg-myproject-prod"
location = "eastus"
Initialize and deploy the infrastructure:
cd deployment
tofu init
tofu plan
tofu applyThe Real-Time Threat Monitoring module deploys security monitoring resources in Azure.
Location: modules/rttm/
The Managed Identity module creates and configures Azure Managed Identity resources for secure authentication.
Location: modules/managed-identity/
This project uses Azure Blob Storage as the backend for Terraform state. The state is stored remotely to enable:
- Team collaboration
- State locking
- State versioning and backup
- Secure state storage
To manage multiple environments (dev, staging, prod), you can:
- Create separate
.tfvarsfiles for each environment - Use workspace-specific state keys in your backend configuration
- Deploy with environment-specific variable files:
tofu apply -var-file="dev.tfvars"
tofu apply -var-file="prod.tfvars"# Initialize the working directory
tofu init
# Create an execution plan
tofu plan -var-file="terraform.tfvars"
# Apply the changes
tofu apply -var-file="terraform.tfvars"
# Show current state
tofu show
# Destroy infrastructure (use with caution)
tofu destroy -var-file="terraform.tfvars"- Ensure the storage account and container exist before running
tofu init - Verify your Azure credentials have access to the storage account
- Check that the storage account name is globally unique
- Verify all required variables are set in your
.tfvarsfile - Check Azure permissions for the resources being created
- Review the module documentation for specific requirements
- Follow the existing code structure and naming conventions
- Update documentation when adding new features
- Test changes in a development environment before applying to production
- Use meaningful commit messages and create pull requests for review
- Never commit
.tfvarsfiles containing sensitive data to version control - Use Azure Key Vault for storing secrets referenced in your infrastructure
- Regularly rotate access keys and review permissions
- Enable Azure Security Center recommendations for deployed resources
For issues or questions:
- Check the troubleshooting section above
- Review Azure and OpenTofu documentation
- Create an issue in the project repository with detailed error messages and steps to reproduce