minor fixes

dynamic_blocks.md

@@ -29,6 +29,10 @@ terraform {
     }
   }
 }
+
+provider "azurerm" {
+  features {}
+}
 ```
 
 Add the following to the `main.tf` file:

null_resource.md

@@ -11,11 +11,20 @@ We'll demonstrate how `null_resource` can be used to take action on a set of exi
 
 
 ## Task 1: Create a Azure Virtual Machine using Terraform
-### Step 11.1.1: Create Server instances
 
-Build the web servers using the Azure Virtual Machine Module
+### Step 1.1: Create Server instances
 
-Update or create your `main.tf` with the following:
+Build the web servers using the Azure Virtual Machine:
+
+Create the folder structure:
+
+```bash
+mkdir ~/workstation/terraform/null_resource && cd $_
+touch {variables,main}.tf
+touch terraform.tfvars
+```
+
+Update your `main.tf` with the following:
 
 ```hcl
 provider "azurerm" {
@@ -61,7 +70,7 @@ resource "azurerm_network_interface" "training" {
   ip_configuration {
     name                          = "azureuser${var.prefix}ip"
     subnet_id                     = azurerm_subnet.training.id
-    private_ip_address_allocation = "dynamic"
+    private_ip_address_allocation = "Dynamic"
     public_ip_address_id          = azurerm_public_ip.training[count.index].id
   }
 }
@@ -72,7 +81,7 @@ resource "azurerm_virtual_machine" "training" {
   location              = azurerm_resource_group.training.location
   resource_group_name   = azurerm_resource_group.training.name
   network_interface_ids = [azurerm_network_interface.training[count.index].id]
-  vm_size               = "Standard_F2"
+  vm_size               = "Standard_D2s_v4"
 
   delete_os_disk_on_termination = true
   delete_data_disks_on_termination = true
@@ -105,7 +114,8 @@ resource "azurerm_virtual_machine" "training" {
 }
 
 ```
-Update or create your `variables.tf` with the following:
+
+Update your `variables.tf` with the following:
 
 ```hcl
 variable "resource_group_name" {}
@@ -121,7 +131,8 @@ variable "num_vms" {
   default = 2
 }
 ```
-Update or create your `terraform.tfvars` with the following:
+
+Update or your `terraform.tfvars` with the following and replace the `###` with your initials:
 
 ```hcl
 resource_group_name = "###-resourcegroup"
@@ -137,9 +148,10 @@ num_vms = 1
 Then perform an `init`, `plan`, and `apply`.
 
 ## Task 2: Use `null_resource` with a Azure Virtual Machine to take action with `triggers`
-### Step 11.2.1: Use `null_resource`
 
-Add `null_resource` stanza to the `main.tf`.  Notice that the trigger for this resource is set to 
+### Step 2.1: Use `null_resource`
+
+Add `null_resource` stanza to the `main.tf`.  Notice that the trigger for this resource is set to monitor changes to the number of virtual machines.
 
 ```hcl
 resource "null_resource" "web_cluster" {
@@ -155,23 +167,26 @@ resource "null_resource" "web_cluster" {
   }
 
   provisioner "local-exec" {
-    # Bootstrap script called with private_ip of each node in the clutser
+    # Bootstrap script called with private_ip of each node in the cluster
     command = "echo ${join(" Cluster local IP is : ", azurerm_public_ip.training.*.ip_address)}"
   }
 }
 ```
+
 Initialize the configuration with a `terraform init` followed by a `plan` and `apply`.
 
-### Step 11.2.2: Re-run `plan` and `apply` to trigger `null_resource`
-After the infrastructure has completed its buildout, change your machine count (in your terraform.tfvars) and re-run a plan and apply and notice that the null resource is triggered.  This is because the "cluster size" changed, triggering our null_resource.
+### Step 2.2: Re-run `plan` and `apply` to trigger `null_resource`
+
+After the infrastructure has completed its buildout, change your machine count (in your terraform.tfvars) and re-run a plan and apply and notice that the null resource is triggered.  This is because the `web_cluster_size` changed, triggering our null_resource.
 
 ```shell
 terraform apply
 ```
 
 Run `apply` a few times to see the `null_resource`.
 
-### Step 11.2.3: Destroy
+### Step 2.3: Destroy
+
 Finally, run `destroy`.
 
 ```shell

tfc-teams-governance.md

@@ -0,0 +1,35 @@
+# Operating Terraform Cloud for Teams
+
+Terraform Cloud includes Teams and permissions that are set at the organization and workspace level. In this challenge, you will create teams in your TFC organization, add users, and assign teams permissions to workspaces.
+
+You will need to start a free trial of the Teams and Governance tier of TFC. The trial is good for 30 days, after which your organization will revert to the Free tier.
+
+## Tasks
+
+- Create teams with permissions
+- Add users to teams and test permissions
+- Assign teams to workspaces with permissions
+
+## Create teams with permissions
+
+Teams can have different levels of access to your workspaces. You can invite other users to collaborate on code changes, approvals, and Terraform runs.
+
+1. Go into your organization's General Settings and click on the **Teams** link.
+2. Add a team called **org_admins**. Admins should be able to perform all organization-level actions.
+3. Add another team called **web_app_devs**. Developers should not have any organization-wide access.
+4. Add a third team called **managers**. Managers should also not have any organization-wide access.
+
+## Add users to teams and test permissions
+
+Now that you have created teams you can invite some users to your organization. Return to your **General Settings** for the organization, and select **Users**. Then click the "Invite a user" button.
+
+Invite a new user with an email you have access to and assign them to the org_admins group. You can also make up a fictitious email, although you won't be able to test permissions.
+
+## Assign teams to workspaces with permissions
+
+Next, assign access rights to the an existing workspace. Go into the **Team Access** page of the workspace settings. If you don't see the Team Access link you might need to log out and back into Terraform Cloud.
+
+You'll want to click the "Add team and permissions" button and then click the "Select team" button next to each team to which you wish to grant workspace access. Then click the "Assign permissions" button for the desired permission.
+
+- Give the **web_app_devs** group plan level access.
+- Give the **managers** group read level access.

tfe-sentinel-use/README.md

@@ -40,7 +40,7 @@ __Scope of Policies:__ Select -> "Policies enforced on selected workspaces"
 
 __Policies:__ Select the Policy created above -> Click "Add"
 
-__Workspaces:__ Select the workspace you created in the `tfe-workspaces` lab ("ptfe-workspace") -> Click "Add"
+__Workspaces:__ Select the workspace you created in the `vcs-code-promote` lab ("web-net-prod") -> Click "Add"
 
 ### Create Policy
 

vcs-code-promote.md

@@ -6,112 +6,71 @@ GitOps is an operational framework that takes DevOps best practices that we use
 - Merge Requests
 - Pipelines
 
-In this challenge, we will utilize the benefits the VCS connected workflow to promote code from a `development` branch into our `main` branch of the `app-build` code repository.
+In this challenge, we will utilize the benefits the VCS connected workflow to promote code from a `development` branch into our `main` branch of the `tfc-azure-example` code repository.
 
 Duration: 30 minutes
 
-- Task 1: Create a `development` branch in your `app-build` code repository.
-- Task 2: Update your `web-server-dev` workspace to point to your `development` branch.
-- Task 3: Perform and update on your development branch to validate
-- Task 4: Create `web-server-prod` workspace to point to your `main` branch.
-- Task 5: Update `development` branch
-- Task 6: Merge Change into `main` branch
+- Task 1: Clone the `tfc-azure-example` code repository
+- Task 2: Create a `web-net-dev` workspace to point to your `development` branch.
+- Task 3: Create a `web-net-prod` workspace
+- Task 4: Perform and update on your development branch to validate
+- Task 5: Merge Change into `main` branch
 
-## Task 1: Create a development branch in your `app-build` code repository.
+## Task 1: Clone the `tfc-azure-example` code repository
 
-In the `app-build` github repository, create a `development` branch from the
+Fork the following registry into your GitHub account: [tfc-azure-example](https://github.com/ned1313/tfc-azure-example)
 
-![Dev Branch](img/dev_branch.png)
+In the `tfc-azure-example` github repository, create a `development` branch if one does not already exist.
 
-## Task 2: Update your `web-server-dev` workspace to point to your `development` branch.
+## Task 2: Create a `web-net-dev` workspace to point to your `development` branch
 
-We will now update the Version Control setting of our `web-server-dev` workspace to point to our new `development` branch.
+Create a new TFC workspace named `web-net-dev` that is tied to the `tfc-azure-example` github repo by choosing a VCS Control workflow. In the advanced settings under *VCS Branch*, configure it to watch the development branch.
 
-![Dev Branch Settings](img/update_vcs_dev.png)
+In the workspace, add a Terraform variable called `prefix` and set it to `dev`.
 
-Update `VCS Branch` to `development`
+Click on `Settings` at the top of the UI and then select *Variable sets* from the left side menu.
 
-![Dev Branch](img/update_vcs_dev_branch.png)
+Create a new variable set called `azure-creds` and make it available to all workspaces. Add four **environment** variables to the variable set:
 
-- Task 3: Perform and update on your development branch to validate
+- ARM_TENANT_ID
+- ARM_SUBSCRIPTION_ID
+- ARM_CLIENT_ID
+- ARM_CLIENT_SECRET
 
-This will trigger a Terraform run that is tied to the last commit on your `development` branch
+Use the values from your workstation. You can find them by running `env | grep ARM`.
 
-![Dev Branch Plan](img/update_vcs_dev_plan.png)
+Click on **Create variable set** to complete the process.
 
-## Task 4: Create `web-server-prod` workspace to point to your `main` branch.
+Back in the `web-net-dev` workspace, kick off a run and approve it.
 
-Create a new TFC workspace named `web-server-prod` that is tied to the `app-build` github repo by choosing a VCS Control workflow.
+## Task 3: Create a `web-net-prod` workspace
 
-![Prod Workspace](img/prod_workspace.png)
+Create a new TFC workspace named `web-net-prod` that is tied to the `tfc-azure-example` github repo by choosing a VCS Control workflow. Under Advanced settings, check the box for *Automatic speculative plans*. Leave the rest of the defaults as this will be tracking the default branch of the repo.
 
-![Prod Workspace](img/prod_workspace_name.png)
+In the workspace, add a Terraform variable called `prefix` and set it to `prod`.
 
-Update the variables of the new workspace with the values that were specified in the `web-server-dev` workspace, but add a `-prod` suffix on the `identity` and `bucket` variables.
+Run a plan and approve it to create the base infrastructure for the production environment.
 
-![Prod VCS Variables](img/prod_workspace_variables_complete.png)
+## Task 4: Perform and update on your development branch to validate
 
-Update the `ssh-keys` workspace to allow for the `web-server-prod` workspace to utilize the shared keys.
-
-![Prod VCS Variables](img/ssh_keys_prod.png)
-
-Once updated perform an planned run within the `web-server-prod` workspace to validate the buildout of the production environment.
-
-![Prod VCS Variables](img/prod_plan.png)
-
-## Task 5: Update `development` branch
-
-Update the `main.tf` in the development branch to include an server for `ngnix`.
-
-`main.tf`
+On the development branch, add the following to the `main.tf` file:
 
 ```hcl
 locals {
-  servers = {
-    server-iis = {
-      server_os              = "windows_2019"
-      identity               = "$var.identity-windows"
-      subnet_id              = var.subnet_id
-      vpc_security_group_ids = var.vpc_security_group_ids
-    },
-    server-apache = {
-      server_os              = "ubuntu_20_04"
-      identity               = "$var.identity-ubuntu"
-      subnet_id              = var.subnet_id
-      vpc_security_group_ids = var.vpc_security_group_ids
-    },
-    server-nginx = {
-      server_os              = "ubuntu_20_04"
-      identity               = "$var.identity-ubuntu"
-      subnet_id              = var.subnet_id
-      vpc_security_group_ids = var.vpc_security_group_ids
-    }
-  }
+  change = "trigger a change"
 }
 ```
 
-Commit the change to the `development` branch, and view the impact on your `web-server-dev` TFC workspace.
+This will trigger a Terraform run that is tied to the last commit on your `development` branch. Since there was no change to the infrastructure, there will be no option to approve the plan.
 
-![TFC Dev Workspace Plan](img/update_dev_branch.png)
+## Task 5: Merge Change into `main` branch
 
-Confirm and Apply the update on the `web-server-dev` workspace.
+Once the `web-server-dev` TFC workspace completes its run, perform a pull request to merge the change into the `main` branch.
 
-## Task 6: Merge Change into `main` branch
+The GitOps workflow allows code to be merged into another branch via a merge request. Terraform Cloud's VCS control workflow integrates into this process showing if the deployment into the `web-server-dev` workspace was successful.
 
-Once the `web-server-dev` TFC workspace completes its run, perform a pull request to
-
-![Dev Pull Request](img/pull_request.png)
-
-The GitOps workflow allows code to be merged into another branch via a merge request. Terraform Cloud's VCS control workflow integrates into this process showing if the deployment into the `web-server-dev` workspace was succesful.
-
-![Dev Pull Request](img/merge_request.png)
-
-This allows the merge request approver to have visibility that the code change was succesful in the `development` environment, and view the details of the change within Terraform Cloud.
+This allows the merge request approver to have visibility that the code change was successful in the `development` environment, and view the details of the change within Terraform Cloud.
 
 When the Merge is approved this will automatically trigger the deployment of the code into the `web-server-prod` workspace.
 
-![Dev Pull Request](img/confirm_merge.png)
-
-We have sucessfully now made changes into the development environment and promoted those changes into production via a GitOps workflow.
-
-![Code Promotion](img/code_promotion.png)
+We have successfully now made changes into the development environment and promoted those changes into production via a GitOps workflow.