-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.bicep
55 lines (47 loc) · 1.36 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
targetScope = 'subscription'
@description('Timestamp used to uniquely name deployed modules to retain all deployment history')
param deploymentTimestamp string = utcNow()
@description('The ID of the user who should be allowed to manage Terraform state')
param userId string
@description('Storage redundancy (recommended to use at least ZRS)')
@allowed([
'Standard_LRS'
'Standard_ZRS'
'Standard_GRS'
'Standard_GZRS'
])
param skuName string = 'Standard_ZRS'
@description('Resource group for Terraform state resources')
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: 'rg-terraform-backend'
location: deployment().location
tags: {
'owner': 'terraform'
}
}
module storage 'modules/storage.bicep' = {
scope: rg
name: '${deploymentTimestamp}-storage-module'
params: {
skuName: skuName
userId: userId
}
}
var template = '''
terraform {{
backend "azurerm" {{
resource_group_name = "{0}"
storage_account_name = "{1}"
container_name = "{2}"
key = "terraform.tfstate"
use_azuread_auth = true
subscription_id = "{3}"
tenant_id = "{4}"
}}
}}
'''
var aad = tenant().tenantId
var sub = subscription().subscriptionId
var acc = storage.outputs.account
var con = storage.outputs.container
output backendBlock string = format(template, rg.name, acc, con, sub, aad)