-
Notifications
You must be signed in to change notification settings - Fork 0
/
cliscript.ps1
48 lines (39 loc) · 2.98 KB
/
cliscript.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# This Azure CLI script helps prepare everything you need to run Terraform in GitHub Actions. It Sets up:
# Storage Account and Container to store Terraform State remotely.
# Creates a Service Principal and then assigns contributor at tenant root. Note: you may wish to reduce this scope for your deployment down to single Subscriptions etc!
# Please change the variables to suit your requirements!
az login
########################################
# Set the below
########################################
$location = "ukwest" # This sets the Resource Group and Storage Account location.
$rgname = "gameapicontainer" # This sets the Resource Group name the Storage Account will be deployed into.
$strname = "olastore" # This sets the Storage Account name - note this must be unique!
$containername = "olastateterraform" # This sets the Container name.
$envtag = "Environment=TFStorage" # This sets the Environment Tag applied to the Resource Group and Storage Account.
$datetag = "Build-Date=27072024" # This sets the Build Date Tag applied to the Resource Group and Storage Account.
$spname = "olatfdeploy" # This sets the Service Principal Name
# Below Subscription should be the Management Subscription
$mansub = "10edc41e-6372-492d-ace4-ac127ca511f6" # This is the ID of the Subscription to deploy the Resource Group and Storage Account into.
########################################
# Creates Resource Group and Storage Account for TF State File Storage
az account set -s $mansub
az group create --location $location --name $rgname --tags $envtag $datetag
az storage account create --location $location --resource-group $rgname --name $strname --tags $envtag $datetag --https-only --sku Standard_LRS --encryption-services blob --subscription $mansub
$storageacckey=$(az storage account keys list --resource-group $rgname --account-name $strname --query '[0].value' -o tsv)
az storage container create --name $containername --account-name $strname --account-key $storageacckey
# Creates Service Principal for TF to use and gives access at root.
$spid = az ad sp create-for-rbac -n $spname --role Contributor --scopes "/" | convertfrom-json
########################################
# Information to setup GitHub Secrets and Terraform backend configuration is output by the script below.
########################################
Write-Output "
Below are the details of the storage account that will need to be in the Terraform Backend Configuration:
Resource Group: $rgname
Storage Account: $strname
Container Name: $containername
Below are the details of the Service Principal that will need to be in the GitHub Repo Secrets:
ARM_CLIENT_ID: "$spid.appid"
ARM_CLIENT_SECRET: "$spid.password"
ARM_TENANT_ID: "$spid.tenant"
ARM_SUBSCRIPTION_ID: $mansub"