From e34c12dce23bbded77713f6e915eb615110092ad Mon Sep 17 00:00:00 2001 From: Henrik Simonsen Knutsen <46495473+hknutsen@users.noreply.github.com> Date: Thu, 5 Dec 2024 11:55:32 +0100 Subject: [PATCH] docs: clarify what the template creates (#11) Also clarify what roles are required for each step in the template deployment. --- README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 45aac1d..a257694 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,16 @@ [![SCM Compliance](https://scm-compliance-api.radix.equinor.com/repos/equinor/terraform-backend/badge)](https://scm-compliance-api.radix.equinor.com/repos/equinor/terraform-backend/badge) -Bicep template that creates an Azure Storage account to store Terraform state files. - [![Deploy to Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fequinor%2Fterraform-backend%2Fmain%2Fazuredeploy.json) +Bicep template that creates an Azure Storage account to store Terraform state files: + +- Creates a storage account with the specified name. +- Configures the storage account according to security recommendations. +- Creates a storage container `tfstate`. +- Grants access to the storage account for specified user, group and service principals. +- Creates a read-only lock to prevent changes to the storage account. + ## Prerequisites - Sign up for an [Azure account](https://azure.microsoft.com/en-us/pricing/purchase-options/azure-account). @@ -34,6 +40,8 @@ Bicep template that creates an Azure Storage account to store Terraform state fi az group create --name tfstate ``` + Requires Azure role `Contributor` at subscription. + 1. Create a deployment at resource group from the template file: ```console @@ -46,6 +54,8 @@ Bicep template that creates an Azure Storage account to store Terraform state fi az deployment group create --name terraform-backend --resource-group tfstate --template-uri https://raw.githubusercontent.com/equinor/terraform-backend/refs/heads/main/azuredeploy.json --parameters storageAccountName= ``` + Requires Azure role `Owner` at resource group. + ### Configure Terraform backend 1. Create a Terraform configuration file `main.tf` and add the following backend configuration: