This guide is designed to help you get started with deploying Azure Virtual Desktop using the provided Terraform template(s) within this repository. Before you deploy, it is recommended to review the template(s) to understand the resources that will be deployed and the associated costs.
This accelerator is to be used as starter kit and you can expand its functionality by developing your own deployments. This scenario deploys a new Azure Virtual Desktop workload, so it cannot be used to maintain, modify or add resources to an existing or already deployed Azure Virtual Desktop workload from this accelerator.
Note This terraform accelerator requires the Custom Image Build before deploying the Baseline. If you prefer to use the marketplace image with no customization see
This guide describes how to deploy Azure Virtual Desktop Accelerator using the Terraform. To get started with Terraform on Azure check out their tutorial.
- Meet the prerequisites listed here
- Current version of the Azure CLI
- Current version of the Terraform CLI
- An Azure Subscription(s) where you or an identity you manage has
Owner
RBAC permissions - Ensure Encryption at Host feature is already enabled on the subscription. To enable: az feature register --name EncryptionAtHost --namespace Microsoft.Compute. To validate: az feature show --name EncryptionAtHost --namespace Microsoft.Compute
The deployments will require a "Prefix" which will be included in all the deployed resources name.
Resource Groups and resource names are derived from the Prefix
parameter. Pick a unique resource prefix that is 3-5 alphanumeric characters in length without whitespaces.
This folder contains Terraform modules for deploying AVD Landing Zone. It is expected that users will have a strong understanding of Terraform concepts and will make any necessary modifications to fit their environment when using these modules.
This folder is laid out hierarchically so that different levels of modules may be used as needed for your purpose. A summary of each level of the folder structure follows.
Folder Name | Description |
---|---|
modules | This folder contains re-usable modules that create infrastructure components that are used to compose more complex scenarios |
ADDS scenarios (ADDSscenario) | This folder contains scenario root modules that deploy AVD with ADDS join session host. |
Microsoft Entra Domain Services (AADDSscenario) | This folder contains scenario root modules that deploy AVD with ADDS join session host. |
Microsoft Entra ID scenarios (AADscenario) | This folder contains scenario root modules that deploy AVD with Microsoft Entra ID join session host. |
EntraID Zero Trust scenarios (zerotrust) | This folder contains scenario root modules that deploy AVD with Microsoft Entra ID join session host following zero trust principles. |
Click to expand
The default templates write a state file directly to disk locally to where you are executing terraform from. If you wish to AzureRM backend please see AzureRM Backend. This deployment highlights using Azure Blog Storage to store state file and Key Vault.
RESOURCE_GROUP_NAME=tstate
STORAGE_ACCOUNT_NAME=tstate$RANDOM
CONTAINER_NAME=tstate
az group create --name $RESOURCE_GROUP_NAME --location <eastus>
az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob
ACCOUNT_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)
az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME --account-key $ACCOUNT_KEY
echo "storage_account_name: $STORAGE_ACCOUNT_NAME"
echo "container_name: $CONTAINER_NAME"
echo "access_key: $ACCOUNT_KEY"
az keyvault create --name "<Azure Virtual Desktopkeyvaultdemo>" --resource-group $RESOURCE_GROUP_NAME --location "<East US>"
az keyvault secret set --vault-name "<Azure Virtual Desktopkeyvaultdemo>" --name terraform-backend-key --value "<W.........................................>"
- Modify the
terraform.tfvars
file to define the desired names, location, networking, and other variables - Before deploying, confirm the correct subscription
- Change directory to the Terraform folder
- Run
terraform init
to initialize this directory - Run
terraform plan
to view the planned deployment - Run
terraform apply
to confirm the deployment
Click to expand
- Terraform Download
- Visual Code Download
- Powershell VS Code Extension
- HashiCorp Terraform VS Code Extension
- Azure Terraform VS Code Extension Name
- [Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli-windows?tabs=azure-cli
- Configure the Azure Terraform Visual Studio Code extension
- Setup video
Microsoft Support is not yet handling issues for any published tools in this repository. We would welcome you to open issues using GitHub issues to collaborate and improve these tools.