Skip to content

Latest commit

 

History

History
141 lines (95 loc) · 7.13 KB

File metadata and controls

141 lines (95 loc) · 7.13 KB

Azure Virtual Desktop Accelerator for Terraform Guide

This guide is designed to help you get started with deploying Azure Virtual Desktop using the provided Terraform template(s) within this repository. Before you deploy, it is recommended to review the template(s) to understand the resources that will be deployed and the associated costs.

This accelerator is to be used as starter kit and you can expand its functionality by developing your own deployments. This scenario deploys a new Azure Virtual Desktop workload, so it cannot be used to maintain, modify or add resources to an existing or already deployed Azure Virtual Desktop workload from this accelerator.

Note This terraform accelerator requires the Custom Image Build before deploying the Baseline. If you prefer to use the marketplace image with no customization see

Table of Contents

This guide describes how to deploy Azure Virtual Desktop Accelerator using the Terraform. To get started with Terraform on Azure check out their tutorial.

Prerequisites

  • Meet the prerequisites listed here
  • Current version of the Azure CLI
  • Current version of the Terraform CLI
  • An Azure Subscription(s) where you or an identity you manage has Owner RBAC permissions
  • Ensure Encryption at Host feature is already enabled on the subscription. To enable: az feature register --name EncryptionAtHost --namespace Microsoft.Compute. To validate: az feature show --name EncryptionAtHost --namespace Microsoft.Compute

Planning

Decide on a Prefix

The deployments will require a "Prefix" which will be included in all the deployed resources name. Resource Groups and resource names are derived from the Prefix parameter. Pick a unique resource prefix that is 3-5 alphanumeric characters in length without whitespaces.

Terraform Implementation

This folder contains Terraform modules for deploying AVD Landing Zone. It is expected that users will have a strong understanding of Terraform concepts and will make any necessary modifications to fit their environment when using these modules.

Terraform Folder Structure

This folder is laid out hierarchically so that different levels of modules may be used as needed for your purpose. A summary of each level of the folder structure follows.

Folder Name Description
modules This folder contains re-usable modules that create infrastructure components that are used to compose more complex scenarios
ADDS scenarios (ADDSscenario) This folder contains scenario root modules that deploy AVD with ADDS join session host.
Microsoft Entra Domain Services (AADDSscenario) This folder contains scenario root modules that deploy AVD with ADDS join session host.
Microsoft Entra ID scenarios (AADscenario) This folder contains scenario root modules that deploy AVD with Microsoft Entra ID join session host.
EntraID Zero Trust scenarios (zerotrust) This folder contains scenario root modules that deploy AVD with Microsoft Entra ID join session host following zero trust principles.
Click to expand

Backends

The default templates write a state file directly to disk locally to where you are executing terraform from. If you wish to AzureRM backend please see AzureRM Backend. This deployment highlights using Azure Blog Storage to store state file and Key Vault.

Backends using Azure Blob Storage

Using Azure CLI

Store state in Azure Storage

RESOURCE_GROUP_NAME=tstate
STORAGE_ACCOUNT_NAME=tstate$RANDOM
CONTAINER_NAME=tstate

Create resource group

az group create --name $RESOURCE_GROUP_NAME --location <eastus>

Create storage account

az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob

Get storage account key

ACCOUNT_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)

Create blob container

az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME --account-key $ACCOUNT_KEY

echo "storage_account_name: $STORAGE_ACCOUNT_NAME"
echo "container_name: $CONTAINER_NAME"
echo "access_key: $ACCOUNT_KEY"

Create a key vault

Create Key Vault

az keyvault create --name "<Azure Virtual Desktopkeyvaultdemo>" --resource-group $RESOURCE_GROUP_NAME --location "<East US>"

Add storage account access key to key vault

az keyvault secret set --vault-name "<Azure Virtual Desktopkeyvaultdemo>" --name terraform-backend-key --value "<W.........................................>"

Deployment Steps

  1. Modify the terraform.tfvars file to define the desired names, location, networking, and other variables
  2. Before deploying, confirm the correct subscription
  3. Change directory to the Terraform folder
  4. Run terraform init to initialize this directory
  5. Run terraform plan to view the planned deployment
  6. Run terraform apply to confirm the deployment

Additional References

Click to expand

Reporting issues

Microsoft Support is not yet handling issues for any published tools in this repository. We would welcome you to open issues using GitHub issues to collaborate and improve these tools.