Skip to content

Latest commit

 

History

History
100 lines (62 loc) · 4.26 KB

quickstart-terraform.md

File metadata and controls

100 lines (62 loc) · 4.26 KB
Raw
title description author ms.service ms.topic ms.custom ms.author ms.date content_well_notification ai-usage
Quickstart: Create an Azure Attestation provider by using Terraform
In this article, you learn how to create an Azure Attestation provider using Terraform
tomarchermsft
attestation
quickstart
devx-track-terraform
tarcher
09/25/2023
AI-contribution
ai-assisted

Quickstart: Create an Azure Attestation provider by using Terraform

Microsoft Azure Attestation is a solution for attesting Trusted Execution Environments (TEEs). This quickstart focuses on the process of creating a Microsoft Azure Attestation policy using Terraform.

In this article, you learn how to:

[!div class="checklist"]

Prerequisites

  • Install and configure Terraform

  • Policy Signing Certificate: You need to upload an X.509 certificate, which is used by the attestation provider to validate signed policies. This certificate is either signed by a certificate authority or self-signed. Supported file extensions include pem, txt, and cer. This article assumes that you already have a valid X.509 certificate.

Implement the Terraform code

Note

The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform.

See more articles and sample code showing how to use Terraform to manage Azure resources

  1. Create a directory in which to test the sample Terraform code and make it the current directory.

  2. Create a file named providers.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/providers.tf":::

  3. Create a file named main.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/main.tf":::

  4. Create a file named variables.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/variables.tf":::

    Key points:

    • Adjust the policy_file field as needed to point to your PEM file.

  5. Create a file named outputs.tf and insert the following code:

    :::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/outputs.tf":::

Initialize Terraform

[!INCLUDE terraform-init.md]

Create a Terraform execution plan

[!INCLUDE terraform-plan.md]

Apply a Terraform execution plan

[!INCLUDE terraform-apply-plan.md]

6. Verify the results

Azure CLI

  1. Get the Azure resource group name.

    resource_group_name=$(terraform output -raw resource_group_name)

  2. Run az attestation list to list the providers for the specified resource group name.

    az attestation list --resource-group $resource_group_name

Clean up resources

[!INCLUDE terraform-plan-destroy.md]

Troubleshoot Terraform on Azure

Troubleshoot common problems when using Terraform on Azure

Next steps

[!div class="nextstepaction"] Overview of Azure Attestation.