title | description | author | ms.service | ms.topic | ms.custom | ms.author | ms.date | content_well_notification | ai-usage | |
---|---|---|---|---|---|---|---|---|---|---|
Quickstart: Create an Azure Attestation provider by using Terraform |
In this article, you learn how to create an Azure Attestation provider using Terraform |
tomarchermsft |
attestation |
quickstart |
devx-track-terraform |
tarcher |
09/25/2023 |
|
ai-assisted |
Microsoft Azure Attestation is a solution for attesting Trusted Execution Environments (TEEs). This quickstart focuses on the process of creating a Microsoft Azure Attestation policy using Terraform.
In this article, you learn how to:
[!div class="checklist"]
- Create a random value for the Azure resource group name using random_pet.
- Create an Azure resource group using azurerm_resource_group.
- Create an Azure Attestation provider using azurerm_attestation_provider.
-
Policy Signing Certificate: You need to upload an X.509 certificate, which is used by the attestation provider to validate signed policies. This certificate is either signed by a certificate authority or self-signed. Supported file extensions include
pem
,txt
, andcer
. This article assumes that you already have a valid X.509 certificate.
Note
The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform.
See more articles and sample code showing how to use Terraform to manage Azure resources
-
Create a directory in which to test the sample Terraform code and make it the current directory.
-
Create a file named
providers.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/providers.tf":::
-
Create a file named
main.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/main.tf":::
-
Create a file named
variables.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/variables.tf":::
Key points:
- Adjust the
policy_file
field as needed to point to your PEM file.
- Adjust the
-
Create a file named
outputs.tf
and insert the following code::::code language="Terraform" source="~/terraform_samples/quickstart/101-attestation-provider/outputs.tf":::
[!INCLUDE terraform-init.md]
[!INCLUDE terraform-plan.md]
[!INCLUDE terraform-apply-plan.md]
-
Get the Azure resource group name.
resource_group_name=$(terraform output -raw resource_group_name)
-
Run az attestation list to list the providers for the specified resource group name.
az attestation list --resource-group $resource_group_name
[!INCLUDE terraform-plan-destroy.md]
Troubleshoot common problems when using Terraform on Azure
[!div class="nextstepaction"] Overview of Azure Attestation.