Cloud infrastructure
- Architecture
- Infrastructure as code
- AWS
- Azure
- DigitalOcean
- GCP
- Mage Pro
Secret manager
Azure
Terraform Azure resources
Here is the default output of terraform plan
:
data.http.myip: Reading...
data.http.myip: Read complete after 0s [id=http://ipv4.icanhazip.com]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_application_gateway.network will be created
+ resource "azurerm_application_gateway" "network" {
+ id = (known after apply)
+ location = "westus2"
+ name = "mage-data-prep-production-app-gateway"
+ private_endpoint_connection = (known after apply)
+ resource_group_name = "mage-data-prep-production"
+ backend_address_pool {
+ fqdns = []
+ id = (known after apply)
+ ip_addresses = (known after apply)
+ name = "mage-data-prep-production-backend-pool"
}
+ backend_http_settings {
+ cookie_based_affinity = "Disabled"
+ id = (known after apply)
+ name = "mage-data-prep-production-http-setting"
+ pick_host_name_from_backend_address = false
+ port = 6789
+ probe_id = (known after apply)
+ protocol = "Http"
+ request_timeout = 60
+ trusted_root_certificate_names = []
}
+ frontend_ip_configuration {
+ id = (known after apply)
+ name = "mage-data-prep-production-frontend-ip-config"
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "Dynamic"
+ private_link_configuration_id = (known after apply)
+ public_ip_address_id = (known after apply)
}
+ frontend_port {
+ id = (known after apply)
+ name = "mage-data-prep-production-frontend-port"
+ port = 80
}
+ gateway_ip_configuration {
+ id = (known after apply)
+ name = "mage-data-prep-production-ip-configuration"
+ subnet_id = (known after apply)
}
+ http_listener {
+ frontend_ip_configuration_id = (known after apply)
+ frontend_ip_configuration_name = "mage-data-prep-production-frontend-ip-config"
+ frontend_port_id = (known after apply)
+ frontend_port_name = "mage-data-prep-production-frontend-port"
+ host_names = []
+ id = (known after apply)
+ name = "mage-data-prep-production-listener"
+ protocol = "Http"
+ ssl_certificate_id = (known after apply)
+ ssl_profile_id = (known after apply)
}
+ request_routing_rule {
+ backend_address_pool_id = (known after apply)
+ backend_address_pool_name = "mage-data-prep-production-backend-pool"
+ backend_http_settings_id = (known after apply)
+ backend_http_settings_name = "mage-data-prep-production-http-setting"
+ http_listener_id = (known after apply)
+ http_listener_name = "mage-data-prep-production-listener"
+ id = (known after apply)
+ name = "mage-data-prep-production-routing-rule"
+ priority = 10
+ redirect_configuration_id = (known after apply)
+ rewrite_rule_set_id = (known after apply)
+ rule_type = "Basic"
+ url_path_map_id = (known after apply)
}
+ sku {
+ capacity = 2
+ name = "Standard_v2"
+ tier = "Standard_v2"
}
+ ssl_policy {
+ cipher_suites = (known after apply)
+ disabled_protocols = (known after apply)
+ min_protocol_version = (known after apply)
+ policy_name = (known after apply)
+ policy_type = (known after apply)
}
}
# azurerm_container_group.container_group will be created
+ resource "azurerm_container_group" "container_group" {
+ exposed_port = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ ip_address = (known after apply)
+ ip_address_type = "Private"
+ location = "westus2"
+ name = "mage-data-prep-production"
+ network_profile_id = (known after apply)
+ os_type = "Linux"
+ resource_group_name = "mage-data-prep-production"
+ restart_policy = "Always"
+ tags = {
+ "Environment" = "production"
}
+ container {
+ commands = (known after apply)
+ cpu = 1
+ image = "mageai/mageai:latest"
+ memory = 1.5
+ name = "mage-data-prep-production-container"
+ ports {
+ port = 6789
+ protocol = "TCP"
}
+ volume {
+ empty_dir = false
+ mount_path = "/home/src"
+ name = "mage-data-prep-fs"
+ read_only = false
+ share_name = "mage-data-prep-production-data"
+ storage_account_key = (sensitive value)
+ storage_account_name = "magedataprepstorage"
}
}
}
# azurerm_network_profile.containergroup_profile will be created
+ resource "azurerm_network_profile" "containergroup_profile" {
+ container_network_interface_ids = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "mage-data-prep-production-profile"
+ resource_group_name = "mage-data-prep-production"
+ container_network_interface {
+ name = "mage-data-prep-production-nic"
+ ip_configuration {
+ name = "aciipconfig"
+ subnet_id = (known after apply)
}
}
}
# azurerm_network_security_group.nsg-aci will be created
+ resource "azurerm_network_security_group" "nsg-aci" {
+ id = (known after apply)
+ location = "westus2"
+ name = "mage-data-prep-production-nsg-aci"
+ resource_group_name = "mage-data-prep-production"
+ security_rule = [
+ {
+ access = "Allow"
+ description = ""
+ destination_address_prefix = ""
+ destination_address_prefixes = [
+ "10.0.10.0/24",
]
+ destination_application_security_group_ids = []
+ destination_port_range = ""
+ destination_port_ranges = [
+ "22",
+ "443",
+ "445",
+ "6789",
+ "8000",
]
+ direction = "Inbound"
+ name = "from-gateway-subnet"
+ priority = 100
+ protocol = "Tcp"
+ source_address_prefix = ""
+ source_address_prefixes = [
+ "10.0.20.0/24",
]
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Allow"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = ""
+ destination_port_ranges = [
+ "443",
+ "445",
+ "80",
]
+ direction = "Outbound"
+ name = "to-internet"
+ priority = 100
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Deny"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Inbound"
+ name = "DenyAllInBound-Override"
+ priority = 900
+ protocol = "*"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Deny"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Outbound"
+ name = "DenyAllOutBound-Override"
+ priority = 900
+ protocol = "*"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
]
}
# azurerm_network_security_group.nsg-public will be created
+ resource "azurerm_network_security_group" "nsg-public" {
+ id = (known after apply)
+ location = "westus2"
+ name = "mage-data-prep-production-nsg-public"
+ resource_group_name = "mage-data-prep-production"
+ security_rule = [
+ {
+ access = "Allow"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = ""
+ destination_port_ranges = [
+ "80",
]
+ direction = "Inbound"
+ name = "whitelist-inbound-ip"
+ priority = 100
+ protocol = "Tcp"
+ source_address_prefix = ""
+ source_address_prefixes = [
+ "11.111.11.111/32",
]
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Allow"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "65200-65535"
+ destination_port_ranges = []
+ direction = "Inbound"
+ name = "AllowInfraComms"
+ priority = 200
+ protocol = "Tcp"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
+ {
+ access = "Deny"
+ description = ""
+ destination_address_prefix = "*"
+ destination_address_prefixes = []
+ destination_application_security_group_ids = []
+ destination_port_range = "*"
+ destination_port_ranges = []
+ direction = "Inbound"
+ name = "DenyAllInBound-Override"
+ priority = 900
+ protocol = "*"
+ source_address_prefix = "*"
+ source_address_prefixes = []
+ source_application_security_group_ids = []
+ source_port_range = "*"
+ source_port_ranges = []
},
]
}
# azurerm_public_ip.public_ip will be created
+ resource "azurerm_public_ip" "public_ip" {
+ allocation_method = "Static"
+ fqdn = (known after apply)
+ id = (known after apply)
+ idle_timeout_in_minutes = 4
+ ip_address = (known after apply)
+ ip_version = "IPv4"
+ location = "westus2"
+ name = "mage-data-prep-production-public-ip"
+ resource_group_name = "mage-data-prep-production"
+ sku = "Standard"
+ sku_tier = "Regional"
}
# azurerm_resource_group.resource_group will be created
+ resource "azurerm_resource_group" "resource_group" {
+ id = (known after apply)
+ location = "westus2"
+ name = "mage-data-prep-production"
}
# azurerm_storage_account.aci_storage will be created
+ resource "azurerm_storage_account" "aci_storage" {
+ access_tier = (known after apply)
+ account_kind = "StorageV2"
+ account_replication_type = "LRS"
+ account_tier = "Standard"
+ allow_nested_items_to_be_public = true
+ cross_tenant_replication_enabled = true
+ default_to_oauth_authentication = false
+ enable_https_traffic_only = true
+ id = (known after apply)
+ infrastructure_encryption_enabled = false
+ is_hns_enabled = false
+ large_file_share_enabled = (known after apply)
+ location = "westus2"
+ min_tls_version = "TLS1_2"
+ name = "magedataprepstorage"
+ nfsv3_enabled = false
+ primary_access_key = (sensitive value)
+ primary_blob_connection_string = (sensitive value)
+ primary_blob_endpoint = (known after apply)
+ primary_blob_host = (known after apply)
+ primary_connection_string = (sensitive value)
+ primary_dfs_endpoint = (known after apply)
+ primary_dfs_host = (known after apply)
+ primary_file_endpoint = (known after apply)
+ primary_file_host = (known after apply)
+ primary_location = (known after apply)
+ primary_queue_endpoint = (known after apply)
+ primary_queue_host = (known after apply)
+ primary_table_endpoint = (known after apply)
+ primary_table_host = (known after apply)
+ primary_web_endpoint = (known after apply)
+ primary_web_host = (known after apply)
+ public_network_access_enabled = true
+ queue_encryption_key_type = "Service"
+ resource_group_name = "mage-data-prep-production"
+ secondary_access_key = (sensitive value)
+ secondary_blob_connection_string = (sensitive value)
+ secondary_blob_endpoint = (known after apply)
+ secondary_blob_host = (known after apply)
+ secondary_connection_string = (sensitive value)
+ secondary_dfs_endpoint = (known after apply)
+ secondary_dfs_host = (known after apply)
+ secondary_file_endpoint = (known after apply)
+ secondary_file_host = (known after apply)
+ secondary_location = (known after apply)
+ secondary_queue_endpoint = (known after apply)
+ secondary_queue_host = (known after apply)
+ secondary_table_endpoint = (known after apply)
+ secondary_table_host = (known after apply)
+ secondary_web_endpoint = (known after apply)
+ secondary_web_host = (known after apply)
+ shared_access_key_enabled = true
+ table_encryption_key_type = "Service"
+ blob_properties {
+ change_feed_enabled = (known after apply)
+ change_feed_retention_in_days = (known after apply)
+ default_service_version = (known after apply)
+ last_access_time_enabled = (known after apply)
+ versioning_enabled = (known after apply)
+ container_delete_retention_policy {
+ days = (known after apply)
}
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ delete_retention_policy {
+ days = (known after apply)
}
}
+ network_rules {
+ bypass = (known after apply)
+ default_action = (known after apply)
+ ip_rules = (known after apply)
+ virtual_network_subnet_ids = (known after apply)
+ private_link_access {
+ endpoint_resource_id = (known after apply)
+ endpoint_tenant_id = (known after apply)
}
}
+ queue_properties {
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ hour_metrics {
+ enabled = (known after apply)
+ include_apis = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
}
+ logging {
+ delete = (known after apply)
+ read = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
+ write = (known after apply)
}
+ minute_metrics {
+ enabled = (known after apply)
+ include_apis = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
}
}
+ routing {
+ choice = (known after apply)
+ publish_internet_endpoints = (known after apply)
+ publish_microsoft_endpoints = (known after apply)
}
+ share_properties {
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ retention_policy {
+ days = (known after apply)
}
+ smb {
+ authentication_types = (known after apply)
+ channel_encryption_type = (known after apply)
+ kerberos_ticket_encryption_type = (known after apply)
+ versions = (known after apply)
}
}
}
# azurerm_storage_share.container_share will be created
+ resource "azurerm_storage_share" "container_share" {
+ access_tier = (known after apply)
+ enabled_protocol = "SMB"
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "mage-data-prep-production-data"
+ quota = 100
+ resource_manager_id = (known after apply)
+ storage_account_name = "magedataprepstorage"
+ url = (known after apply)
}
# azurerm_subnet.sn-aci will be created
+ resource "azurerm_subnet" "sn-aci" {
+ address_prefixes = [
+ "10.0.10.0/24",
]
+ enforce_private_link_endpoint_network_policies = (known after apply)
+ enforce_private_link_service_network_policies = (known after apply)
+ id = (known after apply)
+ name = "aci"
+ private_endpoint_network_policies_enabled = (known after apply)
+ private_link_service_network_policies_enabled = (known after apply)
+ resource_group_name = "mage-data-prep-production"
+ service_endpoints = [
+ "Microsoft.Storage",
]
+ virtual_network_name = "mage-data-prep-production"
+ delegation {
+ name = "acidelegationservice"
+ service_delegation {
+ actions = [
+ "Microsoft.Network/virtualNetworks/subnets/join/action",
+ "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
]
+ name = "Microsoft.ContainerInstance/containerGroups"
}
}
}
# azurerm_subnet.sn-public will be created
+ resource "azurerm_subnet" "sn-public" {
+ address_prefixes = [
+ "10.0.20.0/24",
]
+ enforce_private_link_endpoint_network_policies = (known after apply)
+ enforce_private_link_service_network_policies = (known after apply)
+ id = (known after apply)
+ name = "public"
+ private_endpoint_network_policies_enabled = (known after apply)
+ private_link_service_network_policies_enabled = (known after apply)
+ resource_group_name = "mage-data-prep-production"
+ virtual_network_name = "mage-data-prep-production"
}
# azurerm_subnet_network_security_group_association.sn-nsg-aci will be created
+ resource "azurerm_subnet_network_security_group_association" "sn-nsg-aci" {
+ id = (known after apply)
+ network_security_group_id = (known after apply)
+ subnet_id = (known after apply)
}
# azurerm_subnet_network_security_group_association.sn-nsg-public will be created
+ resource "azurerm_subnet_network_security_group_association" "sn-nsg-public" {
+ id = (known after apply)
+ network_security_group_id = (known after apply)
+ subnet_id = (known after apply)
}
# azurerm_virtual_network.virtual_network will be created
+ resource "azurerm_virtual_network" "virtual_network" {
+ address_space = [
+ "10.0.0.0/16",
]
+ dns_servers = [
+ "10.0.0.4",
+ "10.0.0.5",
]
+ guid = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "mage-data-prep-production"
+ resource_group_name = "mage-data-prep-production"
+ subnet = (known after apply)
+ tags = {
+ "Environment" = "production"
}
}
Plan: 14 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
+ ip = (known after apply)
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
Was this page helpful?
Assistant
Responses are generated using AI and may contain mistakes.