Set up all necessary Azure cloud services and resources required before deploying additional Azure resources using Terraform.
You will:
- Configure Azure DevOps organisation, project, and repository
- Create an Azure DevOps Workload Identity Federation (OIDC) service connection — the recommended, secretless authentication method for pipelines
- Establish remote Azure Blob Storage for Terraform state files
- Create an Azure AD group for AKS admins (used for RBAC access to the AKS cluster and Key Vault)
- Azure subscription with Owner or Contributor + User Access Administrator permissions
- Azure CLI installed and logged in (
az login) - Azure DevOps organisation (free at dev.azure.com)
| Concept | Details |
|---|---|
| Workload Identity Federation | OIDC-based, no client secrets to rotate — preferred over Service Principal with password |
| Terraform remote state | Stored in Azure Blob Storage; enables team collaboration and state locking |
| Azure AD AKS Admin Group | Object ID used by Terraform to configure Key Vault RBAC and AKS admin access |
- Azure DevOps Setup — Organisation, project, WIF service connection
- Terraform Remote Storage — Storage account and blob container for state
- Create AKS Admin Group — Azure AD group for cluster admin access