Closed rin-skylight closed 3 months ago
My team's found setting up Storage Account as well as Keyvault - #21 initially to be tricky - because Storage Accounts are meant to be used with private endpoints for the dedicated connection, and the Azure VNET / subnet we're on using on-premise Domain Controllers to resolve DNS.
This means that initially, if the module sets the Storage Account up as "private with no public exposure" with a private endpoint, DNS won't naturally resolve in our environment until the AD team creates the A record for the private endpoint FQDN -> IP address and terraform apply could fail as a result if the Storage Account is private to begin with.
So in our account, we resort to doing this:
With that said, this may be a non-issue if your environment is using Azure DNS resolver, which you control the DNS resolution process and the DNS record lifecycle.
Background
We would like to provide a self-service option that allows users to leverage pre-existing templates to aid in the conversion from AWS, Google Cloud, or on-premise resources to Azure-based Terraform.
Action requested
Create a template folder that contains the necessary files for creating an Storage Account object in Azure.
Acceptance Criteria
main
,_var
,_data
, and_output
files should all be present.Additional context
This will enable the NBS team to leverage our files for guidance as they action the conversion to Azure.