This is the 6th part in the series of blog posts on managing the Azure DevOps using Terraform. You can find the series index here. In the last part, we discussed the build pipeline creation using Terraform, where we covered only build and testing stages. We could have added release stage as well, but before we deploy anything to Azure, AWS, etc, we need to create respective service endpoints in the Azure DevOps project. In this part, we’ll discuss how we can create service endpoints using Terraform. One of the pre-requisites to create service endpoints is to have a service principal ready, which is basically used for authentication.

Create AzureRM Service Endpoint

To create service endpoint for Azure RM, we’ll need to have service principal ready with required access. You can refer steps here for creating service principal. From terraform side, we need to use terraform resource azuredevops_serviceendpoint_azurerm. To use this resource, we need to supply below mandatory properties:

• project_id – The ID for azure devops project, which will contain the endpoint
• service_endpoint_name – Name for service endpoint
• azurerm_spn_tenantid – The tenant id for the service principal
• azurerm_subscription_id – The subscription id for the target subscription
• azurerm_subscription_name – The name for the target subscription

We can optionally provide the resource group used for restricted scoping for the service endpoint. It also supports a credential block for supplying service principal id and key, which we’ll refer using the variables and supply those variables when running terraform apply. Below is our code for creating the endpoint:

	# partially complete code block below – will not work in isolation
	resource "azuredevops_serviceendpoint_azurerm" "endpointazure" {
	project_id = azuredevops_project.tf-example.id
	service_endpoint_name = "azurerm_endpoint_test"
	description = "Managed by Terraform"
	credentials {
	serviceprincipalid = var.service_principal_id
	serviceprincipalkey = var.service_principal_key
	}
	azurerm_spn_tenantid = var.azurerm_spn_tenant_id
	azurerm_subscription_id = var.azurerm_subscription_id
	azurerm_subscription_name = "pay-as-you-go"
	}

view raw az-devops-azurerm-sep.tf hosted with ❤ by GitHub

Let’s also add variables in the variables.tf file:

	variable "service_principal_id" {
	description = "Service Principal Id"
	type = string
	}
	variable "service_principal_key" {
	description = "Service Principal Password"
	type = string
	}
	variable "azurerm_spn_tenant_id" {
	description = "Tenant ID for the service principal"
	type = string
	}
	variable "azurerm_subscription_id" {
	description = "Subscription ID for the target subscription"
	type = string
	}

view raw az-devops-azurerm-sep-variables.tf hosted with ❤ by GitHub

As you can see above, we have not mentioned the value for the variables as all these are sensitive values. In our case, we’ll be supplying those using TF_VAR_{variable_name} environment variable. In production scenarios, you’ll be creating these variables as part of the build and release pipelines or supply the respective key-values at terraform command line at run time.

Now we can run terraform plan to validate our changes:

At this point, we can also run terraform apply -auto-approve. Once its completes, hop over to Azure DevOps and verify that our endpoint is present:

There are many types of service endpoints available like for Azure Container Registry, Azure Kubernetes Service, GitHub, BitBucket etc. So you can mostly choose what you’ll need depending on your requirements.