Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Deploy applications and infrastructure to Azure using Copilot-guided workflows and Azure MCP
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/recipes/terraform/README.md
1# Terraform Deploy Recipe2Deploy to Azure using Terraform.4## Prerequisites6- Terraform CLI installed8- `.azure/deployment-plan.md` exists with status `Validated`9- Terraform initialized (`terraform init`)10- Plan validated (`terraform plan`)11- **Subscription and location confirmed** → See [Pre-Deploy Checklist](../../pre-deploy-checklist.md)12## Workflow14| Step | Task | Command |16|------|------|---------|17| 1 | **[Pre-deploy checklist](../../pre-deploy-checklist.md)** | Confirm subscription/location with user |18| 2 | Select workspace | `terraform workspace select <env>` |19| 3 | Apply | `terraform apply tfplan` |20| 4 | Get outputs | `terraform output` |21| 5 | Deploy app | Service-specific commands |22| 6 | **Report** | Present deployed endpoint URLs to the user — see [Verification](verify.md) |23## Deployment Commands25### Apply with Plan File (Recommended)27```bash29terraform plan -out=tfplan30terraform apply tfplan31```32### Auto-Approve (CI/CD)34```bash36terraform apply -auto-approve37```38### With Variables40```bash42terraform apply \43-var="environment=prod" \44-var="location=westus2" \45-auto-approve46```47### Target Specific Resource49```bash51terraform apply -target=azurerm_container_app.api52```53## Get Outputs55```bash57terraform output58terraform output -json59terraform output api_url60```61## Application Deployment63After infrastructure is deployed:65### Container Apps (Two-Phase Deployment)67Container Apps with ACR require a two-phase flow because the app image doesn't exist in ACR during initial `terraform apply`. See the **azure-prepare** skill's `references/services/container-apps/terraform.md` for the full pattern.69```bash71ACR_NAME=$(terraform output -raw acr_name)72ACR_SERVER=$(terraform output -raw acr_login_server)73APP_NAME=$(terraform output -raw container_app_name)74RG_NAME=$(terraform output -raw resource_group_name)75# 1. Build and push the application image to ACR77az acr build --registry $ACR_NAME --image myapp:latest ./src/api78# 2. Configure the registry/identity link (managed identity, no passwords)80az containerapp registry set \81--name $APP_NAME \82--resource-group $RG_NAME \83--server $ACR_SERVER \84--identity system85# 3. Update the Container App to use the real image87az containerapp update \88--name $APP_NAME \89--resource-group $RG_NAME \90--image $ACR_SERVER/myapp:latest91```92**PowerShell:**94```powershell95$AcrName = terraform output -raw acr_name96$AcrServer = terraform output -raw acr_login_server97$AppName = terraform output -raw container_app_name98$RgName = terraform output -raw resource_group_name99az acr build --registry $AcrName --image myapp:latest ./src/api101az containerapp registry set `103--name $AppName `104--resource-group $RgName `105--server $AcrServer `106--identity system107az containerapp update `109--name $AppName `110--resource-group $RgName `111--image "$AcrServer/myapp:latest"112```113> ⚠️ **Warning:** Step 2 requires the `AcrPull` role assignment to have propagated (1–5 minutes). If the update fails, wait and retry. See the [RBAC propagation health check](../../pre-deploy-checklist.md#container-apps--acr--pre-deploy-rbac-health-check).115## References117- [Verification steps](./verify.md)119- [Error handling](./errors.md)120