Skip to content

dsanchor/apim-demo-infra

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Azure API Management demo main repository

Overview

This repository contains the main infrastructure for the Azure API Management demo.

Prerequisites

This demo requires the following prerequisites:

  • Fork this repository and clone it locally.
  • An Azure subscription
  • The Azure CLI
  • A Service Principal with Contributor rights on the subscription
  • Setup credentials in Github Secrets
  • Create an storage account and a container for the Terraform state

See next sections for instructions on how to set up these prerequisites.

Fork and clone the repository

Fork this repository first. Then, clone it locally by running the following command in the directory where you want to have the repository:

git clone <your_repository>.git

Move to the dev branch:

git checkout dev

We will use the dev branch to make changes to the infrastructure which will be deployed as the Develpoment environment. The main branch will be used to deploy the Production environment after the changes have been tested in the Development environment, create a PR from the dev branch to the main branch and merge it.

Azure subscription

You must have an Azure subscription to deploy this demo. If you don't have an Azure subscription, you can create a free account.

Azure CLI

We will create some prerequired resources with the Azure CLI.

Service Principal

This demo needs a Service Principal to deploy the infrastructure. You can create a Service Principal with the following instructions:

  • Log in to Azure:
az login
  • List the available subscriptions:
az account list -o table
  • Init the SUBSCRIPTION_ID variable with the subscription ID you want to use:
export SUBSCRIPTION_ID=<subscriptionID>
  • Create the Service Principal with contributor rights on the subscription:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID"

Copy the output of the command and keep it safe for next step.

For details, see the instructions in the Azure CLI documentation to create a Service Principal.

Github Secrets

We will create the following secrets in Github Secrets, where all values are the ones you got from the previous step:

  • TF_ARM_CLIENT_ID=<appId>
  • TF_ARM_CLIENT_SECRET=<password>
  • TENANT_ID=<tenant>
  • SUBSCRIPTION_ID=<subscriptionID>

Storage account and container

We will use a storage account and a container to store the Terraform state. You can create a storage account and a container with the following instructions:

  • Init the RESORUCE_GROUP variable with the name of the resource group you want to use:
export RESOURCE_GROUP=terraform-global-rg
  • Create the resource group:
az group create --name $RESOURCE_GROUP --location westeurope --subscription $SUBSCRIPTION_ID
  • Init the STORAGE_ACCOUNT_NAME variable with the name of the storage account you want to use:
export STORAGE_ACCOUNT_NAME=tfstategithub$RANDOM
  • Create the storage account:
az storage account create --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCE_GROUP --location westeurope --sku Standard_LRS --subscription $SUBSCRIPTION_ID
  • Under apim directory, find the main.tf file and modify the name of the storage_account_name variable with the value of the STORAGE_ACCOUNT_NAME variable. To get the value of the STORAGE_ACCOUNT_NAME variable, run the following command:
echo $STORAGE_ACCOUNT_NAME
  • Create both containers for dev and main environments:
az storage container create --name dev-tfapim --account-name $STORAGE_ACCOUNT_NAME --subscription $SUBSCRIPTION_ID
az storage container create --name main-tfapim --account-name $STORAGE_ACCOUNT_NAME --subscription $SUBSCRIPTION_ID

Run the automation

We have included a GitHub Action to run the Terraform automation.

This automation will create the following resources:

  • Resource group
  • API Management service
  • Storage account for future use (to store the API Management APIs descriptors and the API Management policies. We will use this storage account in the next steps of the demo).

The storage account and the API Management service that we create in this automation have to be unique named. To make sure they are unique, modify the apim.tfvars file and change the value of the uniqueId variable. The final value of both names will be:

  • storage account name: "${var.prefix}${var.environment}apimsa${var.uniqueId}"
  • API Management service name: "${var.prefix}${var.environment}-apim-${var.uniqueId}"

To run the automation, push the changes to the dev branch. The automation will run automatically. Remember to activate GitHub actions in your repository before execute git push.

git add .
git commit -m "Initial commit"
git push origin dev

Register identity

In order to test some feature we will need an OAuth identity, so we will proceed to create an App Registration in Azure Active Directory. To do so, we will execute this Terraform templates with an account that has at least Application.ReadWrite.All permissions Create AAD application

Open a command prompt in local and navigate to the content of the repo, go to apim folder.

Create the app registration

terraform init
terraform apply -auto-approve

This will create an App Registration named: "Cloud Solution Architect APIM Demo App"

delete main.tf file and rename main.tfconfigure to main.tf

terraform apply -auto-approve

This will configure the App: add scopes, give permissions to az-cli to request an access token, etc...

Next steps

Once we have all the infrastructure deployed we can continue working, by registering APIs into APIM and assign policies. For that, go to repo: apim-demo-apis

About

Azure API Management demo main repository

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages