Hello and welcome back to my blog. In this episode we will create a PostgreSQL Flexible Server in Azure using Terraform. So for development environment hooking up a new instance of PostgreSQL in Docker is great – it’ fast and easy, but for production environment we would like something more stable – that’s why I’ve chosen to use PostgreSQL server in cloud.

For creating and managing this server we will be using Terraform, to adhere to Infrastructure as Code approach. This allows us to store the information about our infrastructure in version control system and apply changes based on them.

First things first, in order to work manage Azure resources with Terraform you need to have both Azure CLI and Terraform installed locally on your machine.

Once both are in place login to Azure using the following command:

az login

To provide Terraform with necessary rights to manage Azure instance you need to create service principal. You can do so by running the following in your terminal (remember to replace <SUBSCRIPTION_ID> with the id of your Azure subscription):

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<SUBSCRIPTION_ID>"

As result of this command you will receive output similar to the one below:

In the next step use the values received in the output and set up corresponding environment variables according to this schema:

export ARM_CLIENT_ID="<APPID_VALUE>"
export ARM_CLIENT_SECRET="<PASSWORD_VALUE>"
export ARM_SUBSCRIPTION_ID="<SUBSCRIPTION_ID>"
export ARM_TENANT_ID="<TENANT_VALUE>"

Note that I am using syntax valid for MacOS/Linux, if you are using Windows it is going to differ slightly.

Now we are ready and we can test the Terraform installation with following command:

terraform init

After running it you will receive confirmation of successful initialisation:

Before we create Terraform file to provision PostgreSQL server there is one last thing to do. If you have created resource group (like the one used in previous entries on this blog) you need to add this resource to be managed by Terraform. You can do so running this code snippet in your terminal (as usual replace SubscriptionID and Resource group name):

import azurerm_resource_group.<RESOURCE GROUP NAME> /subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP NAME>

Let’s get to creating the server! When working with Terraform it is best to refer to their official documentation. In this case we are working with resource called „azurerm_postgresql_flexible_server” and you can find detailed documentation on it under this link.

First we specify the provider to be „azurerm” and resource group we will be working with. Server needs to reside in virtual network, so in the next step we define it’s name, location, the resource group it belongs to and the address space. We also need to define subnet which provides us with range of IP addresses that can be assigned to resources in the network.

Afterwards we also create DNS zone which allows us to use dns aliases instead of IP addresses in relation to our resources. One last thing requires is private dns zone virtual network link; thanks to it we will be able to connect applications running within Azure to our newly created database server.

Last step is of course to create PostgreSQL server itself. Beside pointing to subnet and private DNS zone created in previous steps we also need to specify configuration of the server. I’ve gone with 30 GB of storage and B standard specs (you can check the specifics either in Terraform or Azure documentation).

One note regarding security – since during the creation of the server there is need to specify username and password for PostgreSQL instance I’ve secured them using Terraform variables.

Putting all of it together the Terraform file looks the following:

variable "db_username" {
  type = string
}

variable "password" {
  type = string
}


provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "project2025" {
  name     = "project2025"
  location = "Australia East"
}

resource "azurerm_virtual_network" "rpgappnetwork" {
  name                = "rpgapp-network"
  location            = "polandcentral"
  resource_group_name = "project2025"
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "rpgapp-subnet" {
  name                 = "rpaapp-subnet"
  resource_group_name  = "project2025"
  virtual_network_name = "rpgapp-network"
  address_prefixes     = ["10.0.2.0/24"]
  service_endpoints    = ["Microsoft.Storage"]
  delegation {
    name = "fs"
    service_delegation {
      name = "Microsoft.DBforPostgreSQL/flexibleServers"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

resource "azurerm_private_dns_zone" "dns" {
  name                = "rpgapp.postgres.database.azure.com"
  resource_group_name = "project2025"
}

resource "azurerm_private_dns_zone_virtual_network_link" "rpgapp-private-dns-zone" {
  name                  = "rpgapp-dns-zone"
  private_dns_zone_name = "rpgapp.postgres.database.azure.com"
  virtual_network_id    = azurerm_virtual_network.rpgappnetwork.id
  resource_group_name   = "project2025"
  depends_on            = [azurerm_subnet.rpgapp-subnet]
}

resource "azurerm_postgresql_flexible_server" "postgres" {
  name                          = "rpgapp-postgres"
  resource_group_name           = "project2025"
  location                      = "polandcentral"
  version                       = "13"
  delegated_subnet_id           = azurerm_subnet.rpgapp-subnet.id
  private_dns_zone_id           = azurerm_private_dns_zone.dns.id
  administrator_login           = var.db_username
  administrator_password        = var.password
  zone                          = "1"

  storage_mb   = 32768

  sku_name   = "B_Standard_B1ms"
  depends_on = [azurerm_private_dns_zone_virtual_network_link.rpgapp-private-dns-zone]

  }

Now that it is ready we can apply the configuration using the command:

terraform apply

The process itself might take some time to create all the required resources. You should receive output similar to the one below:

That’s it for today, in the next entry I will cover adjusting Azure Container App to interact with newly created PostgreSQL Flexible Server database.