Provide Continuous Delivery with GitHub and Terraform Cloud for Azure

45 minutes
  • 8 Learning Objectives

About this Hands-on Lab

In this hands-on lab, you’ll create a Git repository for Terraform for your Terraform infrastructure and configure continuous delivery (CD) using GitHub Actions and Terraform Cloud.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Set Up Your Environment
  1. Set up your development environment by connecting to the Virtual Machine using remote desktop and the credentials provided.
  2. Within the Virtual Machine, using Microsoft Edge, log in to the Azure Portal using the credentials provided. Then log in to your GitHub account and your Terraform Cloud account.
Create a GitHub Repository

Create a GitHub repository for your Terraform infrastructure.

Create a Workspace in Terraform Cloud
  1. Go to and create a Terraform Cloud workspace.
  2. Create four environment variables to authorize access to Azure, with the following details:
    1. ARM_SUBSCRIPTION_ID – Use the subscription ID from the Azure portal.
    2. ARM_CLIENT_ID – Use the Client ID from the lab details.
    3. ARM_CLIENT_SECRET – Marked as sensitive, use the client secret from the lab details.
    4. ARM_TENANT_ID – Use the Azure AD Tenant ID from the Azure portal.
Configure Continuous Delivery
  1. Create a GitHub Actions workflow using the following YAML file.
  2. Create a GitHub Actions repository secret with the name TF_API_TOKEN and use the value of a Terraform Cloud API User Token.
Configure Branch Protection Rules

Create a branch protection rule to protect the main branch by requiring approvals and preventing bypassing of the configured protection rules.

Author the Configuration
  1. Clone the Git repository to the virtual machine.
  2. Create a branch for your work.
  3. Use the terraform file named in the C:Terraform folder on the workstation.
  4. Add the Terraform Cloud configuration from your Terraform Cloud workspace.
  5. Import the existing resource group for the hands-on-lab into your state.
  6. Commit your changes and publish your branch.
Create and Complete a Pull Request
  1. Create and complete a pull request to push your changes to the main branch.

    To complete the pull request without a second reviewer, you will need to Allow bypassing branch protection rules by deselecting Do not allow bypassing the above settings in the branch protection policy.

Review Results
  1. Review the results in GitHub Actions.
  2. Review the results in the Azure portal.

Additional Resources


As you walk through the lab, consider the following scenario:

You're playing the role of a platform engineer with River City AI.

River City AI specializes in optimizing speech to text for efficiency and accuracy using machine learning. They’re working on next-generation speech recognition for generative AI.

River City AI is already using Amazon Web Services and due to the success and capabilities of Microsoft’s Data and AI services, they are looking to adopt a multi-cloud environment to drive innovation. Because they are multi-cloud, Terraform is an excellent choice to deploy their infrastructure as code.

You’ll be working with an existing virtual machine that has been configured as an Infrastructure as Code Workstation, with all the required software, including Terraform, the Azure CLI, and Visual Studio Code with the Terraform extension for VS code installed.

You’ve been tasked with configuring a continuous delivery pipeline for your Terraform infrastructure using GitHub Actions and Terraform Cloud. You also need to protect the production infrastructure from unapproved changes and store the terraform state in Terraform Cloud.

In this lab, you will:

  1. Create a repository.
  2. Create a workspace in Terraform Cloud.
  3. Configure continuous delivery using GitHub Actions.
  4. Configure branch protection rules.
  5. Author your configuration and push it to the remote respository.
  6. Create and complete a pull request and review the results in GitHub and the Azure portal.

Lab Setup

Note: To complete this lab, you will need:

  • Your own free Terraform Cloud account. You can sign up at Terraform Cloud.
  • Your own free GitHub account. You can create one at GitHub.

In this lab, you will be connecting to the VM using Remote Desktop and you will have access to the Azure portal.

Note: To complete this lab, you will need to use a remote desktop client.

You can find the YAML file that you will need to configure continuous delivery in the lab GitHub repository.

If you get stuck, feel free to check out the lab objectives or the solution video. Good luck!

WARNING: Be Prepared for UI Changes!

Given the fluid nature of Microsoft's cloud tools, you may experience user interface (UI) changes that were made following the development of this hands-on lab that do not match up with the lab instructions. When any such changes are brought to our attention, we will attempt to update the content accordingly. However, if changes occur, you will have to adapt to the changes and work through them in the hands-on labs as needed.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?