|
| 1 | +--- |
| 2 | +description: ' Azure Verified Modules (AVM) and Terraform' |
| 3 | +applyTo: '**/*.terraform, **/*.tf, **/*.tfvars, **/*.tfstate, **/*.tflint.hcl, **/*.tf.json, **/*.tfvars.json' |
| 4 | +--- |
| 5 | + |
| 6 | +# Azure Verified Modules (AVM) Terraform |
| 7 | + |
| 8 | +## Overview |
| 9 | + |
| 10 | +Azure Verified Modules (AVM) are pre-built, tested, and validated Terraform and Bicep modules that follow Azure best practices. Use these modules to create, update, or review Azure Infrastructure as Code (IaC) with confidence. |
| 11 | + |
| 12 | +## Custom Instructions for GitHub Copilot Agents |
| 13 | + |
| 14 | +**IMPORTANT**: When GitHub Copilot Agent or GitHub Copilot Coding Agent is working on this repository, the following local unit tests MUST be executed to comply with PR checks. Failure to run these tests will cause PR validation failures: |
| 15 | + |
| 16 | +```bash |
| 17 | +PORCH_NO_TUI=1 ./avm pre-commit |
| 18 | +git add . && git commit -m "chore: avm pre-commit" |
| 19 | +PORCH_NO_TUI=1 ./avm pr-check |
| 20 | +``` |
| 21 | + |
| 22 | +These commands must be run before any pull request is created or updated to ensure compliance with the Azure Verified Modules standards and prevent CI/CD pipeline failures. |
| 23 | +More details on the AVM process can be found in the [Azure Verified Modules Contribution documentation](https://azure.github.io/Azure-Verified-Modules/contributing/terraform/testing/). |
| 24 | + |
| 25 | +**Failure to run these tests will cause PR validation failures and prevent successful merges.** |
| 26 | + |
| 27 | +## Module Discovery |
| 28 | + |
| 29 | +### Terraform Registry |
| 30 | + |
| 31 | +- Search for "avm" + resource name |
| 32 | +- Filter by "Partner" tag to find official AVM modules |
| 33 | +- Example: Search "avm storage account" → filter by Partner |
| 34 | + |
| 35 | +### Official AVM Index |
| 36 | + |
| 37 | +- **Terraform Resources**: `https://azure.github.io/Azure-Verified-Modules/indexes/terraform/tf-resource-modules/` |
| 38 | +- **Terraform Patterns**: `https://azure.github.io/Azure-Verified-Modules/indexes/terraform/tf-pattern-modules/` |
| 39 | +- **Bicep Resources**: `https://azure.github.io/Azure-Verified-Modules/indexes/bicep/bicep-resource-modules/` |
| 40 | +- **Bicep Patterns**: `https://azure.github.io/Azure-Verified-Modules/indexes/bicep/bicep-pattern-modules/` |
| 41 | + |
| 42 | +## Terraform Module Usage |
| 43 | + |
| 44 | +### From Examples |
| 45 | + |
| 46 | +1. Copy the example code from the module documentation |
| 47 | +2. Replace `source = "../../"` with `source = "Azure/avm-res-{service}-{resource}/azurerm"` |
| 48 | +3. Add `version = "1.0.0"` (use latest available) |
| 49 | +4. Set `enable_telemetry = true` |
| 50 | + |
| 51 | +### From Scratch |
| 52 | + |
| 53 | +1. Copy the Provision Instructions from module documentation |
| 54 | +2. Configure required and optional inputs |
| 55 | +3. Pin the module version |
| 56 | +4. Enable telemetry |
| 57 | + |
| 58 | +### Example Usage |
| 59 | + |
| 60 | +```hcl |
| 61 | +module "storage_account" { |
| 62 | + source = "Azure/avm-res-storage-storageaccount/azurerm" |
| 63 | + version = "0.1.0" |
| 64 | +
|
| 65 | + enable_telemetry = true |
| 66 | + location = "East US" |
| 67 | + name = "mystorageaccount" |
| 68 | + resource_group_name = "my-rg" |
| 69 | +
|
| 70 | + # Additional configuration... |
| 71 | +} |
| 72 | +``` |
| 73 | + |
| 74 | +## Naming Conventions |
| 75 | + |
| 76 | +### Module Types |
| 77 | + |
| 78 | +- **Resource Modules**: `Azure/avm-res-{service}-{resource}/azurerm` |
| 79 | + - Example: `Azure/avm-res-storage-storageaccount/azurerm` |
| 80 | +- **Pattern Modules**: `Azure/avm-ptn-{pattern}/azurerm` |
| 81 | + - Example: `Azure/avm-ptn-aks-enterprise/azurerm` |
| 82 | +- **Utility Modules**: `Azure/avm-utl-{utility}/azurerm` |
| 83 | + - Example: `Azure/avm-utl-regions/azurerm` |
| 84 | + |
| 85 | +### Service Naming |
| 86 | + |
| 87 | +- Use kebab-case for services and resources |
| 88 | +- Follow Azure service names (e.g., `storage-storageaccount`, `network-virtualnetwork`) |
| 89 | + |
| 90 | +## Version Management |
| 91 | + |
| 92 | +### Check Available Versions |
| 93 | + |
| 94 | +- Endpoint: `https://registry.terraform.io/v1/modules/Azure/{module}/azurerm/versions` |
| 95 | +- Example: `https://registry.terraform.io/v1/modules/Azure/avm-res-storage-storageaccount/azurerm/versions` |
| 96 | + |
| 97 | +### Version Pinning Best Practices |
| 98 | + |
| 99 | +- For providers: use pessimistic version constraints for minor version: `version = "~> 1.0"` |
| 100 | +- For modules: Pin to specific versions: `version = "1.2.3"` |
| 101 | + |
| 102 | +## Module Sources |
| 103 | + |
| 104 | +### Terraform Registry |
| 105 | + |
| 106 | +- **URL Pattern**: `https://registry.terraform.io/modules/Azure/{module}/azurerm/latest` |
| 107 | +- **Example**: `https://registry.terraform.io/modules/Azure/avm-res-storage-storageaccount/azurerm/latest` |
| 108 | + |
| 109 | +### GitHub Repository |
| 110 | + |
| 111 | +- **URL Pattern**: `https://github.com/Azure/terraform-azurerm-avm-{type}-{service}-{resource}` |
| 112 | +- **Examples**: |
| 113 | + - Resource: `https://github.com/Azure/terraform-azurerm-avm-res-storage-storageaccount` |
| 114 | + - Pattern: `https://github.com/Azure/terraform-azurerm-avm-ptn-aks-enterprise` |
| 115 | + |
| 116 | +## Development Best Practices |
| 117 | + |
| 118 | +### Module Usage |
| 119 | + |
| 120 | +- ✅ **Always** pin module versions |
| 121 | +- ✅ **Start** with official examples from module documentation |
| 122 | +- ✅ **Review** all inputs and outputs before implementation |
| 123 | +- ✅ **Enable** telemetry: `enable_telemetry = true` |
| 124 | +- ✅ **Use** AVM utility modules for common patterns |
| 125 | + |
| 126 | +### Code Quality |
| 127 | + |
| 128 | +- ✅ **Always** run `terraform fmt` after making changes |
| 129 | +- ✅ **Always** run `terraform validate` after making changes |
| 130 | +- ✅ **Use** meaningful variable names and descriptions |
| 131 | +- ✅ **Use** snake_case |
| 132 | +- ✅ **Add** proper tags and metadata |
| 133 | +- ✅ **Document** complex configurations |
| 134 | + |
| 135 | +### Validation Requirements |
| 136 | + |
| 137 | +Before creating or updating any pull request: |
| 138 | + |
| 139 | +```bash |
| 140 | +# Format code |
| 141 | +terraform fmt -recursive |
| 142 | + |
| 143 | +# Validate syntax |
| 144 | +terraform validate |
| 145 | + |
| 146 | +# AVM-specific validation (MANDATORY) |
| 147 | +export PORCH_NO_TUI=1 |
| 148 | +./avm pre-commit |
| 149 | +<commit any changes> |
| 150 | +./avm pr-check |
| 151 | +``` |
| 152 | + |
| 153 | +## Tool Integration |
| 154 | + |
| 155 | +### Use Available Tools |
| 156 | + |
| 157 | +- **Deployment Guidance**: Use `azure_get_deployment_best_practices` tool |
| 158 | +- **Service Documentation**: Use `microsoft.docs.mcp` tool for Azure service-specific guidance |
| 159 | +- **Schema Information**: Use `query_azapi_resource_schema` & `query_azapi_resource_document` to query AzAPI resources and schemas. |
| 160 | +- **Provider resources and resource schemas**: Use `list_terraform_provider_items` & `query_terraform_schema` to query azurerm resource schema. |
| 161 | + |
| 162 | +### GitHub Copilot Integration |
| 163 | + |
| 164 | +When working with AVM repositories: |
| 165 | + |
| 166 | +1. Always check for existing modules before creating new resources |
| 167 | +2. Use the official examples as starting points |
| 168 | +3. Run all validation tests before committing |
| 169 | +4. Document any customizations or deviations from examples |
| 170 | + |
| 171 | +## Common Patterns |
| 172 | + |
| 173 | +### Resource Group Module |
| 174 | + |
| 175 | +```hcl |
| 176 | +module "resource_group" { |
| 177 | + source = "Azure/avm-res-resources-resourcegroup/azurerm" |
| 178 | + version = "0.1.0" # use latest |
| 179 | +
|
| 180 | + enable_telemetry = true |
| 181 | + location = var.location |
| 182 | + name = var.resource_group_name |
| 183 | +} |
| 184 | +``` |
| 185 | + |
| 186 | +### Virtual Network Module |
| 187 | + |
| 188 | +```hcl |
| 189 | +module "virtual_network" { |
| 190 | + source = "Azure/avm-res-network-virtualnetwork/azurerm" |
| 191 | + version = "0.1.0" # use latest |
| 192 | +
|
| 193 | + enable_telemetry = true |
| 194 | + location = module.resource_group.location |
| 195 | + name = var.vnet_name |
| 196 | + resource_group_name = module.resource_group.name |
| 197 | + address_space = ["10.0.0.0/16"] |
| 198 | +} |
| 199 | +``` |
| 200 | + |
| 201 | +## Troubleshooting |
| 202 | + |
| 203 | +### Common Issues |
| 204 | + |
| 205 | +1. **Version Conflicts**: Always check compatibility between module and provider versions |
| 206 | +2. **Missing Dependencies**: Ensure all required resources are created first |
| 207 | +3. **Validation Failures**: Run AVM validation tools before committing |
| 208 | +4. **Documentation**: Always refer to the latest module documentation |
| 209 | + |
| 210 | +### Support Resources |
| 211 | + |
| 212 | +- **AVM Documentation**: `https://azure.github.io/Azure-Verified-Modules/` |
| 213 | +- **GitHub Issues**: Report issues in the specific module's GitHub repository |
| 214 | +- **Community**: Azure Terraform Provider GitHub discussions |
| 215 | + |
| 216 | +## Compliance Checklist |
| 217 | + |
| 218 | +Before submitting any AVM-related code: |
| 219 | + |
| 220 | +- [ ] Module version is pinned |
| 221 | +- [ ] Telemetry is enabled |
| 222 | +- [ ] Code is formatted (`terraform fmt`) |
| 223 | +- [ ] Code is validated (`terraform validate`) |
| 224 | +- [ ] AVM pre-commit checks pass (`./avm pre-commit`) |
| 225 | +- [ ] AVM PR checks pass (`./avm pr-check`) |
| 226 | +- [ ] Documentation is updated |
| 227 | +- [ ] Examples are tested and working |
0 commit comments