Using GitHub and Terraform to deploy Azure resources – Part 2


In this part of the blog series, I want to focus on the GitHub Actions I created in the first part and explain what the Action performs. I will also add the vNet resources to my deployments.

GitHub Actions explained

To explain what is going on in the GitHub Action, I have added comments to each code section.

# Name of the action
name: rg-connectivity-001

# Controls when the workflow will run
  # Triggers the workflow on changes to the terraform files in the path
  # Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001/
  # Action will only trigger on the main branch
      - 'Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001/*.tf'
      - main
  # Allows you to run this workflow manually from the Actions tab

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
  # This action only has one job called Connectivity
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    # Setting environment variables
    # Variables are used by Terraform to authenticate to Azure
      ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
      ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
    # Steps represent a sequence of tasks that will be executed as part of the job
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      # Initialize Terraform
      - name: 'Terraform init'
        id: init
        run: |
          cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
          terraform init          

      # Create Terraform plan
      - name: 'Terraform plan'
        id: plan
        run: |
          cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
          terraform plan          
      # Deploy the planned resources to Azure using Terraform
      - name: 'Terraform apply'
        id: apply
        run: |
          cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
          terraform apply -auto-approve          


You might have noticed that I have added a few things to the actions since part 1, but please update your Actions with these changes if you haven’t. The main difference is adding the filter “braches: main,” the rest is cosmetic and only comments.

Creating the vNet, subnets and NSGs

The vNet in my hub network will contain just two subnets, one called GatewaySubnet and one called AzureFirewallSubnet. I have updated my variables to create these and files for the rg-connectivity-001 resource group.

variable "Location" {
    type        = string
    default     = "WestEurope"  

variable "ResourceGroup" {
    type        = string
    default     = "rg-connectivity-network-001"   

variable "vnet" {
  type = any
  default = {
    "vNetName"                      = "vnet-connectivity-001"
    "address_space"                 = [""]
variable "Subnets" {
    type = any
    default = {
        "GatewaySubnet" = {
            "name"      = "GatewaySubnet"
            "prefix"    = [""]
            "routeTable" = "rt-vnet-connectivity-gateway-001"
        "FirewallSubnet" = {
            "name" = "AzureFirewallSubnet"
            "prefix" = [""]
            "routeTable" = "rt-vnet-connectivity-firewall-001"

resource "azurerm_resource_group" "resourcegroup" {
    name        = var.ResourceGroup
    location    = var.Location

resource "azurerm_virtual_network" "vnet" {
  name                = var.vnet.vNetName
  address_space       = var.vnet.address_space
  location            = azurerm_resource_group.resourcegroup.location
  resource_group_name =


resource "azurerm_subnet" "subnets" {
  for_each = var.Subnets
  name                 = each.value["name"]
  resource_group_name  =
  virtual_network_name =
  address_prefixes     = each.value["prefix"]
  depends_on = [

Deployment of network resources

To deploy my updated code, I don’t need to do much. I need to commit my updated files to my main branch in GitHub; the rest will happen automatically via the GitHub actions.

I have worked in a new branch that allows me to commit code to GitHub without updating resources in Azure. Working with branches enables me to update my repository often, ensuring that I can revert to previous code with minimal changes.


I can now complete this second part of the blog series. I now have some network resources in my environment, and I also got to explain what goes on in the GitHub Actions.

Any feedback is welcome, so reach out on Twitter or LinkedIn, so I can fix any errors or optimize the code I am using.

Part 1:

Part 3:

Part 4:

Part 5:

Link for all the code in this post

I have put all the code used in this blog post on my GitHub repository so you can download or fork the repository if you want to.

This blog is part of Azure Week. Find more great Azure content here.

About the Author:

I’m a Cloud Solution Specialist with expertise within Azure, Microsoft infrastructure services like DNS, DHCP, Domain services etc., Citrix Virtual Apps and Desktops and Citrix Cloud and automation with PowerShell.

I have over 15 years of experience working with IT and I have been working with both SMB companies and Enterprises. Through working with both I have gotten an insight into what is needed for each type of company and how it is best to do changes to IT within them.


Therkelsen, M. (2022). Using GitHub and Terraform to deploy Azure resources – Part 2. Available at: [Accessed: 12th July 2022].

Share this on...

Rate this Post: