Skip to main content
Pure Technical Services

Using Terraform to Deploy Cloud Block Store in Azure

Currently viewing public documentation. Please login to access the full scope of documentation.


This document demonstrates the steps required to deploy Cloud Block Store in Azure using Terraform. 


Azure Prerequisites

A number of mandatory resources have to be checked and configured prior to deployment, please refer to the Cloud Block Store Deployment and Configuration Guide for Azure for more details on the following high-level steps: 

  • Have an Azure Active Directory Premium 2 license 
  • Set the appropriate User IAM roles and permissions 
  • Networking - Internet access using NAT GW or Azure Firewall 
  • Networking - service endpoint (CosmosDB and KeyVault) attached to the designated subnet
  • Cloud Block Store license key 

Terraform Prerequisites

Install Terraform

Download and install  the appropriate Terraform package for your operating system and hardware architecture via the link below:

Download Cloud Block Store Terraform provider files Edit section

Create a new directory for the Terraform deployment, and copy or download Terraform provider sample for CBS Azure (Three files shown on the screenshot)from the below link:



Authentication Azure

There are two ways to authenticate to an Azure account:

1. Azure CLI

Download and install the latest version of the Azure CLI tool via the link below:

For authentication, log in to the Azure CLI:

az login

And list the Subscriptions associated with the account:

az account list

if the user logging in has more than one Subscription. Specify the Subscription to be the default:

az account set --subscription="SUBSCRIPTION_ID"

2.Azure Service Principal

Terraform can be authenticated with a Service Principal in the provider configuration under file by adding the following:

provider "cbs" {
    azure {
        client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        client_secret = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"


By navigating to the downloaded Terraform sample, use any text editor to edit the terraform.tfvars file and fill the prerequisites. An example screenshot is provided below for additional guidance.



Variables Reference:

  1. array_name (Required) - Name of the array, and the name of the managed application.
  2. location (Required) - Azure location in which to deploy the array.
  3. resource_group_name (Required) - Name of the resource group in which to deploy the managed application.
  4. license_key (Required) - Pure Storage-provided license key.
  5. log_sender_domain (Required) - Domain name used to determine how CBS logs are parsed and treated by Pure Storage Support and Escalations.
  6. alert_recipients (Optional) - List of email addresses to receive alerts.
  7. array_model (Required) - CBS array size to launch. The possible values are V10MUR1 or V20MUR1.
  8. zone (Required) - The Availability Zone within the deployment location.
  9. virtual_network (Required) - Virtual network that contains the network interfaces of the array.
  10. management_subnet (Required) - Subnet containing the management interfaces on the array.
  11. system_subnet (Required) - Subnet for the system interface of the Array.
  12. iscsi_subnet (Required) - Subnet containing the iSCSI interfaces on the array.
  13. replication_subnet (Required) - Subnet containing the replication interfaces on the array.
  14. management_resource_group (Required) - Resource Group containing the Management Network Resources on the array.
  15. system_resource_group (Required) - Resource group name for the virtual network containing the system interfaces.
  16. iscsi_resource_group (Required) - The Resource Group containing the iSCSI Virtual Network.
  17. replication_resource_group (Required) - The Resource Group containing the Replication Virtual Network.
  18. groups (Required) - A list of Azure Active Directory groups that enable their users to approve JIT access requests.

Save the changes to the file, and open a terminal window and navigate to the Terraform deployment directory that has been created, and Run terraform init command to initialize the working directory.


Next, Run the terraform plan command to create the execution plan.



Finally, Run the terraform apply command to execute the plan and start deploying.


The Cloud Block Store deployment process takes around 10 to 15 minutes. Go to Azure Managed Applications, A new managed application should be created and in the deployment state.


Once the terraform apply command is complete, Run terraform show command to list the output information of the CBS deployment stack. This includes the management IP address that is used to log into the CBS.


More information can be found by logging to Azure console and navigating to Managed Application, then under the tab Parameters and Output. The Management IP address used to log in CBS is addressed as FloatingManagementIP.


Use the Management IP address to log into GUI Management Console via any browser. To access the CBS instance via CLI, refer to Logging onto CBS via CLI section in the Deployment and Configuration Guide.



Do not use the terraform destroy command to destroy Cloud Block Store instance deployed via Terraform. Please refer to Removing Cloud Block Store section in the Deployment and Configuration Guide and follow the instructions.