Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

Member-only story

How to Deploy an Azure PostgreSQL Flexible Server with Private Endpoint using Terraform

7 min readJun 30, 2024

--

Azure Database for PostgreSQL Flexible Server is a relational database service based on the open-source Postgres database engine. It’s a fully managed database-as-a-service that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability.

In this story, we will learn how to deploy an Azure PostgreSQL Flexible Server with a Private Endpoint using Terraform.

Azure PostgreSQL Flexible Server can be deployed in three ways:

  • Public Access (Allowed IP addresses): accessible from the internet, access can be restricted to specific IPs (good for dev and test environments) → check this story.
  • Public Access with Private Endpoint: accessible from the internet, access can be restricted to specific IPs (good for dev and test environments) — this story —
  • Private access (VNET Integration): very secure server connected to VNET and only accessible from servers located in Azure (best option for production applications) → check this story.

1. Defining the Azure Provider

First, we will define Azure authentication variables.

We will use a Service Principal with a Client Secret. Check the link below for more info about Azure authentication for Terraform: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret

variable "azure_subscription_id" {
  type        = string
  description = "Azure Subscription ID"
}

variable "azure_client_id" {
  type        = string
  description = "Azure Client ID"
}

variable "azure_client_secret" {
  type        = string
  description = "Azure Client Secret"
}

variable "azure_tenant_id" {
  type        = string
  description = "Azure Tenant ID"
}

Then, we will configure Terraform and the Azure provider:

# Define Terraform provider
terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
}

# Configure the Azure provider
provider "azurerm" { 
  features {}  
  environment     = "public"
  subscription_id = var.azure-subscription-id
  client_id…

--

--

Guillermo Musumeci

Written by Guillermo Musumeci

3.4K Followers
11 Following

Certified AWS, Azure & GCP Architect | HashiCorp Ambassador | Terraform SME | KopiCloud Founder | ex-AWS | Entrepreneur | Book Author | Husband & Dad of ✌

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech