Sign in Subscribe
Terraform Featured

Automating Azure SFTP deployment with Terraform

Learn how to deploy Azure SFTP using Terraform for a fast, repeatable, and version-controlled setup. Includes GitHub code and customisation tips.

Sarah Lean

3 min read
Automating Azure SFTP deployment with Terraform
Automating Azure SFTP deployment with Terraform

In a previous blog, I walked through how to set up SFTP on Azure step-by-step through the Azure Portal. That’s a great way to get familiar with the service, but if you're deploying this regularly, across different environments, for multiple clients, or as part of a DevOps process, you need a way to automate it.

That’s where Terraform comes in. 

Terraform is an Infrastructure as Code (IaC) tool that allows you to define and deploy Azure resources using configuration files.  This means you can create your Azure SFTP setup in a version controlled way and replicate it in multiple environments with minimal effort.

The Terraform Code

I’ve published a GitHub repository containing the Terraform configuration you need to create:

  • An Azure resource group
  • A premium block blob storage account
  • SFTP enabled on that storage account
  • A local SFTP user with password authentication
  • An initial container for file storage

You can clone the repo and follow the tutorial below to deploy the SFTP setup to suit your needs. 

git clone https://github.com/weeyin83/sftp-azure-terraform.git
cd sftp-azure-terraform

Pre-requisites

  • An Azure subscription
  • Basic understanding of Azure
  • Basic understanding of Terraform
  • Visual Studio Code (or similar) installed on your machine
  • Azure CLI installed on your machine
  • Terraform installed on your machine

Customising the deployment

Within the GitHub repo I have created the following files:

  • main.tf - Main Terraform configuration
  • variables.tf - Variable definitions
  • outputs.tf - Output definitions

Within the variables.tf file, I have defined defaults for each variable that needs inputs. You can either change that file directly, or, the way I prefer to work, create a .tfvars file and define the variable details there.

To do that, create a new file and name it something like prod.tfvars.

Within the file copy the following and then replace them with values that make sense for your deployment

location = "yourazurelocation"
account_replication_type = "LRSorZRS"
container_name = "containername"
sftp_local_user = "username"
tag_environment = "environmentname"
tag_project = "projectname"
tag_creator = "creatorname”
azure_subscription_id = "azuresubscriptionid"

With this file in place we can start to deploy the Terraform code. Ensure that you are are logged into your Azure environment through your command line tool.  First, run terraform init in the command line. This will download any required providers needed to deploy the Terraform code.

Then run terraform plan -var-file="prod.tfvars". This will plan out any changes and new resources that need created within your environment to match the template file.

Then you can run terraform apply -var-file=”prod.tfvars”, if you add on -auto-approve then it will deploy the resources without any further prompts or confirmation from yourself.

💡
If you need a refresher on Terraform and the deployment process you can check out my "Introduction to Terraform” blog post.

Once the deployment is finished, the console will output the SFTP hostname and username you need to connect. The password will not be shown initially, as it is a sensitive value.

Terraform output
Terraform output

To see the password you can type the following into the console:

terraform output -raw sftp_password

This will display the password in clear text for you. 

You have now created the Azure SFTP setup and have the information required to connect to it and upload, download and share files.

Managing costs

Just like I mentioned in the manual setup guide, remember SFTP in Azure costs $0.30/hour while it’s enabled. If you don’t need it running 24/7, consider automating the enable/disable process. This can be handled with the Azure CLI, PowerShell, an Azure Automation Runbook, or you could even re-run the Terraform template, changing line 69 of the main.tf file to “false” to disable the SFTP feature.

Wrapping Up

Using Terraform to deploy Azure SFTP means you can spin up secure file transfer endpoints quickly and consistently.  However, if you are new to the Azure SFTP offering, I recommend checking out my original blog post for a deeper explanation of what SFTP is, how Azure supports it, and how to connect.