Azure Backend Config

Terraform Providers Azure
1

Main.tf

provider “azurerm” {
version = “=1.44.0”
subscription_id = “AzureSubscriptionIDGoesHere”
}

terraform {
backend “azurerm” {}
}

resource “azurerm_resource_group” “state-demo-secure” {
name = “state-demo”
location = “eastus”
}

Backend.tfvars

storage_account_name = “StorageAccountName”
resource_group_name = “ResourceGroupName”
container_name = “StorageContainerName”
key = “DEV\terraform.tfstate”
access_key = “AccessKeyFromStorageAccountGoesHere”

When I execute:

terraform init -backend-config="backend.tfvars"

The terminal then displays the below error message:
Initializing the backend…

Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Error refreshing state: storage: service returned error: StatusCode=400, ErrorCode=, 
ErrorMessage=Response body could no be unmarshaled: invalid character '<' looking for 
beginning of value. Body: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 
4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>
., RequestInitiated=Wed, 19 Feb 2020 13:30:00 GMT, RequestId=, API Version=, 
QueryParameterName=, QueryParameterValue=
2

Could you try removing the backslash from key = "DEV\terraform.tfstate. I get the exact same error when I add a backslash to key in my backend configuration file.

terraform init -backend-config=config/prod_backend.tfvars

Initializing the backend...
Error refreshing state: storage: service returned error: StatusCode=400, ErrorCode=, ErrorMessage=Response body could no be unmarshaled: invalid character '<' looking for beginning of value. Body: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>
., RequestInitiated=Wed, 19 Feb 2020 19:34:33 GMT, RequestId=, API Version=, QueryParameterName=, QueryParameterValue=
3

That does not fix the issue.

If I run terraform init -backend-config=backend.tfvars, I then get the error message of:

Terraform initialized in an empty directory!

The directory has no Terraform configuration files. You may begin working
with Terraform immediately by creating Terraform configuration files.

Which is wrong because I have everything (main.tf and backend.tfvars in the root)

And if I just execute

terraform init

I get the red HTML error

4

@tongpu

In order for my code in the orginal post to work, I did the following:

  1. Upgraded the version of terraform I was using from 0.12.10 to 0.12.21
  2. Upgraded the Azure CLI
  3. Remove terraform { backend “azurerm” {} } from main.tf
  4. Changed Backend.tfvars to Backend.tf
  5. Created a new App Registration in Azure AD
    • Azure Active Directory → App Registrations → New Registration
    • Create Client Secret for new App Registration
    • Add app registration to specific Azure Subscription under Access Control (IAM) - Add - Add Role Assignemnt
      • Added app registration as an Owner of that subscription
  6. Configured Backend.tf as follows:

terraform {

backend “azurerm” {

storage_account_name = “storageAccountName”
resource_group_name = “resourceGroupName”
container_name = “storage container”
key = “folder within storage container\nameOfFile.tfstate”
client_id = “id of app registration”
client_secret = “client secret of app registration”
subscription_id = “Azure subscription ID”
tenant_id = “Azure tenant ID”
}
}

  1. Within main.tf, configured the Azure provider as follows:

provider “azurerm” {

version = “=1.44.0”
subscription_id = “Azure subscription ID”
client_id = “id of app registration”
client_secret = “client secret of app registration”
tenant_id = “Azure tenant ID”
}

I have confirmed these changes work within numerous repos in our Azure Subscriptions