Provision and configure Azure VM in private subnet (file, remote-exec, cloud-init, etc.)

I’m fairly new to the Terraform and I’m setting up a basic multi-tier infrastructure composed of two Azure VMs:

  1. Web server (VM1) with public IP and private IP (subnet1)
  2. Data server (VM2) in private IP only (subnet2)

Both VM-s are based on the vanilla Ubuntu Linux images available on Azure.

Obviously, it’s very easy to provision (apt-get, Bash scripting, etc.) and configure the Web server using the file or remote-exec provisioners. I have also experimented with the clout-init for that purpose.


  • What is the recommended method to provision and the data server?
  • Is cloud-init the only option?

AFAIU, the Terraform provisioners running via SSH are not an option because the data server (VM2) is not available at public IP.

What I need to do is:

  • install some packages
  • upload/edit some configuration files
  • download some data files
  • start some services

I’m running Terraform on Windows host, so I did not try the Ansible yet, but AFAIU it operates via SSH, similarly to the Terraform file or remote-exec provisioners.