Note:

QuickStart Oracle Database@Azure with Terraform or OpenTofu Modules

Introduction

Oracle Database@Azure is an Oracle Database service running on Oracle Cloud Infrastructure (OCI), colocated in Microsoft data centers, empowering you to use Oracle Database services with fastest connection to Azure resources. The multicloud onboarding involves multiple steps navigating between OCI and Microsoft Azure portal. This tutorial explains how to streamline the provision process by leveraging our reference implementation of Terraform or OpenTofu modules and templates, available in the GitHub repository of OCI multicloud landing zone for Microsoft Azure: terraform-oci-multicloud-azure.

Provision Process

Once you have completed the service purchase, you can start simplifying the provision process with Terraform or OpenTofu.

There are multiple steps an organization must perform to purchase, configure, and use the service in their Azure environment. Depending on your organization’s Azure configuration, policies, and procedures you may use some or all of the steps outlined in the figure below. The diagram below illustrates opportunities for Terraform or OpenTofu to simplify the provisioning process, eliminating manual steps performed in the Azure Portal and OCI Console.

Provisioning Process

To get a quickstart with using the Terraform templates and modules, typically you will have to go through these high level tasks.

Objectives

Prerequisites

Task 1: Fork and Clone the GitHub repository

Clone the terraform-oci-multicloud-azure repository and navigate to the appropriate template directory to get started. Alternatively, you can fork it first, which allows you to sync your copy with our latest updates later, or optionally contribute your updates via through a pull request.

Task 2: Initialize Terraform

Run terraform init or tofu init in your terminal to setup the local Terraform environment. Alternatively, you can configure Terraform with remote state by refer to documentations from Terraform, OCI or Azure for further details.

Task 3: Configure the Required Terraform Variables

Each template directory contains a terraform.tfvars.template file makes it easy for you to populate the required input variables. You can leverage it to construct your own variable definition file (for example, terraform.tfvars), or alternatively make use of other methods (for example, environment variables with TF_VAR_ prefix, or terraform CLI with -var parameters ) to setup the required variables.

Task 4: Authenticate to Azure and OCI

Since the terraform templates leverage both OCI and Azure terraform providers, you must login to each environment before provisioning. For example, oci session authenticate and az login. You can authenticate using alternative methods as stated in the linked OCI and Azure documentation.

Task 5: Review and Apply the Terraform Plan

After configuring your variables and authentication, run terraform plan or tofu plan to review the changes. Once you are satisfied with the plan, proceed by running terraform apply or tofu apply to provision the configurations.

Terraform Templates and Modules Coverage

The following table outlines the available Terraform templates, describes what they do and which modules they rely on. You can use them individually according to your situation, and you can combine them with Azure Verified Modules (AVM) for a more complex setup. For example, we have leveraged AVM for the Azure network configuration.

Template Configuration Modules
az-oci-sso-federation for SSO between OCI and Azure 1. Get service provider metadata from OCI IAM
2. Create a Microsoft Entra ID application
3. Set up SAML SSO for the Entra ID application
4. Set up Attributes and Claims in your new Entra ID application
5. Assign a Test User to the Entra ID application
6. Enable Entra ID as the Identity Provider (IdP) for OCI IAM
7. Set up Identity Lifecycle Management from Entra ID to OCI IAM		 oci-identity-domain
azure-ad



oci-identity-provider
azure-id-lifecycle
az-odb-rbac for RBAC of ExaDB and/or ADB-S 1. Create Azure role definition for ADB-S Administrator role
2. Create Azure groups
3. Create Azure role assignment		 azure-identity
az-oci-rbac-n-sso-fed for both SSO and RBAC enablement All the above All the above
az-oci-exa-pdb for Oracle Exadata Database Service 1. Configure Azure VNet with a delegated subnet for Oracle Database@Azure
2. Create Exadata Infrastructure
3. Create Exadata VM Cluster
4. Create Database Home
5. Create Container Database (CDB)
6. Create Pluggable Database (PDB)		 Azure/avm-res-network-virtualnetwork
azure-exainfra-vmcluster

oci-db-home-cdb-pdb


az-oci-adbs for Autonomous Database 1. Configure Azure VNet with a delegated subnet for Oracle Database@Azure
2. Create Oracle Autonomous Database		 Azure/avm-res-network-virtualnetwork
azure-oracle-adbs

Next Steps

This tutorial explained how you can use Terraform or OpenTofu in provisioning Oracle Database@Azure services. See the Related Links section for details about Oracle Database@Azure, automation effort, and more.

Let us know if you have any feature or enhancement request by creating a GitHub issue on our repository or engage with our OCI Multicloud Forum. We are eager to support your use case every step of the way.

Acknowledgments

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.