Views:

Deploy TrendAI Vision One™ resources to your Azure management group using Terraform commands directly, without using the deployment script.

This advanced deployment method allows you to run Terraform directly without using the mgmt_group_deploy.sh script. This approach is useful when you want to integrate the deployment into existing CI/CD pipelines or have specific requirements for how Terraform is executed in your environment.
Note
Note
For most deployments, using the mgmt_group_deploy.sh script is recommended as it handles Azure CLI operations and variable population automatically. Use this manual method only if you have specific requirements that prevent using the script.
Before you begin, ensure you have:
  • Terraform installed in your environment
  • Azure CLI installed and authenticated
  • Required permissions configured. For more information, see Azure management group required permissions.
  • Downloaded the Terraform template package from the TrendAI Vision One™ console

Procedure

  1. Download the template package from the TrendAI Vision One™ console to your target folder.
    Navigate to Cloud SecurityCloud AccountsAzure and follow the wizard to generate the template package.
  2. Extract the template package using the following command:
    unzip cloud-account-management-mgmt-group-package-v2-[timestamp].zip
    Note
    Note
    Replace [timestamp] with the actual timestamp in your downloaded file name.
  3. Navigate to the extracted folder.
  4. Edit the terraform.tfvars file to configure your deployment.
    1. Replace all placeholder values in the Vision One Configuration sections.
      The template includes placeholders marked with __PLACEHOLDER__ that must be replaced with your actual values.
    2. Uncomment and populate the Dynamic Configuration section with your subscription details:
      exclusion_list          = ["sub-to-exclude-1", "sub-to-exclude-2"]
primary_subscription_id = "your-primary-subscription-id"
subscription_ids        = ["primary-sub-id", "member-sub-id-1", "member-sub-id-2"]
subscription_name_map   = {
  "primary-sub-id"   = "Primary Subscription Name"
  "member-sub-id-1"  = "Member Subscription 1 Name"
}
  5. Initialize the Terraform backend.
    • For centralized state management, use the following command:
      terraform init \
  -backend-config="resource_group_name=vision-one-terraform-state" \
  -backend-config="storage_account_name=v1tfstate1a2b3c4d" \
  -backend-config="container_name=mgmt-group-state" \
  -backend-config="key=<management-group-id>/terraform.tfstate"
      Note
      Note
      Replace the storage account name and management group ID with your actual values.
    • For local state management, use the following command:
      terraform init -backend=false
  6. Review the planned changes using the following command:
    terraform plan
  7. Deploy the resources using the following command:
    terraform apply

Next steps

After deployment completes, verify the connection in the TrendAI Vision One™ console under Cloud SecurityCloud AccountsAzure.
Note
Note
When using manual deployment, you are responsible for:
  • Querying Azure for subscription lists using Azure CLI
  • Creating state storage resources if using centralized state management
  • Populating all variables in terraform.tfvars
  • Handling all Azure CLI authentication and operations