This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Welcome to our first ever Terraform on Azure update! Over the months we have noticed that you want to know about the latest investments our team is making, but don’t know where to go to find that. We will usually open with updates in our major investment areas, then close with upcoming goals or plans. We hope that through these updates you are given a convenient way to learn about and relay important information to your teams/colleagues about Terraform on Azure. We will be aiming for the next update in April!
Special thanks to Tom Archer and Rob Kuehfus for contributing to publishing this article.
The resources exposed by the AzureRM provider are what most customers think of and include in their configurations when managing Azure infrastructure with Terraform. Azure is always adding new features and services so we work hard to ensure that you can manage these when they are generally available (GA).
A new version of the provider is released weekly that includes bug fixes, enhancements and net new resources and data sources. Since the beginning of 2023, we have added 34 new resources and 19 new data sources covering Azure services ranging from networking to security to machine learning and many more. Version 3.43.0 of the provider released on February 9, 2023, included support for the top requested new Azure service coverage, Container Apps. We are super excited to enable you to easily manage Container Apps using Terraform.
For a full list of updates to the AzureRM provider check out terraform-provider-azurerm/CHANGELOG.md at main · hashicorp/terraform-provider-azurerm (github.com)
The AzAPI provider is a thin layer on top of the Azure ARM REST APIs. The AzAPI provider enables you to manage any Azure resource type using any API version. This provider complements the AzureRM provider by enabling the management of new or existing Azure resources and properties (including private preview). The AzAPI provider, along with the VsCode extension, language server and migration tool are critical tools to keep in your IaC toolbox to ensure that you can manage all of your Azure infrastructure using Terraform. As part of this update, we will be sure to keep you up to date with what is new, what is on the horizon and how customers are using this provider.
At the end of last year (2022), we released comprehensive documentation for the AzAPI provider so that you can easily learn about any resource type and the associated properties.
Added the azapi_resource_action for managing API operations / actions such as listing all of the vm instances that are part of a vm scale set. The resource opens up scenarios that were just not possible previously.
We have added support for additional methods to authenticate to Azure including:
- OIDC authentication (more info) - This will allow more integrated authentications when triggering Terraform runs from GitHub Actions and similar SSO (single sign-on) scenarios.
- Support client_certificate_password option (more info) - This allows you to use a client certificate that is protected by a password to authenticate a Terraform run.
Azure is always changing and although you can always manage new features and services as soon as they are released, we want to ensure that your authoring experience is as streamlined as possible. To this end we regularly update the types to include the latest APIs and new Azure resource types.
For a full list of updates to the AzAPI provider check out terraform-provider-azapi/CHANGELOG.md at main · Azure/terraform-provider-azapi (github.com)
We are seeing incredible growth in downloads of the provider with more than 1.7 million total since our release.
Data snapshot from February 8, 2023
This blog post (How to Deploy Azure Container Apps with Terraform) is not a success story per se but a splendid example for how you can use the AzAPI provider to manage resources and features that were not yet included in the AzureRM provider.
Note: Support for Container Apps has been added to the Azure RM provider since the referenced blog was published. You can learn more about how you would migrate from AzAPI provider to AzureRM provider using our azapi2azurerm migration tool.
We would love to hear your feedback and experiences with the AzAPI provider. If you would like to share them with us, please fill out this short survey: https://aka.ms/tf/azapiSurvey
Many of you may be familiar with the name Azure Terrafy. Due to community feedback, we have worked hard to find a new name for this tool and are happy to announce the name moving forward will be Microsoft Azure Export for Terraform! This tool still seeks to ease the translation of Terraform and Azure concepts between each other. Whether it’s exporting your code into a new environment or creating repeatable code from an existing environment, we believe the tool provides functionality that simplifies tougher processes. This section will typically cover our latest features/updates in addition to some trends in usage, as well as a success story from one of our members of the community!
The team has been conducting interviews with you within the community and taking your feedback to iterate on some last changes in the workflow. We’ve also simultaneously been in the process of finalizing documentation that covers core scenarios and use cases, which once finished will be published on MS Learn and linked to the Terraform GitHub repo with code examples. Here’s a preview snippet:
The team is working hard to implement new changes per our last round of user studies and publish documentation, in addition to making the name change. The current ETA for the official announcement with the new names, binaries, packages, features, and docs is March. We hope you’re looking forward to it as much as we are!
Jeremy, a cloud architect, has found tremendous success in tackling manual modification processes on complex older services by utilizing Azure Export for Terraform for his work! To hear him share about his success story, watch his presentation during the Terraform on Azure community call here: https://aka.ms/TerraformAzureFebCommunityCall
Have you ever encountered these below problems related to Terraform modules?
- Modules are out of date, not actively supported, and no longer functional
- You cannot override some module logic without modifying the source code
- Confusion when you see multiple modules with similar functions
- When calling various modules, inconsistencies exist that cause instability to existing infrastructure
- So on and so forth...
To help tackle the above problems and more, the Azure Terraform team has established a verified module testing pipeline, and only those modules that have passed this pipeline will be marked as “verified”. This pipeline ensures consistency and best practices across verified multiple modules, reduces breaking changes, and avoids duplication to empower the “DRY” principle. In the future, we will regularly update what's new in the verified modules section and might introduce you to successful user stories.
After comprehensive customer interviews and data analytics, we have now released eight verified modules with the highest priority. Below is the list of verified modules we have released, and you can also see the comprehensive information from our official verified modules GitHub : Azure/terraform-azure-modules: Azure verified modules for Terraform (github.com).
Please note that this GitHub repository is still a work in progress, and we will post the exact downloads of each module soon.
Meanwhile, we have created a contribution process to help you better get involved in the verified modules community. Simply refer to the contribution guidance, codex, and verified modules template to understand the structure of verified modules and best practices Azure/terraform-azure-modules: Azure verified modules for Terraform (github.com) when creating PRs or issues. We are hoping you become one of the proactive contributors to the Azure Terraform verified modules community!
The Terraform on Azure community is a key investment for our team in bringing the latest product updates, connecting you with other Terraform on Azure users, and enabling you to engage in ongoing feedback as we aim to improve your Terraform experience on Azure. This section will consistently speak on community related feedback or engagements. As always, register to join the community at https://aka.ms/AzureTerraform!
Recent Community Feedback
You may have participated in recent rounds of feedback we’ve conducted regarding your Terraform on Azure experience. We’d like to extend a thank you to everyone who helped provide their feedback. In the spirit of transparency, the team would like to relay what you, the community, shared as areas of delight and concern:
Our team is delighted to know that many of you have found the AzureRM provider to have improved significantly over the last few years. At the same time, we see your concerns with the provider and will continue to invest to address these concerns. We are always aiming to bring new functionality within Azure to Terraform as quickly as possible and continue providing a first-class experience.
If you want to join our community, join us at https://aka.ms/AzureTerraform! The next community call info can be found in the upcoming announcements section.
We just had a wonderful Terraform on Azure community call on Monday! The recording of the event is at https://aka.ms/TerraformAzureFebCommunityCall and we hope you give it a watch. One important announcement we made during the call was the fact that we were going to release these bimonthly updates; make sure to join the next one to get other early sneak peeks on new info!
We are also taking applications to co-present with us at the next community call! Our only prerequisite is that you are a member of the community. If you are interested, fill out our form at https://aka.ms/aztfccspeakers and we will reach out if we like your topic! Don’t worry if you don’t get picked for the next one; we will keep your talk on file and may reach out later.
We’ve received valuable feedback from customers regarding ways to improve the Terraform experience on Azure. To that end, there are several behind-the-scenes documentation efforts in process. One of those tasks is to increase the percentage of Azure services that have Terraform documentation. The goal is to have a Terraform QuickStart article for every appropriate Azure service. An associated task is to improve the discoverability of Terraform articles. This task will allow you to easily find and compare solutions across different technologies: Azure PowerShell, Azure CLI, ARM Templates, Bicep, and Terraform. There’s a lot of exciting stuff going on for Terraform documentation, and we hope to share tangible results in our next update!
Azure Landing Zones – Terraform Module
Azure landing zones is the reference architecture for your Azure platform and governance architecture within your tenant. Covering prescriptive guidance on everything from Management Groups, Azure Policies, RBAC, Hub Networking, Log Analytics and more, Azure landing zones are a fundamental requirement for all customers who are at any stage of their Azure journey.
As many of you may be aware we have a Terraform module available to help you deploy, manage and operate your Azure landing zone deployment available via the HashiCorp registry here.
You can also find the source-code, issues and wiki on the associated GitHub repository: Azure/terraform-azurerm-caf-enterprise-scale
Finally, for this blog post update, we would recommend that you check out our Azure Architecture Center page for the Azure landing zones Terraform module, which also includes the Azure Enablement Show YouTube videos we recorded recently on using the module.
Subscription Vending – Terraform Module
This module accelerates Azure Subscription creation, with the required resources to integrate with your core landing zone infrastructure, like Azure landing zones. It uses the AzAPI provider, as mentioned earlier in this blog, to enable efficient provisioning of resources across scopes without having to declare multiple provider blocks.
We support Virtual Network creation with Virtual WAN Connections or peering to another Virtual Network, for example your Hub Virtual Network. We also support making role assignments to the created Subscription and set the Management Group placement for the Subscription, plus much more!
The module also supports existing Subscriptions should you wish to deploy platform resources to them and manage all your Subscriptions in the same way.
This module is gaining awesome traction now with over 5,000 downloads from the HashiCorp registry since its release in late 2022.
Checkout the module here on the HashiCorp registry: aka.ms/lz-vending/tf