Blog Post

Azure Tools Blog
6 MIN READ

Terraform on Azure August 2023 Update

stevenjma's avatar
stevenjma
Icon for Microsoft rankMicrosoft
Aug 29, 2023

Welcome to our August Terraform on Azure bimonthly update! We hope the first update was helpful towards giving you insights in to what the product team has been working on. We’ll once again open with updates in our major investment areas, then close with upcoming goals or plans. We will be aiming for the next update in October!

 

AzureRM provider

The resources exposed by the AzureRM provider are what most customers think of and include in their configurations when managing Azure infrastructure with Terraform. Azure is always adding new features and services so we work hard to ensure that you can manage these when they are generally available (GA).

 

While there are no specific AzureRM updates that the team would explicitly like to call out at this time, make sure to always check out the GitHub releases page for the latest updates! We are currently on v3.71 of the provider.

 

AzAPI provider

The AzAPI provider is a thin layer on top of the Azure ARM REST APIs. The AzAPI provider enables you to manage any Azure resource type using any API version. This provider complements the AzureRM provider by enabling the management of new or existing Azure resources and properties (including private preview). The AzAPI provider, along with the VsCode extension, language server and migration tool are critical tools to keep in your IaC toolbox to ensure that you can manage all of your Azure infrastructure using Terraform.

 

Latest Updates

Since the last update in June, we have been hard at work adding features and functionality that you have asked for and some that you didn’t even know you needed until now.

  • We have added the ability to define default naming, including full names, prefixes, and postfixes, for your resources.  See AzAPI provider documentation for full details. Using this functionality, you can easily add your environment / workspace as a prefix to your resource names:

 

Result from terraform plan:

 

  • One of the best ways to get started with managing different resources is by referencing examples. In addition to the comprehensive documentation that already exists for resourc types, we have added a huge set of examples that you can use to get starte manage everything from API management resources to Web resources and everything in between.
  • Added a new resource that allows you to manage data plane resources like KeyVault storage, Synapse workspace libraries, etc. This set of data plane resources can be managed with this new resource.
  • We have extended the power of the azapi_resource_action to allow management of provider level actions. If you combine this with the new `checks` functionality of Terraform you can accomplish some very powerful results like checking a name of a Redis Cache is valid before creating it.

 

  • Azure is always changing and although you can always manage new features and services as soon as they are released with the AzAPI provider, we want to ensure that your authoring experience is as streamlined as possible. To this end we regularly update the types to include the latest APIs and new Azure resource types.
  • The above new features just scratch the surface of everything that we have added to the provider so check out the full list of updates (CHANGELOG.md) and the provider reference documentation for details on:
    • azapi_resource_list data source – list all resources of specific type under a scope
    • azapi_resource & azapi_update_resource now support “ignore_changes”
    • Simplified experience when managing resource groups: hint no need to provide parent_id property.
    • Much more…

Usage Trends

We are continuing to see very healthy growth of the provider which is nearing 6 million downloads over all time!

 

Data of snapshot from August 11, 2023

 

Verified Modules 

Have you ever encountered below problems related to modules: 

  • Modules are out of date, not actively supported, and no longer functional
  • Cannot override some module logic without modifying the source code
  • Get confused when you see multiple modules with similar functions
  • When calling various modules, inconsistencies exist that cause instability to existing infrastructure

To help tackle the above problems and more, the Azure Terraform team has established a verified module testing pipeline, and only those modules that have passed this pipeline will be marked as “verified”. This pipeline ensures consistency and best practices across verified multiple modules, reduces breaking changes, and avoids duplication to empower the “DRY” principle.

 

Latest Updates

The team has released the Container Apps module and is excited to give you the opportunity to try and use it for your container app scenarios. Check out the module here: https://registry.terraform.io/modules/Azure/container-apps/azure/latest

Furthermore, we plan to release the Key Vault module with private endpoint function next month, so make sure to stay tuned for that.

 

Community 

The Terraform on Azure community is a key investment for our team in bringing the latest product updates, connecting you with other Terraform on Azure users, and enabling you to engage in ongoing feedback as we aim to improve your Terraform experience on Azure. This section will consistently speak on community related feedback or engagements. As always, register to join the community at https://aka.ms/AzureTerraform and the slack at https://aka.ms/joinaztfslack!

 

Community Calls

The next Terraform on Azure community call is 8/30 at 9:30 am PT. The team is pleased to have guest Zuhair Ahmed from MongoDB, who will be talking about how MongoDB Atlas and its journey with Terraform on Azure. Register at our new link for all future community call registrations: https://aka.ms/aztfcc

 

Docs 

Since our last update, we have published the following new and updated articles:

  • Networking:
    • Quickstart: Create a mesh network topology with Azure Virtual Network Manager using Terraform
  • Compute:
    • Quickstart: Use Terraform to create a Linux VM
    • Quickstart: Use Terraform to create a Windows VM
    • Quickstart: Create a Windows VM cluster in Azure using Terraform
  • Security:
    • Quickstart: Create an Azure Attestation provider with Terraform
    • Quickstart: Create an Azure Front Door (classic) using Terraform
    • Quickstart: Create an Azure Front Door Standard/Premium profile using Terraform

 

Terraform at Scale

Subscription Vending Machine Terraform Module 3.4.0 release

We are thrilled to announce the release of the new 3.4.0 version of the Azure subscription vending Terraform module! You can now create user-assigned managed identities (UMIs) for your developers, which is the newly recommended way to give your team access to their new subscription. UMIs don't require shared credentials and are therefore more secure than using secrets. Also, Thank you to Koen Rottiers for contribution on Virtual Network module to include support for the newly released routing intent feature.

https://aka.ms/lz-vending/tf

 

User-Assigned Managed Identities (UMIs)

You can now create user-assigned managed identities (UMIs) for your developers, which is the new recommended way to give your team access to their new subscription. UMIs don't require shared credentials and are therefore more secure than using secrets.
UMIs support assignment to self-hosted CI/CD runners, as well as OpenID Connect federated credentials for cloud-based CI/CD, like GitHub Actions or Terraform Cloud.

 

CAF Module v4.1.0

The Azure Terraform CAF module v4.1. was released late last month, with policy definition updates and a number of fixes to previous bugs. Visit the GitHub page for more info: https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/releases/tag/v4.1.0

 

Hub Networking Terraform module v1.1.0

This module can greatly simplify the creation of multi-hub network architectures, specifically around routing and peering. It integrates into the subscription vending module, which can attach the spoke networks to the hubs created by this module. Together these modules provide you with a complete hub and spoke network solution.

Terraform Registry - Hub Networking

 

Packer Plug-In v2.0.0

The Packer Azure plugin enables users to build Azure VHDs, Managed Images, and Compute Gallery (Shared Image Gallery) images. It is one of the most popular ways to build Azure Operating System images and is used by Azure via the Azure Image Builder

We're excited to announce the release of version 2.0.0 of the Azure Packer Plugin, with this release we have migrated from the deprecated version of Azure SDK for Go to an SDK maintained by HashiCorp called `hashicorp/go-azure-sdk` which is generated from/based on the Azure API definitions, this SDK is also already used by the Terraform Azure Provider. After this update many of the authorization options that the Terraform Azure Provider support are supported by the Packer plugin, such as OIDC Providers, and PKCS#12 certificates.

Updated Aug 29, 2023
Version 3.0
No CommentsBe the first to comment