Terraform on Azure May 2024 Update
Welcome to our April 2024 update! These blogposts will be covering everything we’ve gotten up to recently with Terraform on Azure. We’ve got lots of exciting content to talk about this month. Look forward to the next update in June!
AzureRM provider
The AzureRM provider is a manual, stable, simplified experience co-owned by HashiCorp and Microsoft. Our teams are always adding new features and services to ensure that you can manage these when they are generally available (GA).
A few highlights to call out, though there are certainly more updates than this:
Support for Key Vault reference secrets in Container Apps (v3.98)
Support for Configuring Tables in Log Analytics (v3.86)
Fixing a bug with Linux function apps breaking when losing external WEBSITE_RUN_FROM_PACKAGE setting (v3.97)
Fixed a bug with App Service Certificates being unable to determine Key Vault Resource ID (v3.95)
Support for .NET 8.0 and Node 20 for Linux and Windows Function Apps (v3.96)
Fixed a bug with PIM Active and Eligible Role Assignments
Support for Customer Managed Keys with Managed HSM for Key Vault (v3.102.0)
Support for CMKs with MHSM for Storage Accounts (v3.102.0)
We’re currently on version 3.102 of the provider. For the latest updates, check out the release notes.
AzAPI provider
The AzAPI provider is a generative, automatic experience that gets you access to new Azure services, features, or APIs. Utilizing the provider and its peripheral VSCode extension is critical to your success if the latest and greatest is the focus of your team or organization.
Latest Updates
We’re happy to announce the release of AzAPI v1.13.1, which removes JSON through the implementation of dynamic schemas. Previously, AzAPI required JSON encoding and decoding to define properties within the body. The JSON has been replaced with dynamic schemas, which are defined the exact same way as before:
resource “azapi_resource” “automationAccount” {
type = “Microsoft.Automation/automationAccounts@2023-11-01”
parent_id = azapi_resource.resourceGroup.id
name = “example-automation-account”
location = “westeurope”
body = {
properties = {
encryption = {
keySource = “Microsoft.Automation”
}
publicNetworkAccess = true
sku = {
name = “Basic”
}
}
}
response_export_values = [“*”]
}
Dynamic schemas disambiguate changes within the properties; if a sensitive property is modified alongside other changes to the configuration, terraform plan will show changing properties that are not marked sensitive and not show sensitive properties. They also allow you to specify exactly what output properties you wish to see from the resource.
For examples and more scenarios, read more about dynamic schemas in our latest blogpost.
Usage Trends
We’re happy to see AzAPI eclipse 20M downloads! Thank you for your continued interest in the provider and we hope everyone continues to use it!
Data of snapshot from May 7th, 2024
Azure Verified Modules
Azure Verified Modules (AVM) is an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like. Got to https://aka.ms/avm to learn more.
Modules will then align to these standards, across languages (Bicep, Terraform etc.) and will then be classified as AVMs and available from their respective language specific registries.
The following Terraform modules have been released in February through April:
Kusto Clusters
Service Bus Namespace
Azure Databricks Workspace
Private DNS Zone
App Managed Environment
AVS Private Cloud
Cognitive Service
Virtual Machine Scale Set
Azure Container Registry
Bastion Host
Network Security Group
Public IP Address
Storage Account
Web/Function App
Static Web App
We would specifically like to call out the cognitive services module, which is used to manage the OpenAI service and other Azure AI services. The below code is all you need to get started:
terraform {
required_version = “>= 1.3.0”
required_providers {
azurerm = {
source = “hashicorp/azurerm”
version = “>= 3.7.0, < 4.0.0”
}
random = {
source = “hashicorp/random”
version = “>= 3.5.0, < 4.0.0”
}
}
}
provider “azurerm” {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
# This ensures we have unique CAF compliant names for our resources.
module “naming” {
source = “Azure/naming/azurerm”
version = “>= 0.3.0”
}
# This is required for resource modules
resource “azurerm_resource_group” “this” {
location = “East US”
name = “avm-res-cognitiveservices-account-${module.naming.resource_group.name_unique}“
}
resource “random_pet” “pet” {}
module “avm-res-cognitiveservices-account” {
source = “Azure/avm-res-cognitiveservices-account/azurerm”
version = “0.1.1”
kind = “OpenAI”
location = azurerm_resource_group.this.location
name = “OpenAI-${random_pet.pet.id}“
resource_group_name = azurerm_resource_group.this.name
sku_name = “S0”
cognitive_deployments = {
“gpt-4-32k” = {
name = “gpt-4-32k”
model = {
format = “OpenAI”
name = “gpt-4-32k”
version = “0613”
}
scale = {
type = “Standard”
}
}
}
}
The current list of AVM resource modules stands at 31 and the number of pattern modules is currently 5. For a list of available modules, as well as corresponding registry links, please visit Terraform Modules | Azure Verified Modules. This list also includes a list of planned modules that the team is prioritizing in the coming months.
Head over to If you wish to learn more, check out John Savill’s video.
Community
The Terraform on Azure community is a key investment for our team in bringing the latest product updates, connecting you with other Terraform on Azure users, and enabling you to engage in ongoing feedback as we aim to improve your Terraform experience on Azure. This section will consistently speak on community related feedback or engagements. As always, register to join the community at https://aka.ms/AzureTerraform and the slack at https://aka.ms/joinaztfslack!
Community Calls
The March community call featured our very own Matt White and Arkahna’s Simone Bennett. Both presenters collaborated on a deep dive into the Azure Landing Zone (ALZ). Watch the recording below:
The May community call will be with just the Azure Terraform team, as we have a lot of exciting updates to share and also want feedback from the Terraform on Azure community. Join us on 5/16 at 10 am PT! https://aka.ms/aztfcc
Docs
In the last few months, we have modified the structure of Terraform overview page for simplicity and better user experience. Meanwhile, we have released two new Terraform articles:
Create VNet NAT Gateway
Azure Virtual Network with Private Endpoint
Microsoft Tech Community – Latest Blogs –Read More