Welcome to our April 2024 update! These blogposts will be covering everything we've gotten up to recently with Terraform on Azure. We’ve got lots of exciting content to talk about this month. Look forward to the next update in June!

 

AzureRM provider

 

The AzureRM provider is a manual, stable, simplified experience co-owned by HashiCorp and Microsoft. Our teams are always adding new features and services to ensure that you can manage these when they are generally available (GA).

A few highlights to call out, though there are certainly more updates than this:

• Support for Key Vault reference secrets in Container Apps (v3.98)
• Support for Configuring Tables in Log Analytics (v3.86)
• Fixing a bug with Linux function apps breaking when losing external WEBSITE_RUN_FROM_PACKAGE setting (v3.97)
• Fixed a bug with App Service Certificates being unable to determine Key Vault Resource ID (v3.95)
• Support for .NET 8.0 and Node 20 for Linux and Windows Function Apps (v3.96)
• Fixed a bug with PIM Active and Eligible Role Assignments
• Support for Customer Managed Keys with Managed HSM for Key Vault (v3.102.0)
• Support for CMKs with MHSM for Storage Accounts (v3.102.0)

We’re currently on version 3.102 of the provider. For the latest updates, check out the release notes.

 

AzAPI provider

 

The AzAPI provider is a generative, automatic experience that gets you access to new Azure services, features, or APIs. Utilizing the provider and its peripheral VSCode extension is critical to your success if the latest and greatest is the focus of your team or organization.

 

Latest Updates

 

We’re happy to announce the release of AzAPI v1.13.1, which removes JSON through the implementation of dynamic schemas. Previously, AzAPI required JSON encoding and decoding to define properties within the body. The JSON has been replaced with dynamic schemas, which are defined the exact same way as before:

resource "azapi_resource" "automationAccount" {
  type      = "Microsoft.Automation/automationAccounts@2023-11-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "example-automation-account"
  location  = "westeurope"
  body = {
    properties = {
      encryption = {
        keySource = "Microsoft.Automation"
      }
      publicNetworkAccess = true
      sku = {
        name = "Basic"
      }
    }
  }
  response_export_values = ["*"]
}

Dynamic schemas disambiguate changes within the properties; if a sensitive property is modified alongside other changes to the configuration, terraform plan will show changing properties that are not marked sensitive and not show sensitive properties. They also allow you to specify exactly what output properties you wish to see from the resource.

 

For examples and more scenarios, read more about dynamic schemas in our latest blogpost.

 

Usage Trends

 

We’re happy to see AzAPI eclipse 20M downloads! Thank you for your continued interest in the provider and we hope everyone continues to use it!

 

Data of snapshot from May 7th, 2024

 

Azure Verified Modules

 

Azure Verified Modules (AVM) is an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like. Got to https://aka.ms/avm to learn more.

Modules will then align to these standards, across languages (Bicep, Terraform etc.) and will then be classified as AVMs and available from their respective language specific registries.

The following Terraform modules have been released in February through April:

• Kusto Clusters
• Service Bus Namespace
• Azure Databricks Workspace
• Private DNS Zone
• App Managed Environment
• AVS Private Cloud
• Cognitive Service
• Virtual Machine Scale Set
• Azure Container Registry
• Bastion Host
• Network Security Group
• Public IP Address
• Storage Account
• Web/Function App
• Static Web App

We would specifically like to call out the cognitive services module, which is used to manage the OpenAI service and other Azure AI services. The below code is all you need to get started:

terraform {
  required_version = ">= 1.3.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.7.0, < 4.0.0"
    }
    random = {
      source  = "hashicorp/random"
      version = ">= 3.5.0, < 4.0.0"
    }
  }
}

provider "azurerm" {
  features {
    resource_group {
      prevent_deletion_if_contains_resources = false
    }
  }
}


# This ensures we have unique CAF compliant names for our resources.
module "naming" {
  source  = "Azure/naming/azurerm"
  version = ">= 0.3.0"
}

# This is required for resource modules
resource "azurerm_resource_group" "this" {
  location = "East US"
  name     = "avm-res-cognitiveservices-account-${module.naming.resource_group.name_unique}"
}

resource "random_pet" "pet" {}

module "avm-res-cognitiveservices-account" {
  source  = "Azure/avm-res-cognitiveservices-account/azurerm"
  version = "0.1.1"
  kind                = "OpenAI"
  location            = azurerm_resource_group.this.location
  name                = "OpenAI-${random_pet.pet.id}"
  resource_group_name = azurerm_resource_group.this.name
  sku_name            = "S0"

  cognitive_deployments = {
    "gpt-4-32k" = {
      name = "gpt-4-32k"
      model = {
        format  = "OpenAI"
        name    = "gpt-4-32k"
        version = "0613"
      }
      scale = {
        type = "Standard"
      }
    }
  }
}

The current list of AVM resource modules stands at 31 and the number of pattern modules is currently 5. For a list of available modules, as well as corresponding registry links, please visit Terraform Modules | Azure Verified Modules. This list also includes a list of planned modules that the team is prioritizing in the coming months.

Head over to If you wish to learn more, check out John Savill’s video.

 

Community

 

The Terraform on Azure community is a key investment for our team in bringing the latest product updates, connecting you with other Terraform on Azure users, and enabling you to engage in ongoing feedback as we aim to improve your Terraform experience on Azure. This section will consistently speak on community related feedback or engagements. As always, register to join the community at https://aka.ms/AzureTerraform and the slack at https://aka.ms/joinaztfslack!

 

Community Calls

 

The March community call featured our very own Matt White and Arkahna’s Simone Bennett. Both presenters collaborated on a deep dive into the Azure Landing Zone (ALZ). Watch the recording below:

The May community call will be with just the Azure Terraform team, as we have a lot of exciting updates to share and also want feedback from the Terraform on Azure community. Join us on 5/16 at 10 am PT! https://aka.ms/aztfcc

 

Docs

 

In the last few months, we have modified the structure of Terraform overview page for simplicity and better user experience. Meanwhile, we have released two new Terraform articles:

• Create VNet NAT Gateway
• Azure Virtual Network with Private Endpoint