Terraform on Azure May 2024 Update
Welcome to our April 2024 update! These blogposts will be covering everything we've gotten up to recently with Terraform on Azure. We’ve got lots of exciting content to talk about this month. Look forward to the next update in June!
AzureRM provider
The AzureRM provider is a manual, stable, simplified experience co-owned by HashiCorp and Microsoft. Our teams are always adding new features and services to ensure that you can manage these when they are generally available (GA).
A few highlights to call out, though there are certainly more updates than this:
- Support for Key Vault reference secrets in Container Apps (v3.98)
- Support for Configuring Tables in Log Analytics (v3.86)
- Fixing a bug with Linux function apps breaking when losing external WEBSITE_RUN_FROM_PACKAGE setting (v3.97)
- Fixed a bug with App Service Certificates being unable to determine Key Vault Resource ID (v3.95)
- Support for .NET 8.0 and Node 20 for Linux and Windows Function Apps (v3.96)
- Fixed a bug with PIM Active and Eligible Role Assignments
- Support for Customer Managed Keys with Managed HSM for Key Vault (v3.102.0)
- Support for CMKs with MHSM for Storage Accounts (v3.102.0)
We’re currently on version 3.102 of the provider. For the latest updates, check out the release notes.
AzAPI provider
The AzAPI provider is a generative, automatic experience that gets you access to new Azure services, features, or APIs. Utilizing the provider and its peripheral VSCode extension is critical to your success if the latest and greatest is the focus of your team or organization.
Latest Updates
We’re happy to announce the release of AzAPI v1.13.1, which removes JSON through the implementation of dynamic schemas. Previously, AzAPI required JSON encoding and decoding to define properties within the body. The JSON has been replaced with dynamic schemas, which are defined the exact same way as before:
resource "azapi_resource" "automationAccount" {
type = "Microsoft.Automation/automationAccounts@2023-11-01"
parent_id = azapi_resource.resourceGroup.id
name = "example-automation-account"
location = "westeurope"
body = {
properties = {
encryption = {
keySource = "Microsoft.Automation"
}
publicNetworkAccess = true
sku = {
name = "Basic"
}
}
}
response_export_values = ["*"]
}
Dynamic schemas disambiguate changes within the properties; if a sensitive property is modified alongside other changes to the configuration, terraform plan will show changing properties that are not marked sensitive and not show sensitive properties. They also allow you to specify exactly what output properties you wish to see from the resource.
For examples and more scenarios, read more about dynamic schemas in our latest blogpost.
Usage Trends
We’re happy to see AzAPI eclipse 20M downloads! Thank you for your continued interest in the provider and we hope everyone continues to use it!
Data of snapshot from May 7th, 2024
Azure Verified Modules
Azure Verified Modules (AVM) is an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like. Got to https://aka.ms/avm to learn more.
Modules will then align to these standards, across languages (Bicep, Terraform etc.) and will then be classified as AVMs and available from their respective language specific registries.
The following Terraform modules have been released in February through April:
- Kusto Clusters
- Service Bus Namespace
- Azure Databricks Workspace
- Private DNS Zone
- App Managed Environment
- AVS Private Cloud
- Cognitive Service
- Virtual Machine Scale Set
- Azure Container Registry
- Bastion Host
- Network Security Group
- Public IP Address
- Storage Account
- Web/Function App
- Static Web App
We would specifically like to call out the cognitive services module, which is used to manage the OpenAI service and other Azure AI services. The below code is all you need to get started:
terraform {
required_version = ">= 1.3.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.7.0, < 4.0.0"
}
random = {
source = "hashicorp/random"
version = ">= 3.5.0, < 4.0.0"
}
}
}
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
# This ensures we have unique CAF compliant names for our resources.
module "naming" {
source = "Azure/naming/azurerm"
version = ">= 0.3.0"
}
# This is required for resource modules
resource "azurerm_resource_group" "this" {
location = "East US"
name = "avm-res-cognitiveservices-account-${module.naming.resource_group.name_unique}"
}
resource "random_pet" "pet" {}
module "avm-res-cognitiveservices-account" {
source = "Azure/avm-res-cognitiveservices-account/azurerm"
version = "0.1.1"
kind = "OpenAI"
location = azurerm_resource_group.this.location
name = "OpenAI-${random_pet.pet.id}"
resource_group_name = azurerm_resource_group.this.name
sku_name = "S0"
cognitive_deployments = {
"gpt-4-32k" = {
name = "gpt-4-32k"
model = {
format = "OpenAI"
name = "gpt-4-32k"
version = "0613"
}
scale = {
type = "Standard"
}
}
}
}
The current list of AVM resource modules stands at 31 and the number of pattern modules is currently 5. For a list of available modules, as well as corresponding registry links, please visit Terraform Modules | Azure Verified Modules. This list also includes a list of planned modules that the team is prioritizing in the coming months.
Head over to If you wish to learn more, check out John Savill’s video.
Community
The Terraform on Azure community is a key investment for our team in bringing the latest product updates, connecting you with other Terraform on Azure users, and enabling you to engage in ongoing feedback as we aim to improve your Terraform experience on Azure. This section will consistently speak on community related feedback or engagements. As always, register to join the community at https://aka.ms/AzureTerraform and the slack at https://aka.ms/joinaztfslack!
Community Calls
The March community call featured our very own Matt White and Arkahna’s Simone Bennett. Both presenters collaborated on a deep dive into the Azure Landing Zone (ALZ). Watch the recording below:
The May community call will be with just the Azure Terraform team, as we have a lot of exciting updates to share and also want feedback from the Terraform on Azure community. Join us on 5/16 at 10 am PT! https://aka.ms/aztfcc
Docs
In the last few months, we have modified the structure of Terraform overview page for simplicity and better user experience. Meanwhile, we have released two new Terraform articles:
Published on:
Learn moreRelated posts
Coding at the Speed of Innovation: AI and more with Azure SQL Database
The Azure SQL Database team is all set to unveil new product announcements as Build 2024 approaches. Innovation is the prominent theme this ti...
Generate insights from audio and video data using Speech analytics in Azure AI Studio
In this video, we explore the power of speech analytics in Azure AI Studio to extract insights from audio and video data. This technology help...
Azure Custom Policy- PostgreSQL Product - Compliance Report not Available- New Feature Request
If you're attempting to create custom policies for Azure Cosmos DB for PostgreSQL at the subscription level and are running into issues where ...
Microsoft Causes Fuss Around Azure MFA Announcement
Microsoft's recent announcement regarding the requirement of Azure MFA for connections to services starting in July 2024 has caused quite a st...
PostgreSQL for your AI app's backend | Azure Database for PostgreSQL Flexible Server
If you want to use Postgres as a managed service on Azure and build generative AI apps, then the Azure Database for Postgres Flexible Server i...
Storage migration: Combine Azure Storage Mover and Azure Data Box
If you are looking to migrate your data from on-premises to Azure Storage, it can be challenging, but with Microsoft's solutions, you can make...
Loop DDoS Attacks: Understanding the Threat and Azure's Defense
This article provides a comprehensive overview of Loop DDoS attacks, a sophisticated and evolving cybersecurity threat that exploits applicati...
Azure Communication Services at Microsoft Build 2024
Join us for Microsoft Build 2024, either in-person in Seattle or virtually, to learn about the latest updates from Azure Communication Service...
Azure Developer CLI (azd) – May 2024 Release
The Azure Developer CLI (`azd`) has received a May 2024 update, version 1.9.0, making it simpler for developers to create, manage, and deploy ...