An alternative way to landscaping in Azure… Terraform!


In the past I’ve noticed a lot of people are afraid of “Azure Resource Manager Templates“. I can imagine that a bulk of JSON code isn’t always that user friendly… So today we’ll take a look at another IaC (Infrastructure-as-Code) approach you might like. We’re going to do a small demo where we’ll be using “Terraform” to deploy a network on Azure. So how to get started?

  • We’ll be creating a kind of service user in Azure which Terraform will use to log in.
  • We’ll be authoring a small configuration file that will serve as the input for our network
  • We’ll be applying that configuration file.


Seem simple enough? Let’s get started!


Setting up your subscription : Creating a “Service”-user

The first thing we’ll be doing is to create the “service”-user. If you are not familiar with that part, browse to your Azure Active Directory. Then “App Registrations”, and click “Add”



Now create a “Web app / API”-application registration for Terraform ;


Once created, select it…


And browse to “keys” ;


Here you’ll be creating a “secret” (aka “password”) for this application ;


Once you press “Save”, you’ll see the “password” ;


Note down this password, as you won’t be able to see it afterwards anymore! Also note down the Application ID from the earlier blade. And don’t forget to note down the tenant id from your Azure Active Directory too…



Setting up your subscription : Granting privileges to our “Service”-user

Next up, we’ll be granting this service user the rights to do the magic later on… Go to your subscription (and note down the subscription id too!)  ;


Browse to “Access control (IAM)” and press “Add” ;



Browse for our “Terraform”-user ;


And grant it “contributor” rights. (In the screenshot I selected “Owner”, which is also capable of granting rights to users).


Sample Configuration File

Now that we have our service user, let’s create a configuration file


# Configure the Microsoft Azure Provider
provider "azurerm" {
  subscription_id = "your-subscription-id"
  client_id       = "your-application-d"
  client_secret   = "your-application-password"
  tenant_id       = "your-tenant-id"

resource "azurerm_resource_group" "RGNETPRD" {
  name     = "kvaes-network-production"
  location = "West Europe"

  tags {
    environment = "Production"

resource "azurerm_virtual_network" "VNETPRD001" {
  name                = "VNETPRD001"
  resource_group_name = "${}"
  address_space       = [""]
  location            = "West Europe"
  dns_servers         = ["", ""]

  subnet {
    name           = "SUBNET001"
    address_prefix = ""

  subnet {
    name           = "SUBNET002"
    address_prefix = ""

  subnet {
    name           = "SUBNET003"
    address_prefix = ""

  tags {
    environment = "Production"

Let’s save this piece as code as “” for later on.

How did I come by this syntax? By reading the straight forward documentation… 😉


Test Run

The proof of te pudding is in the eating… Yeah, an annoying expression, but let’s get down to testing this! I’m assuming you already installed Terraform itself. For windows it’s just a binary, where you can leave it anywhere, just as long as it’s in your “PATH”.

Navigate to the directory where you stored your “”-file. Now execute the following command there ; “terraform plan”.


This will generate a plan which can be executed (“applied”). Here you’ll also get a summary of what will be done… I’m happy with what is suggested, so I’m going to apply it. We can do this by executing the following command “terraform apply” ;

Here we can see our apply was complete. Let’s verify if all went well in the Azure portal…


That looks just like we wanted it! Even the tags were set…
In addition, we’ll also notice that some new files were created.


The backup will have the config from just before our apply


and the tfstate will represent the state after our apply…



Closing Thoughts

Terraform looks very nice! The syntax / DSL is very clean and easy to comprehend. There are other “providers” (plugins, extensions, … whatever) available for other technologies too ; like for instance vSphere. So the technology investment you make can be leveraged later on for other things too.

2 thoughts on “An alternative way to landscaping in Azure… Terraform!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.