Starting with Terraform and Azure

Gareth Erskine-Jones
May 13 · 7 min read
Photo by Lorenzo Cafaro from Pexels
  • They are difficult to document.
  • It’s almost impossible to recreate them with complete accuracy.

Why Terraform?

With Terraform, you don’t write scripts which detail how to create your resources — rather you create a file, or set of files, called a configuration which describes how your resources should look once created. Terraform does the work of determining how to get to your desired state. This means you can apply a terraform configuration, make a small adjustment to it, and then apply it again, much more easily than you can adjust and re-run a powershell script — you don’t have to worry about what the current state of your infrastructure is, Terraform keeps track of that, and only makes the changes that are needed to achieve your desired state.

Installing the pre-requisites

The first thing to do is to download Terraform from here. The download is a zip file containing a single executable (these instructions assume we are using Windows, but if you’re using Linux, most of this should still work). You need to extract the zip file, drop it in a folder, and add that folder to your path. Note that the configurations in this article assume you have at least version 0.12 of Terraform.

> terraform --version
Terraform v0.12.1
> az --version
azure-cli 2.0.62
(lots more output)

Creating the configuration file

We are going to start with a single configuration file, so create a folder, open it with your code editor (I’m using Visual Studio Code), and create a file called, containing a single line.

provider "azurerm" {}

Creating our first resource

Resources in Azure are created in resource groups, so we’ll now edit and add the following block:

resource “azurerm_resource_group” “my-group” {
name = “my-resource-group”
location = “westus”
> terraform plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
id: <computed>
location: “westus”
name: “my-resource-group”
tags.%: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
* provider.azurerm: Error building AzureRM Client: Error retrieving the Profile from the Azure CLI: No Subscription was Marked as Default in the Azure Profile. Please re-authenticate using `az login`.
> terraform apply

State file

If you look at your configuration folder, you’ll now see that it contains an additional file — terraform.tfstate. You shouldn’t edit this file, but feel free to take a look at its contents — it’s a description of the current state of your infrastructure. When Terraform processes the configuration and determines what needs to be done to bring your infrastructure into line with it, it is comparing the configuration with the state described in this file, rather than looking at the actual resources you’ve created. This implies two things —

  1. The state file is important, and having it in your configuration folder isn’t ideal. A co-worker who also needs to work with your Terraform configuration will need access to the file. You could commit it to source control along with your configuration, but if the state file contains secrets, then that again isn’t a good idea. I’ll explore a better solution in a future article.

Creating a website

Let’s add a couple more resources to our configuration.

resource "azurerm_app_service_plan" "appserviceplan" {
name = "my-service-plan"
location = "westus"
resource_group_name =
reserved = true # Mandatory for Linux plans
kind = "Linux"
sku {
tier = "Basic"
size = "B1"
resource "azurerm_app_service" "web" {
name = "my-site"
location = "westus"
resource_group_name =
app_service_plan_id =
# Configure Docker Image to load on start site_config {
linux_fx_version = "DOCKER|nginx"
> terraform destroy


The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts

Gareth Erskine-Jones

Written by



The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts