Rediger

Use Terraform as an infrastructure as code tool for Azure Developer CLI

Azure Developer CLI (azd) supports multiple infrastructures as code (IaC) providers, including:

By default, azd assumes Bicep as the IaC provider. Refer to the Comparing Terraform and Bicep article for help with deciding which IaC provider is best for your project.

Note

Terraform is still in beta. Read more about alpha and beta feature support on the feature versioning and release strategy page

Pre-requisites

Important

Terraform deployments require an Azure CLI sign-in even when you use azd. The Terraform azurerm provider authenticates through Azure CLI by default and doesn't read tokens from the azd credential cache. If you only run azd auth login, azd up fails at the provision step with ERROR: Please run 'az login' to setup account. See Authenticate to Azure for the recommended sign-in flow.

Authenticate to Azure

Because Terraform uses Azure CLI for authentication, you need to be signed in to both azd and az before you run azd up. You can do that in one of two ways.

Configure azd to delegate authentication to Azure CLI. This setting lets you sign in once with az login and use the same credentials for both tools.

azd config set auth.useAzCliAuth true
az login

If you work with multiple tenants, include the --tenant parameter:

az login --tenant <tenant-id>

Option 2: Sign in to each tool separately

If you prefer to keep azd and Azure CLI authentication independent, sign in to each tool with its own command:

azd auth login
az login

You need to refresh both sessions when either token expires.

Configure Terraform as the IaC provider

  1. Open the azure.yaml file found in the root of your project and make sure you have the following lines to override the default, which is Bicep:

    infra:
      provider: terraform
    
  2. Add all your .tf files to the infra directory found in the root of your project.

  3. Run azd up.

Note

Check out these two azd templates with Terraform as IaC Provider: Node.js and Terraform and Python and Terraform.

azd pipeline config for Terraform

Terraform stores state about your managed infrastructure and configuration. Because of this state file, you need to enable remote state before you run azd pipeline config to set up your deployment pipeline in GitHub.

By default, azd assumes the use of local state file. If you ran azd up before enabling remote state, you need to run azd down and switch to remote state file.

Local vs remote state

Terraform uses persisted state data to keep track of the resources it manages.

Scenarios for enabling remote state:

  • To allow shared access to the state data, and allow multiple people work together on that collection of infrastructure resources
  • To avoid exposing sensitive information included in state file
  • To decrease the chance of inadvertent deletion because of storing state locally

Enable remote state

  1. Make sure you configure a remote state storage account.

  2. Add a new file called provider.conf.json in the infra folder.

    {
        "storage_account_name": "${RS_STORAGE_ACCOUNT}",
        "container_name": "${RS_CONTAINER_NAME}",
        "key": "azd/azdremotetest.tfstate",
        "resource_group_name": "${RS_RESOURCE_GROUP}"
    }
    
  3. Update provider.tf found in the infra folder to set the backend to be remote

    # Configure the Azure Provider
    terraform {
      required_version = ">= 1.1.7, < 2.0.0"
      backend "azurerm" {
      }
    
  4. Run azd env set <key> <value> to add configuration in the .env file. For example:

    azd env set RS_STORAGE_ACCOUNT your_storage_account_name
    azd env set RS_CONTAINER_NAME your_terraform_container_name
    azd env set RS_RESOURCE_GROUP your_storage_account_resource_group
    
  5. Run the next azd command as per your usual workflow. When remote state is detected, azd initializes Terraform with the configured backend configuration.

  6. To share the environment with teammates, make sure they run azd env refresh -e <environmentName> to refresh environment settings in the local system, and perform Step 4 to add configuration in the .env file.

See also

Next steps