Cloud infrastructure automation has become essential for modern DevOps teams, with Terraform emerging as the industry standard for Infrastructure as Code (IaC). According to a recent HashiCorp survey, 76% of enterprise organizations now use Terraform for cloud provisioning. For Azure users specifically, mastering Terraform deployment patterns can reduce provisioning time by up to 80% while ensuring consistency and compliance. This guide walks through seven practical Azure Terraform deployment examples you can implement immediately, from basic resources to complex enterprise architectures.#Azure Terraform deployment examples
Getting Started with Basic Azure Terraform Deployments
Terraform has revolutionized how DevOps teams manage cloud infrastructure, especially in the Azure ecosystem. Let's dive into some fundamental patterns that will serve as your building blocks for more sophisticated deployments.
Simple Virtual Machine Deployment Example
Creating a Virtual Machine in Azure using Terraform requires just a few configuration blocks. Here's how you can get started:
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "East US"
}
resource "azurerm_virtual_machine" "example" {
name = "example-vm"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
network_interface_ids = [azurerm_network_interface.example.id]
vm_size = "Standard_DS1_v2"
# Additional configuration for OS disk, image reference, etc.
}
This straightforward approach allows you to consistently deploy VMs across environments with identical configurations. No more clicking through the Azure portal and hoping you selected the right options!
Azure Resource Group and Virtual Network Setup
Resource organization is crucial for maintaining a clean Azure environment. Terraform makes it easy to establish a logical structure:
resource "azurerm_resource_group" "networking" {
name = "core-networking"
location = "East US"
tags = {
environment = "production"
department = "infrastructure"
}
}
resource "azurerm_virtual_network" "main" {
name = "main-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.networking.location
resource_group_name = azurerm_resource_group.networking.name
subnet {
name = "internal"
address_prefix = "10.0.1.0/24"
}
}
By defining your networking infrastructure as code, you create a repeatable blueprint that ensures consistency across development, staging, and production environments.
Storage Account and Database Provisioning
Terraform excels at provisioning data services with proper access controls:
resource "azurerm_storage_account" "example" {
name = "examplestorageacct"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
network_rules {
default_action = "Deny"
ip_rules = ["123.123.123.123"]
}
}
resource "azurerm_sql_server" "example" {
name = "example-sqlserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "sqladmin"
administrator_login_password = "P@$$w0rd1234!"
}
This approach ensures your storage and database resources have consistent security policies applied from day one, reducing the risk of misconfiguration.
Have you started implementing basic Terraform modules in your environment yet? What challenges did you face when first automating your Azure resources?
Advanced Azure Terraform Deployment Patterns
As your cloud footprint grows, so does the complexity of your infrastructure. Let's explore more sophisticated deployment scenarios that enterprise users commonly implement in Azure.
Multi-Region Azure Infrastructure with Terraform
Geographic redundancy is a cornerstone of resilient applications. Terraform makes it straightforward to deploy resources across multiple Azure regions:
locals {
regions = ["eastus", "westus2", "centralus"]
}
resource "azurerm_resource_group" "multi_region" {
for_each = toset(local.regions)
name = "rg-${each.value}"
location = each.value
}
resource "azurerm_virtual_network" "multi_region" {
for_each = toset(local.regions)
name = "vnet-${each.value}"
location = each.value
resource_group_name = azurerm_resource_group.multi_region[each.value].name
address_space = ["10.0.0.0/16"]
}
This pattern leverages Terraform's for_each
construct to elegantly replicate resources across regions without duplicating code. Many Fortune 500 companies use similar approaches to ensure business continuity during regional outages.
Azure Kubernetes Service (AKS) Deployment
Containerization continues to drive application modernization efforts, and AKS remains a popular choice for container orchestration. Here's a production-ready Terraform configuration:
resource "azurerm_kubernetes_cluster" "example" {
name = "example-aks"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks"
default_node_pool {
name = "default"
node_count = 3
vm_size = "Standard_DS2_v2"
availability_zones = [1, 2, 3]
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "azure"
load_balancer_sku = "standard"
}
}
This configuration creates an AKS cluster with zone redundancy and Azure CNI networking—best practices that many organizations overlook when manually provisioning through the portal.
Serverless Azure Functions Deployment
Serverless computing reduces operational overhead and often costs. Terraform can provision Azure Functions with all necessary supporting resources:
resource "azurerm_storage_account" "function_storage" {
name = "functionappstorage"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_function_app" "example" {
name = "example-function-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.function_storage.name
storage_account_access_key = azurerm_storage_account.function_storage.primary_access_key
site_config {
cors {
allowed_origins = ["https://www.example.com"]
}
}
}
This deployment can be extended to include API Management integration, creating a comprehensive serverless API solution with proper governance.
What advanced deployment patterns are you most interested in implementing? Have you faced challenges with multi-region deployments or containerization?
Enterprise-Grade Terraform Practices for Azure
Moving beyond individual resource deployments, enterprise organizations need robust governance, state management, and deployment automation. Let's explore practices that elevate your Terraform implementations to enterprise standards.
Implementing Azure Policy with Terraform
Compliance automation ensures your resources adhere to organizational and regulatory requirements. Terraform can deploy Azure Policies at scale:
resource "azurerm_policy_definition" "require_tag" {
name = "require-department-tag"
policy_type = "Custom"
mode = "Indexed"
display_name = "Require department tag on all resources"
policy_rule = <<POLICY_RULE
{
"if": {
"field": "tags['department']",
"exists": "false"
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
}
resource "azurerm_policy_assignment" "require_tag" {
name = "require-department-tag"
scope = azurerm_subscription.current.id
policy_definition_id = azurerm_policy_definition.require_tag.id
}
This approach creates a guardrail preventing the deployment of resources without proper tagging, a common requirement in organizations with chargeback models or strict resource governance.
State Management and CI/CD Pipeline Integration
Terraform state contains sensitive information and requires proper handling. For enterprise environments, remote state with appropriate access controls is essential:
terraform {
backend "azurerm" {
resource_group_name = "terraform-state-rg"
storage_account_name = "tfstateacct"
container_name = "tfstate"
key = "prod.terraform.tfstate"
}
}
This configuration stores your state in Azure Storage with encryption at rest. Pairing this with Azure DevOps Pipelines creates a powerful CI/CD workflow:
trigger:
branches:
include:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: TerraformInstaller@0
inputs:
terraformVersion: 'latest'
- task: TerraformTaskV4@4
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: 'Azure-Service-Connection'
backendAzureRmResourceGroupName: 'terraform-state-rg'
backendAzureRmStorageAccountName: 'tfstateacct'
backendAzureRmContainerName: 'tfstate'
backendAzureRmKey: 'prod.terraform.tfstate'
- task: TerraformTaskV4@4
inputs:
provider: 'azurerm'
command: 'plan'
environmentServiceNameAzureRM: 'Azure-Service-Connection'
Options for Validation Checks and Approval Gates
Quality control for infrastructure is as important as it is for application code. Enterprise deployments benefit from automated validation:
- Terraform Validate checks syntax and basic consistency
- Checkov or tfsec scan for security misconfigurations
- Infracost estimates cost impact before deployment
- OPA/Conftest enforces custom organizational policies
Implementing these validation tools in your pipeline creates multiple layers of defense against problematic deployments:
- script: |
terraform validate
tfsec .
infracost breakdown --path .
displayName: 'Validate Infrastructure'
For critical environments, adding manual approval gates between the plan and apply stages provides human oversight without sacrificing automation.
How mature is your organization's Terraform workflow? Have you implemented automated validation or approval processes for your infrastructure deployments? What governance challenges have you encountered?
Conclusion
These seven Azure Terraform deployment examples provide a comprehensive toolkit for automating your cloud infrastructure at any scale. By implementing these patterns, you can achieve consistent, repeatable deployments while reducing human error and operational overhead. The modular approach allows you to start simple and progressively enhance your infrastructure as code practices. What Terraform deployment challenges are you currently facing in your Azure environment? Share your experiences in the comments below, or reach out if you need guidance implementing any of these examples in your specific use case.
Search more: TechCloudUp