Use Terraform as an infrastructure as code tool for Azure Developer CLI

Azure Developer CLI (azd) supports multiple infrastructures as code (IaC) providers, including:

• Bicep
• Terraform

By default, azd assumes Bicep as the IaC provider. Refer to the Comparing Terraform and Bicep article for help deciding which IaC provider is best for your project.

Note

Terraform is still in beta. Read more about alpha and beta feature support on the feature versioning and release strategy page

Pre-requisites

• Install and configure Terraform
• Install and log into Azure CLI (v 2.38.0+)
• Review the architecture diagram and the Azure resources you'll deploy in the Node.js or Python Terraform template.

Note

While azd doesn't rely on an Azure CLI login, Terraform requires Azure CLI. Read more about this requirement from Terraform's official documentation.

Configure Terraform as the IaC provider

1. Open the azure.yaml file found in the root of your project and make sure you have the following lines to override the default, which is Bicep:

   infra:
     provider: terraform
   

2. Add all your .tf files to the infra directory found in the root of your project.

3. Run azd up.

Note

Check out these two azd templates with Terraform as IaC Provider: Node.js and Terraform and Python and Terraform.

azd pipeline config for Terraform

Terraform stores state about your managed infrastructure and configuration. Because of this state file, you need to enable remote state before you run azd pipeline config to set up your deployment pipeline in GitHub.

By default, azd assumes the use of local state file. If you ran azd up before enabling remote state, you need to run azd down and switch to remote state file.

Local vs remote state

Terraform uses persisted state data to keep track of the resources it manages.

Scenarios for enabling remote state:

• To allow shared access to the state data, and allow multiple people work together on that collection of infrastructure resources
• To avoid exposing sensitive information included in state file
• To decrease the chance of inadvertent deletion because of storing state locally

Enable remote state

1. Make sure you configure a remote state storage account.

2. Add a new file called provider.conf.json in the infra folder.

   {
       "storage_account_name": "${RS_STORAGE_ACCOUNT}",
       "container_name": "${RS_CONTAINER_NAME}",
       "key": "azd/azdremotetest.tfstate",
       "resource_group_name": "${RS_RESOURCE_GROUP}"
   }
   

3. Update provider.tf found in the infra folder to set the backend to be remote

   # Configure the Azure Provider
   terraform {
     required_version = ">= 1.1.7, < 2.0.0"
     backend "azurerm" {
     }
   

4. Run azd env set <key> <value> to add configuration in the .env file. For example:

   azd env set RS_STORAGE_ACCOUNT your_storage_account_name
   azd env set RS_CONTAINER_NAME your_terraform_container_name
   azd env set RS_RESOURCE_GROUP your_storage_account_resource_group
   

5. Run the next azd command as per your usual workflow. When remote state is detected, azd initializes Terraform with the configured backend configuration.

6. To share the environment with teammates, make sure they run azd env refresh -e <environmentName> to refresh environment settings in the local system, and perform Step 4 to add configuration in the .env file.

See also

• Learn more about Terraform's dependency on Azure CLI.
• For more on remote state, see store Terraform state in Azure Storage.
• Template: React Web App with Node.js API and MongoDB (Terraform) on Azure

Next steps

Azure Developer CLI FAQ