Azure ARM template deployment using Terraform
Hello everyone, a good news for all the terraform ARM template deployment fans & this is something pushed me to write an article about terraform azure template deployment.
"azurerm_resource_group_template_deployment" resource in terraform is now enhanced and will remove the resources provisioned via ARM template along with ARM template deployment while executing terraform destroy.
Let's briefly discuss about the background and explore this new enhancement released which is actually a big relief for all those who use this terraform resource in your day to day.
Terraform, ARM Templates & Template deployment
As you all aware Terraform "An infrastructure as a code software tool" developed by Hashicorp is now being widely used in cloud and Hybrid cloud environments to build, change & versioning infrastructure efficiently.
Terraform is closely integrated with majority of the cloud providers and can be used as one of the best IaC tool to build & manage multi-cloud infrastructure.
When you need to use ARM template + terraform
However some new product & services launched by cloud vendors may not be available in Terraform, in such situations we have to rely on native IaC tool provided by the vendor. (Ex: Cloud Formation - AWS, ARM Templates -Azure).
Here also terraform provides options to deploy the native IaC into the cloud infrastructure, a classic example is the "Template deployment" resource available in terraform for azure cloud provider.
The IaC can be written in ARM template (json) and by using the terraform template deployment to provision the resources into azure cloud infrastructure.
While i'm writing this article, there are 2 type of template deployment resource available in terraform for Azure cloud provider.
azurerm_template_deployment - will be depreciated soon
azurerm_resource_group_template_deployment - new release but not the latest one :)
One of the Limitation was:
We terraformers were really disappointed due to one of the limitation associated with both method of template deployment.
Terraform wasn't aware about the components inside the ARM templates and it consider ARM template as a single resource.
Example - ARM template configured to deploy storage account, virtual machine, virtual networks and many other resources however terraform only know that it is going to deploy ARM template and not bothered about the resources that are configured inside to be deploy via ARM template.
So the command "terraform destroy" will only delete the ARM template deployment and not the resources deployed vai ARM template.
Example - An ARM template named "AzureARMStoragedeploy" which is configured to provision storage account and virtual machine, upon terraform destroy only ARM template "AzureARMStoragedeploy" will be removed and not the storage account & VM created via ARM template.
Indeed! this was a real blocker for managing the infrastructure deployed via terraform ARM template deployment, we have to use local/remote provisioned function and az CLI commands to remove the resources that are left after running terraform destroy.
Usually nobody use ARM template + Terraform for deploying "storage account" as it perfectly works from terraform, just picked it for the sake of easy explanation and deployment.
Terraform Plan
Terraform Apply
Template deployment - resource group
Terraform Destroy
Template Removal
Terraform Destroy - azurerm_resource_group_template_deployment
Template Deployment
Terraform Destroy
Template Removal
Storage Account - Deleted
It's the time now to upgrade your code to "azurerm_resource_group_template_deployment" from "azurerm_template_deployment" and get rid of the non-standard steps to remove resources after the template removal using terraform destroy.
I've uploaded the old and new template deployment terraform code into the below GitHub repository if anyone would like to give a try and test it out.
azurerm_template_deployment - Navigate to the folder and run terraform
azurerm_resource_group_template_deployment - Navigate to the folder and run terraform
Hope this article helped you all to understand brief about the enhancement released by Terraform into their "azurerm_resource_group_template_deployment" resource block.
No more waiting.. try it out today itself 👍
Thanks for reading 😊
Reference :
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/template_deployment
