Terraform

How to Use Terraform with Azure - Complete Setup Guide

Set up Terraform with Microsoft Azure from scratch. Covers Azure CLI login, service principal, provider configuration, resource groups, and first deployment.

LLuca BertonMarch 7, 20261 min read

How to Use Terraform with Azure - Complete Setup Guide

Quick Answer

Install Terraform, authenticate with Azure (CLI or service principal), configure the azurerm provider, and deploy. Service principals are recommended for CI/CD; Azure CLI login works for local development.

Prerequisites

# Install Azure CLI
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
 
# Login to Azure
az login
 
# Set your subscription
az account set --subscription "My Subscription"
az account show

Authentication Methods

Method 1: Azure CLI (Local Development)

provider "azurerm" {
  features {}
  # Uses your az login session automatically
}

Method 2: Service Principal (CI/CD — Recommended)

# Create a service principal
az ad sp create-for-rbac --name "terraform-sp" \
  --role Contributor \
  --scopes "/subscriptions/YOUR_SUBSCRIPTION_ID"

provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
  client_id       = var.client_id
  client_secret   = var.client_secret
  tenant_id       = var.tenant_id
}

# Set as environment variables (preferred over hardcoding)
export ARM_SUBSCRIPTION_ID="your-sub-id"
export ARM_CLIENT_ID="your-client-id"
export ARM_CLIENT_SECRET="your-client-secret"
export ARM_TENANT_ID="your-tenant-id"

Method 3: Managed Identity (Azure VMs/Pipelines)

provider "azurerm" {
  features {}
  use_msi = true
}

First Azure Resource

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.90"
    }
  }
}
 
provider "azurerm" {
  features {}
}
 
resource "azurerm_resource_group" "main" {
  name     = "myapp-prod-rg"
  location = "East US"
}
 
resource "azurerm_virtual_network" "main" {
  name                = "myapp-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
}
 
resource "azurerm_subnet" "app" {
  name                 = "app-subnet"
  resource_group_name  = azurerm_resource_group.main.name
  virtual_network_name = azurerm_virtual_network.main.name
  address_prefixes     = ["10.0.1.0/24"]
}

terraform init
terraform plan
terraform apply

Remote State with Azure Blob

# Create storage account for state
az storage account create --name myapptfstate --resource-group myapp-rg \
  --sku Standard_LRS --encryption-services blob
 
az storage container create --name tfstate --account-name myapptfstate

terraform {
  backend "azurerm" {
    resource_group_name  = "myapp-rg"
    storage_account_name = "myapptfstate"
    container_name       = "tfstate"
    key                  = "prod.terraform.tfstate"
  }
}

Common Azure Resources

# Linux VM
resource "azurerm_linux_virtual_machine" "web" {
  name                = "web-vm"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  size                = "Standard_B2s"
  admin_username      = "azureuser"
 
  network_interface_ids = [azurerm_network_interface.web.id]
 
  admin_ssh_key {
    username   = "azureuser"
    public_key = file("~/.ssh/id_rsa.pub")
  }
 
  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }
 
  source_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-server-jammy"
    sku       = "22_04-lts"
    version   = "latest"
  }
}

Azure vs AWS Terraform Comparison

Concept	AWS	Azure
Account isolation	AWS Account	Resource Group
Networking	VPC	Virtual Network
Identity	IAM	Azure AD + RBAC
Storage	S3	Blob Storage
Compute	EC2	Virtual Machines
Provider	`hashicorp/aws`	`hashicorp/azurerm`
Auth env vars	`AWS_ACCESS_KEY_ID`	`ARM_CLIENT_ID`

Troubleshooting

Error	Fix
AuthorizationFailed	Assign Contributor role to SP
SubscriptionNotFound	Check `ARM_SUBSCRIPTION_ID`
features {} required	Add empty `features {}` block to provider
MissingSubscription	Set subscription: `az account set`

Conclusion

Terraform with Azure works best with service principals for CI/CD and Azure CLI for local development. Start with a resource group, add networking, then build up. Use Azure Blob Storage for remote state with locking.

#Terraform#Azure#Infrastructure as Code#DevOps

Share this article

Terraform

Terraform on Ubuntu 26.04 LTS - sudo-rs, APT Rollback, and Hardened Base Images

Install and run Terraform on Ubuntu 26.04 LTS Resolute Raccoon. Covers sudo-rs as default, APT 3.2 rollback, Kernel 7.0, Wayland-only, ROCm, and building...

Apr 24, 20265 min read

Terraform

What are Terraform Modules?

Learn the purpose and benefits of Terraform modules and how they enhance reusability, organization, and scalability in managing infrastructure as code.

Jan 28, 20253 min read

Terraform

Terraform Commands Cheat Sheet: init, plan, apply, destroy, and More

Complete Terraform commands reference. Learn terraform init, plan, apply, destroy, state, import, output, workspace, fmt, validate

Feb 6, 20245 min read

Terraform

Resolve "Inconsistent Dependency Lock File" Error in Terraform

Encountering the Inconsistent Dependency Lock File error in Terraform? This guide explains the causes and provides step-by-step solutions to resolve the.

Feb 6, 20244 min read

Quick Answer

Prerequisites

Authentication Methods

Method 1: Azure CLI (Local Development)

Method 2: Service Principal (CI/CD — Recommended)

Method 3: Managed Identity (Azure VMs/Pipelines)

First Azure Resource

Remote State with Azure Blob

Common Azure Resources

Azure vs AWS Terraform Comparison

Troubleshooting

Related Articles

Conclusion

Related articles

Terraform on Ubuntu 26.04 LTS - sudo-rs, APT Rollback, and Hardened Base Images

What are Terraform Modules?

Terraform Commands Cheat Sheet: init, plan, apply, destroy, and More

Resolve "Inconsistent Dependency Lock File" Error in Terraform