HashiCorp Terraform and Azure Bicep are both declarative Infrastructure as Code (IaC) tools for provisioning and managing infrastructure in the Microsoft Azure cloud. While they are really similar tools, they have different slightly different philosophies of use. One of the biggest differences is that Terraform is able to target multiple cloud providers from the same project, where an Azure Bicep project only targets the management of Microsoft Azure infrastructure. However, there are many more differences to consider when choosing between these tools. This article dives into exactly what both Terraform and Azure Bicep are, and how to choose which one is best for your own organization or single project.
Pro Tip: If you’re a Site Reliability Engineer (SRE) or DevOps Engineer that works with Microsoft Azure services, then you will likely benefit from being knowledgable and familiar with both HashiCorp Terraform and Azure Bicep.
Terraform management of Azure resources
HashiCorp Terraform is an Infrastructure as Code (IaC) tool that helps automate the deployment and management of resources. It is a platform agnostic tool that can manage infrastructure across both on-premises and in the cloud, and even supports multiple cloud providers as well. It’s a declarative IaC tool that enables infrastructure configuration to be written using code that can be committed to source control for an easier process flow of provisioning, changing, and versioning infrastructure resources.
As an IaC tool, the infrastructure managed by Terraform the infrastructure configuration is written in HCL (HashiCorp Configuration Language) code, and is usually checked into source control (like Git) and integrated with CI/CD deployment pipelines for deployment automation.
Terraform uses a provider model to integrate multi-cloud and other third-party platform support. This enables an extensibility of Terraform to enable it to support any platform there is a provider for. Microsoft Azure is supported through an Azure provider for Terraform that makes REST API calls to the Azure ARM REST API to instrument the management and deployment of Microsoft Azure resources.
There are several benefits of using HashiCorp Terraform to manage infrastructure resources:
- Terraform provides a Declarative IaC tool for describing the desired state of infrastructure that makes deployment and management much easier than traditional scripting.
- Version control allows Terraform infrastructure code to be versioned and to roll back to previous versions if necessary.
- Automation can be defined entirely in code to fully automate infrastructure deployment.
- Terraform includes multi-cloud and platform support (including third-party support) for managing infrastructure resources that includes Microsoft Azure, AWS, Google, and many more.
- Terraform has extensibility support that enables Bash, PowerShell, or other scripts to be run in addition to using the Terraform Providers to natively manage resources.
- Code reuse is a big feature through the support of Terraform Modules and the ability to copy/paste code blocks across projects.
- Terraform manages state in a State File (
.tfstate) which allows it to track and manage infrastructure state across multiple platforms over time; which can be used for additional auditing and troubleshooting if necessary.
Tutorial: If you are looking to learn Terraform and get started working with Terraform to manage and deploy Microsoft Azure resources, I recommend you go check out the “Get Started with Terraform on Azure” article written by Chris Pietschmann.
Terraform code projects can be written as either a single source code file, or broken out into multiple files. It also supports the concept of Terraform Modules that enable code re-use to be implemented either within a single Terraform project or even across multiple Terraform projects.
Azure Bicep management of Azure resources
Azure Bicep is a part of Microsoft’s native Infrastructure as Code (IaC) tools for automating the deployment and management of Microsoft Azure resources. Azure Bicep, being a part of the native Microsoft Azure IaC toolset, is more integrated into the Microsoft Azure platform than other third-party tools.
Even though Azure Bicep is a native IaC tool for Microsoft Azure, it’s built in a way where the code is “transpiled” into Azure Resource Manager (ARM) JSON before the code is uploaded into Azure for deployment / management as release time. This means that Azure Bicep is built as an abstraction layer on top of Microsoft Azures existing ARM Template IaC workflow. It provides full support for all the same IaC features of ARM so there’s no limitations to choosing Azure Bicep over ARM JSON. This Azure Bicep abstraction is actually a vast improvement as the Bicep code is much more readable and maintainable than ARM JSON.
There are several benefits of using Azure Bicep to manage Microsoft Azure resources:
- Azure Bicep provides a Declarative IaC tool for describing the desired state of Microsoft Azure resources that makes deployment and management much easier than traditional scripting.
- Version control allows Azure Bicep code to be versioned and to roll back to previous versions if necessary.
- Automation can be defined entirely in code to fully automate infrastructure deployment.
- Azure Bicep code should be easily understood and straightforward to learn for engineers that are either new or experienced with other programming languages.
- Better language for writing IaC for describing, validating, and deploying Azure resources; as compared to ARM JSON.
- Azure Bicep is a transparent abstraction to ARM JSON that lowers barrier to entry for those already familiar with ARM JSON.
- Code reuse is a big feature through the support of Bicep Modules and the ability to copy/paste code blocks across projects.
- Azure Bicep’s simplified syntax enables developers to have a high confidence that code is syntactically valid before deployment; thus reducing deployment time errors.
Tutorial: If you are looking to learn Azure Bicep and get started using it to manage and deploy Microsoft Azure resources, I recommend you go check out the “Get Started with Azure Bicep” article written by Chris Pietschmann.
Azure Bicep code projects can be written as either a single source code file, or broken out into multiple files. It also supports the concept of Bicep Modules that enable code re-use to be implemented either within a single Azure Bicep project or even across multiple projects.
Which is better?
Both HashiCorp Terraform and Azure Bicep are great Infrastructure as Code (IaC) tools for managing Microsoft Azure resources. The question of “Which is best?” is not a matter of which tool is better overall for managing Microsoft Azure resources. It’s really going to depend on your current project or organization requirements, and the feature trade offs you’re willing to accept to standardize on either Terraform or Azure Bicep for your IaC needs.
When is Azure Bicep best?
Azure Bicep is a native tool built by Microsoft with integrated support for Azure Resource Manager (ARM). This means the transpiled Azure Bicep code to ARM JSON is then uploaded to Microsoft Azure and the Azure Resource Manager will process the infrastructure code internally to Microsoft Azure when it runs the deployment. There is a benefit that you make a single API call to upload the IaC code, and then Azure returns back when the deployment is completed or if an error occurs. This may mean that it provides a superior level of support for automating the management of Microsoft Azure resources for your organization. It’s also built by Microsoft, and you know you can trust the support for it in the future.
When is HashiCorp Terraform best?
HashiCorp Terraform is a third-party tool that uses its provider model to support the Microsoft Azure cloud through a Terraform provider for Azure. The Terraform provider for Azure is an open source project from HashiCorp; with community development as well. Being developed by HashiCorp themselves, you can trust it’ll be supported over time, and you can even pay HashiCorp for support too. Terraform also supports multiple clouds and third-party infrastructure via additional providers, so if you need to use IaC to manage more than just Microsoft Azure, then this may provide a superior IaC tool to use for your organization or project.
While there are many organizations and teams standardizing on Azure Bicep for Microsoft Azure resource management, there are also many organizations standardizing on the use of HashiCorp Terraform for their IaC needs. It can be common for an organization to be using a combination of multiple clouds (Microsoft Azure, AWS, Google, etc) including on-premises infrastructure. Terraform provides a single toolset and IaC language that can be used to automate the management of most or possibly all the infrastructure and other services that an organization and team needs to manage. In these cases, HashiCorp Terraform is the superior choice for IaC automation.
There are many feature differences and trade offs to consider when deciding on whether to standardize your organization on using HashiCorp Terraform or Azure Bicep. You could also define a standard of using both for specific purposes if that is what fits your requirements. There is not “one size fits all” tool for any solution, and it will depend on your requirements to determine which is best.
If you are working in a Site Reliability Engineer (SRE) or DevOps Engineer role, then it’s recommended that you get familiar with both Terraform and Azure Bicep. Having a more well rounded understanding and expertise of the different technologies used in the industry is always a good things.
To talk about my own first hand experience in the consulting business as a Site Reliability Engineer (SRE) and DevOps Engineer myself, I have used HashiCorp Terraform, Azure Bicep, and Azure ARM JSON Templates extensively. While Azure Bicep is an easy decision when comparing it to Azure ARM JSON, it’s not as clear when it comes to compare Azure Bicep to HashiCorp Terraform. However, most clients I have worked with, and been involved in the decision making process, I have steered them to use HashiCorp Terraform more often, as it fit the organizational requirements more often. Especially when combining it with the great features of HashiCorp Terraform Cloud. But, don’t get me wrong I really like Azure Bicep for what it does as well.
Don’t take my personal experience mentioned above to mean HashiCorp Terraform is always better. You’ll need to be sure to list out your requirements and compare the two before making any decision. I hope the differences and comparisons made in this article help you better understand the difference between both Terraform and Azure Bicep, as well as help you make decisions as to which IaC tool is best for your team or organization.