HashiCorp Terraform is popular Infrastructure as Code (IaC) tool used to automate infrastructure deployments. Terraform is great for deploying Microsoft Azure resources like Azure IoT Hub and other related resources when building IoT solutions using Microsoft Azure. This article introduces you to HashiCorp Terraform, the basics of it’s workflow usage as an IaC deployment tool, and the basics of defining the infrastructure code for deploying / managing Azure IoT Hub and related services using a DevOps CI/CD workflow.

Terraform is great for deploying Microsoft Azure resources like Azure IoT Hub and other resources used to build IoT solutions.

What is HashiCorp Terraform?

Terraform is an Infrastructure as Code (IaC) tool from HashiCorp that can be used to declaratively define the infrastructure configuration to deploy in an automated fashion.

Terraform is written in HCL (HashiCorp Configuration Language), and supports a provider model for enabling the deployment / management of resources across multiple cloud providers (like Microsoft Azure) and even on-premises resources (like Kubernetes).

If you’re new to using HashiCorp Terraform to deploy Microsoft Azure resources, then I recommend you check out my “Get Started with Terraform on Azure” article that will help get you started on your way!

Once the Terraform code is written to define the infrastructure to be deployed and managed, the Terraform command-line tool is then used to execute the infrastructure deployment automation.

Terraform even has a workflow that is designed to be used in the traditional DevOps processes of Continuous Integration and Continuous Deployment (CI/CD) deployment pipelines.

The Terraform workflow works by using these commands in order to manage the infrastructure automation process, and can be easily integrated into CI/CD pipelines as needed:

  • Init command – The Terraform Init command is run to initialize the Terraform project. This will download any Terraform Providers used and get things ready.
  • Plan command – The Terraform Plan command is run to look at the Terraform code and assess what changes to the infrastructure environment are necessary to deploy everything that’s defined in code.
  • Apply command – The Terraform Apply command is run to go through and actually make the infrastructure changes.

These primary Terraform commands enable a stepped process to be followed to be able to plan, asses, and finally approve the changes before modifying the infrastructure environment. This all works very well in the traditional DevOps CI/CD processes used in the software development industry.

Here’s the Terraform CLI commands mentioned for reference:

terraform init
terraform plan
terraform apply

Declare Azure Provider in HashiCorp Terraform

Before writing the Terraform code to provision Azure IoT Hub and other Azure services, the AzureRM Terraform provider needs to be defined in the code, as in the following example:

terraform {
  required_version = ">=1.0"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">=3.0"

provider "azurerm" {
  features {}

Keep in mind that the AzureRM Terraform provider does support additional arguments / parameters to configure its usage. This is a basic example to show how it can be defined minimally.

Deploy Azure IoT Hub using HashiCorp Terraform

The following example shows the basic Terraform code for managing Azure IoT Hub and these related Microsoft Azure resources that might be used in an IoT solution:

  • Azure Resource Group – The resource group for organizing the Azure resources within.
  • Azure IoT Hub – The IoT messaging service in Microsoft Azure.
  • Azure IoT Hub Device Provisioning Service – The DPS service used to help manage IoT devices registered / used with Azure IoT Hub.
# Azure Resource Group
resource azurerm_resource_group "b59_rg" {
  name = "b59-rg"
  location = "eastus"

# Azure IoT Hub 
resource azurerm_iothub "b59_iot_hub" {
  name                = "b59-iot-hub"
  resource_group_name = azurerm_resource_group.b59_rg.name
  location            = azurerm_resource_group_b59_rg.location

  sku {
    name     = "S1"
    capacity = 1

# Create IoT Hub Access Policy
resource azurerm_iothub_shared_access_policy "b59_policy" {
  name                = "b59-policy"
  resource_group_name = azurerm_resource_group.b50_rg.name
  iothub_name         = azurerm_iothub.b59_iot_hub.name

  registry_read   = true
  registry_write  = true
  service_connect = true

# Azure IoT Hub Device Provisioning Service
resource azurerm_iothub_dps "b59_iot_dps" {
  name                = "b59-iot-dps"
  resource_group_name = azurerm_resource_group.b59_rg.name
  location            = azurerm_resource_group_b59_rg.location
  allocation_policy   = "Hashed"

  sku {
    name     = "S1"
    capacity = 1

  linked_hub {
    connection_string = azurerm_iothub_shared_access_policy.b59_policy.primary_connection_string

    location                = azurerm_resource_group.b50_rg.location
    allocation_weight       = 150
    apply_allocation_policy = true

Keep in mind this Terraform code for deploying Azure IoT Hub and related Azure services is a basic example to give you the idea. As you build out a Terraform infrastructure deployment project, you will want to use locals and input variables in the Terraform code to write more clean, maintainable infrastructure automation code.

There are likely going to be several other Microsoft Azure services deployed as part of a full IoT solution. The Azure IoT Hub and Azure IoT Hub Device Provisioning Service are the two primary services that all IoT solutions built in Microsoft Azure will use. The other services will depend on your solution. Either way, the Terraform examples and related links in this article should help give you an idea of how Terraform can be used to automate the deployment Microsoft Azure services for your IoT solutions in the cloud.

Microsoft MVP

Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.
HashiCorp Ambassador Microsoft Certified Trainer (MCT) Microsoft Certified: Azure Solutions Architect