Infrastructure as Code tool for Azure

Written on March 19, 2021
Estimated reading time : 4 mins

Background

“The most powerful tool we have as developers is automation.” — Scott Hanselman

The DevOps movement envisions bringing together the best developer practices (code, reviews, versioning, peer programming, automation, testing etc) into the operations part to ensure high quality of software and reduce turnaround time. Infrastructure as Code (IaC) is thus one of the main pillars of the DevOps movement.

The popular CNCF landscape lists various IaC options in the Infrastructure provisioning section.

"CNCF landscape part on provisoning"

I have been working with Terraform and ARM templates as IaC options for deploying to the Azure cloud for the past couple of years. As such, when I attended Microsoft Ignite in Florida back in 2019, one session was of particular interest to me - How to choose the right infrastructure management tool for the job. Some of the insightful points made in the session can be extended to newer tools too. So time to blog about it !

  1. Azure CLI
  2. Powershell
  3. ARM templates
  4. Terraform
  5. Ansible
  6. Bicep

All these tools are treated as first class citizens by Microsoft. Microsoft either contributes to or leads the development of these tools.

Another tool Pulumi looks to be an interesting option as it has support for coding in Javascript, Typescript, Python, Go and .NET (C#/F#/VB.NET) but not covering it here as I am not sure of its popularity.

Consideration Factors to chose a good IaC option for Azure

Cloud strategy

  • To support Hybrid or Multi cloud setup, Terraform or Ansible would be good options.

DevOps maturity

  • The tool you select can depend on which stage of DevOps evolution your team is in. Going from lesser DevOps maturity to higher, the tools are usually : Azure CLI < (Powershell, Ansible) < (Terraform, ARM, Bicep)
  • You also have to consider the number of teams that manage infrastructure since code structure will be important here.
  • Learning and maintenance cost are additional factors.
  • Community support and the ecosystem around the tools are important factors too.

Bleeding edge

  • The speed at which innovation is adopted at an org is an important factor.
  • Usually support for newer cloud resources and features is in the descending order : ARM, Bicep < Powershell, Azure CLI < Terraform < Ansible.

Programming paradigm

  • Terraform, Biscep, ARM templates and Ansible are declarative in nature while Azure CLI and Powershell are imperative.
  • Its better to go imperative if you want to add plenty of custom validations or dynamic changes.
  • Extensibility, customisation are important factors too.
  • You have to consider native tooling for each option that provides the best experience for you. Plenty of extensions in IDEs like VSCode for a lot of languages. Something like Terraform has great ecosystem for testing too (eg: Terratest).

Language affinity

  • For those with affinity towards some programming languages - Ansible, Powershell, Azure CLI would be a better fit.
  • For those without any such affinity - Terraform, Biscep and ARM templates would be better.

Example scenarios

Here we take some use cases and suggest options which are well suited for it.

  • .NET dev, Microsoft cloud(Azure, O365) and/or Prem support :
    • Powershell
    • ARM templates
  • DevOps engineer working with multiple clouds, many teams and a full pipeline :
    • Terraform
    • Ansible
  • IT Engineer :
    • Bash scripts with Azure CLI

Final thoughts

  • I have worked extensively with ARM templates (simple json structure, bleeding edge updates but complex if data transformation is desired) and Terraform (declarative syntax, easy to understand, good tooling ecosystem but takes some time for supporting the newer features in Azure cloud).
  • Every tool has some pros and cons. Additionally the tool of choice for one org might not be as suitable for another due to difference in consideration factors.
  • The factors given here should help you create your own decision matrix and pick a suitable IaC tool for your Azure deployments :thumbsup:


Feel free to share your thoughts. Every bit of knowledge helps :blush:.





Feel free to share this article :

submit to reddit

Add your thoughts, questions, doubts, suggestions as comments below :