Infrastructure as Code tool for Azure
- Popular IaC options for Azure
- Consideration Factors to chose a good IaC option for Azure
- Example scenarios
- Final thoughts
“The most powerful tool we have as developers is automation.” — Scott Hanselman
The DevOps movement envisions bringing together the best developer practices (code, reviews, versioning, peer programming, automation, testing etc) into the operations part to ensure high quality of software and reduce turnaround time. Infrastructure as Code (IaC) is thus one of the main pillars of the DevOps movement.
The popular CNCF landscape lists various IaC options in the Infrastructure provisioning section.
I have been working with Terraform and ARM templates as IaC options for deploying to the Azure cloud for the past couple of years. As such, when I attended Microsoft Ignite in Florida back in 2019, one session was of particular interest to me - How to choose the right infrastructure management tool for the job. Some of the insightful points made in the session can be extended to newer tools too. So time to blog about it !
Popular IaC options for Azure
All these tools are treated as first class citizens by Microsoft. Microsoft either contributes to or leads the development of these tools.
Consideration Factors to chose a good IaC option for Azure
- To support Hybrid or Multi cloud setup, Terraform or Ansible would be good options.
- The tool you select can depend on which stage of DevOps evolution your team is in. Going from lesser DevOps maturity to higher, the tools are usually : Azure CLI < (Powershell, Ansible) < (Terraform, ARM, Bicep)
- You also have to consider the number of teams that manage infrastructure since code structure will be important here.
- Learning and maintenance cost are additional factors.
- Community support and the ecosystem around the tools are important factors too.
- The speed at which innovation is adopted at an org is an important factor.
- Usually support for newer cloud resources and features is in the descending order : ARM, Bicep < Powershell, Azure CLI < Terraform < Ansible.
- Terraform, Biscep, ARM templates and Ansible are declarative in nature while Azure CLI and Powershell are imperative.
- Its better to go imperative if you want to add plenty of custom validations or dynamic changes.
- Extensibility, customisation are important factors too.
- You have to consider native tooling for each option that provides the best experience for you. Plenty of extensions in IDEs like VSCode for a lot of languages. Something like Terraform has great ecosystem for testing too (eg: Terratest).
- For those with affinity towards some programming languages - Ansible, Powershell, Azure CLI would be a better fit.
- For those without any such affinity - Terraform, Biscep and ARM templates would be better.
Here we take some use cases and suggest options which are well suited for it.
- .NET dev, Microsoft cloud(Azure, O365) and/or Prem support :
- ARM templates
- DevOps engineer working with multiple clouds, many teams and a full pipeline :
- IT Engineer :
- Bash scripts with Azure CLI
- I have worked extensively with ARM templates (simple json structure, bleeding edge updates but complex if data transformation is desired) and Terraform (declarative syntax, easy to understand, good tooling ecosystem but takes some time for supporting the newer features in Azure cloud).
- Every tool has some pros and cons. Additionally the tool of choice for one org might not be as suitable for another due to difference in consideration factors.
- The factors given here should help you create your own decision matrix and pick a suitable IaC tool for your Azure deployments
Feel free to share your thoughts. Every bit of knowledge helps .