The document discusses the differences between two Infrastructure as Code (IaC) tools: Terraform and Azure ARM templates. It highlights the features, advantages, and use cases of both tools while emphasizing the importance of IaC in achieving consistency, speed, and efficiency in cloud deployments. The conclusion compares Terraform's flexibility and management capabilities against ARM templates' native integration and security features.

1. daniel8192.wordpress.com@daniel8192,
@JonasWanninger
Infrastructure as Code on Azure
ARM Templates vs. Terraform
Daniel Hillinger, Jonas Wanninger

2. Daniel Hillinger
• Trivadis Germany GmbH, Workspace Munich
• Focus:
• Oracle (RAC, Grid Infrastructure, Exadata, Dataguard)
• Unix/Linux (OEL, RedHat, Solaris)
• Azure (Automation, Design and Security)
@daniel8192 daniel8192.wordpress.com

3. Jonas Wanninger
• Trivadis Germany GmbH, Workspace Munich
• Focus:
• Azure (Automation, Architecture and Security)
• DevOps (CI/CD, Automated Infrastructure)
• Development (.NET, SQL, PowerShell)
• Microsoft SQL Server
@JonasWanninger

4. Agenda
• What is IaC
• Terraform
• ARM Templates
• Advanced IaC concepts
• Conclusion

5. What is IaC
Cloud Operator

6. What is IaC
“Infrastructure as code (IaC) is the process of managing and provisioning computer data centers
through machine-readable definition files, rather than physical hardware configuration or interactive
configuration tools” – Wikipedia

7. Why is IaC cool?
• Provides consistency across all deployments and stages
• Version control
• Faster deployments and recovery
• Just in time deployments
• Documentation is already included to a certain degree

8. But IaC is not the solution for everything…
• Change Management still needs to be done
• Configuration management
• Apply IAM inside the Infastructure / Plattform / Service
• Automated validation

9. Terraform

10. HashiCorp
• Founded 2012 by Mitchell Hashimoto and Armon Dadgar
• Open Source
• /hashicorp

11. Terraform
• Declarative language
• Tries to be cloud independent
• Dependencies evaluated automatically based on a graph
• Tracks cloud resources inside a state file (.tf.state)
• Contains sensible data
• Lacks security features
Agenda
• Code ☺
• Plan feature

12. Terraform and Azure
• Partnership with Microsoft
• Renewed Jun 2019
• Based on „azure sdk for go”
• Available in Azure Cloud Shell

13. Terraform will perform the following actions:
~ azurerm_cosmosdb_account.db
consistency_policy.0.max_interval_in_seconds: "10" => "20"
Plan: 0 to add, 1 to change, 0 to destroy.
Terraform - Plans
• Unique test / plan feature
• Check syntax
• Build dependency graph
• Base for validation

14. Terraform will perform the following actions:
-/+ azurerm_cosmosdb_account.db (new resource required)
id: "/xxx/cosmosdb-0" => <computed> (forces new resource)
name: "cosmosdb-0" => "cosmosdb-1" (forces new resource)
read_endpoints.#: "1" => <computed>
resource_group_name: "xxx" => "tvd-azuredays-resourcegroup-0"
secondary_master_key :<sensitive> => <computed> (attribute changed)
Plan: 1 to add, 0 to change, 1 to destroy.
Terraform - Plans

15. ARM Templates

16. ARM Templates
• Microsoft native IaC solution
• Declarative templates written in JSON format
• Azure Cloud and Azure Stack only
• Generate ARM templates from the Azure Portal for any resource
• Manual dependency handling
• Great integration with other Azure services (e.g. KeyVault, StorageAccounts)

17. ARM Templates and the Azure Resource
Manager
• Describe infrastructure inside JSON file
• Deployment possible in many different languages
(PowerShell, Bash, .NET, Ruby, Python, JavaScript or via REST API)

18. ARM Templates and the Azure Resource
Manager
• Resource Manager is the core component for all deployments
• Resource Manager takes care of
• Provisioning and configuring
• Parallelizing the deployment
• Validating the resources

19. …
"administratorLoginPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<subscription-id>/resourceGroups/examplegroup/
providers/Microsoft.KeyVault/vaults/<vault-name>"
},
"secretName": "examplesecret"
}
}
ARM Templates – Special Features – Key Vault

20. Advanced IaC concepts

21. Advanced IaC concepts
Dev
Staging
Prod
Developer Central Repo Validation Deployment

22. Conclusion

23. Conclusion – ARM vs. Terraform
Terraform
+ Plan feature
+ Dependency managment
- Statefile
- Security features
ARM
+ Microsoft native
+ Security features
- Plan feature
- Dependency managment

24. Conclusion - IaC
• Automate your deployment and recovery process
• Speed and simplicity
• Provides consistency across all deployments and stages
• Minimize risks
• Necessary in large environments