Day zero Terraform deployments with AzAPI

Tips & Tricks


Posted on

December 5, 2022

AzAPI is a Terraform provider which acts as a thin layer on top of the Azure resource manager REST API. This means it provides just enough functionality to create, update and delete Azure resources. It recently hit version 1.0.0 and should be part of everybody’s Azure IaC toolbox!  

Since AzAPI only performs very basic REST API calls, you must bring the information about the resource you want to interact with. It gives you the benefit of deploying and managing resources as soon as a new provider is available.  

Being able to deploy new resources from day zero has long been an argument for using ARM/Bicep over Terraform, but with AzAPI this argument is no more. That doesn’t mean you should start using the new provider for all your Azure deployments, though, more as a complement to the AzureRM provider.  

Let’s explore two common use cases.

1. Deploying new resources

The most common use case for AzAPI is to deploy resources that do not have an implementation in the AzureRM provider. One example would be to perform a PIM assignment for Azure resources.  

By using azapi_resource from AzAPI, it is possible to deploy any Azure resource that supports standard REST API methods.

By specifying the provider API using the type parameter and scope using parent_id, a PIM assignment can be performed by sending in the correct resource name and body.

(Note that the PIM role eligibility endpoint does not support HTTP DELETE methods, so destroying this resource would result in an error.)

2. Patching existing resources

Sometimes the AzureRM already supports the resource we want to deploy but might need support for new properties. In that case, you can use the azapi_update_resource.

Here we deploy a virtual network and update a property after the deployment. This enables functionality that couldn’t be deployed with the AzureRM provider alone.

Updates to a resource might be lost when the AzureRM provider makes changes to the base resource, so don't forget to add a lifecycle meta-argument to handle this!

Wrap up

The days of waiting for AzureRM to be updated are over, as the AzAPI is here to stay as its fellow companion. Two use cases are deploying resources that do not exist in AzureRM yet or extending the current functionality of the provider. This is an excellent addition to the Terraform IaC landscape for Azure, and it will be interesting to see how the community uses it!

For more detailed reference about the AzAPI provider, Microsoft has some great documentation about the resources you can deploy and the provider itself.  

If you’re getting started on your Azure Terraform journey or want to take it to the next level, my colleagues and I are here to help. Just send us a message!

Written by

Lars Åkerlund