June 14, 2022

Infrastructure as Code for Azure

Eric Popivker

What is IaC?

Infrastructure as code is a process of provisioning hardware using scripts.

In the past provisioning and setting up new hardware was a long and tedious process. With clouds (not the fluffy ones) creating a new server or database is just a couple of clicks away. IaC is just a way to script those clicks to make it easy to re-create environments as needed.

IaC for Azure

There are several good options for IaC in Azure:

  • arm templates — native azure option
  • terraform — popular OSS and cloud
  • ansible- another popular platform supported by RedHat.
  • pulumi — new kid on the block

Each one of these can be used to provision and deploy resources in Azure. They mostly have similar features like:

  • preview changes
  • rollback changes
  • clean up
  • some form of script/code re-use
  • easy to integrate into CD pipelines
  • scripts/code can be versioned in source control

But there are some major differences also. Let’s go through them in some detail.


ARM Templates

There are two versions of arm templates.

classic way is Json

"resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-04-01", "name": "mystorageaccount", "location": "westus", "sku": { "name": "Standard_LRS" }, "kind": "StorageV2", "properties": {} } ]

a newer approach is to use Bicep, which is a wrapper around ARM templates It looks a bit more like a real programming language:

param location string = resourceGroup().location param storageAccountName string = 'toylaunch${uniqueString(resourceGroup().id)}' resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { name: storageAccountName location: location sku: { name: 'Standard_LRS' } kind: 'StorageV2' properties: { accessTier: 'Hot' } }

Good:

  • keeping things in one stack/env (Microsoft) can be better than integrating with yet another 3rd party
  • up to date

Bad:

  • learn yet another language. If only Microsoft had one or two other languages that they could re-use for this? Hmmm…..

Terraform

Has been around since 2014. Uses HashiCorp Config Language.

Looks like this:

resource "azurerm_storage_account" "mystorageaccount" { name = "diag${random_id.randomId.hex}" resource_group_name = azurerm_rg.my1stTFRG.name location = "eastus" account_tier = "Standard" account_replication_type = "LRS" tags = { environment = "Terraform Demo" } }

Good:

  • oldish and well-known tool
  • supports Python and TypeScript through SDK

Bad:

  • learn yet another language
  • have to manage State manually. Most others provide SaaS offerings.

Ansible

Another old-timer from 2012.

Written in Python, so very friendly to Python developers.

Uses Yaml for declaring Infrastructure resources.

- name: Create storage account azure_rm_storageaccount: resource_group: Testing name: testaccount001 account_type: Standard_LRS

Good:

  • Open Source (owned by Red Hat)
  • Has a big community — 54K stars.

Bad:

  • learn yet another language

Pulumi

https://www.pulumi.com/docs/intro/vs/

You probably noticed a common “bad” trend of the tools above: you have to learn a new language. But don’t fear… There is a new kid on the block: Pulumi.

Pulumi supports multiple programming languages: TypeScript, Python, C# and a bunch of others. With Pulumi, Microsoft developers can continue working in Visual Studio and using C#, but now they can use it to create infrastructure in the cloud.

Here is an example:

using Pulumi; using Azure = Pulumi.Azure; class MyStack : Stack { public MyStack() { var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs { Location = "West Europe", }); var exampleAccount = new Azure.Storage.Account("exampleAccount", new Azure.Storage.AccountArgs { ResourceGroupName = exampleResourceGroup.Name, Location = exampleResourceGroup.Location, AccountTier = "Standard", AccountReplicationType = "GRS", Tags = { { "environment", "staging" }, }, } ); } }

Good:

  • Can use C# !!!
  • Up to date with Azure Native API
  • Documentation is really good with code examples for pretty much every resource

Bad:

  • New and a bit unproven

Conclusion

We have looked at various options for implementing IaC in the Azure environment. And the winner is … Pulumi!

It has support for C# and excellent documentation, which allows for a small learning curve. It is not as established as some other older Tools, but it has a very promising future.

Here is an accompanying Demo video with a sample code


Our latest
news & insights.

We are a team of .NET experts that designs and develops business solutions in azure to save your precious time and money.

Want .NET updates?
Join our newsletter