AzDevCom2021 - Bicep vs Terraform

Bicep vs. Terraform
Infrastructure as Code on Azure
Azure Developer Community Day 2021
#azdevcom

whoami
• Philip Welz
• Senior Kubernetes & DevOps Engineer @ white duck
• Kubernetes Certified { A | AD | S }
• Kubernetes, GitOps & Azure
© white duck GmbH 2021
Email: Philip.Welz@whiteduck.de
Twitter: @philip_welz
LinkedIn: https://www.linkedin.com/in/philip-welz
Blog: https://philinthe.cloud

Agenda
• Infrastructure as Code
• IaC on Azure
• Terraform
• Bicep
• Conclusion

INFRASTRUCTURE AS CODE

Overview
• is the management of infrastructure with declarative
configuration files
• evolved to solve the problem of environment drift
• considered one of the key practices of DevOps and Agile
software development

Tools
• ARM templates
• Bicep
• Terraform
• Pulumi

Workflow

Key principles
• idempotency
• no matter how many times you run your IaC, you will end up
with the same end state
• immutability
• replacing infrastructure instead of change it doesn't
allow configuration drift

Desired state

Benefits
• speed
• everything in source control
• documentation
• consistency
• agility
• reusability

IAC ON AZURE

Azure Resource Manager
• short ARM
• provisioning engine built into Azure exposed as REST API
• authenticates and authorizes requests
• automatically orchestrates the deployment in the correct
order respecting dependencies
• ensures idempotency

Azure Resource Manager

Overview
• by Hashicorp
• first release = 28 July 2014
• 1.0.0 since 8 June 2021
• written in Go
• CLI and DSL (domain-specific language)
• HCL – Hashicorp Configuration Language
• Open Source but optional paid offers available

Key principles
• manage any infrastructure
• standardize your deployment workflow
• track your infrastructure
• community driven

Providers
• Azure RM provider
• Azure AD provider
• Azure Stack provider
• Azure DevOps provider
• GitHub provider
• Kubernetes, Helm provider
• Random, template, …

Terraform workflow

State
• necessary requirement for Terraform to function
• records information about what infrastructure it created
• can contain sensitive data
• stored locally or in a backend
• lock mechanism prevents concurrent execution

ARM Templates
• implement Infrastructure as Code on Azure
• are JavaScript Object Notation (JSON) files
• uses declarative syntax
• specify the resources and the properties for those resources
• deploy the template(s) through one command

Bicep overview
• first release = Fall ’20
• native support by
• Azure CLI since 2.20
• PowerShell AZ module (v5.6.0+)
• written in .NET
• DSL (domain-specific language)
• Open Source

Key principles
• transparent abstraction over ARM template JSON
• much simpler syntax compared to equivalent ARM
template JSON
• modularity
• convert existing templates or resources from the portal

Syntax ARM template

Syntax Bicep

Focus
• support for all resource types and API versions
• no state or state files to manage
• pre-flight validation
• tooling
• support
• non-goals
• one language to rule them all
• general purpose language to meet any need

Deployment scopes
• Resource group (most common)
• Subscription
• Management group
• Tenant

Deployment modes
• incremental
• leaves unchanged resources that exist in the resource group
but aren't specified in the template
• complete
• deletes resources that exist in the resource group but aren't
specified in the template

CONCLUSION

Real talk - Terraform
• no deployments scopes
• well adopted but feature implementation can take some time
• not Azure-only focused
• can speak with Azure AD
• can do more, but sometimes it shouldn't
• pitfalls

Real talk - Bicep
• zero-day support for all Azure resource types & API versions
• first class VSCode integration (IntelliSense)
• less complex due to no state
• convert existing templates and or resources
• API ensures always backwards compatibility
• pitfalls

Final verdicts
• IaC != state
• use the tool that suits your needs
• if you are happy with your tooling, stick with it
• no matter what tool you are using, automate your
deployments and execute them regularly
• stay up to date
• use static analysis to enforce cloud governance

Links
• https://aka.ms/learnbicep
• https://bicepdemo.z22.web.core.windows.net
• https://docs.microsoft.com/en-gb/azure/azure-resource-
manager/bicep/compare-template-syntax
• https://www.marcusfelling.com/blog/2021/reasons-to-use-
bicep-over-terraform/
• https://www.thorsten-hans.com/bicep-and-terraform-
compared/

Questions?
• Slides
• https://www.slideshare.net/PhilipWelz
Email: Philip.Welz@whiteduck.de
Twitter: @philip_welz
LinkedIn: https://www.linkedin.com/in/philip-welz
Blog: https://philinthe.cloud

AzDevCom2021 - Bicep vs Terraform

More Related Content

What's hot (20)

Similar to AzDevCom2021 - Bicep vs Terraform (20)

Recently uploaded (20)

AzDevCom2021 - Bicep vs Terraform

Editor's Notes