Azure Resource Manager (ARM) Templates vs Terraform
DevOps Sep 30, 2020
Main / Blog / Azure Resource Manager (ARM) Templates vs Terraform
Both of the toolings are designed to resolve similar problems, their general purpose is to simplify and facilitate the overall convenience of API and web-applications creation, deployment, and scaling.
Using such programs has become an essential need rather than an auxiliary service in the last years. They provide security and ensure an efficient development process, make it easier to implement innovations, and optimize existing applications and web-sites in Azure cloud tools. To decide on the solution fitting your best experimentally, you would have to spend hours comparing ARM Templates vs Terraform.
Fortunately, we already did it for you, so keep on reading to save yourself some effort!
Image source: build5nines.com
Firstly, what is Terraform? It is an “Infrastructure as Code” instrument that is currently the main topic of discussion. In essence, it is a proprietary language that supports multi-channel work with several cloud platforms at once, allowing you to keep track of all the applications with just one service.
Lets talk about it
Have a project in mind?
Lets talk about itRequest a quote
ARM templates are designed to deploy resources only in Azure. But it is a Microsoft trademark product, which speaks volumes about its high quality. From 99.95% availability of corporate applications to an undeniable level of security. You can roll out your infrastructure in a single declaration template. Moreover, it is flexible for all stages and environments including testing, intermediate, and operational.
Azure Terraform vs ARM Templates: Advantages
Since Terraform is a relatively recent tool, let's look if it has to offer something more than the usual ARM templates.
As we've already mentioned, one of the main advantages of Terraform is its language uniformity, allowing it to work with Azure, AWS, GCE, OpenStack, and local deployments on a single hardware.
You can apply a cloud server deployment scenario to one and add a DNS record to another cloud service provider. Changing your cloud provider will not be a problem if you learn the HCL language. This is a definite advantage for developers who have implemented AWS, GCP, and Azure in their work environment.
The powerful HCL interpolation syntax allows referencing variables, attributes, and so on. In combination with the IDE plugin, this will greatly enhance your programming process. Used in conjunction, these provide:
- Uniform infrastructure;
- Not procedural, but a declarative code;
- User-friendly architecture for new clients.
ARM Templates uses JSON, which is more difficult for reading and does not support comments. You can put the variables in a separate document and refer to them in the main configuration file. However, ARM's notation is quite powerful — it supports conditional expressions, nested templates, etc.
Terraform mainly focuses on deploying the cloud platform from scratch. The task of placing software boxes is solved by third-party utilities. Parameters are written into declaration files which can be modified like any other code. On the other hand, Terraform doesn't distinguish between parameters and variables, which can be a pain in some cases.
Terraform ARM template example
Image source: medium.com
With an ARM, the server gets a unique configuration and update history. This causes "configuration drift" and potential vulnerability. Whereas with Terraform, modification of the component leads to the emergence of a separate state through removal and building a new configuration of the system. Updating is swift and error-free. Reversing to the previous configuration is as simple as selecting a new one from the list, pretty straightforward.
Unlimited library of templates, built-in utilities that allow you to write complex, yet easy-to-read code, provide certain advantages to both experienced and new clients. The use of procedural code requires remembering system events. Whereas in Terraform, it is enough to specify to the utility what changes are required, which makes it possible to manage a compact and simple library with little effort. On the other hand, Terraform does not distinguish between parameters and variables, as ARM Templates can.
Using an API provider, Terraform creates an infrastructure that eliminates unnecessary security checks, allocating resources to agent programs, and a separate server for configuration management. In other words, it provides unlimited freedom in selecting configurations without requiring the creation of detailed procedural instructions.
In Terraform, you can launch and disable resources at any time using the Terraform Destroy feature. In the ARM Template, the only way to do this is to delete the entire resource structure, which is not very handy. Terraform can store metadata regarding the deployment. Furthermore, it can store information about things that are not part of the applications being deployed, which provides more features.
Terraform provides different ways to share the state between users working in the same environment (remote state) and having different work areas. You can also verify the current state to ensure that it is appropriate for the ongoing deployment operation.
With Terraform, you need to wait for a provider to update before you can use a new feature. However, you can still try out the new function by simply deploying a suitable Terraform ARM template example.
Image source: adinermie.com
One of the most important aspects to look for when comparing the two is the abilities for resource management they provide.
Terraform vs Azure Resource Manager
Terraform allows you to create elements that are not available in ARM templates such as resource groups, for example. In ARM, a resource group can be created through a command for running a template, and not as a part of one of the templates. In addition, Terraform can create storage containers, queues, tables, and file shares, which is not possible in an ARM template.
When comparing the Azure Resource Manager templates vs Terraform ones, it is worth noting that in ARM the deployment is done automatically without user interference. When deployed, Terraform creates a state file — terraform.tfstate, which is used to store the state of the infrastructure separately from the infrastructure itself. This way, you can manage a separate file rather than making changes to the entire infrastructure.
Status files can be used by others as input data, including the ability to deploy applications over existing infrastructure. The ARM Template version of Terraform Plan allows you to check the status file and determine what changes need to be made to the template without making an actual alteration, which is time and effort efficient. You can specify the "-out" parameter with the "plan" command to output it to a file, and then pass it to the "Terraform Apply" command.
Image source: samcogan.com
Objects of Terraform configuration allow you to collect data from the outside. For example, Azure can use information sources on existing resources, such as DNS zones, RBAC roles, disk images, etc. There are similar data sources for AWS and other clouds as well. There are also some of the more common sources available that allow extracting data from a file or zip archive, along with service providers such as Git, Data Dog, New Relic, and so on.
If none of these built-in resources meet your requirements — no problem, you can use an external source that finds and reads a special script, even if the data is returned as JSON.
Modules provided by Terraform allow you to create code that can be used multiple times over. In fact, it is a packed set of patterns that can be extracted from the main template. When you run Terraform, the additional command "Terraform Get" will extract ready to use modules from the repository. This makes it easier to reuse the established code content.
The modularity of Terraform feels natural to use. You can split ARM templates into separate units, import templates from files, URLs, etc., but you cannot have an attached template only locally. It has to be stored somewhere, like in the account’s storage.
Terraform Azure ARM template deployment checkout
Both tools provide different syntax checking mechanisms. In ARM, you can use the command "az group deployment validate". Terraform provides cloud-based validation with a planning phase that updates the status of the actual configuration and calculates the difference between the current and the target configurations.
Using the IntelliJ plugin simplifies infrastructure coding. Your IDE knows all parameters of the resource being edited, offers other modules, HCL variables, and local variables in code. The ARM module for IntelliJ is unstable. Usually, you have to use Visual Studio Code as an IDE and additionally install ARM Tools.
Drawbacks of Terraform
Resources in Terraform are created by Hashicorp, so there is a possibility of delay in the appearance of available resources. For example, there is currently no resource to create an Azure recovery service repository or application service certificate. At a lower level, there is an ARM template that creates some PaaS resources such as a web-application, SQL, etc. An ARM template configures the resources to send their diagnostic data to Log Analytics. There is no functionality for this in Terraform when used with Azure.
There is a way around it though — Terraform can simply deploy an ARM template, but it is not the best solution. Firstly, you write JSON ARM syntax inside the HCL resource, and secondly, share the same configuration between the two methods, which can be inconvenient.
The status file has to be stored somewhere. You can use the " Terraform Refresh" command to update it or fix it in case of external interference, but you cannot fully restore the state file. In addition, the state is tied to your environment, so every time you want to deploy a different infrastructure instance, you will need to manage a different state file. With ARM templates, there is no such problem.
A status file writes a lot of deployment data as plain text, including variables, resource information, accounts, etc. If these elements are confidential, this can be a problem.
With ARM templates, you can save the settings in a configurations file and pass them to the deployment team. To use a different set of parameters, you can just send a different file. Terraform does not provide this kind of flexibility in its environment.
Benefits of Azure Resource Manager
Now, let's look at the benefits of using ARM. There are two major ones:
Easy access to keys storage
In our comparison Azure ARM Templates vs Terraform, the first one has a useful feature that allows you to directly reference the Azure Keyvault when working with keys. The deployment account has access to the repository, so it extracts and uses the classified data from the special associated service. Terraform doesn't have such an option yet.
Azure online-portal support
Since ARM templates are a proprietary Azure IaC tool, it provides solid user support in case you experience any problems in the working process. You can use the Azure portal to track deployment progress, view all previous activities, check bugs, etc. And again, there is no such service for Terraform yet.
Of course, when comparing and deciding between Azure Resource Manager vs Terraform, you should consider your own specific demands. To deploy applications in your own created environment, using a unified coding language in multiple clouds can be extremely convenient.
However, this is a rather specific solution which may not be suitable for some scenarios. If you happen to work with multiple clouds, be sure to look up Terraform.
By the way, Microsoft management states that it can be used along with Azure. Namely, Dinarys has a history of such cases and they turned out to be successful. If you are looking for expert’s help don’t hesitate to reach out.
Want to read more
Get fresh articles, news and case studies to your email firstly