Terraform

Over the last 5 years, I have been deeply hands-on with Terraform, not only as a Hashicorp Certified Terraform Professional , but also as someone who has clocked more than 10,000+ lines of code, solved countless real-world issues, handled complex enterprise deployments, and reconciled numerous Terraform states across Azure environments.

My Terraform Journey

In my real-world exposure, Terraform has been both a friend and a challenge.

On one hand, it’s a fantastic tool — the ecosystem is massive, community is vibrant, help is everywhere, and features like terraform plan and terraform apply work seamlessly, showing exactly what is going to change before you commit.

It integrates beautifully into DevOps pipelines, supports modularization, and most importantly — brings repeatability and predictability into infrastructure provisioning.

But on the other hand — and this is important to understand — Terraform is not a cloud-native tool for Azure (or for any cloud provider, for that matter). It works through providers like azurerm, which act as middlemen to talk to Azure APIs.

And this is where the state management comes into picture.

The Problem with Terraform State

Unlike ARM or Bicep which talk directly to Azure and reflect the true state of resources at any point of time, Terraform maintains its own idea of what the environment should look like — in a state file.

Anyone who has spent considerable time with Terraform knows this state can quickly become your pain point:

      • Drift between state and real-world Azure resources

      • State file corruption or inconsistency in team environments

      • Importing pre-existing resources into Terraform

      • State locking issues during concurrent usage

To address some of these, I have dedicated an article (linked below) specifically on Terraform State Import, which solves part of the problem by bringing unmanaged Azure resources into Terraform management.

Why I still like Terraform

Despite its state-related drawbacks, I remain a Terraform fan for most enterprise scenarios. Why?

✅ Huge ecosystem and community
✅ Very active provider (azurerm) updates
✅ Transparent plan and apply process
✅ Excellent DevOps and automation integration
✅ Multi-cloud support

In fact, outside of state management, it ticks all the boxes for being the most robust IaC tool for enterprise scale deployments.

The Shift Towards Cloud-Native IaC (like Azure Bicep)

However, in recent times, I have started to explore Azure Bicep more seriously — and I must say, it feels refreshingly simple. No state to manage, no provider needed. It interacts directly with Azure, and has deep integration with Azure Policy and Azure RBAC.

For greenfield Azure deployments, where managing state is an unnecessary overhead, Bicep certainly feels more natural.

Terraform Licensing and What Enterprises Should Do

Another important point to note — HashiCorp has recently made significant licensing changes (moving Terraform to a Business Source License – BSL).
While it does not impact individual or community users much, enterprises using Terraform extensively should take a closer look:

👉 Understand the licensing implications carefully
👉 Engage with legal and procurement teams to ensure compliance
👉 Evaluate alternatives like OpenTofu (community fork of Terraform), Azure Bicep, or native ARM/Bicep based IaC if licensing becomes an issue

For many Azure-only organizations, this might be the right time to start exploring a gradual shift to Azure-native IaC like Bicep, at least for new workloads and less complex scenarios.
This will also align better with Microsoft’s roadmap, cloud-native governance, and seamless integration with Azure tooling.

I have published some Terraform-related articles in this section, all written based on my real-world experience working with Terraform in enterprise environments.

Terraform Dynamic Block : What, Why and How (with Azure Use Cases)

Terraform Data Block Deep Dive — From Real World Experience

Terraform ignore_changes : A Life Saver When Azure Resources Drift

Terraform alias — Solving Multi-Subscription Deployment Challenges

Terraform Import Block — Deep Dive for Real-World Enterprise Scenarios

Automating Azure VM Password Management with Terraform and Key Vault

Terraform flatten: Tackling Complex Data Structures in Azure Deployments

How to Use Terraform null_resource for Real-World Automation Scenarios

Handling Sensitive Values in Terraform