Hybrid or Not to Hybrid?

on

Terraform, BICEP , or ARM ???

on



Infrastructure as Code (IAC) allows us to define our deployable resources and infrastructure using code and software development techniques.  IAC gives us the ability to routinely deploy consistent and repeatable infrastructures.  This article is specific to deploying to a  Microsoft Azure landing zone and will focus on BICEP, ARM, and Terraform.   We will look at their similarities, differences and finally which one I lean on for my work.
 
ARM Templates (Azure Resource Manager) templates are JSON-based files used for deploying and managing Azure resources.  ARM is very comprehensive in describing the Azure Resources that are being deployed.   We can easily take existing Azure infrastructure and generate ARM templates.   Many are already familiar with ARM as it is the foundation for creating Azure resources.

BICEP (Bicep Integrated Common Expression Language) was developed by Microsoft specifically for deploying to Microsoft Azure.  It is a high-level, non-procedural language (Declarative) and is a more readable language when compared to ARM.    We can easily take existing ARM templates and convert them into BICEP format because BICEP leverages the existing ARM infrastructure.   This ensures that BICEP can be used with any resource supported by ARM.  BICEP uses incremental deployments allowing only changes and updates based on existing resources deployed.

Terraform is a tool developed by HashiCorp and is open source, meaning that it can be used to deploy resources across many environments including AWS, Google, Azure, and even on premise resources.  Terraform is also a declarative language and is used to define the state of your environment.  Terraform only updates and creates the resources that differ from the desired state.  Terraform will store this state in you infrastructure.  Terraform is popular due to the support of many environments and very popular among those working in Hybrid environments or multi-cloud environments.. (previous post).

Terraform and BICEP are much more readable and easier to create then ARM.   The remainder of this article will focus on Terraform and BICEP.     I will use ARM in a pinch when working directly in the Azure Portal or need to export out existing infrastructure otherwise my choice is between BICEP and Terraform.

BICEP Pros
  • Easy Readable format.
  • No state files to maintain.   Terraform requires you to maintain state file .  Any corruption or deletion of the state file causes me great pains resyncing.
  • Based on ARM templates and able to use for all Azure Resources.  This is not the case for Terraform as it is built by 3rd party and requires time for implementation for all Azure or AWS resources.   I have many time used Terraform to call ARM templates.
  • BICEP can be used with Azure CLI
  • Easily transform ARM templates into BICEP.  There are 3rd party tools available to transform ARM into Terraform.
  • Can validate against Azure Portal and determine issues with deployment with items such as Azure Policies   
BICEP Cons
  • Domain specific language meaning it only supports Microsoft Azure.   If you are using AWS then you are not using BICEP.
  • Relatively new tool and examples may be hard to obtain.
  • Dependency on Azure Resource Manager.( ARM) and likely has same limitations of ARM.

Terraform Pros
  • Terraform's multi-platform support make it my primary go-to when working with AWS.   AWS has their own tool (Cloud Formation), but I will stick with what I know.
  • Large support for Terraform with many examples and sample repos to draw from
  • Reusable modules make it feel more like programming and allows for time saved because of the reuse.

Terraform Cons
  • I am not a fan of state and maintain state.  Terraform uses the state file to produce incremental updates.   I find myself going out of sync with the state file on a regular basis.
  • Terraform support multiple platforms, but the resources are different and have different options.  You are still writing Terraform specifically for the output environment.
  • HashiCorp is a 3rd party that must depend on providers to provide the specifics when new functionality is available.  Terraform may drag behind others (BICEP or Cloud Formation) in their support of the native resources.


Ultimately, the choice between BICEP and Terraform depends on your specific requirements and the cloud platforms you are working with. If you primarily work with Azure resources, BICEP provides a focused and streamlined approach. If you need multi-cloud support or work with different cloud providers, Terraform offers a broader scope and a more mature ecosystem.  My personal preference is Terraform, but that is only because this is what I know the best.  I enjoy working with BICEP and not having to worry about state and would like to get more experience with this tool.