This document compares Bicep and Terraform for infrastructure as code on Azure. It provides an overview of infrastructure as code, describes Terraform and its key principles like idempotency. Bicep is introduced as the native language for Azure Resource Manager templates that uses a simpler syntax than JSON. The document concludes that both tools can work with Azure but Bicep is tailored specifically for it while Terraform supports multi-cloud infrastructure management.

1. Bicep vs. Terraform
Infrastructure as Code on Azure
Azure Developer Community Day 2021
#azdevcom

2. whoami
• Philip Welz
• Senior Kubernetes & DevOps Engineer @ white duck
• Kubernetes Certified { A | AD | S }
• Kubernetes, GitOps & Azure
© white duck GmbH 2021
Email: Philip.Welz@whiteduck.de
Twitter: @philip_welz
LinkedIn: https://www.linkedin.com/in/philip-welz
Blog: https://philinthe.cloud

3. Agenda
• Infrastructure as Code
• IaC on Azure
• Terraform
• Bicep
• Conclusion
© white duck GmbH 2021

4. INFRASTRUCTURE AS CODE
© white duck GmbH 2021

5. Overview
• is the management of infrastructure with declarative
configuration files
• evolved to solve the problem of environment drift
• considered one of the key practices of DevOps and Agile
software development
© white duck GmbH 2021

6. Tools
• ARM templates
• Bicep
• Terraform
• Pulumi
© white duck GmbH 2021

7. Workflow
© white duck GmbH 2021

8. Key principles
• idempotency
• no matter how many times you run your IaC, you will end up
with the same end state
• immutability
• replacing infrastructure instead of change it doesn't
allow configuration drift
© white duck GmbH 2021

9. Desired state
© white duck GmbH 2021

10. Benefits
• speed
• everything in source control
• documentation
• consistency
• agility
• reusability
© white duck GmbH 2021

11. IAC ON AZURE
© white duck GmbH 2021

12. Azure Resource Manager
• short ARM
• provisioning engine built into Azure exposed as REST API
• authenticates and authorizes requests
• automatically orchestrates the deployment in the correct
order respecting dependencies
• ensures idempotency
© white duck GmbH 2021

13. Azure Resource Manager
© white duck GmbH 2021

14. © white duck GmbH 2021

15. Overview
• by Hashicorp
• first release = 28 July 2014
• 1.0.0 since 8 June 2021
• written in Go
• CLI and DSL (domain-specific language)
• HCL – Hashicorp Configuration Language
• Open Source but optional paid offers available
© white duck GmbH 2021

16. Key principles
• manage any infrastructure
• standardize your deployment workflow
• track your infrastructure
• community driven
© white duck GmbH 2021

17. Providers
• Azure RM provider
• Azure AD provider
• Azure Stack provider
• Azure DevOps provider
• GitHub provider
• Kubernetes, Helm provider
• Random, template, …
© white duck GmbH 2021

18. Terraform workflow
© white duck GmbH 2021

19. State
• necessary requirement for Terraform to function
• records information about what infrastructure it created
• can contain sensitive data
• stored locally or in a backend
• lock mechanism prevents concurrent execution
© white duck GmbH 2021

20. © white duck GmbH 2021

21. ARM Templates
• implement Infrastructure as Code on Azure
• are JavaScript Object Notation (JSON) files
• uses declarative syntax
• specify the resources and the properties for those resources
• deploy the template(s) through one command
© white duck GmbH 2021

22. Bicep overview
• first release = Fall ’20
• native support by
• Azure CLI since 2.20
• PowerShell AZ module (v5.6.0+)
• written in .NET
• DSL (domain-specific language)
• Open Source
© white duck GmbH 2021

23. Key principles
• transparent abstraction over ARM template JSON
• much simpler syntax compared to equivalent ARM
template JSON
• modularity
• convert existing templates or resources from the portal
© white duck GmbH 2021

24. Syntax ARM template
© white duck GmbH 2021

25. Syntax Bicep
© white duck GmbH 2021

26. Focus
• support for all resource types and API versions
• no state or state files to manage
• pre-flight validation
• tooling
• support
• non-goals
• one language to rule them all
• general purpose language to meet any need
© white duck GmbH 2021

27. Workflow
© white duck GmbH 2021

28. Deployment scopes
• Resource group (most common)
• Subscription
• Management group
• Tenant
© white duck GmbH 2021

29. Deployment modes
• incremental
• leaves unchanged resources that exist in the resource group
but aren't specified in the template
• complete
• deletes resources that exist in the resource group but aren't
specified in the template
© white duck GmbH 2021

30. CONCLUSION
© white duck GmbH 2021

31. Real talk - Terraform
• no deployments scopes
• well adopted but feature implementation can take some time
• not Azure-only focused
• can speak with Azure AD
• can do more, but sometimes it shouldn't
• pitfalls
© white duck GmbH 2021

32. Real talk - Bicep
• zero-day support for all Azure resource types & API versions
• first class VSCode integration (IntelliSense)
• less complex due to no state
• convert existing templates and or resources
• API ensures always backwards compatibility
• pitfalls
© white duck GmbH 2021

33. Final verdicts
• IaC != state
• use the tool that suits your needs
• if you are happy with your tooling, stick with it
• no matter what tool you are using, automate your
deployments and execute them regularly
• stay up to date
• use static analysis to enforce cloud governance
© white duck GmbH 2021

34. Links
• https://aka.ms/learnbicep
• https://bicepdemo.z22.web.core.windows.net
• https://docs.microsoft.com/en-gb/azure/azure-resource-
manager/bicep/compare-template-syntax
• https://www.marcusfelling.com/blog/2021/reasons-to-use-
bicep-over-terraform/
• https://www.thorsten-hans.com/bicep-and-terraform-
compared/
© white duck GmbH 2021

35. Questions?
• Slides
• https://www.slideshare.net/PhilipWelz
© white duck GmbH 2021
Email: Philip.Welz@whiteduck.de
Twitter: @philip_welz
LinkedIn: https://www.linkedin.com/in/philip-welz
Blog: https://philinthe.cloud