» Azure Provider

The Azure Provider can be used to configure infrastructure in Microsoft Azure using the Azure Resource Manager API's. Documentation regarding the Data Sources and Resources supported by the Azure Provider can be found in the navigation to the left.

Interested in the provider's latest features, or want to make sure you're up to date? Check out the changelog for version information and release notes.

» Authenticating to Azure

Terraform supports a number of different methods for authenticating to Azure:


We recommend using either a Service Principal or Managed Service Identity when running Terraform non-interactively (such as when running Terraform in a CI server) - and authenticating using the Azure CLI when running Terraform locally.

» Example Usage

# Configure the Azure Provider
provider "azurerm" {
  # whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
  version = "=1.24.0"
}

# Create a resource group
resource "azurerm_resource_group" "test" {
  name     = "production"
  location = "West US"
}

# Create a virtual network within the resource group
resource "azurerm_virtual_network" "test" {
  name                = "production-network"
  resource_group_name = "${azurerm_resource_group.test.name}"
  location            = "${azurerm_resource_group.test.location}"
  address_space       = ["10.0.0.0/16"]
}

» Features and Bug Requests

The Azure provider's bugs and feature requests can be found in the GitHub repo issues. Please avoid "me too" or "+1" comments. Instead, use a thumbs up reaction on enhancement requests. Provider maintainers will often prioritize work based on the number of thumbs on an issue.

Community input is appreciated on outstanding issues! We love to hear what use cases you have for new features, and want to provide the best possible experience for you using the Azure provider.

If you have a bug or feature request without an existing issue

The provider maintainers will often use the assignee field on an issue to mark who is working on it.

  • An issue assigned to an individual maintainer indicates that maintainer is working on the issue

  • If you're interested in working on an issue please leave a comment in that issue


If you have configuration questions, or general questions about using the provider, try checking out:

» Argument Reference

The following arguments are supported:

  • client_id - (Optional) The Client ID which should be used. This can also be sourced from the ARM_CLIENT_ID Environment Variable.

  • environment - (Optional) The Cloud Environment which should be used. Possible values are public, usgovernment, german and china. Defaults to public. This can also be sourced from the ARM_ENVIRONMENT environment variable.

  • subscription_id - (Optional) The Subscription ID which should be used. This can also be sourced from the ARM_SUBSCRIPTION_ID Environment Variable.

  • tenant_id - (Optional) The Tenant ID which should be used. This can also be sourced from the ARM_TENANT_ID Environment Variable.


When authenticating as a Service Principal using a Client Certificate, the following fields can be set:

  • client_certificate_password - (Optional) The password associated with the Client Certificate. This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD Environment Variable.

  • client_certificate_path - (Optional) The path to the Client Certificate associated with the Service Principal which should be used. This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH Environment Variable.

More information on how to configure a Service Principal using a Client Certificate can be found in this guide.


When authenticating as a Service Principal using a Client Secret, the following fields can be set:

  • client_secret - (Optional) The Client Secret which should be used. This can also be sourced from the ARM_CLIENT_SECRET Environment Variable.

More information on how to configure a Service Principal using a Client Secret can be found in this guide.


When authenticating using Managed Service Identity, the following fields can be set:

  • msi_endpoint - (Optional) The path to a custom endpoint for Managed Service Identity - in most circumstances this should be detected automatically. This can also be sourced from the ARM_MSI_ENDPOINT Environment Variable.

  • use_msi - (Optional) Should Managed Service Identity be used for Authentication? This can also be sourced from the ARM_USE_MSI Environment Variable. Defaults to false.

More information on how to configure a Service Principal using Managed Service Identity can be found in this guide.


For some advanced scenarios, such as where more granular permissions are necessary - the following properties can be set:

  • partner_id - (Optional) A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution. This can also be sourced from the ARM_PARTNER_ID Environment Variable.

  • skip_credentials_validation - (Optional) Should the AzureRM Provider skip verifying the credentials being used are valid? This can also be sourced from the ARM_SKIP_CREDENTIALS_VALIDATION Environment Variable. Defaults to false.

  • skip_provider_registration - (Optional) Should the AzureRM Provider skip registering any required Resource Providers? This can also be sourced from the ARM_SKIP_PROVIDER_REGISTRATION Environment Variable. Defaults to false.

It's also possible to use multiple Provider blocks within a single Terraform configuration, for example to work with resources across multiple Subscriptions - more information can be found in the documentation for Providers.