terraform azure

Posted on 4 January 2021, updated on 21 December 2023.

Today three major companies share the cloud market: AWS, GCP, and Azure. We are going to see a tutorial on how to terraform properly an Azure App Service using a Docker container. Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile backends.


  • Have an Azure account with the followings:
    • A resource group where resources will be declared (here we will use "MYRG" for example).
    • Azure Container Registry (ACR) - Azure solution to store docker images. (Here we will use "ACR01" for example). The application container image is pushed in the ACR01 with the name "myapp" and tag "latest".
    • Create a User (User_ACR_pull) in your Active Directory and assign it the AcrPull role for the Azure Container Registry "ARC01".
  • Have Terraform installed
  • Have Azure cli installed

Terraform an app service configuration


In the following section, I describe the Terraform configuration.


Set up the provider for Azure


Get user assign identity

Load your user "User_ACR_pull" in Terraform. These pieces of information will be used to give the correct right to your app service to pull images from the ACR.



Terraform documentation: azurerm_user_assigned_identity


App service plan

Before creating your app service you need first to create an app service plan. An App Service plan defines a set of computing resources for a web app to run. These compute resources are analogous to the server farm in conventional web hosting.



Terraform documentation: azurerm_app_service_plan


Warning: For high availability, Azure advises having at least 3 instances running (defined incapacity). In fact, azure can do maintenance and if you have only one instance this one can be done during the maintenance process.


Environment variables

In order to use an Azure Container Registry, you need to declare some environment variables to your app service:



This is here where you will have to declare all other environment variables required for your application.


App service

Once you have declared your app service plan and the environment variables, you can declare your app service:



Terraform documentation: azurerm_app_service


Staging slot

In order to use blue/green deployment to avoid downtime during the deployment of a new version of the code, you need to declare a staging slot. During a new code version deployment, the new version will be deployed first in the staging slot. Once the application is fully started on this slot, the application will be swapped with the one running on the production slot and all the traffic will go through the new version.



Terraform documentation: azurerm_app_service_slot


Monitoring - app insight

You can also add an app insight to improve the monitoring of your application:



Terraform documentation: azurerm_application_insights


In order to connect the app insight to your app, you need to your application you need to add these environment variables:



Warning: when you add a new environment variable to your application this one restarts. So you will have downtime. To avoid this downtime:


1. Add the new environment variable only in the staging slot.

2. Swap the staging slot for the production slot.

3. Put the new environment variable in the production slot.

Apply your configuration in Azure


Here is the command you have to pass in your terminal


Login to Azure



Init terraform



Apply your configuration files



Once applied, you can see the resources created in azure:

- App service plan: my_service_plan

- App service: my_app_service_container

- App insight: my_app_insight


You are now able to deploy from code, an highly available application in an Azure app service with the required monitoring for production use with the possibility of using blue/green deployment with the staging slot to avoid any downtime during your code deployment.