Unlocking the Latest Innovations in Terraform on Azure

[Music] thanks for coming see a lot of familiar faces here so I appreciate you coming to join us um so we're going to talk to you today about um terraform on Azure and all of the exciting new not all of a lot of the exciting new stuff we only have a half an hour so we had to uh get the most popular stuff but we what we want you to take away from today is

um the get the knowledge and the tools that you can use to actually really use terraform on Azure to its fully full extent um so we'll talk about a few different things to kind of highlight there we'll talk about terraform export and some of the cool new stuff that we're doing there we'll talk about co-pilot and I can feel a a common sigh when I say co-pilot but um hang on we'll talk about some good stuff there

um then we have aapi and we'll wrap up with some AVM stuff so AVM is the verified modules that we have and we'll kind of give a summary of that at the end um so I I am Mark gray if I step back I kind of raced into that but I'm Mark gray I'm a product manager on terraform so we work closely with Hashi Corp on uh all of the providers and essentially anything to do with terraform on Azure and I'm Stephen uh I've been working with Mark since I joined Microsoft on terraform man azure

and yeah the two of us are just committed to making the experience as good for all of you as possible and we're excited to share the stuff we got today all right so let's set the stage on what we're going to kind of walk you through here today using the different tools and technologies that we talked about there um so we're um we have an existing environment that uh you have in Azure and we want to get you from that to um a new environment that's based on that existing environment but you want to add some new features and

functionality or not new features and functionality you want to add some new services to that so you take that existing environment deploy a new environment based on that and add some additional uh services to that um so we'll talk about how you can do that with some of these tools um and in a really efficient way so I will let Steph start out with the terraform export stuff so thanks Mark uh terraform export has existed for a couple years now and originally the whole point of it if you

don't mind clicking from me um was that we had a bunch of customers who talked to us and they said hey uh we have a bunch of stuff in Azure and it all has existed here for a while now and we need to figure out how to move that uh into terraform and there was a big question around that like how do you sort of do that with state with all these different HCL code things so what we ended up doing was we created a tool and what it essentially did was it was able to reproduce the exact same infrastructure

or rather um managed to take all of the existing resources and get them into terraform HCL code with a state file attached if you wanted it and that was Azure export for terraform and we announced that um a little while back uh there's a GitHub that I think is on here uh if we click uh maybe not but the whole point of it is that um we wanted to go ahead and help everybody with that but the number one thing that we heard

when we talked to people was they were like hey can I do this in the portal every person we talk to and we didn't even bring it up ourselves we were just like hey there's this cool thing what would you like to see more of and they're like hey can we get it in the portal and I have talked with Mark about this for a while now and we're really excited to talk about the Azure portal experience for expert for terraform so Azure portal export it sounds exactly uh like what it is it's coming out soon but I'm going to run a quick demo to show

you what this experience is going to look like so let's see here over here we have a resource Group this same one that we just talked about with setting the stage and all that we need to do is go ahead and um come over here go down and there is for some of you who are familiar with uh the arm template export experience it's the exact same tab right here or blade the export template and now it's

not just arm template you'll see that there's a bicep one coming out as well as a terraform one so I'm going to go ahead and hit terraform and in the span of seconds at least when we did it before we do it live uh there it is um we have our configuration all here and what I can do is um what we've purposefully done is we've actually exposed all the different configurable properties here so this is not going to be the best code to copy and paste in immediately terraform plan with but with

some massaging and modifying of the code you're going to end up with a pretty solid uh template overall and you can modularize that you can uh go ahead and start using it with terraform as you need this is coming out very very soon um but for those of you who want to get some access to trying out that functionality uh in the interim we have a private preview uh that's coming out and that is oops I hit twice uh that is

going to be available to uh our community members so if you sign up for the community we're going to have a QR code at the end of this session uh we're going to send out some instructions and help you get some access to it um the portal experience itself is still in final testing stages uh but we actually have CLI and Powershell command lits so for those of you who love your scripts uh go ahead and play with that and see what you can do with it uh we think you'll really like it so all right with

all that I'll turn it back over to Mark who is going to talk about coop pilot all right um so as Steven walked through here we have a new environment we have uh a virtual Network and a postgress SQL and some other networking stuff um that were directly exported from existing code um that existing code as you can imagine could have been deployed with arm templates it could have been deployed through the portal um it really doesn't matter how that was deployed um using the portal now you can just export

that terraform code stick it into Visual Studio code and be on your way um so with that existing infrastructure we want to add um a way to host containers and expose them to the internet um and in this particular scenario we'll talk about a few different scenarios but in this particular scenario you can assume that you're not super familiar with um the options that you have in Azure to deploy um uh container based applications um so we will kind of walk

through that demo there as well um so where is co-pilot when we talk about co-pilot um and you all sigh again um I want to give you kind of some some highlights on um what co-pilot will offer you or what it does offer you now um and there is GitHub co-pilot in Visual Studio code a lot of you may have used that and kind of thrown your hands up and said this doesn't work for

terraform um because it uses the large language models directly um and the large language models are not trained specifically for terraform um so what we've done in the portal is actually have uh what's essentially a rag model that we use to enhance the large language model so when you ask a question we have specific examples that we use to augment um so you get much higher quality responses um so you're not relying on some generic training of

the model we are doing this specifically to give you high quality answers for terraform um so that gives you um kind of confidence in the answers obviously it is large language model in generative AI so um it's not going to give you the exact same answers every time um but we do augment it so we give you some good answers there um it is based on Azure RM um so we'll talk about aapi later um but the the the co-pilot right now gives you answers for aurm and it is azure

specific so you can't go in there and ask it how to deploy a something else in another cloud or anything like that so um and um some of the scenarios that we have so just to to show you um most of you should have access to this it is access to or available to everybody there are some organizations that prevent having access to co-pilot um but it's just if you go to the portal the main portal any page on the portal you can go up to co-pilot and select

co-pilot and then just ask it um give me a terraform configuration for blah you can be as as specific as you want or as generic as you want um and it'll help you generate that configuration um some of the scenarios that we see customers wanting to use this for or this being valuable for them in is if you're new to Azure um so you're a an architect or something like that and you're very familiar with the infrastructure out there but you're kind of new to Azure and you want to get some help with generating some uh some

configurations and and those types of things you can actually use co-pilot to not only explain some of the Azure Concepts to you but then once you get an understanding of those Concepts you can say all right great show me how to do this in terraform and we'll generate the configuration for you there um another scenario is um if you're new to terraform um so you are uh familiar with Azure you've worked with Azure for a long time maybe you've been deploying with a port

and you want to take that next step and actually um convert to code um you can actually be much more specific so you don't have to have co-pilot explain the Azure Concepts to you you just want terraform code from that so you can um use your expertise that you have in Azure and just say give me the terraform code for this and it'll do all the translation on what the properties are from the Azure M provider and all of that for you um the last scenario which we're going to be actually using in our example is um um if you are familiar

with both Azure and terraform um Terra or Azure changes on a frequent basis if you have not figured that out there new services and features that are added on a regular basis um and getting up to speed on those and understanding how to code those in terraform is something that you'll do on a regular basis um so in this scenario you actually can have um Tera or a co-pilot tell you how to actually code that in terraform without having to walk through the portals so we have a lot of

customers that have explained to us that their process for new services and features that come out is they go to the portal they go to through the create experience in the portal they look at the arm template and say okay this is the code I need here now how do I turn that into terraform um and the co-pilot will help hopefully prevent you from having to do that you can actually just go ask the co-pilot there's this new service thing here how do I do that in terraform um so let's actually jump into uh and a demo here real quickly um and

I'll show you that experience all right so over here back in the environment um first of all we have a configuration here um that's already been set up so the code that step exported here um we have already um shown here we have some provider information so you have your configuration there and you want to actually add that new service to that um

so if you go back to the portal here and say um co-pilot you can ask questions like um what options um you can ask what options you have to deploy a container based app in Azure um and this will actually use the

documentation Handler so it'll go to all of the documentation in Azure and figure out what some options are are there for you so you can kind of get that information of um how do I actually do this in Azure um and you can get a bunch of different options there you can look through those options and figure out okay based on this explanation this is the container based approach that I want to take um and then you can go from there and say um you could ask it for some recommendations on that and it could give you some recommendations but

I am going to go with the choice of a container or a container app and ask Azure how to actually configure that um using terraform so you can see here that in the question as long as I mentioned terraform it's going to get routed to our Handler um and be able to give you that configuration um so if I hit return there um it will go um get routed so you can see the generating terer configuration that gives you the information that it's actually routed to

our Handler and actually giving you um a good solid response there um and it will generate that configuration and give you a summary at the end of that so if we look at the response here you'll be able to see that um it gives you a code snippet here um that you can copy um and uh gives you a summary of what is in that configuration so you can get an understanding of this is really what you want um so from there if you copy that

configuration if that copied it can actually come back over to your code and just drop that code in here um and what you will notice here um which is not the case uh a lot of times when you're using the GitHub co-pilot um is I dropped the code in there and you're not seeing any red squigglies um meaning that the code is invalid we've actually um used that

rag approach to give you some good um working code here and you can use that as a good starting point you can also see that we don't just dump generic examples in we give you some variables and things like that that you can actually grab this and and add your own uh tweaks to it and stuff so it's some some much more uh sophisticated code if you will not super sophisticated but more sophisticated than you get out of the generic large language models so you can use use that um and then continue

building your configuration from there um and and be much more well on your way um so from there I want to talk about um some of the things that we have coming soon um so this is a a pretty um simple example if you will um one of the primary things that we're focused on is quality we want to make sure that you can depend on those responses that we give you but there are a number of other things that we focus on as well so from

a quality perspective um we are um always looking at the latest large language models to see if they help out with our responses um so we'll be continually um uh updating to those if we need to if it helps out um we are working on our our rag approach and other approaches to increase the uh chances of answering your questions accurately um and we're also looking at doing validation so right now the process that we take is we ask Rag and

we uh or we go through the rag process um send some examples to the llm with your question and get a response back and return that to you um one of the things we're looking at doing is adding the terraform validate step to that um we had prototyped that early on um and we saw some serious delays like it was taking a long time to kind of get to a good answer but we're working on optimizing that so essentially you will um not only have a good chance you will know that whatever the answers are that

come out of there are valid terraform syntax and you can go from there um in addition to that we're working on um expanding the scope so right now like I mentioned we have support for asrm we want to expand that to support aapi we actually have that in a prototype now as well so that should be out really soon um and we also want to support modules um so we have Azure verified modules that we'll talk about at the end um we want to add support for that as well um

and from a better context perspective a lot of the feedback that we've got from customers is that's great that you can give me these uh code samples but we want it to be based on our practices and our processes and stuff like that so we're looking into if there are ways that we can utilize your configuration um so if you have a project that has a bunch of um naming syntaxes and stuff like that in there can we use that um when we provide your ANW so you don't have to go through and say well that's

great that you gave me this name FU I want it to kind of align with my company practices um and potentially use your um your deployed infrastructure as well um and the last thing um that customers have told us is this is great it's in the portal but um I don't spend a lot of time in the portal I spend time in vs code and my experience um so we're working on adding the experience to VSS code as well um and um giving a a better experience

when you're in the portal you saw the sidebar in there you can't really see the code very well in that sidebar so we're looking at can we expose a full screen experience so you can actually see the code in there it's highlighted and all of that so you can actually do some iteration in that portal and then kind of copy it the vs code from there um all right so as we um kind of finish up the GI up or the co-pilot stuff I want to show you a a quick demo that we've done of the

prototype for vs code integration here so that extension in vs code to generate a terraform template for creating an open aai deployment after receiving the generated template we proceed with a terraform plan to draft the deployment however as you can see it throws an invalid resource type error this indicates that the native chat extension has encountered hallucination issues next we ask the same question to the Azure

terraform chat participant unlike the native solution this participant uses a better tuned prompt it employs RG and validation loop back to minimize hallucinations when we reun terraform plan on the newly generated template you can see there are no errors and the template is valid with just one click from the chat window user can insert the generated template into the Open File by leveraging the Azure terraform chat participant users can significantly improve the

accuracy and efficiency when writing their terraform deployments try it out today and experience the difference all right um so hopefully that gives you some stuff to look forward to um with co-pilot and you'll find that helpful as we as we release this stuff so um next I will hand it back to Stephen um to continue on with uh aapi thanks Mark let's talk about the aapi provider uh this is a provider that

we've really spun out initially to kind of help with a lot of your day Zero Services there was stuff that you waiting for support for in Azure RM and aapi was sort of marketed initially as a stop Gap or a gap filler uh that messaging uh today we kind of want to talk about some of the changes we've made to it uh but we also want to talk about some of the new features that are coming out so 2.0 uh is here uh it's coming out this week and we want to talk

about some of the different things that are bringed uh with 2.0 to the table um obviously we've done everything here with the old infrastructure uh setting up that container app using co-pilot and now we're just adding in a container registry uh we've just gone down the decision tree and we think that aapi will be good uh for that and that is because we want to stay up todate on the latest features which is one of the things that we think this provider is fantastic at doing so what's new with

2.0 uh there's a lot of things but just to cover a few first of all no more Json um arm templates is so 2015 or whatever it was um we have Json be gone so beginning to end there's no more Json uh inputs outputs properties any of that stuff it's HCL from the beginning it's HCL to the end which means you also get all the HCL benefits that you're looking for uh you get some more Clarity with outputs now so there

are uh different ways to essentially configure an export of your values you can choose to basically get a path to an output value or you can just get the specific value of that output on its own uh we actually have a little example here that kind of highlights that you can now use this little export uh with these square brackets and that actually will be a list it'll give you essentially the uh export result results uh all listed out as a full um list of

properties rather than just the individual value of something in that path now moving on here we have a retry block now so When You're Expecting those errors to occur because of you know the resource creation might take a bit or otherwise you can actually Define this user configurable uh retriable error system um link it up with your timeouts and you can essentially just keep retrying to wait for that resource to be

created and this will help you uh just avoid a lot of those annoying errors uh that can now be digested by continuing to retry we've added support for pre-flight uh pre-flight is a great validation that helps you fail fast so if you have a large configuration and it happens that your 58th resource is this v-net here with a address prefix and while you eating your uh food over the computer comp like an unhygienic developer you your hand slipped you hit

a zero well the good thing is that you are going to end up failing fast because the address prefix will immediately be validated by pre-flight it'll come back and say hey that's not going to fly and you don't have to sit there for 45 minutes for something to go ahead and return an error resource Discovery is now um something that we have we have the opport uh the ability to essentially use uh the data source called aapi resource list and what it can do is it can list

anything under what is considered like a parent uh so it can be a subscription it can be a resource Group it can even be all the subnets under a virtual Network so uh that's very great at essentially scoping and figuring out stuff if you want to figure out what the heck is in your environment you can use this functionality uh to get yourself set up for success and with provider functions coming out aapi has support uh for that uh we have a few different ways that that works with resource IDs so this is

just a little idea of how you can do it by essentially constructing a resource ID uh there's a lot of Handy ways that you can kind of manipulate these resource IDs whether it's uh constructing them or splitting them up or creating subscription or management or tenant group IDs as well and then we have our vs code extension uh and we have put in a lot of effort to improving this extension and if you haven't yet uh hopefully by the end of this demo you realize that the vs code extension is a

great tool that you should totally use um if you go ahead and ever take any of those resource jsons that you guys will see on the portal uh or you just take an existing arm template you can actually with the upcoming release of the VSS code extension get a paste as a API just on the spot like that so you don't have to Fini with anything you just control V or command V depending on which uh device you think is superior and you go ahead run away with that and then uh we also

built in some migration support so we have an upcoming release of V2 of what was formerly a tool called aapi to Azure M which I think you probably know what that tool did uh but now it supports also going from Azure RM to aapi so we've renamed it because that name is no longer accurate and we've called it Azure terraform migrate uh and that tool is actually going to be embedded into your vs code so you can highlight a

resource uh and then it'll give you a little popup and use that popup and essentially migrate within your vs code that's a lot of stuff I just covered let's see what aapi looks like in action so I'm going to go ahead go back here we've got our co-pilot all spun up we've got all this stuff uh now we're going to go and we're going to try to configure a container registry uh so I have conveniently how'd that happen uh little registry. TF resource um so I

want to go ahead and create an aapi resource and we're just going to call it demo and what I can do here is uh that didn't work if I actually go and uh hit control space on this uh they will actually load a code sample which of course does not show up when I want it to uh but normally when things uh when the demo gods are with us uh it will actually load a code sample and if you just hit enter it'll go ahead and uh put

all that out it's fine we'll do it the hard way if you want to be like that um we can go and do microsoft. container registry for those of you who haven't used aapi before uh it is for anyone who's used bicep very similar to the type uh experience there so you can go ahead and create uh registry and then you can essentially point at a provider or sorry an API version uh there are a couple preview apis I like stable API so I'm going to go with a stable one but uh

you can use whatever you prefer and then the nice thing about aapi is that uh everything is very much under this generic resource so naming is very consistent uh if I want to go ahead and name this however the heck I want um that is going to be uh sorry if I want to go ahead and configure a resource the properties are going to be consistent each time through and through so now all I need to do is go and hit body equals and now you decide to work um so we can actually hit

this and our required properties will show up which according to the scheme of validation is just the skew um that doesn't look pretty but uh all we need to do then is specify the skew in theory and then we can um my GI up co-pilot is helping me out here as well as my vs code extension and we have this uh container registry now if the code sample were to work what you would see is um actually think I have a slide so I'll show in a second basically the generated code uh will have all the

default properties that would make sense to configure and you can go ahead and work your way through that another thing that I want to highlight is that we actually have uh for imperative commands uh you can use the um aapi resource action we support both a resource and a data source so if you use aapi resource action here and you do a quick little demo you can actually uh I can barely see what's going on there uh you can

actually create for yourself here a build task so I could go hey uh I'm going to create this build task um Registries I Hing that Y and I can go and create a build task um cause it or tell it to run and then basically the way that it will work is when I do a terraform apply it'll finish applying the pre-existing resource uh which I will um just quickly show you will be

pointed at I'm skipping the API version just for time sake um you just point the resource ID like this and then your method would be a uh or sorry your you would just run this and then it would essentially just start the build task for you uh when you do terraform apply since you have the implicit dependency it'll just wait for the container registry to finish building and then you will be well on your way uh yeah so this is what it would look like after you use the code sample and you kind of just filter things down

uh and then you have your action is build and your method is post always have a backup in case your demo gods are not with you uh let's talk about the guidance to these providers so we have Azure RM now and we have aapi um what is the sort of recommendations around that well I think that from both uh a Microsoft and hash perspective we think that both of these providers are first class we think that we work closely in Partnership uh we think that both can

provide and meet your infrastructure needs in different ways Azure RM has and will continue to um meet your uh needs in terms of a stable and simple experience the developer teams work hard on the implementation of the provider to make sure that it is just a really simplified and straightforward experience for you uh they handle versioning for you so if you're not into trying to figure all of that out uh there is a lot of Simplicity to be had and a lot of ease here as well as just the years of uh documentation and

versions and resource specific uh docs as well as the examples um aapi on the other hand really gets you that Cutting Edge access and it gets you the ability to specify resource version rather than needing to upgrade the entire provider you can actually just upgrade the resource API version itself and quickly switch your container registry to the latest version or a preview version if you so desire uh the find grain control from the resource listing to the resource action uh we didn't even talk

about update resource which can kind of just make a quick patch if you will on an existing resource there's so many things that this provider does and we continue to get surprised by what the community pulls out using this provider on us so it is really cool um just seeing all the different fine grain things that are there and then of course we have this vs code extension which has the resource specific code samples uh to get you started I promise it's going to work on your device it'll just not work on this one when I'm live so when are we going to finally be able

to use all that uh we are planning to release all of this the new Azure migration tool the new aepi provider and the new vs code extension this week we're doing some final uh quality checks on that and we're going to go ahead and ship that to you so please stay tuned and um keep an eye out for that so with that I'll hand it back to mark all right um don't want to keep you all from lunch so I will zip through this last part real quickly here we do want to make

sure that you um are aware of azure verified modules um so it's a program that we have um within Microsoft where we develop modules that um incorporate Microsoft best practices into them um we have like security and and all of that kind of stuff so um there are two types of modules there are resource modules and pattern modules um you're probably familiar with that concept we um include that in here we have about 80 modules

currently there that cover a whole slew of different scenarios and there are 90 more that are in uh the the backlog for that so it's a very active project um and you should go check it out so um if you go to aka. mavm you can get information on what modules are available um and all of the concepts and practices that we have there um so definitely go check that out um if you have any questions we have folks that are AVM experts in the booth so come

down and talk to us and they can answer any your questions around that as well um we hope you all learned a lot today and are are going to go out there and use terraform to really uh speed up your Azure deployments and and and all of that so and if you want to get uh more involved in terms of all of the different learnings so that top right C code that is the community if you scan that one that's how you're going to get uh invitation to the private preview of the portal experience uh we also have

regular monthly Community calls a slack Channel a ton of things that are going on there and maybe just maybe they learned about some of this stuff a little ahead of time so if you want inside Scoops uh definitely uh join the community sign up for a product group conversation with us we love getting to meet all of you and hear about your scenarios and uh talk to us at the booth like Mark said um yeah we appreciate your time we appreciate all of you for investing and working on tery man aure and hopefully we'll be able to see all

of you next year so thanks everyone [Music]