Microsoft Azure Provider

The Microsoft Azure provider is used to interact with the many resources supported by Azure, via the ARM API. This supercedes the legacy Azure provider, which interacts with Azure using the Service Management API. The provider needs to be configured with the credentials needed to generate OAuth tokens for the ARM API.

Use the navigation to the left to read about the available resources.

Example Usage

# Configure the Microsoft Azure Provider
provider "azurerm" {
  subscription_id = "..."
  client_id       = "..."
  client_secret   = "..."
  tenant_id       = "..."

# Create a resource group
resource "azurerm_resource_group" "production" {
    name     = "production"
    location = "West US"

# Create a virtual network in the web_servers resource group
resource "azurerm_virtual_network" "network" {
  name                = "productionNetwork"
  address_space       = [""]
  location            = "West US"
  resource_group_name = "${azurerm_resource_group.production.name}"

  subnet {
    name           = "subnet1"
    address_prefix = ""

  subnet {
    name           = "subnet2"
    address_prefix = ""

  subnet {
    name           = "subnet3"
    address_prefix = ""

Argument Reference

The following arguments are supported:

Creating Credentials

Azure requires that an application is added to Azure Active Directory to generate the client_id, client_secret, and tenant_id needed by Terraform (subscription_id can be recovered from your Azure account details).

There are two high-level tasks to complete. The first is to create an App Registration with Azure Active Directory. You can do this in either the New ARM portal (http://portal.azure.com) or the older ‘Classic’ portal (http://manage.windowsazure.com).

The second task is to grant permissions for the Application Registration in your Subscription.

To create the App Registration using the New ARM portal:

To create the App Reigstration using the ‘Classic’ portal:

To grant permissions to the App Registration to your subscription, you now must to use to the ‘ARM’ Portal:

Microsoft have a more complete guide in the Azure documentation: Create Active Directory application and service principle


Credentials must be provided via the ARM_SUBSCRIPTION_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET and ARM_TENANT_ID environment variables in order to run acceptance tests.

See the source of this document at Terraform.io