Install and configure Terraform to provision Azure resources

Terraform provides an easy way to define, preview, and deploy cloud infrastructure by using a simple templating language. This article describes the necessary steps to use Terraform to provision resources in Azure.

To learn more about how to use Terraform with Azure, visit the Terraform Hub.

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

To start Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell. Example of Try It for Azure Cloud Shell
Go to, or select the Launch Cloud Shell button to open Cloud Shell in your browser. Launch Cloud Shell in a new window
Select the Cloud Shell button on the top-right menu bar in the Azure portal. Cloud Shell button in the Azure portal

To run the code in this article in Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block to copy the code.

  3. Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code.

Terraform is installed by default in the Cloud Shell. If you choose to install Terraform locally, complete the next step, otherwise continue to Set up Terraform access to Azure.

Install Terraform

To install Terraform, download the appropriate package for your operating system into a separate install directory. The download contains a single executable file, for which you should also define a global path. For instructions on how to set the path on Linux and Mac, go to this webpage. For instructions on how to set the path on Windows, go to this webpage.

Verify your path configuration with the terraform command. A list of available Terraform options is shown, as in the following example output:

azureuser@Azure:~$ terraform
Usage: terraform [--version] [--help] <command> [args]

Set up Terraform access to Azure

To enable Terraform to provision resources into Azure, create an Azure AD service principal. The service principal grants your Terraform scripts to provision resources in your Azure subscription.

If you have multiple Azure subscriptions, first query your account with az account list to get a list of subscription ID and tenant ID values:

az account list --query "[].{name:name, subscriptionId:id, tenantId:tenantId}"

To use a selected subscription, set the subscription for this session with az account set. Set the SUBSCRIPTION_ID environment variable to hold the value of the returned id field from the subscription you want to use:

az account set --subscription="${SUBSCRIPTION_ID}"

Now you can create a service principal for use with Terraform. Use az ad sp create-for-rbac, and set the scope to your subscription as follows:

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"

Your appId, password, sp_name, and tenant are returned. Make a note of the appId and password.

Configure Terraform environment variables

To configure Terraform to use your Azure AD service principal, set the following environment variables, which are then used by the Azure Terraform modules. You can also set the environment if working with an Azure cloud other than Azure public.


You can use the following sample shell script to set those variables:

echo "Setting environment variables for Terraform"
export ARM_SUBSCRIPTION_ID=your_subscription_id
export ARM_CLIENT_ID=your_appId
export ARM_CLIENT_SECRET=your_password
export ARM_TENANT_ID=your_tenant_id

# Not needed for public, required for usgovernment, german, china
export ARM_ENVIRONMENT=public

Run a sample script

Create a file in an empty directory and paste in the following script.

provider "azurerm" {
resource "azurerm_resource_group" "rg" {
        name = "testResourceGroup"
        location = "westus"

Save the file and then initialize the Terraform deployment. This step downloads the Azure modules required to create an Azure resource group.

terraform init

The output is similar to the following example:

* provider.azurerm: version = "~> 0.3"

Terraform has been successfully initialized!

You can preview the actions to be completed by the Terraform script with terraform plan. When ready to create the resource group, apply your Terraform plan as follows:

terraform apply

The output is similar to the following example:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + azurerm_resource_group.rg
      id:       <computed>
      location: "westus"
      name:     "testResourceGroup"
      tags.%:   <computed>

azurerm_resource_group.rg: Creating...
  location: "" => "westus"
  name:     "" => "testResourceGroup"
  tags.%:   "" => "<computed>"
azurerm_resource_group.rg: Creation complete after 1s

Next steps

In this article, you installed Terraform or used the Cloud Shell to configure Azure credentials and start creating resources in your Azure subscription. To create a more complete Terraform deployment in Azure, see the following article: