Skip to main content
Terraform Basics
CHAPTER 10

Terraform with Azure and GCP

Updated: May 15, 2026
25 min read

# CHAPTER 10

Terraform with Azure and GCP

1. Introduction

While AWS holds the largest market share, Microsoft Azure and Google Cloud Platform (GCP) are critical players, especially in enterprise and data-analytics environments. One of Terraform's greatest selling points is that it is "Cloud Agnostic." This does *not* mean you can write code once and run it on any cloud; the resources and APIs are fundamentally different. However, it *does* mean you use the exact same HCL syntax, the exact same workflow (init, plan, apply), and the exact same state management principles regardless of the provider. In this chapter, we will explore the nuances of the azurerm and google providers, allowing you to orchestrate multi-cloud deployments.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Authenticate the Azure (azurerm) and Google Cloud (google) providers.
  • Understand the hierarchical differences between AWS, Azure, and GCP resources.
  • Provision a Virtual Machine in Microsoft Azure.
  • Provision a Compute Engine instance in Google Cloud.
  • Grasp the concept of Multi-Cloud provisioning within a single Terraform workspace.

3. Beginner-Friendly Explanation

Imagine renting a car from Hertz (AWS), Avis (Azure), or Enterprise (GCP).
  • The Workflow (Terraform): No matter which company you go to, the process is exactly the same. You show your ID, sign a contract, and get the keys. (This is terraform plan and terraform apply).
  • The Product (The Cloud): However, Hertz might give you a "Ford Focus," while Avis gives you a "Toyota Corolla." The steering wheel and buttons are in slightly different places.

You cannot use a Ford key to start a Toyota. In Terraform, you cannot use an awsinstance block to build a server in Azure; you must use the azurermlinuxvirtualmachine block. The workflow is identical, but the vocabulary changes.

4. Terraform with Microsoft Azure (azurerm)

Unlike AWS, Azure forces you to place almost every single resource inside a logical container called a Resource Group. If you don't create a Resource Group first, you cannot build a server.
hcl
123456789101112131415161718192021222324252627 
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
  }
}

provider "azurerm" {
  features {} # Required block for Azure provider
}

# 1. The mandatory Resource Group
resource "azurerm_resource_group" "my_rg" {
  name     = "production-resources"
  location = "West Europe"
}

# 2. The Virtual Network
resource "azurerm_virtual_network" "my_vnet" {
  name                = "production-network"
  address_space       = ["10.0.0.0/16"]
  # Implicit dependency on the Resource Group!
  location            = azurerm_resource_group.my_rg.location
  resource_group_name = azurerm_resource_group.my_rg.name
}

5. Terraform with Google Cloud (GCP)

Google Cloud has its own hierarchy. Everything is contained within a Project.
hcl
123456789101112131415161718192021222324252627282930313233 
terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
}

provider "google" {
  # Authentication is usually done via a Service Account JSON key
  # credentials = file("path/to/gcp-key.json") 
  project     = "my-gcp-project-id" # The overarching container
  region      = "us-central1"
}

resource "google_compute_instance" "default" {
  name         = "gcp-web-server"
  machine_type = "e2-micro"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    network = "default"
    # An empty block assigns a random public IP
    access_config {} 
  }
}

6. Mini Project: Multi-Cloud Deployment Concept

The ultimate power of Terraform is multi-cloud orchestration. You can define multiple providers in the same file and build a unified architecture spanning across competing tech giants.

Step-by-Step Architecture Concept: Let's build a highly resilient architecture: A primary web server on AWS, and a backup server on Google Cloud.

hcl
123456789101112131415161718192021222324 
# Configure AWS
provider "aws" {
  region = "us-east-1"
}

# Configure Google
provider "google" {
  project = "my-gcp-project"
  region  = "us-central1"
}

# Build on AWS
resource "aws_instance" "primary_server" {
  ami           = "ami-12345"
  instance_type = "t2.micro"
}

# Build on Google Cloud simultaneously!
resource "google_compute_instance" "backup_server" {
  name         = "backup-server"
  machine_type = "e2-micro"
  zone         = "us-central1-a"
  # ... configuration details
}

*When you run terraform apply, Terraform talks to both Amazon and Google at the exact same time, building infrastructure on both clouds simultaneously.*

7. Real-World Scenarios

A global streaming service hosted their entire application on AWS. However, they found that Google Cloud's BigQuery data warehousing tool was vastly superior to AWS alternatives for analyzing user viewing habits. Instead of migrating their entire application to Google, the DevOps team used Terraform to orchestrate a Multi-Cloud environment. They used the aws provider to deploy their web servers, and in the exact same Terraform workspace, used the google provider to deploy their BigQuery datasets. Terraform managed the complex integration points, allowing the company to cherry-pick the best technologies from competing clouds effortlessly.

8. Best Practices

  • Authentication Methods: Avoid using credentials = file("key.json") in your GCP provider block if possible. Hardcoding paths to secret files is dangerous. Instead, rely on standard cloud CLI tools. Run gcloud auth application-default login in your terminal. Terraform will automatically detect the secure Google token on your machine, just as it does with AWS environment variables.

9. Security Recommendations

  • Azure Service Principals: When automating Azure via CI/CD (like GitHub Actions), you must create a "Service Principal" (a robotic user). Never give this Service Principal "Contributor" access to the entire Azure Subscription. Use strict Role-Based Access Control (RBAC) to ensure Terraform can only modify resources within its specifically assigned Resource Group.

10. Troubleshooting Tips

  • Azure Provider Features Block: In the azurerm provider, the features {} block is mandatory, even if it is completely empty. If you omit this block, Terraform will fail to initialize. It is a quirk specific to the Azure provider's design.

11. Exercises

  1. 1. What is the fundamental organizational container required in Azure before you can provision any other resource (like a Virtual Network or Virtual Machine)?
  1. 2. How does Terraform achieve "Cloud Agnosticism"? Does it mean you write one block of code that works on all clouds?

12. FAQs

Q: Which cloud is easiest to manage with Terraform? A: AWS has the most mature and widely used Terraform provider, meaning you will find the most community support and examples for AWS. However, the HashiCorp teams work closely with Google and Microsoft to ensure all three primary providers are exceptionally robust.

13. Interview Questions

  • Q: Explain the paradigm of Multi-Cloud provisioning using Terraform. How would you architect a single Terraform workspace to manage an AWS EC2 instance that communicates with an Azure SQL Database?
  • Q: Contrast the foundational organizational hierarchies of AWS, Azure, and Google Cloud Platform as they relate to Terraform resource provisioning (e.g., Accounts vs. Resource Groups vs. Projects).

14. Summary

In Chapter 10, we proved that Terraform is the universal remote control for the cloud. We recognized that while the HCL language and the operational workflow remain consistent, the vocabulary and hierarchical architecture shift depending on the provider. We explored Azure's strict reliance on Resource Groups and GCP's Project-based architecture. Finally, we conceptualized the ultimate enterprise architecture: a multi-cloud deployment orchestrated by a single Terraform state, allowing organizations to transcend vendor lock-in.

15. Next Chapter Recommendation

We can build servers anywhere. But servers are useless if they cannot talk to the internet or to each other securely. Proceed to Chapter 11: Networking with Terraform.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Terraform with AWS
Next Chapter Networking with Terraform

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

Related Quizzes 5