Using Azure Verified Modules with Terraform
Date published:
What is AVM and Why Should You Care?
Azure Verified Modules (AVM) is Microsoft’s initiative to provide production-ready, tested, and maintained Terraform and Bicep modules for Azure resources. Think of it as the “official” way to deploy Azure infrastructure with best practices baked right in.
The main goal of AVM lies in its consistency and reliability. Instead of reinventing the wheel every time you need to deploy a resource and test it, you follow Microsoft’s recommendations.
According to Microsoft, the mission of AVM is to:
“Our mission is to deliver a comprehensive Azure Verified Modules library in multiple IaC languages, serving as the trusted Microsoft source of truth.”
Well-Architected Framework - The Azure Verified Modules follow the principles of the Well-Architected Framework, ensuring best practices and reliable infrastructure deployment.
Accelerating Deployment - AVM will empower every person and organization on their IaC journey by accelerating deployment time for Azure resources and architectural patterns.
Supported by Microsoft - This Microsoft-supported initiative aims to be the trusted source for Azure infrastructure as code, driving consistency and reliability.
Key benefits include:
- Reduced development time - No more hours spent figuring out correct resource configurations
- Built-in best practices - Security configurations and Azure recommendations are already implemented
- Consistent deployments - Same underlying resource configuration across all environments
- Community support - Microsoft-backed means excellent documentation and support
You can check out the official Azure Verified Modules GitHub organization: https://github.com/Azure/Azure-Verified-Modules
Module Types
This diagram illustrates the three module types:
-
Resource Modules (RES) Depicted as green squares in the middle of the diagram, these modules represent foundational Azure resources like storage accounts, virtual machines, and key vaults. Each block is a standalone deployable unit, matching your examples like: Azure/avm-res-storage-storageaccount/azurerm Azure/avm-res-compute-virtualmachine/azurerm Function: These are the primary infrastructure components — think “raw materials” used to construct patterns.
-
Pattern Modules (PNT) Shown at the top of the diagram, examples include “Pattern 1 (AKS LZA)” and “Pattern 2 (AVD LZA),” which embody larger architectural blueprints. These modules orchestrate several Resource Modules into deployable, well-architected solutions — e.g., a load-balanced app with database, or hub-and-spoke networking. Function: Deliver complete infrastructure patterns aligned with best practices.
-
Utility Modules (UTL) Found on the right-hand side, linked to both resource and pattern modules. These utilities don’t deploy infrastructure directly, but aid with tasks like naming conventions, region mapping, and configuration logic. Function: They act like support scripts or helpers — invisible but essential for clean and reusable deployments.
AVM with Bicep vs Terraform
While this blog focuses on Terraform, AVM modules are also available for Bicep. Here’s how they compare:
Terraform AVM modules:
- Published on Terraform Registry
- Use HCL syntax
- Leverage Terraform’s state management
- Great for multi-cloud scenarios
Bicep AVM modules:
- Published on Bicep Registry
- Use Bicep/ARM template syntax
- Native Azure integration
- Ideal for Azure-only deployments
Both share the same design principles and naming conventions, making it easy to switch between them based on your team’s preferences.
Getting Started with AVM in Terraform
Let’s jump right into a practical example. Here’s how to structure your Terraform projects when using AVM:
Creating a Virtual Machine with AVM
Here’s a practical example showing how to deploy a Windows virtual machine with proper networking and security:
For the complete example with all configuration options, check out the official documentation: https://registry.terraform.io/modules/Azure/avm-res-compute-virtualmachine/azurerm/latest/examples/windows_minimal
This VM example includes proper networking setup, security group with RDP access, and a Windows Server 2022 virtual machine. The configuration follows Azure best practices with dynamic IP allocation and secure access controls.
You can browse the complete catalog at the AVM Module Index to find modules for your specific needs: https://azure.github.io/Azure-Verified-Modules/
Best Practices
Here are some important lessons when implementing AVM in production:
Version Pinning is Critical Always pin your module versions to avoid unexpected breaking changes. Check the releases page for each module: https://github.com/Azure/terraform-azurerm-avm-res-storage-storageaccount/releases
module “storage_account” { source = “Azure/avm-res-storage-storageaccount/azurerm” version = “= 0.1.2” # Pin to exact version }
Contributing to the AVM Community
The AVM project welcomes contributions! Here’s how you can get involved:
- View the Contribution Guide: https://azure.github.io/Azure-Verified-Modules/contributing/terraform/terraform-contribution-flow/
- Report Issues: Found a bug? Report it on the specific module’s GitHub Issues: https://github.com/Azure/terraform-azurerm-avm-res-storage-storageaccount/issues
- Submit PRs: Improvements and new features are always welcome
- Request Modules: Need a module that doesn’t exist? Create a request in the main AVM repository: https://github.com/Azure/Azure-Verified-Modules/issues
Hands-On Learning with Microsoft Learn Labs
Microsoft provides comprehensive hands-on labs to help you master AVM with Terraform. The AVM Terraform Labs collection offers step-by-step exercises that take you from basic concepts to advanced scenarios.
The labs cover:
- Setting up your development environment
- Basic resource deployment with AVM modules
- Building complex multi-tier applications
- Best practices for production deployments
- Troubleshooting common issues
You can access these interactive labs here: https://learn.microsoft.com/en-us/samples/azure-samples/avm-terraform-labs/avm-terraform-labs/
Looking Ahead
The AVM ecosystem is rapidly evolving. Microsoft is continuously adding new modules and improving existing ones. Here are some recommendations:
Stay Updated: Follow the AVM GitHub repository for updates: https://github.com/Azure/Azure-Verified-Modules Contribute Back: If you find issues or have improvements, contribute to the community Standardize: Create organization standards around AVM usage for consistency Learn from Examples: Explore the AVM examples repository for real-world scenarios: https://github.com/Azure/terraform-azurerm-avm-examples
Additional Resources
For a deeper dive into AVM concepts and implementation, I recommend watching this comprehensive video from Microsoft:
Conclusion
Azure Verified Modules with Terraform has transformed how to approach Azure infrastructure. The combination of Microsoft’s expertise, community contributions, and Terraform’s flexibility creates a powerful toolchain for modern cloud infrastructure.
If you’re still writing custom Terraform modules for every Azure resource, I recommend giving AVM a try. Start small with a storage account or resource group, and gradually expand your usage as you become more comfortable.
References
- AVM Module Index - Complete catalog of available modules: https://azure.github.io/Azure-Verified-Modules/
- AVM GitHub Organization - Main repository and documentation: https://github.com/Azure/Azure-Verified-Modules
- AVM Terraform Labs - Hands-on Microsoft Learn exercises: https://learn.microsoft.com/en-us/samples/azure-samples/avm-terraform-labs/avm-terraform-labs/
- Terraform Registry - Browse all Azure provider modules: https://registry.terraform.io/namespaces/Azure
- Microsoft Learn: AVM - Official documentation: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/avm-overview
- AVM Contribution Guide - How to contribute to the project: https://azure.github.io/Azure-Verified-Modules/contributing/