Post

AzureRM vs AzAPI

Posted
By Diego dos Santos Rosa Pauletto
2 min read
AzureRM vs AzAPI

HCL Azure

AzureRM

Is the traditional and most widely used Terraform provider for creating and managing resources in Microsoft Azure. It offers native support for a wide range of services with specific blocks tailored to each resource type.

Advantages:

  • Easy to use and understand
  • Comprehensive documentation with examples
  • Automatic validation of fields and structure during plan and apply stages

Disadvantages:

  • New Azure resources or features may not be immediately available, requiring provider updates
  • May be limited in advanced or edge-case configurations


Example 

1
2
3
4
5
6

# Create a Managed Identity using AzureRM
resource "azurerm_user_assigned_identity" "this" {
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  name                = "id-example-azurerm"
}


AzAPI

Is a newer provider gaining popularity due to its ability to interact directly with the Azure REST API. It allows you to create and manage any resource exposed through the API, even if it’s not yet supported in AzureRM.

Advantages:

  • High flexibility and full control over resources
  • Immediate access to new or preview features
  • Supports advanced and custom configurations

Disadvantages:

  • Requires deeper technical knowledge of the Azure API
  • No automatic validation, which may lead to runtime errors
  • More complex structure and syntax, requiring careful attention


Example

1
2
3
4
5
6
7
8
9
10
11
12
13

# Default Management Group created with azapi
resource "azapi_resource" "default_mg" {
  type = "Microsoft.Management/managementGroups/settings@2021-04-01"
  parent_id = "/providers/Microsoft.Management/managementGroups/mg-root"

  name = "custom"
  body = jsonencode({
    properties = {
      defaultManagementGroup = "example"
      requireAuthorizationForGroupCreation = true
    }
  })
}


Using both providers together

One interesting and powerful approach is to use both providers in the same Terraform project. This hybrid setup allows you to rely on azurerm for stable, well-documented resources, while leveraging azapi for advanced, custom, or preview features. You can even reference resources created by one provider within the other.

Example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

# Resource Group created with azurerm
resource "azurerm_resource_group" "example" {
  name     = "rg-example-azurerm"
  location = "Australia East"
}

# Application Security Group created with azapi, referencing the azurerm resource group
resource "azapi_resource" "asg" {
  type      = "Microsoft.Network/applicationSecurityGroups@2023-05-01"
  parent_id = azurerm_resource_group.example.id
  location  = azurerm_resource_group.example.location

  name      = "asg-example-azapi"

  body = {
    properties = {}
  }
}

When inspecting the terraform state, you will see that both provider blocks are present.




You can also explore the official Microsoft documentation for detailed information about available APIs and resource definitions used with the AzAPI provider.

HashiCorp has published an article comparing the two providers, highlighting the differences and when to use each one.
It’s definitely worth reading: AzAPI vs Azurerm – Enhancing Azure Deployments

Concepts & Tips, HashiCorp Terraform
hashicorp terraform iac automation infrastructure
This post is licensed under CC BY 4.0 by the author.