← Back to Projects
Terraform IaC Platform (Azure)

Terraform IaC Platform (Azure)

Built a reusable Terraform platform to provision and manage Azure infrastructure consistently across multiple environments, cutting manual setup time, reducing drift, and making changes easier to review and audit.

DevOps Engineer2023 · ~3 monthsInternalTerraformAzureIaCDevOpsCI/CD

We needed a repeatable way to build and promote Azure environments for services without relying on one-off portal changes or scripts.

  • Manual provisioning and ad-hoc changes led to drift and inconsistent environment setups.
  • Infra changes were hard to review properly and not always easy to track.
  • Standardise infrastructure across environments using version-controlled IaC.
  • Make infra changes PR-based, reviewable and auditable.
  • Reduce manual steps and make new environment/service setup repeatable.
  • Handle environment differences via variables (.tfvars) rather than copying code.
  • Reduced infrastructure deployment effort and manual workload by ~50%.
  • Enabled consistent, repeatable infrastructure deployments across multiple environments.
Terraform IaC Platform (Azure) architecture diagram
  • Terraform modules for common components (App Service, Function Apps, Key Vault, SQL, App Insights, supporting resources).
  • Separate Terraform state backends per environment, aligned with subscription/resource group boundaries so issues are contained.
  • Environment configuration through variables/locals (sizing, naming, toggles).
  • Secrets stored in Key Vault; access handled via Managed Identity where applicable.
  • Standard tagging and naming conventions for governance and cost visibility.
  • Provisioned an application platform including App Services, Function Apps, Key Vault, SQL Databases, Data Factory, Storage Accounts, Log Analytics and Application Insights.
Terraform IaC Platform (Azure) pipeline flow
  • PR validation: terraform fmt + validate + (optional) plan output for review.
  • Merge to main: gated pipeline with approval before apply (per environment).
  • Promotion path: Dev → Test → UAT → Preprod → Prod with environment approvals/checks.
  • State and credentials handled securely (no secrets committed to repo).
Used shared Terraform modules rather than duplicating Terraform code across individual projects.
More upfront design, but gave us reusable building blocks and avoided repeating the same patterns across projects.
Environment parameterisation instead of separate branches per environment
Needed careful variable design, but avoided code drift and made behaviour consistent across environments.
Approval gates before apply
Slightly slower changes, but safer deployments and clearer audit information.
  • Key Vault used for secrets; pipelines avoid plaintext secrets.
  • Managed Identity was used where possible instead of storing credentials in configuration.
  • App Insights enabled for telemetry to support monitoring and troubleshooting.
  • Consistent infrastructure reduced environment-specific misconfiguration issues.
  • Using the same deployment process every time made rollbacks and recovery easier.
  • Deployments followed the same process across environments, reducing drift.
  • Faster spin-up for new services/environments by reusing tested modules.
  • Improved change control: infra changes are PR-reviewed and traceable.
  • Reduced infrastructure deployment effort and manual workload by approximately 50%.
  • Reused the same Terraform platform structure for later projects, speeding up delivery.
  • Additions to improve Azure Policy to enforce mandatory tagging, approved SKUs, and baseline security rules.
  • Introduce scheduled drift checks to flag infrastructure changes made outside Terraform.
  • Improve PR review output with clearer plan summaries (what changed and where).