Regardless of whether you are writing AVM modules, or simply using them, it is useful to understand the “shared interfaces”, as described on the AVM website. Each module must implement the following interfaces if they are supported by the underlying resource: What does this mean as a module consumer? It means there should be a module input available for each of these: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 module "keyvault" { source = "Azure/avm-res-keyvault-vault/azurerm" version = "0.5.1" name = module.naming.key_vault.name_unique location = azurerm_resource_group.this.location resource_group_name = azurerm_resource_group.this.name tenant_id = data.azurerm_client_config.this.tenant_id sku_name = "standard" role_assignments = { # define the role assignments } lock = { # define the resource locks } private_endpoints = { # define the private endpoints } diagnostic_settings = { # define the diagnostic settings } // etc tags = var.tags } Whether you use them, is optional. Lets dive into some examples!

This is a post about writing your first Azure Verified Modules, for those interested in the background about AVM, check out this recent intro on YouTube. This is recommended as a learning exercise to familiarise yourself with AVM. I strongly encourage contributing to the official resource modules Microsoft is in the process of building. We’re going to focus on writing a resource module: It is recommended to use a unix-based system for writing AVM modules (e.g. either WSL2, a Mac, a Linux variant, or GitHub codespaces).

newres is a command line utility that helps you write Terraform modules faster. It supports multiple cloud providers (e.g. azure, aws, gcp), and several other providers too (e.g. kubernetes & tls). Usage To use, is as easy as: 1 newres -dir [DIRECTORY] [-u] [-r RESOURCE_TYPE] …e.g. for an Azure Resource Group: 1 newres -dir ./ -r azurerm_resource_group This will create the ‘main.tf’ and ‘variables.tf’ covering the arguments from the schema documentation. The example screenshot below shows the start of main.tf for a cognitive services account resource, illustrating the coverage and the use of dynamics for optional blocks.

Privacy is normal Privacy is for good guys. It’s for mums and bike messengers and foodies. Privacy is for business meetings and voting booths. It’s why we have shower curtains. It’s why we have that little padlock icon in our browser bar. Privacy protects you from discrimination and from identity theft, and it keeps your food-delivery history under wraps. It can also shield you from those creepy somebody-has-definitely-been-listening-to-my-thoughts ads on social media apps.

Azure Verified Modules is an initiative in development from Microsoft that seeks to unify many previous attempts to standardarise Infrastructure as Code modules on the Azure platform. The initiative aims to establish strategy, governance, and create a brand that becomes the go to place for resources & patterns, currently targeting Bicep and Terraform. Microsoft’s aim is to “consolidate and set the standards for what a good Infrastructure-as-Code module looks like”, following the principles of the Well Architected Framework, evolving existing efforts such as the CARML library for Bicep resources.