Next Level Azure IaC: Azure Verified Modules

Azure Verified Modules – IaC According to Microsoft Best Practices

Microsoft has taken on this challenge and created then Azure Verified Modules (AVM), a framework for structured resource deployment in Azure based on best practices.

AVM comes in three different variants:

• Resource Modules – Deployment of a defined cloud resource
• Pattern Modules – Deployment of a defined cloud workload
• Utility Modules – Helper modules used by Resource or Pattern Modules

To ensure consistency, Microsoft has set out a series of requirements that every new AVM resource must meet. These requirements apply to both Terraform and Microsoft Azure’s own IaC language, Bicep.

Each AVM is assigned to a specific Microsoft employee who is responsible for its creation, ongoing development and handling issues.

All available modules are open source (MIT license) and accessible in public GitHub repositories under the general Azure GitHub organization. If a module causes issues or lacks a required parameter, anyone can file an issue or contribute to its development.

How Do You Get Started with AVM?

AVM works just like any other module in Terraform or Bicep; they are called independently and receive all required parameters. The AVM guidelines ensure that the number of required parameters is minimised to provide an easy entry point.

Example with Terraform: To deploy a virtual machine with an additional data disk, you would typically need at least the following Azure resources:

• azurerm_windows_virtual_machine oder azurerm_linux_virtual_machine
• azurerm_network_interface
• azurerm_managed_disk
• azurerm_virtual_machine_data_disk_attachment<

Each of these resources has mandatory parameters that often repeat, such as the resource group name, target region, or resource naming conventions.

With AVM, this is simplified in your code to a single resource containing the necessary parameters, which are then processed further within the module. AVM incorporates Microsoft's most common best practices, so many parameters have default values, eliminating the need for additional configuration steps. For example, many modules enforce TLS 1.2 as the default setting or block public access by default.

What If There’s No AVM for My Resource Yet?

Thanks to AVM’s open-source license, you can use the framework to begin your own development. If a Microsoft employee later decides to create an official AVM resource, your prior work can contribute to the open-source effort.

GKVM – glueckkanja ❤️ Open Source

At glueckkanja, we follow exactly this approach and also support our customers in developing modules based on the AVM framework that are later made publicly available.

We call these modules GKVM (GlueckKanja Verified Modules), because they not only follow AVM requirements but also include our own insights from numerous projects.

GKVM Resource Modules:

• Azure Synapse Workspace
• Azure IoT Hub
• Azure Event Grid System Topic

GKVM Pattern Modules:

• My WorkId

Feel free have a look and provide issues, which will enhance the modules even furthermore!

Further Resources

• glueckkanja Azure Foundation
• Azure Foundation: Efficient Cloud Management with Terraform
• Terraform Provider for Microsoft 365