Open in app

Sign in

Write

Sign in

Bicep vs Terraform: Deciding on the Best Infrastructure as Code Solution for Your Project

Mateus Lira
3 min readFeb 25, 2023

--

What is Bicep?

A DSL (Domain Specific Language) that uses a declarative syntax to deploy Azure resources. It was created with the purpose to facilitate the work with ARM Templates, so anything in bicep can also be written in JSON files to ARM (Azure Resource Management).

What is Terraform?

Terraform is one of the most popular Infrastructure-as-code (IaC) tools, used by DevOps teams to automate infrastructure tasks. It is used to automate the provisioning of your cloud resources. Terraform is an open-source, cloud-agnostic provisioning tool developed by HashiCorp and written in GO language.

Why choose Bicep over Terraform?

Imagine you have a legacy code in Terraform. The infrastructure is there. How do you get some Virtual Network, for example, into your bicep code if you need to update something?

In Bicep, you just download the ARM template (a JSON file) and use a single command line to transform it into the Bicep file corresponding to that Virtual Network.

Another reason, which I mostly think is the greatest one:

Imagine you don’t own your team’s code. Yes, that happens to me. I work outsourced for a huge bank, and as you can imagine, security is highly important. So, on the other side of the globe, someone decides to create a new policy or a new secret in your Key Vault. That just breaks your tfstate on Terraform.

So you must be thinking: Ok, no problem. We can just import that, it is just one secret. How hard could it be to import this? Well… what if I told you, you don’t have access to the storage where they put the tfstates? Even by CLI, even by entering some VM, even if you create a pipeline running the service principal ID… well, it is getting hard to update this tfstate, am I right?

The Bicep doesn’t have a state and for that reason, it is just simple as running the code without the Key Vault declared. There is just NO PROBLEM AT ALL.

Why choose Terraform over Bicep

If you read my article about the importance of being agnostic to anything, you should know by now Terraform is an incredible choice to work just letting you work on any platform, such as Azure, AWS, GCP, Digital Ocean, etc.

If you learn terraform, you can deploy anything anywhere, not only for Azure.

Using Terraform, you guarantee your infrastructure is going to be exactly as your code is. This is priceless. With that, you have full control of your infra. If John goes there directly on the Portal and creates some random resource and breaks production (which he shouldn’t have access to but hey, he is from business), just run your code again, and you will destroy his changes easily.

Although bicep is highly modulated and you don’t need to create files with parameters, tons of variables, and outputs (such as terraform), Terraform is even better at this when you use Terragrunt. Terragrunt is a tool that provides ways to keep your code dry even working with multiple modules of terraform.

Terraform is written in GO, while Bicep is built using .net. GO is also used to create tools like Kubernetes for some reasons:

  • Better for microservices
  • Better to run low-level code
  • It is not windows-centered
  • Go is better to work in a polyglot environment

Conclusion

When I say you should be agnostic, you must be aware of something: Terraform is NOT going to be the best tool every time. In my scenario, Bicep works better on one project. So, you should be agnostic to the point you can choose the best choice for your specific scenario, not to your own preferences.

ps: Both of them are free.

Terraform
Infrastructure As Code
Azure
DevOps
Automation

--

--

Mateus Lira

Written by Mateus Lira

763 Followers

Computer Engineer, talking about Micro Services, Cloud Native Solutions and of course, lifestyle - Let's all be healthy mentally and physically.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams