SimonIn the world of Infrastructure as Code (IaC), several tools are available for deploying and managing Azure resources programmatically. The most commonly used are:
- ARM Templates (Azure Resource Manager)
- Bicep
- Terraform
But which one should you choose for your next project? In this post, I’ll walk you through the key differences, benefits, and limitations of each tool — and share my own perspective at the end.
Contents
1. ARM Templates – The Traditional Approach
What is it?
ARM templates are JSON-based declarative files used to define and deploy Azure resources. They are the native way to provision infrastructure in Azure.
Pros:
- Fully supported and integrated with Azure
- No third-party tools required
- All new Azure features are available immediately
Cons:
- Verbose and hard to read
- Difficult to maintain
- No built-in support for modularization
- JSON syntax is error-prone
2. Bicep – The Modern Alternative
What is it?
Bicep is a domain-specific language (DSL) created by Microsoft as a simpler, more maintainable alternative to ARM templates. It transpiles into ARM JSON behind the scenes.
Pros:
- Much cleaner and easier to read than ARM templates
- Native IntelliSense support in Visual Studio Code
- Modular structure with reusable .bicep files
- Full compatibility with ARM
- No lock-in
Cons:
- Only works with Azure (no multi-cloud support)
- Still evolving; some edge cases require workarounds
- Requires Bicep CLI or editor integration
3. Terraform – The Multi-Cloud Powerhouse
What is it?
Terraform is an open-source IaC tool developed by HashiCorp. It uses its own language (HCL) and supports a wide range of cloud providers through plugins called “providers.”
Pros:
- Multi-cloud capable
- Strong community and ecosystem
- Modular, reusable code
- Remote state management for collaboration
- Ideal for complex infrastructures
Cons:
- Not natively supported by Azure
- Azure features may take longer to become available
- Requires state management (e.g. Azure Blob Storage)
Which Tool Should You Choose?
| Criteria | ARM | Bicep | Terraform |
| Readability | 👎 | 👍👍 | 👍👍 |
| Modularity | 👎 | 👍 | 👍👍 |
| Tooling Support | 👍 | 👍 | 👍👍 |
| Multi-cloud Support | 👎 | 👎 | 👍👍 |
| Azure Feature Speed | 👍👍 | 👍👍 | 👎 |
| Learning Curve | 👎 | 👍 | 👍 |
Conclusion: My Personal Take
If you’re working exclusively within Azure and want a tool that is native, readable, and easy to maintain, Bicep is currently the best choice. It strikes a great balance between simplicity and power, especially for medium to large projects.
ARM templates are still useful in scenarios where you export deployments from the Azure portal or use Azure Blueprints, but they are too clunky for day-to-day IaC work.
That said, I personally prefer using Terraform — especially for more complex or production environments. One of the main reasons – even in an Azure-only scenario – is that Terraform allows me to assign Entra ID (formerly Azure AD) roles directly to managed identities as part of the same deployment. This is extremely helpful when building full solutions where access control is tightly integrated with the infrastructure itself.
Terraform also gives me more flexibility, better modularization, and enables me to scale my infrastructure across clouds, if needed.
However, it’s worth noting that Terraform has certain limitations — for example, when working with Logic App conditions, you may run into restrictions that require a workaround. In such cases, a common solution is to embed an ARM template and deploy it via a Terraform azurerm_template_deployment resource. This approach works well and can be a practical compromise in real-world scenarios.
What About You?
Have you worked with one or more of these tools? Do you prefer the Azure-native experience of Bicep, or do you lean towards Terraform for its flexibility?
Let me know in the comments — or reach out if you’re looking for support on your next IaC project.
