Mastering Azure Bicep: Complex Examples, Step-by-Step Deployment, and a Real Comparison with Terraform
🧱 A deep dive into Azure Bicep with real-world examples, deployment walkthroughs, and an honest comparison with Terraform for modern cloud engineers.
Mastering Azure Bicep: Complex Examples, Step-by-Step Deployment, and a Real Comparison with Terraform
A deep dive into Azure Bicep with real-world examples, deployment walkthroughs, and an honest comparison with Terraform for modern cloud engineers.
Infrastructure as Code (IaC) is the cornerstone of modern cloud development, allowing software engineers, DevOps teams, and cloud architects to deploy and manage resources consistently, securely, and efficiently. Microsoft Azure’s native IaC language — Bicep — is quickly becoming a go-to tool for engineers who want native support, clean syntax, and tight integration with ARM templates.
In this post, we’ll explore Azure Bicep, walk through complex examples, provide a step-by-step guide to write and publish Bicep templates, and finally, compare Bicep with Terraform, the widely-adopted multi-cloud alternative.
🚀 What is Azure Bicep?
Bicep is a domain-specific language (DSL) for deploying Azure resources declaratively. It’s designed to simplify authoring ARM templates, making them more readable and maintainable without sacrificing functionality.
Why Bicep?
- ✅ Clean, Type-safe syntax
- ✅ Built-in support in Azure CLI and VS Code
- ✅ No state file management
- ✅ Full parity with ARM templates
- ✅ Native integration with Azure RBAC and policies
🧠 Complex Azure Bicep Example: Deploying a Scalable Web Application
Let’s say we want to deploy:
- A Virtual Network
- A Network Security Group
- A Linux Virtual Machine Scale Set (VMSS)
- A Load Balancer
- A Storage Account for diagnostics
Project structure:
/bicep-app/
├── main.bicep
├── modules/
│ ├── network.bicep
│ ├── vmss.bicep
│ ├── storage.bicep
🧱 modules/network.bicep
param location string
param vnetName string
param addressPrefix string = '10.0.0.0/16'
resource vnet 'Microsoft.Network/virtualNetworks@2022-01-01' = {
name: vnetName
location: location
properties: {
addressSpace: {
addressPrefixes: [
addressPrefix
]
}
subnets: [
{
name: 'default'
properties: {
addressPrefix: '10.0.0.0/24'
}
}
]
}
}
output subnetId string = vnet.properties.subnets[0].id
🖥️ modules/vmss.bicep
param location string
param subnetId string
param vmSku string = 'Standard_DS1_v2'
param instanceCount int = 2
resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2022-03-01' = {
name: 'myScaleSet'
location: location
sku: {
name: vmSku
capacity: instanceCount
}
properties: {
upgradePolicy: {
mode: 'Manual'
}
virtualMachineProfile: {
storageProfile: {
imageReference: {
publisher: 'Canonical'
offer: 'UbuntuServer'
sku: '18.04-LTS'
version: 'latest'
}
osDisk: {
createOption: 'FromImage'
}
}
osProfile: {
computerNamePrefix: 'vmss'
adminUsername: 'azureuser'
adminPassword: 'P@ssw0rd1234!'
}
networkProfile: {
networkInterfaceConfigurations: [
{
name: 'nicConfig'
properties: {
primary: true
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
subnet: {
id: subnetId
}
}
}
]
}
}
]
}
}
}
}
📦 modules/storage.bicep
param location string
param storageAccountName string
resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
}
}
🔧 main.bicep: Bringing It All Together
param location string = resourceGroup().location
module network './modules/network.bicep' = {
name: 'networkModule'
params: {
location: location
vnetName: 'myVnet'
}
}
module storage './modules/storage.bicep' = {
name: 'storageModule'
params: {
location: location
storageAccountName: 'mystorage${uniqueString(resourceGroup().id)}'
}
}
module vmss './modules/vmss.bicep' = {
name: 'vmssModule'
params: {
location: location
subnetId: network.outputs.subnetId
}
}
🛠️ Step-by-Step Guide to Deploy Bicep Templates
1. Install Azure CLI and Bicep
az bicep install
az login
az account set --subscription "<your-subscription-id>"
2. Validate the Template
az deployment group validate --resource-group myResourceGroup --template-file main.bicep
3. Deploy the Template
az deployment group create --resource-group myResourceGroup --template-file main.bicep
4. Decompile Existing ARM to Bicep (Optional)
az bicep decompile --file existing-template.json
⚖️ Azure Bicep vs Terraform: Head-to-Head Comparison
| Feature | Azure Bicep | Terraform |
|---|---|---|
| Language | DSL over ARM | HCL (HashiCorp Configuration Language) |
| Azure-native support | ✅ First-class | ✅ Provider-based |
| Multi-cloud support | ❌ Azure only | ✅ AWS, GCP, Azure, etc. |
| State Management | ❌ No state file (native ARM) | ✅ Local or remote backends |
| Learning Curve | ✅ Easier for Azure users | 📈 Slightly steeper |
| Modularity and Reuse | ✅ Modules supported | ✅ Mature module system |
| IDE Support | ✅ Excellent (VS Code) | ✅ Excellent |
| CI/CD Integration | ✅ GitHub Actions, Azure DevOps | ✅ Terraform Cloud, GitHub |
| Policy Integration | ✅ Azure Policy, RBAC | ✅ Sentinel/OPA |
| Community Modules | ⚠️ Limited (growing) | ✅ Massive registry |
Verdict:
- Use Bicep if you’re focused on Azure and want native integration without managing state.
- Use Terraform if you’re multi-cloud or need advanced third-party modules and ecosystem support.
🎯 Final Thoughts
Azure Bicep brings a refreshing, clean, and powerful experience to deploying infrastructure in Azure. With first-class support, modular design, and type safety, it’s a tool that should be in every Azure engineer’s toolkit — especially when the infrastructure gets complex.
While Terraform remains king in the multi-cloud space, Bicep’s rise shows Microsoft is serious about making Azure IaC simpler and more developer-friendly.