Discovering Azure Resource Attributes with Terraform

If you're like me, you spend your free time writing Terraform (not). Anyway, you might spend some time at work writing Terraform. One issue I always come across is it's not always clear what values are valid for certain attributes from the official documentation. I have burnt so much time before, just looking for the right value for a certain attribute. And rarely the values map from the portal to the API - they are usually presented differently. There are 2 (3) 'lifehacks' I use to easily discover the available values.

Making use of Terraform's detected state drift

One trick is to make the configuration change directly in the Azure portal first. Then, when you run terraform plan, you can see the state change drift. For example, the other day, I wanted to increase the sku of one of my SQL servers, after inadvertently inflicting a Denial of Service (DoS) attack by updating a few too many rows... But the documentation just gives me a few examples, not an exhaustive list.

So, I made the changes in the portal, after picking the right SKU for me.

Run Terraform plan:

Here we can see Terraform detected the state drift and show's the new 'sku_name' value in the plan output.

Now, update the Terraform:

And bob's your uncle, fanny's your aunt. (remember to plan & apply your Terraform to bring it up to date)

Using Azure CLI/PowerShell

Another method to discover possible values for Azure resource attributes is by using the Azure CLI or Azure PowerShell. These tools provide direct access to the ARM APIs and can often reveal more detailed information than what's available in the Azure portal.

Let's take the same use case. I want to find all available SKUs for my database. I use the command group 'sql db' for Azure SQL Servers, and can run 'list-editions'. Note that each resource usually is handled by a different internal team so you won't find much syntax consistency, sorry!

I can run:

az sql db list-editions -l uksouth -o table

And I get (a little overwhelmingly):

Though an obvious downside to this, is you won't see the predicted cost, or have more easily readable information about the SKUs.

Bonus

Sometimes you will be offered the option in the portal for a 'JSON View'. For example, diagnostic settings, which are for some reason overly complicated to enable in my experience via Terraform (you now have to do an 'enabled_log' block for each separate log type, and 'allLogs' is often no longer a valid choice under 2021-05-01-preview ARM API). Hashicorp, if you're there, please listen ._.

If you click 'JSON VIEW', you get a nice view of the API category names, not the display names, displayed in the portal.

Et voila. If you want to save time adding an individual 'enabled_log' for each log, feel free to try out the Custom GPT I made on ChatGPT, which has a Terraform persona, here. Just supply the list of values you want, and it'll update it, in-line with best practice.

That's all from me today, toodaloodle.