Contact Us

Reverse-Engineering Azure Resources: Kickstart IaC with Terraform

Infrastructure as Code (IaC) is a critical practice for managing cloud infrastructure efficiently. But what happens if you already have a large set of Azure resources and want to manage them using Terraform? You can manually reverse-engineering those existing resources into Terraform configuration files, but this involves recreating each resource by hand, and can be error-prone and time-consuming. Luckily, there are tools that can streamline this process.

In this blog, we’ll walk you through the process of reverse-engineering Azure resources into Terraform. We’ll also discuss tools like Azure Export for Terraform and touch on Terraformer, a multi-cloud solution with some caveats. By the end, you’ll have the skills to jumpstart your IaC journey with Terraform.

Getting Started: Installing the Right Tools

Before diving into reverse-engineering your Azure resources, you’ll need to install two essential tools: the Terraform CLI and Azure Export for Terraform.

Installing Terraform CLI

Terraform is the foundation for managing infrastructure as code. Here’s how to install it:

Windows

Download the Terraform CLI for Windows, extract it where you intend to keep it, and register the path in the PATH variable.

If you use chocolatey, you can simply run: 

choco install terraform

macOS

Install Terraform using Homebrew

NOTE: ‘brew install terraform’ command is deprecated. It will install the old version. Run the following commands instead.

brew install hashicorp/tap/terraform
brew tap hashicorp/tap

Verify Your Installation

terraform --version

Installing Azure Export for Terraform

The next step is to install Azure Export for Terraform which is a tool that simplifies the process of generating Terraform configuration files from existing Azure resources.

Windows

winget install aztfexport

macOS

brew install aztfexport

Step-by-Step: Reverse-Engineering a Resource Group

Now that you have the tools installed, let’s reverse-engineer a resource group and all of it’s resourced from Azure into a Terraform configuration file.

Step 1: Authenticate with Azure

Log in to Azure using the Azure CLI:

az login

Verify the subscription you want to use:

az account show

Step 2: Export Resources

This is where the fun begins. Assuming you’ve logged in to az cli as instructed in the previous step, you can simply run the following command:

aztfexport resource-group dev-thterraformerazure-rg

I’ve used dev-thterraformerazure-rg, but you’d replace it with your resource group name. I suggest you run this command in an empty directory. When the program starts, it checks if there any files in the current directory and if so, guides you to choose the right option.

The next step is initializing, which might take a minute or two depending on how many resources are in your azure resource group. It looks something like this:

Next stage is interactive, and you will see a list of resources with option to either skip or include each one.

You will find the legend at the bottom explaining the keyboard keys you can use to navigate the interface.

Pressing ‘w’ will initiate the import process for the selected resource.

Step 3: Validate the Terraform Configuration

Once finished, you should see a main.tf file with your resources imported in it. This is where some Terraform experience will come useful. You can go ahead and run terraform init followed by terraform plan. As for the second of those, you will immediately see that not everything is configured correctly. A few things will need to be changed. For example, in my import, I had to change the following:

  • Adding username and password on the azurerm_mssql_server instance
  • Removing azurerm_container_registry_scope_map resources and replacing them with group assignments (NOTE: scope maps are a preview feature and apply only to premium instances)
  • Some identifiers including key_vault_id are added as strings, rather than key vault references (after all key vault resource is created within the same file)
  • Remove depends_on from most of the resources and replacing them with direct resource references

Other than those minor changes, the tool does a pretty go job of getting you jumpstarted with your Terraform file for existing resources. Even as an experienced Terraform, it’s much better to start with some generated output like this rather than just an empty file.

Let’s now compare Azure Export for Terraform with the other tool worth mentioning.

Terraformer: A Multi-Cloud Option

Another tool for reverse-engineering cloud resources is Terraformer, an open-source project designed to support multiple cloud platforms like Azure, AWS, and Google Cloud. Terraformer’s promise is enticing, but it comes with some drawbacks:

  • Outdated Terraform CLI Support: Terraformer has lagged behind updates to the Terraform and azurerm provider, which can cause compatibility issues (e.g., it generates azurerm_sql_server resources which were discontinued long time ago in favor of azurerm_mssql_server)
  • Limited Azure Resource Support: While it works well with Google Cloud (its original target) and AWS, Azure support is incomplete, making it less reliable for complex Azure environments.

If you’re managing a multi-cloud environment, Terraformer might be worth exploring, especially for non-Azure resources. However, for Azure-specific IaC, tools like Azure Export for Terraform are more dependable.

Conclusion

Reverse-engineering existing Azure resources into Terraform can save you significant time when starting your IaC journey.

Looking to level up your DevOps and IaC skills? Trailhead specializes in cloud, DevOps, and Terraform solutions to help you streamline your infrastructure management. Reach out to learn how Trailhead can empower your team to succeed.

Picture of J. Tower

J. Tower

Jonathan, or J. as he's known to friends, is a husband, father, and founding partner of Trailhead Technology Partners, a custom software consulting company with employees across the U.S., Europe, and South America. He is a 12-time recipient of the Microsoft MVP award for his work with .NET, a frequent speaker at software conferences around the world, and was recently elected to the .NET Foundation Board for the 2026–2027 term. He doesn’t mind the travel, though, as it allows him to share what he's been learning and also gives him the chance to visit beautiful places like national parks—one of his passions. So far, he's visited 58 of the 63 U.S. national parks. J. is also passionate about building the software community. Over the years, he has served on several non-profit boards, including more than a decade as president of the board for Beer City Code, Western Michigan's largest professional software conference. Outside of work, J. enjoys hiking, reading, photography, and watching all the Best Picture nominees before the Oscars ceremony each year.
Read more posts by J. Tower

Free Consultation

Sign up for a FREE consultation with one of Trailhead's experts.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Related Blog Posts

We hope you’ve found this to be helpful and are walking away with some new, useful insights. If you want to learn more, here are a couple of related articles that others also usually find to be interesting:

Sentiment Analysis in C#: Azure AI Language or LLMs

December 15, 2025

Explore how C# developers can leverage both Azure AI Language and Azure OpenAI for sentiment analysis. This post compares traditional NLP services with LLM-based approaches using real-world code from an exit interview system, helping you choose the right tool for your specific use case.

Read More

Our Gear Is Packed and We're Excited to Explore With You

Ready to come with us? 

Together, we can map your company’s software journey and start down the right trails. If you’re set to take the first step, simply fill out our contact form. We’ll be in touch quickly – and you’ll have a partner who is ready to help your company take the next step on its software journey. 

We can’t wait to hear from you! 

Main Contact

This field is for validation purposes and should be left unchanged.

Together, we can map your company’s tech journey and start down the trails. If you’re set to take the first step, simply fill out the form below. We’ll be in touch – and you’ll have a partner who cares about you and your company. 

We can’t wait to hear from you! 

Montage Portal

Montage Furniture Services provides furniture protection plans and claims processing services to a wide selection of furniture retailers and consumers.

Project Background

Montage was looking to build a new web portal for both Retailers and Consumers, which would integrate with Dynamics CRM and other legacy systems. The portal needed to be multi tenant and support branding and configuration for different Retailers. Trailhead architected the new Montage Platform, including the Portal and all of it’s back end integrations, did the UI/UX and then delivered the new system, along with enhancements to DevOps and processes.

Logistics

We’ve logged countless miles exploring the tech world. In doing so, we gained the experience that enables us to deliver your unique software and systems architecture needs. Our team of seasoned tech vets can provide you with:

Custom App and Software Development

We collaborate with you throughout the entire process because your customized tech should fit your needs, not just those of other clients.

Cloud and Mobile Applications

The modern world demands versatile technology, and this is exactly what your mobile and cloud-based apps will give you.

User Experience and Interface (UX/UI) Design

We want your end users to have optimal experiences with tech that is highly intuitive and responsive.

DevOps

This combination of Agile software development and IT operations provides you with high-quality software at reduced cost, time, and risk.

Trailhead stepped into a challenging project – building our new web architecture and redeveloping our portals at the same time the business was migrating from a legacy system to our new CRM solution. They were able to not only significantly improve our web development architecture but our development and deployment processes as well as the functionality and performance of our portals. The feedback from customers has been overwhelmingly positive. Trailhead has proven themselves to be a valuable partner.

– BOB DOERKSEN, Vice President of Technology Services
at Montage Furniture Services

Technologies Used

When you hit the trails, it is essential to bring appropriate gear. The same holds true for your digital technology needs. That’s why Trailhead builds custom solutions on trusted platforms like .NET, Angular, React, and Xamarin.

Expertise

We partner with businesses who need intuitive custom software, responsive mobile applications, and advanced cloud technologies. And our extensive experience in the tech field allows us to help you map out the right path for all your digital technology needs.

  • Project Management
  • Architecture
  • Web App Development
  • Cloud Development
  • DevOps
  • Process Improvements
  • Legacy System Integration
  • UI Design
  • Manual QA
  • Back end/API/Database development

We partner with businesses who need intuitive custom software, responsive mobile applications, and advanced cloud technologies. And our extensive experience in the tech field allows us to help you map out the right path for all your digital technology needs.

Our Gear Is Packed and We're Excited to Explore with You

Ready to come with us? 

Together, we can map your company’s tech journey and start down the trails. If you’re set to take the first step, simply fill out the contact form. We’ll be in touch – and you’ll have a partner who cares about you and your company. 

We can’t wait to hear from you! 

Thank you for reaching out.

You’ll be getting an email from our team shortly. If you need immediate assistance, please call (616) 371-1037.