Open in app

Sign in

Write

Sign in

Azure Terraformer

Exploring Azure, Terraform and tangential technologies with hands-on tutorials, insights, and best practices for automating cloud infrastructure on our favorite cloud, Microsoft Azure.

Follow publication

Member-only story

The Underrated Power of the Terraform Provider

Mark Tinderholt
Azure Terraformer
Published in
4 min read5 days ago

When working with Azure infrastructure, there’s one provider that consistently flies under the radar: the provider. It’s powerful. It’s elegant. And it’s absolutely essential if you care about clean, maintainable Terraform code—especially when dealing with Azure's identity model.

The Problem: GUID Soup in Terraform

Lukas asked me the other day, “How do people implement RBAC without the provider?"

The answer? Raw GUIDs. In all their opaque, contextless glory.

Can you sense the sarcasm? I hope so.

Anyone who’s spent time building RBAC roles and managing identities in Azure with Terraform knows the pain. You start off with a simple idea: assign roles, define access, move fast. But before you know it, your code is littered with long, unreadable GUIDs. Object IDs here, principal IDs there — raw identifiers scattered like confetti across your infrastructure definitions.

This chaos isn’t limited to just the files either. GUIDs often end up hardcoded in files—the lifeblood of environment configuration in Terraform. These files provide the input values that allow teams to manage multiple environments (e.g., dev, test, prod) using a shared codebase. As you can imagine, access control often varies between these environments. So now you’ve got environment-specific identity GUIDs sprinkled throughout your variable definitions, making them brittle, hard to understand, and a nightmare to maintain.

The Reality: Azure Identity Is Built on Entra ID

This is the part that baffles me the most. Azure’s entire identity and access model — whether you’re assigning roles, granting permissions, or managing enterprise apps — is powered by Entra ID, formerly known as Azure Active Directory. It’s not just a side component. It is the identity layer of Azure.

And yet, many engineers act like the provider doesn't exist. I’m always shocked at how many folks are unaware of it, or worse—actively avoid using it—preferring instead to hardcode Object IDs and pretend it’s "good enough."

To be fair, maybe it’s not just ignorance or oversight. In some organizations, there may be structural barriers. Teams might avoid using the provider because their organization isn’t set up to support this workflow—or actively…

Azure Terraformer
Azure Terraformer

Published in Azure Terraformer

325 Followers
Last published 2 days ago

Exploring Azure, Terraform and tangential technologies with hands-on tutorials, insights, and best practices for automating cloud infrastructure on our favorite cloud, Microsoft Azure.

Mark Tinderholt
Mark Tinderholt

Written by Mark Tinderholt

544 Followers
124 Following

The Azure Terraformer. Software Engineer / Architect @Microsoft. HashiCorp Ambassador. Cloud & DevOps Thought Leader. Author.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech