Terraform Azure Verified Modules: What, Why and How to Use Them

If you’ve spent any time building things on Azure with Terraform, you’ll know the pain of hunting down decent modules. Some are solid, some are a bit sketchy, and some… well, let’s just say I wouldn’t trust them with a dev environment, never mind production. Microsoft’s Azure Verified Modules (AVM) are here to bring a bit of order to the chaos.

So, what’s the deal? Here’s what you actually need to know. No vendor fluff, just the good bits, the gotchas, and how to get started.

What Are Azure Verified Modules?

Think of AVM as Microsoft’s “official” Terraform modules for Azure. They’re built and maintained by Microsoft, with help from the community, and designed to make your deployments less painful and more predictable.

Microsoft-backed: Not just another random GitHub repo. These are the real deal.
Best practice by default: Security and compliance baked in from the start.
Modular: Mix and match or build up more complex stuff as needed.
Easy to get: All in the Terraform Registry, so you’re not digging through forums for the latest version.

Why Bother With AVM?

Most teams end up with a Frankenstein’s monster of Terraform modules—different naming, random tagging, and the odd “temporary” hack that’s still there two years later. AVM aims to fix this by giving you:

One place for modules that follow Microsoft’s latest guidance.
Quicker onboarding, so new starters can actually make sense of the codebase.
Less drift, with updates and bug fixes coming straight from Microsoft.
Easier audits, with clear policies and docs so compliance isn’t a nightmare.

If you’re tired of endless debates over naming conventions or fixing the same security issues repeatedly, AVM is worth a look.

What Can You Actually Use Right Now?

The AVM library is growing fast. As of July 2025, you’ll find modules for:

Virtual networks
Subnets
Storage accounts
Key vaults
Private endpoints
Managed identities
Network security groups
App Service plans
And more on the way

Microsoft and the community are focusing on what people actually use, so expect more to land soon.

How Do You Use AVM Modules in Terraform?

It’s simple. Add a module block, just like you would with anything else. Here’s an example for a virtual network:

module "avm-res-network-virtualnetwork" {
    source  = "Azure/avm-res-network-virtualnetwork/azurerm"
    version = "0.9.2"

    address_space        = "10.1.1.0/24"
    location             = "UK South"
    resource_group_name  = "Test"
}

This module supports:

Creating a new virtual network
Creating a new subnet
Creating a new virtual network peering
Associating DNS servers with a virtual network
Associating a DDOS protection plan with a virtual network
Associating a network security group with a subnet
Associating a route table with a subnet
Associating a service endpoint with a subnet
Associating a virtual network gateway with a subnet
Assigning delegations to subnets

Azure/avm-res-network-virtualnetwork/azurerm | Terraform Registry

Quick tips:

Always pin your module versions. No one likes surprises on a Friday afternoon.
Read the docs. There’s a lot you can tweak and some defaults are opinionated.
Treat AVM modules as building blocks, not a one-size-fits-all solution.

What’s Different About AVM?

Every module is reviewed and tested by Microsoft.
Naming, tagging, and structure are consistent.
Security and compliance are built in.
Proper docs and examples, so you’re not guessing what a variable does.

Watch Outs (Because Nothing’s Perfect)

Defaults are opinionated: Microsoft’s best practice might not match your legacy setup. Always check before rolling out at scale.
Breaking changes can happen: Test upgrades somewhere safe before you hit production.
Some modules have a lot of options: Start simple and build up as you go.
Not all “Azure” modules are AVM: Double-check the source before you trust it.

AVM and Modular IaC: Why It Matters

AVM is part of Azure’s shift from massive, copy-paste templates to smaller, reusable modules. It means:

Faster builds, as you can assemble environments from tested blocks.
Easier maintenance, as you upgrade modules instead of thousands of lines of custom code.
Better teamwork, with everyone using the same patterns.

Still writing huge Terraform configs for every project? AVM is your nudge to break it down.

AVM vs CAF Enterprise Scale: What’s Changed?

If you’ve used the old CAF Enterprise Scale modules, here’s how AVM stacks up:

Feature	CAF Enterprise Scale	AVM
Flexibility	Lower	Higher
Composability	Limited	Modular
Maintenance	Complex	Simplified
Microsoft Support	Yes	Yes
Community Involvement	Some	Active

AVM is all about flexibility and composability. Use what you need and swap out modules as your setup changes.

Best Practices for Using AVM

Pin your versions, always.
Actually read the docs. They’re decent and will save you time.
Automate your testing. Pipelines are your friend.
Parameterise for reuse. Variables and locals make your code portable.
Keep modules up to date. New versions land regularly.

Where to Find AVM and Support

Terraform Registry: Search “Azure Verified Module” or “AVM”. Browse Modules
GitHub: All open source, so raise issues or submit PRs if you spot something. Azure Verified Modules | AVM
Microsoft Docs: Full guidance, release notes, and examples. Azure Verified Modules | Microsoft Learn
Community: Azure IaC calls, forums, and Discord. There’s always someone who’s already hit your problem.

Final Thoughts

Azure Verified Modules are a big step forward for anyone using Terraform on Azure. They bring consistency, security, and speed to your deployments without locking you into a rigid framework. If you’re not already using them, now’s the time to give them a go.

Already working with AVM modules? Found any quirks or got tips for getting the most out of them? Drop your thoughts below. Let’s help each other build better, faster, and more secure Azure environments.