CAMPUX Cloud Bootcamp
Field notes · Infrastructure as code
Bicep vs Terraform

Bicep vs Terraform: which infrastructure-as-code should you learn for Azure?

By Victor Thomson16 July 20266 min read

One is Azure's own language, stateless and born knowing every service the day it ships. The other is the multi-cloud standard that keeps a ledger of everything it built. Here is the honest comparison — and why the choice is rarely a religion.

Ask this question in the wrong forum and you will start a fight. Ask it on the job and the answer is usually boring and correct: it depends on how many clouds you have and who has to maintain it. Both Bicep and Terraform do the same fundamental job — you describe the infrastructure you want in a text file, commit it to Git, and a tool makes reality match the file. Everything interesting is in how they do it.

Bicep: Azure's native tongue

Microsoft's definition is exact: "Bicep is a domain-specific language that uses declarative syntax to deploy Azure resources." You write clean, typed code, and under the hood the Bicep CLI transpiles it into an Azure Resource Manager (ARM) JSON template — Microsoft calls Bicep "a transparent abstraction over" ARM JSON. That lineage gives Bicep two standout traits:

Bicep is free, open source, first-party supported, idempotent, and ships a what-if command that previews changes before you deploy. If your world is entirely Azure, it is the path of least resistance.

Terraform: the multi-cloud standard with a ledger

Terraform, from HashiCorp, is an open-source infrastructure-as-code tool that manages any infrastructure — Azure, AWS, Google Cloud, and hundreds of SaaS platforms — through a plugin system of providers. For Azure you mainly use the AzureRM provider. You write in HCL (HashiCorp Configuration Language), run terraform plan to preview and terraform apply to build. Its defining trait is the mirror image of Bicep's:

BicepTerraform
ScopeAzure onlyMulti-cloud + SaaS
LanguageBicep DSL → ARM JSONHCL
StateNone — Azure holds itState file you store & lock
New Azure servicesAvailable immediatelyWait for provider update
Preview changeswhat-ifterraform plan
MakerMicrosoft (first-party)HashiCorp

Bicep asks Azure what exists. Terraform keeps its own ledger of what it built. That single difference explains almost everything else.

So which do you choose?

Strip away the tribalism and it comes down to a few honest questions:

The trade-off worth saying out loud

In an interview, "I chose Bicep for an Azure-only estate — native tooling and no state to secure — but I would choose Terraform the moment a second cloud entered the picture" is a stronger answer than praising either tool unconditionally. It shows you pick tools against requirements, not fashion.

The part people miss: they are not that different to learn

Both are declarative. Both want you thinking in desired state rather than step-by-step scripts. Both plug into pipelines, both preview before they change anything, both live in Git and get reviewed like code. Learn one well and the second is mostly new syntax over ideas you already hold. So do not agonise over the "wrong" first choice: if you are learning for an Azure-heavy career, start with Bicep because it is frictionless on Azure — then pick up Terraform the day a job description lists it. Neither is a dead end; they are two dialects of the same good habit.

Further reading — the Microsoft docs
Drilled in Class 20 (Bicep) and Class 21 (Terraform). Next note: NSG vs Azure Firewall →