Announcing Azure Stack Hub Provider 1.0

The new HashiCorp Terraform Azure Stack provider 1.0 includes several provider behavior improvements, 19 new resources, and supports a new service for Key Vault.

HashiCorp initially shipped support for the Azure Stack provider in June 2018.

Today marks the release of version 1.0 of the Azure Stack provider, a major release that includes a number of large-scale changes that are outlined in this blog post.

For enterprises that seek to leverage the capabilities of a public cloud environment but have strict requirements that prevent them from fully transitioning away from on-premises datacenters, Microsoft offers Azure Stack Hub. Azure Stack Hub is an extension of Azure, aimed at providing the benefits of Azure’s cloud computing capabilities via on-premises environments. Organizations opting to use Azure Stack Hub as part of a hybrid cloud environment can provision and manage infrastructure using HashiCorp Terraform through the dedicated Azure Stack provider.

Microsoft and HashiCorp have collaborated to bring you the 1.0 version of the Azure Stack provider. Below we’ll discuss some of the 19 new resources and changes found in this major release.

NOTE: Version 1.0 of the Azure Stack provider supports Terraform 0.12 and later. Terraform 0.10 and 0.11 are no longer supported with this release.

»New Resources Highlights

The Azure Stack provider includes new resources in compute, networking, DNS, and Key Vault.


Separate Windows and Linux resources for virtual machines and virtual machine scale sets:

  • azurestack_linux_virtual_machine
  • azurestack_windows_virtual_machine
  • azurestack_linux_virtual_machine_scale_set
  • azurestack_windows_virtual_machine_scale_set


Eight new resources covering almost every available API:

  • azurestack_dns_aaaa_record
  • azurestack_dns_cname_record
  • azurestack_dns_mx_record
  • azurestack_dns_ns_record
  • azurestack_dns_ptr_record
  • azurestack_dns_srv_record
  • azurestack_dns_txt_record
  • azurestack_dns_zone

»Key Vault

Initial support for new services:

  • azurestack_key_vault
  • azurestack_key_vault_key
  • azurestack_key_vault_secret
  • azurestack_key_vault_access_policy

To see example configurations of these and other resources added in this release, please visit the Azure Stack provider documentation.

»Azure Stack Provider Improvements

Several enhancements have been made to the Azure Stack provider’s capabilities, including:

  • Custom timeouts: Resources can now optionally support a timeouts block, which allows users to specify a custom timeout for resource creation/deletion.
  • Resource group safe delete 'on' by default: Terraform now checks for remaining nested items during the deletion of a resource group and will raise an error message if present. This behavior can be controlled using the prevent_deletion_if_contains_resources feature flag in the resource_group block within the features block.
  • Features block: Users can now add a features block to configure provider behavior from within their Terraform configuration.

»Changes to Importing Existing Resources

Terraform allows for existing resources created outside of Terraform to be imported into Terraform's state. Once a resource is imported into the state, it's possible for Terraform to track changes and manage this resource. The Azure Stack provider allows importing existing resources into the state (using terraform import) for almost every resource.

  • Existing resources require import: When bringing resources provisioned outside of Terraform under Terraform's control, these resources must now be imported into the state before use. This means that Terraform will check for the presence of an existing resource prior to creating it, and will return an error if found.
  • Resource ID validation: The import function now checks resource IDs for correct formatting and reports what segments are either missing or incorrect.

»Removal of Deprecated Fields, Data Sources, and Resources

The Azure Stack provider was first launched in June 2018, and over the years it accumulated fields that have since been deprecated. A complete list of fields that will no longer be supported by the provider can be found in the Azure Stack 1.0 upgrade guide.

»Deprecated Fields

These fields remain available but feature-frozen, and will be removed in a future release:

  • azurestack_virtual_machine
  • azurestack_virtual_machine_scale_set

»Deprecated and Removed Fields

  • The security_provider_name field under the azurestack_virtual_wan resource has been removed, since Azure no longer supports this option.
  • The zones property under azurestack_managed_disk has been removed, as it is no longer supported by Azure.
  • For azurestack_network_interface, the load_balancer_backend_address_pools_ids, load_balancer_inbound_nat_rules_ids, internal_fqdn, and internal_dns_name_label properties have been removed.
  • The resource_group_name property has been removed from the azurestack_storage_blob resource.
  • The resource_group_name property has been removed from the azurestack_storage_container resource.
  • The type property for azurestack_virtual_network_gateway_connection no longer supports Vnet2Vnet.

»Azure Stack Provider Upgrade Guide

In addition to the information above, the Azure Stack provider team has put together an upgrade guide, with more information and examples of the changes to the provider.

»We’d Like Your Feedback

The Azure Stack provider team is excited to bring you these new features. Please try out this release and share any bugs or enhancement requests with us via GitHub issues. We look forward to your feedback and want to thank you for being such a great community!

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy