Sign in Subscribe

Preventing Failed Azure Deployments with AZAPI's Pre-flight Validation

Preventing Failed Azure Deployments with AZAPI's Pre-flight Validation

This is a writeup in text from the Youtube video I created on this topic, you can find it here:

Problem statement:

When working with infrastructure-as-code (IaC), deployment failures will happen, it's just the way it is. These issues often arise during the terraform apply phase after everything looks good when you've run terraform plan. The introduction of a new Pre-flight Validation feature in the AZAPI provider promises to address this problem by catching potential issues earlier in the development cycle (When you run terraform plan).

What is Pre-flight Validation?

Pre-flight validation is a new capability introduced in the AZAPI provider starting from version 2.0.1. It checks your planned infrastructure changes against Azure policies and constraints before any changes are actually made. This proactive check happens during the terraform plan stage rather than waiting for errors to appear during terraform apply

The pre-flight feature doesn’t just validate against policy violations. It also:

  • Checks for unique resource name availability (e.g., storage accounts).
  • Validates input formats (like IP address prefixes).
  • Identifies disallowed settings such as public blob access if restricted by policy.
  • Verifies that you or your principal has sufficent permissions to complete the planned changes.

Why this is great

The quicker we can receive information about our deployment and potential issues with it the quicker we can remediate them, and run less failed deployments. It may not seem like a lot of time to write configuration, check it in to version control, wait for the pipeline to execute just to watch it fail during the apply phase. But repeat this several times one day and the time quickly adds up.

How to Enable It

To activate Pre-flight Validation:

  1. Use AZAPI provider version 2.0.1 or later.
  2. Replace existing azurerm resources with azapi equivalents to ensure they get checked.

In your Terraform provider configuration, include the enable_preflight setting:

provider "azapi" {
  enable_preflight = true
}

This one is by default set to false

About me

About me
If you have landed on my page you will have already understood my passion for tech, but obviously there is more to life than that. Here I will try and outline a few of my other hobbies. Strength training I am a person who loves to move around and challenge
Lindberg TechCarl Lindberg