Last Updated on August 7, 2025 by Arnav Sharma

Terraform is an Infrastructure as Code (IaC) tool that allows you to build, change, and version infrastructure efficiently and will attempt to find the best configuration for a given environment. Terraform uses the HashiCorp Configuration Language (HCL), a domain-specific language that you’ll be familiar with if you’ve used other infrastructure automation tools, for defining and provisioning infrastructure across a variety of cloud and on-premises resources.

In Terraform, conditional logic can be applied using the if-else construct within expressions. However, unlike in many programming languages, Terraform doesn’t have traditional if-else control structures to direct the flow of execution. Instead, if-else logic in Terraform is implemented within expressions, primarily with the ternary operator, which follows the syntax: condition ? true_value : false_value.

Here’s an example of how you might use an if-else expression in Terraform to provision resources in Azure conditionally:

variable "deploy_environment" {
  description = "The environment to deploy into"
  type        = string
}

resource "azurerm_resource_group" "example" {
  # Resource group name is determined by the deploy_environment variable
  name     = var.deploy_environment == "production" ? "prod-rg" : "dev-rg"
  location = "East US"
}

resource "azurerm_virtual_network" "example" {
  # Virtual network name has a suffix based on the deploy_environment variable
  name                = "vnet-${var.deploy_environment == "production" ? "prod" : "dev"}"
  address_space       = ["10.0.0.0/16"]
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
}

output "resource_group_name" {
  value = azurerm_resource_group.example.name
}

In this example:

• The azurerm_resource_group resource’s name is set based on the value of the deploy_environment variable. If deploy_environment is "production", the name will be "prod-rg". Otherwise, it will be "dev-rg".
• The azurerm_virtual_network resource’s name includes a suffix that depends on whether deploy_environment equals "production" or not.

Remember that Terraform’s conditional expressions only work within the context of setting a value. You cannot use them to conditionally create resources. To conditionally create resources, you would use the count parameter or the for_each construct to control whether or not a resource is created based on your conditions.

Here’s an example with count:

resource "azurerm_storage_account" "example" {
  count               = var.deploy_environment == "production" ? 1 : 0
  name                = "prodstorageaccount"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  account_tier        = "Standard"
  account_replication_type = "GRS"
}

output "storage_account_name" {
  value = var.deploy_environment == "production" ? azurerm_storage_account.example[0].name : ""
}

In this count example:

• The azurerm_storage_account resource is only created if deploy_environment is "production". The count is set to 1 if the condition is true and 0 if false.
• The output storage_account_name will be the name of the storage account if created, or an empty string otherwise.

This approach to conditional logic allows you to create complex, conditional configurations in a declarative way, which is one of the strengths of Terraform.

Arnav Sharma Microsoft MVPMCT

Microsoft Certified Trainer · Cloud · Cybersecurity · AI

I help organisations secure their cloud infrastructure and stay ahead of evolving cyber threats. Microsoft MVP and Certified Trainer, author of Mastering Azure Security, and founder of arnav.au — a platform for practical Cloud, Cybersecurity, DevOps and AI content.

LinkedIn Twitter / X 📖 Mastering Azure Security Book a Session