Has anyone tried doing IaC with IIS on a VM using a tool like ansible, chef or puppet? Which one would you recommend? What difficulties did you encounter? Is there better tools to use? Mainly want to use it for App Settings management when performing a deployment. I am aware of Azure App Configuration but not considering that yet.

We (not me personally) use a lot of Terraform and Bicep, after many other explorations. I am wondering what the problem is with your App Settings management? Isn't that what environment-specific appsettings files are for?

I would normally just set the VM up myself from a base image (but I set them up when I have a new client needing it which is then long lived). For app settings, I use build configurations within visual studio to transform web configs and set the environment within IIS. That then allows the appsettings.[environment].json approach

Terraform is nice - I've had a little experience with it, but I'm no expert

I can't see the benefit of adding Terraform (or any other IaC tool) to the mix if you only need to control your application settings. Then I think a simple Powershell script would do you better.

Main motivation for this is to try and get new app settings documented securely into source control so when big projects are undertaken any new app settings or removals are in the source control and not on trello checklists. We have a good system with azure web apps and bicep where all deployments to dev environments except production trigger the bicep template. Bicep will add any new app setting changes during development as the dev is forced to add their app setting into the bicep. This in a way documents their new app setting into source control as their app setting will be removed (in the next deployment) if added manually. The same template will run on our other environments so when a new iteration is complete the app settings are automatically added to other dev environments we have. Saving me a bunch of time. It also shows up in Pull requests so anything oddly named is spotted. Could I use terraform to achieve this? the web server is already in use and not managed by us so I don't have the option to setup a VM from scratch.