Beta

AZ-400: Designing and Implementing Microsoft DevOps Solutions

Design and Implement Infrastructure as Code IaC

Azure Resource Manager Templates

In this guide, we explore Azure Resource Manager (ARM) templates—powerful JSON-based blueprints that define, deploy, and manage your Azure infrastructure in a consistent and efficient manner. ARM templates allow you to describe all necessary components and settings in a structured format, ensuring deployments are automated, reproducible, and less prone to human error.

One of the major benefits of ARM templates is automation. You create a single template containing all resource definitions and configurations, then deploy multiple environments with consistent settings. This approach saves time, reduces deployment errors, and maintains environment alignment with the desired state.

The image is an introduction to Azure Resource Manager Templates, showing a flowchart with three stages: ARM Template Creation, Automated Deployment, and Configured Resources.

ARM templates offer several advantages:

  • They promote reusability across different projects.
  • They serve as comprehensive documentation of your infrastructure, simplifying audits and reviews.
  • They enable you to decompose complex systems into modular, manageable components that simplify updates.

Key Components of an ARM Template

An ARM template is organized into four main sections:

  1. Parameters: Input values that allow customization during deployments.
  2. Variables: Reusable values or expressions that simplify template complexity.
  3. Resources: The actual Azure resources to deploy or update.
  4. Outputs: Return values after deployment to aid in debugging or to provide information to other processes.

The image lists the key components of ARM Templates: Parameters, Variables, Resources, and Outputs, each in a colored box.

The JSON structure starts with a schema definition and content version, followed by the aforementioned sections.

Managing dependencies between resources is crucial. For example, if a virtual machine depends on a storage account, the storage account must be provisioned first. ARM templates use the dependsOn property to specify such dependencies, ensuring resources are created in the proper order.

The image is about managing dependencies in ARM templates, highlighting two points: ensuring the correct deployment sequence and preventing errors and deployment failures.

The dependsOn property ensures that a resource is deployed only after its dependencies have been successfully created. For instance, a virtual machine that depends on a storage account will wait until the storage account is fully deployed before initiating the VM deployment.

The image illustrates managing dependencies in ARM templates, showing a storage account and a virtual machine with a "DependsOn" relationship.

Security Considerations

Security is paramount when working with ARM templates. It is critical to never hard-code sensitive information, such as passwords or API keys, directly into your templates. Instead, store these secrets securely using Azure Key Vault and reference them within your ARM templates.

Warning

Avoid embedding sensitive data in your templates. Use secure storage solutions like Azure Key Vault to manage credentials and secrets.

The image compares insecure and secure methods of handling secrets in ARM templates, highlighting the use of hardcoding versus Azure Key Vault.

Modularization and Linked Templates

As your Azure environments grow in complexity, effective organization of your ARM templates becomes essential. Breaking templates into modular components improves reusability and maintainability. One effective approach is to use linked templates, where a main template references smaller, specialized templates dedicated to networking, storage, compute resources, and more.

The image is a diagram showing the organization of ARM templates, with a "Main ARM Template" linking to a "Networking Template."

This modular structure streamlines management and updates, allowing you to efficiently control both individual components and the overall environment.

Azure Resource Manager and Desired State Configuration

Azure Resource Manager is the core management layer responsible for provisioning, updating, and deleting resources in your Azure account. ARM templates play a critical role in implementing Desired State Configuration (DSC) in Azure, setting the desired infrastructure state and ensuring that your environment consistently aligns with this configuration.

The image is a diagram illustrating the role of ARM Templates in Azure Resource Manager and DSC, showing how they are used to deploy and manage infrastructure as code.

Example: Using DSC with an ARM Template

The Local Configuration Manager (LCM) is the engine responsible for applying and maintaining specified configurations on target machines. The following ARM template snippet configures a virtual machine extension to download and execute a DSC configuration script. In this example, the extension uses DSC to apply system configuration settings.

{
  "extensionProfile": {
    "extensions": [
      {
        "name": "DSCExtension",
        "properties": {
          "publisher": "Microsoft.PowerShell",
          "type": "DSC",
          "typeHandlerVersion": "2.9",
          "autoUpgradeMinorVersion": true,
          "settings": {
            "configuration": {
              "url": "https://example.com/MyDscConfiguration.zip",
              "script": "ConfigureFirewall.ps1",
              "function": "ConfigureFirewall"
            },
            "configurationArguments": {
              "nodeName": "Localhost"
            }
          },
          "protectedSettings": {
            "configurationUrlSasToken": "sasTokenValue"
          }
        }
      }
    ]
  }
}

Within the DSC configuration, additional resources such as Windows Features (to install roles like IIS) and XWebsite (to manage IIS configuration) can be defined modularly, providing robust control over configuration management alongside infrastructure provisioning.

Introducing Bicep

Having covered ARM templates in detail, the next step is to explore Bicep—a domain-specific language (DSL) designed for authoring ARM templates. Bicep simplifies and streamlines the deployment process, offering an improved development experience while maintaining the same powerful automation capabilities.

For further details on Bicep and its advantages over traditional JSON-based ARM templates, check out the Bicep documentation.

Note

ARM templates and Bicep both enable Infrastructure as Code (IaC) practices in Azure. While ARM templates use JSON, Bicep streamlines template syntax and improves maintainability.

Watch Video

Watch video content

Previous
Azure Automation State Configuration
Next
Introduction to Bicep