Skip to main content
Welcome to this lesson on Bicep — Microsoft’s concise domain-specific language (DSL) for declaring and managing Azure resources. Bicep delivers a cleaner, more maintainable authoring experience than raw ARM template JSON while producing the same ARM artifacts that Azure consumes. Use Bicep to improve readability, modularity, and maintainability of your Infrastructure as Code (IaC).
A presentation slide titled "Bicep – Introduction" with a centered blue hexagon Bicep logo. The text says Bicep is a Microsoft domain-specific language that simplifies declaring Azure resources compared to traditional ARM templates.
How Bicep works:
  • Author readable .bicep files with declarative resource definitions.
  • Bicep compiles (either implicitly during deployment or explicitly with the Bicep CLI) to ARM template JSON that Azure understands.
  • This approach gives you concise syntax and full ARM compatibility for deployment scenarios and tooling.
Key benefits:
  • Simpler, more readable syntax compared to raw ARM JSON.
  • Native support for modularity and reuse through modules.
  • Less boilerplate and easier maintenance for growing templates.
Example: simple storage account in Bicep 
@description('Specifies the location for resources.')
param location string = 'eastus'

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
  name: 'mystorageaccountname'
  location: location
  kind: 'StorageV2'
  sku: {
    name: 'Premium_LRS'
  }
}
Installation options
If you have a recent Azure CLI installation, the az bicep commands are available without a separate binary. Run az bicep version to confirm availability.
Common platform install examples PowerShell (Windows): 
Set-ExecutionPolicy Bypass -Scope Process -Force; iwr -useb https://aka.ms/installbicep | iex
Linux (standalone binary example): 
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
chmod +x ./bicep
sudo mv ./bicep /usr/local/bin/bicep
macOS (Homebrew example): 
brew tap azure/bicep
brew install bicep
Core Bicep language building blocks
Building BlockPurposeWhen to use
ParameterInput supplied at deployment timeMake templates flexible and reusable across environments
VariableReusable expressions or computed valuesAvoid repeating logic and improve readability
ResourceDeclaration of Azure resources with type and API versionAll infrastructure is declared as resources
ModuleEncapsulated Bicep file used as a child templateReuse and compose complex deployments
OutputValues returned after deploymentExpose IDs, endpoints, connection strings for scripts or other templates
Authoring best practices
  • Use parameters and variables to keep templates configurable across environments (dev/prod).
  • Group related resources and extract repeatable patterns into modules.
  • Use resource loops and conditions to minimize duplicated code.
  • Leverage built-in functions for string manipulation, resource IDs, and array handling.
  • Secure secrets using Azure Key Vault rather than embedding them in templates.
A colorful slide titled "Authoring With Bicep" showing five numbered tips for effective Azure Bicep scripting. The tips cover naming conventions, validating/previewing templates, implementing outputs, handling dependencies, and secure handling of sensitive data.
More practical authoring tips:
  • Adopt consistent naming conventions for resources, parameters, and modules.
  • Validate and preview templates before deployment using the deployment what-if and validate operations.
  • Emit outputs for important resource IDs, connection strings, and endpoints for downstream automation.
  • Model resource dependencies explicitly (dependsOn or implicit references) to ensure correct provisioning order.
  • Avoid storing secrets in code—use Key Vault references or secure parameter inputs.
Never commit secrets or credentials to source control. Use Key Vault references, Azure AD-backed service principals, or secure parameter files for sensitive values.
Deploying Bicep with Azure CLI High-level deployment workflow:
  1. Install and sign in with the Azure CLI.
  2. Optionally compile a .bicep file to ARM JSON using az bicep build for debugging or CI scenarios.
  3. Create or choose an existing resource group.
  4. Deploy the Bicep file with az deployment group create (or use subscription/management group scope as needed).
A presentation slide titled "Authoring With Bicep" with the subtitle "Process of Deploying a Bicep File Using Azure CLI." It shows two colorful panels labeled "01 Install Azure CLI" and "02 Install Bicep CLI" with short notes about installing each.
Useful CLI commands
CommandPurpose
az loginAuthenticate to Azure
az bicep build —file <file>Compile .bicep to ARM JSON (optional)
az group create —name <rg> —location <loc>Create a resource group
az deployment group create —resource-group <rg> —template-file <file>Deploy a Bicep file to a resource group
Example CLI steps: 
# Sign in
az login

# Compile a Bicep file to ARM JSON (optional)
az bicep build --file ./main.bicep

# Create a resource group
az group create --name myResourceGroup --location eastus

# Deploy the Bicep file to a resource group
az deployment group create --resource-group myResourceGroup --template-file ./azuredeploy.bicep --parameters storageAccountType=Standard_GRS
Visual Studio Code integration
  • Use VS Code with the Bicep extension for IntelliSense, syntax highlighting, and snippets.
  • The extension enables validation, quick fixes, and direct deployment capabilities when signed into your Azure account.
  • For a streamlined authoring experience, enable the Bicep extension and configure the Azure Account extension to authenticate from the editor.
A presentation slide titled "Deploying With Bicep in Visual Studio Code" showing three colored feature cards labeled 01 IntelliSense, 02 Code snippets, and 03 Direct deployment capabilities with icons. The slide includes a © Copyright KodeKloud notice in the corner.
Deploying from Azure Cloud Shell
  • Upload your .bicep file to the Cloud Shell using drag-and-drop or the Cloud Shell upload options.
  • Use the same az group create and az deployment group create commands in Cloud Shell for zero-local-setup deployments.
az group create --name ExampleGroup --location "Your Location"
az deployment group create --resource-group ExampleGroup --template-file azuredeploy.bicep --parameters storageAccountType=Standard_GRS
Azure Automanage Machine Configuration Azure Automanage Machine Configuration automates VM configuration and applies recommended best practices and security guidelines to supported virtual machines. Automanage simplifies operational management across VM fleets by ensuring consistent configuration, patching, and policy enforcement.
A presentation slide titled "Azure Automanage Machine Configuration Extension." It shows two rounded colored boxes labeled "01 Best Practices" and "02 Security Guidelines."
Closing notes
  • Bicep improves authoring productivity and maintainability compared to raw ARM JSON while remaining fully compatible with Azure’s resource model.
  • Start small: convert simple ARM templates into Bicep, validate locally, and adopt modules for repeated patterns as your IaC footprint grows.
  • Use CI/CD pipelines to compile and validate Bicep artifacts, and follow security best practices to protect credentials and secrets.
Links and references

Watch Video