Azure Resources Manager (ARM)
Deploy Azure Resources with Arm Templates & PowerShell
Section titled “Deploy Azure Resources with Arm Templates & PowerShell”Video taught by Navika Chhauda
What are Azure Resources Manager (ARM) Templates and Why Use Them
Section titled “What are Azure Resources Manager (ARM) Templates and Why Use Them”Use case: Create infrastructure from code instead of manually and record infrastructure as code (IaC).
Benefits: reuse, time efficiency, continuous deployment and integration, track deployments
Parts of an ARM Template
Section titled “Parts of an ARM Template”- Input: JavaScript Object Notation File (JSON)
- Configure a resource
- Declarative syntax
ARM Template Structure
Section titled “ARM Template Structure”Properties:
- schema: template version
- contentVersion: version of content
- parameters: inputs from user
- functions: methods
- variables dynamic values
- resources: what to deploy
- outputs: what to generate after ARM template is applied
Demos: Deployment Resources using AR
Section titled “Demos: Deployment Resources using AR”- Use VS Code, use ARM extension
- Create ARM template from scratch using structure elements from above
- Using ARM! snippet in VS Code, create a blank template
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", // Parameters are to get input from user "parameters": { // example // "storagename": { // "type": "string", // "metadata": { // "description": "Name of the storage account" // } // } }, "functions": [], // Optional variables can be reused "variables": { // Create storage account name from a // unique string generated from numbers 2,6,4 "stname": "[concat('storage',uniqueString('264'))]" }, // Most Azure resources are available for creation // In VS Code, see templates using arm- and C-Space "resources": [ { // Refer to stname specificed in variables "name": "[variables('stname')]", "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2023-04-01", "tags": { "displayName": "[variables('stname')]" }, "location": "[resourceGroup().location]", "kind": "StorageV2", "sku": { "name": "Premium_LRS", "tier": "Premium" } }
], "outputs": {}}PowerShell Scripting
Section titled “PowerShell Scripting”-
Use Case: Need software to automate, deploy, and manage Azure resources
-
PowerShell: Command line tool, helps with automation, scripting language, can do deployment of resources
-
Steps of deployment resources using PowerShell
- Connect to Azure
- Get/Set subscription
- Create
- Create resource group (RG) if needed
- Deploy resources
- During deploy, you can observe progress in Azure portal under resource group > Deployments
-
Commands may require Cmdlets to be installed from PowerShell gallery
-
Usage:
- Scripts of PowerShell commands
- Dynamic scripts
- Loops, conditions, error handling
- Define variables like $var, can add numbers and concatenate strings
ARM Templates and PowerShell
Section titled “ARM Templates and PowerShell”- Deploy ARM json using CLI, like PowerShell, can run like in terminal or PowerShell ISE
# Connect to AzureConnect-AzAccount# Check subscriptionGet-AzSubscription# Can reuse existing RG or create new one like:New-AzResourceGroup -Name "test1" -Location "CanadaCentral"# Deployment the resource using an existing RG called test1# Point to filled in ARM template fileNew-AzResourceGroupDeployment -ResourceGroupName test1 -TemplateFile "/path/to/ARM-file.json"
# Get virtual machinesGet-AzVM$totalVM=Get-AzVM$count=0
foreach($vm in $totalVM) { $count = $count + 1}$count
Write-Host("Total VMs in subscription is $count")
if ($count -gt 1) { Write-Host("Sorry, no more VMs can be deployed, maximum 1 VMs reached")}else { # vm.json below has # - storage account # - public IP # - network # - NSG # - VNet # - Sub network # - VM # - Password is specified as well New-AzResourceGroupDeployment -ResourceGroupName test1 -TemplateFile "vm.json" Write-Host("New VM deployed")}- You can retrieve a template from an existing resources using export template in the Azure Portal from the resource
vm.json
Section titled “vm.json”- Make sure the VM name is unique
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { // specific relevant parameters below }, "functions": [], "variables": { // specific relevant variables below }, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2023-04-01", "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", "sku": { "name": "Standard_LRS" }, "kind": "Storage" }, { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2023-11-01", "name": "[parameters('publicIpName')]", "location": "[parameters('location')]", "sku": { "name": "[parameters('publicIpSku')]" }, "properties": { "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", "dnsSettings": { "domainNameLabel": "[parameters('dnsLabelPrefix')]" } } }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2023-11-01", "name": "[variables('networkSecurityGroupName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "default-allow-3389", "properties": { "priority": 1000, "access": "Allow", "direction": "Inbound", "destinationPortRange": "3389", "protocol": "Tcp", "sourcePortRange": "*", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*" } } ] } }, { "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2023-11-01", "name": "[variables('virtualNetworkName')]", "location": "[parameters('location')]", "properties": { "addressSpace": { "addressPrefixes": [ "[variables('addressPrefix')]" ] }, "subnets": [ { "name": "[variables('subnetName')]", "properties": { "addressPrefix": "[variables('subnetPrefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" } } } ] }, "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" ] }, { "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2023-11-01", "name": "[variables('nicName')]", "location": "[parameters('location')]", "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName'))]" }, "subnet": { "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]" } } } ] }, "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName'))]", "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" ] }, { "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2023-03-01", "name": "[parameters('vmName')]", "location": "[parameters('location')]", "properties": { "hardwareProfile": { "vmSize": "[parameters('vmSize')]" }, "osProfile": { "computerName": "[parameters('vmName')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]" }, "storageProfile": { "imageReference": { "publisher": "MicrosoftWindowsServer", "offer": "WindowsServer", "sku": "[parameters('OSVersion')]", "version": "latest" }, "osDisk": { "createOption": "FromImage", "managedDisk": { "storageAccountType": "StandardSSD_LRS" } }, "dataDisks": [ { "diskSizeGB": 1023, "lun": 0, "createOption": "Empty" } ] }, "networkProfile": { "networkInterfaces": [ { "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" } ] }, "diagnosticsProfile": { "bootDiagnostics": { "enabled": true, "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').primaryEndpoints.blob]" } }, "securityProfile": "[if(equals(parameters('securityType'), 'TrustedLaunch'), variables('securityProfileJson'), null())]" }, "dependsOn": [ "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]", "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ] }, { "condition": "[and(equals(parameters('securityType'), 'TrustedLaunch'), and(equals(variables('securityProfileJson').uefiSettings.secureBootEnabled, true()), equals(variables('securityProfileJson').uefiSettings.vTpmEnabled, true())))]", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2023-03-01", "name": "[format('{0}/{1}', parameters('vmName'), variables('extensionName'))]", "location": "[parameters('location')]", "properties": { "publisher": "[variables('extensionPublisher')]", "type": "[variables('extensionName')]", "typeHandlerVersion": "[variables('extensionVersion')]", "autoUpgradeMinorVersion": true, "enableAutomaticUpgrade": true, "settings": { "AttestationConfig": { "MaaSettings": { "maaEndpoint": "[variables('maaEndpoint')]", "maaTenantName": "[variables('maaTenantName')]" } } } }, "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" ] }
], "outputs": {}}When to choose BICEP vs ARM
Section titled “When to choose BICEP vs ARM”- You can use both, no wrong choice
- Bicep is more concise and easier to read
- Export in Azure Portal uses ARM template and underneath a BICEP approach uses ARM for deployment