Skip to content

Instantly share code, notes, and snippets.

@chgeuer

chgeuer/redi2023-ARM Templates.md

Last active April 20, 2023 19:15
Show Gist options
  • Save chgeuer/013ee704084252f8b1721ffa4e033ec6 to your computer and use it in GitHub Desktop.
Save chgeuer/013ee704084252f8b1721ffa4e033ec6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
redi2023-ARM Templates.md

Azure Resource Manager (ARM) and ARM Templates

Summary for teacher

  • Walked through slides 26 and 27 of the presentation AZ-900T00A-ENU-PowerPoint-03.pptx.

Session notes

image-20230420210810370

https://docs.microsoft.com/learn/modules/describe-features-tools-manage-deploy-azure-resources/4-describe-azure-resource-manager-azure-arm-templates

  • Provides a management layer that enables you to create, update, and delete resources in your Azure subscription.
  • Create, configure, manage and delete resources and resource groups.
  • Organizes resources.
  • Controls access and resources.
  • Automates using different tools and SDKs.
  • Stores layouts in JSON files.

You can view more details about Azure Resource Manager at https://docs.microsoft.com/en-us/azure/azure-resource-manager

  • All management operations go through the ARM API

    • Clicking in the Azure Portal
    • Running a script or a command Making a call to the REST API (from a program)

  • Scripts

    • 2 implementations
      • Azure PowerShell
      • az command line interface CLI
    • Imperative – Execute commands in a specific order
    • Error handling? Can be complicated to correctly handle errors – what should happen when the script blows up in the middle of the action.
    • Serialized (slow) – Scripts often execute steps in sequence, one ofter the other. Not doing things in parallel
    • Often must be “parametrized” (so they can be re-used with different names)

    ARM JSON / Azure Resource Manager (ARM) templates

    • All resources in Azure represented as JSON data structure
    • Each resource has a unique resource ID, such as /subscriptions/724467b5-bee4-484b-bf13-d6a5505d2b51/resourceGroups/longterm/providers/Microsoft.KeyVault/vaults/chgeuer-tls
    • Resources in JSON having properties, like ‘id’, ‘name’, ‘location’, ‘type’, ‘properties’
    • The ‘properties’ contains all the details

image

image

  • Azure Resource Manager (ARM) templates are JavaScript Object Notation (JSON) files that can be used to create and deploy Azure infrastructure without having to write programing commands.
    • Declarative syntax
    • Repeatable results
    • Orchestration
    • Modular files
    • Built-in validation
    • Exportable code

Links

Deploy app resources Azure Resource Manager enables you to repeatedly deploy your app and have confidence your resources are deployed in a consistent state. You define the infrastructure and dependencies for your app in a single declarative template. This template is flexible enough to use for all of your environments such as test, staging or production. If you create a solution from the Azure Marketplace, the solution will automatically include a template that you can use for your app.

Organize resources: Azure Resource Manager makes it easy for you to manage and visualize resources in your app. You no longer have to deploy parts of your app separately and then manually stitch them together. You put resources with a common lifecycle into a resource group that can be deployed or deleted in a single action. You can see which resources are linked by a dependency. You can apply tags to resources to categorize them for management tasks, such as billing.

Control access to resources: With Azure Resource Manager, you can control who in your organization can perform actions on the resources. You manage permissions by defining roles and adding users or groups to the roles. For critical resources, you can apply an explicit lock that prevents users from deleting or modifying the resource. Azure Resource Manager logs all user actions so you can audit those actions. For each action, the audit log contains information about the user, time, events, and status.

Our final template

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "myKeyvaultName": { "type": "string", "defaultValue": "chris-keyvault"},
        "myStorageName": { "type": "string" }
    },
    "variables": {
        "myFavoriteAzureRegion": "northeurope"
    },
    "resources": [
        {
            "name": "[parameters('myKeyvaultName')]",
            "type": "Microsoft.KeyVault/vaults",
            "apiVersion": "2023-02-01",
            "location": "[variables('myFavoriteAzureRegion')]",
            "properties": {
                "sku": {
                    "family": "A",
                    "name": "Standard"
                },
                "tenantId": "[subscription().tenantId]",
                "enabledForDeployment": false,
                "enabledForDiskEncryption": false,
                "enabledForTemplateDeployment": true,
                "enableSoftDelete": true,
                "softDeleteRetentionInDays": 90,
                "enableRbacAuthorization": true
            }
        },
        {
              "type": "Microsoft.Storage/storageAccounts",
              "apiVersion": "2021-06-01",
              "name": "[parameters('myStorageName')]",
              "location": "[variables('myFavoriteAzureRegion')]",
              "kind": "StorageV2",
              "sku": {
                "name": "Standard_RAGRS",
                "tier": "Standard"
              }
        }
    ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment