Recently I got to chance to work with Azure Bicep. I previously had experience with ARM templates. My first impression to Bicep was "WOW", It seems pretty cool and I started enjoying scripting with Bicep, but there were some moments when I felt some bad feelings. All in all it's pretty awesome :)
So Started writing this blog to show how to best use Bicep templates. I have a similar vlog series also.
My aim in this blog series is to build a full working environment with Bicep having all the bits and pieces tied together and later on maybe we can tidy up a few things.
Following is the environment I want to build
when using bicep we can create modules and main files. what happens is we can call modules in main files or within separate module files. Similar to OOP :)
quoting MS Documentation about Modules
"Bicep enables you to break down a complex solution into modules. A Bicep module is just a Bicep file that is deployed from another Bicep file. You can encapsulate complex details of the resource declaration in a module, which improves the readability of files that use the module. You can reuse these modules, and share them with other people. Bicep modules are converted into a single Azure Resource Manager template with nested templates for deployment"
as for me modules can be a bicep file which we can call from another bicep file :D
Normally we define modules based on the workload. as per my above diagram I will have
- Log Analytics
- Virtual network
- Network Security groups
- Key Vault
- Storage account
- Storage account Private endpoints
and I will have a few main files to call them
So let's start with the implementation. First things first we need to create our folder structure. As per below, I have created my folder structure.
Now... before you start you need to understand the components you are going to deploy and its dependencies. So when looking at my above design I need my log analytics to be deployed first.
So I'm creating my log analytics bicep module below
you may be wondering how I know all these, it's pretty easy you have two options when you are learning.
- Go ahead and deploy a workspace using GUI. and head down to the export template, you can get a pretty good understanding of what parameters are required, you cannot copy-paste simply because that export template is from JSON formzt not BICEP
And to get the related code for bicep head down to the MS documentation from below link
Perfect, now that we are done with module let's work on our main files for the log analytics
this main file will not only call for this module but it will go to create a resource group as well
once you finish with the main file we can deploy few things to highlight my main file. this main file scope is the subscription. there are a few scope types available below
reason is that I'm creating a resource group also. But when deploying a log analytics workspace its scope should be a resource group.
If you are wondering what this means is "resourceGroup(my resource group.name)" it is a function available in BICEP. head out to the below link to learn more about bicep functions
To deploy the bicep template. I just need to run the main file. Bicep will do the rest. I'm going to use Az module to deploy the bicep. Since my main file is a subscription scop this code is for subscription deployment
az deployment sub create --location australiaeast --template-file .\dckloud-prj1\main-loganalytics.bicep
for more info - https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli
I will have these avaible in my github public repo
In the next part we will discuss about the things for the VNET and Storage accounts