Skip to main content

Using Azure Bicep EP-1

Recently I got to chance to work with Azure Bicep. I previously had experience with ARM templates. My first impression to Bicep was "WOW", It seems pretty cool and I started enjoying scripting with Bicep, but there were some moments when I felt some bad feelings. All in all it's pretty awesome :)

So Started writing this blog to show how to best use Bicep templates. I have a similar vlog series also.

My aim in this blog series is to build a full working environment with Bicep having all the bits and pieces tied together and later on maybe we can tidy up a few things.

Following is the environment I want to build

when using bicep we can create modules and main files. what happens is we can call modules in main files or within separate module files. Similar to OOP :)

quoting MS Documentation about Modules

"Bicep enables you to break down a complex solution into modules. A Bicep module is just a Bicep file that is deployed from another Bicep file. You can encapsulate complex details of the resource declaration in a module, which improves the readability of files that use the module. You can reuse these modules, and share them with other people. Bicep modules are converted into a single Azure Resource Manager template with nested templates for deployment"

as for me modules can be a bicep file which we can call from another bicep file :D

Normally we define modules based on the workload. as per my above diagram I will have

  • Log Analytics
  • Virtual network
  • Network Security groups
  • Key Vault
  • Storage account
  • Storage account Private endpoints
  • VM

and I will have a few main files to call them

So let's start with the implementation. First things first we need to create our folder structure. As per below, I have created my folder structure.

Now... before you start you need to understand the components you are going to deploy and its dependencies. So when looking at my above design I need my log analytics to be deployed first.

So I'm creating my log analytics bicep module below

you may be wondering how I know all these, it's pretty easy you have two options when you are learning.

  1. Go ahead and deploy a workspace using GUI. and head down to the export template, you can get a pretty good understanding of what parameters are required, you cannot copy-paste simply because that export template is from JSON formzt not BICEP

And to get the related code for bicep head down to the MS documentation from below link

https://docs.microsoft.com/en-us/azure/templates/

Perfect, now that we are done with module let's work on our main files for the log analytics

this main file will not only call for this module but it will go to create a resource group as well

once you finish with the main file we can deploy few things to highlight my main file. this main file scope is the subscription. there are a few scope types available below

reason is that I'm creating a resource group also. But when deploying a log analytics workspace its scope should be a resource group.

If you are wondering what this means is "resourceGroup(my resource group.name)" it is a function available in BICEP. head out to the below link to learn more about bicep functions

https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions

To deploy the bicep template. I just need to run the main file. Bicep will do the rest. I'm going to use Az module to deploy the bicep. Since my main file is a subscription scop this code is for subscription deployment


az deployment sub create --location australiaeast --template-file .\dckloud-prj1\main-loganalytics.bicep

for more info - https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli

I will have these avaible in my github public repo

https://github.com/dkmcw20/AzurePS/tree/main/DevOps/dckloud-prj1


In the next part we will discuss about the things for the VNET and Storage accounts






Comments

Popular posts from this blog

Updating Azure VM Data Disk Sizes

Summary Hope you are doing great, this time I came up with a simple azure DevOps solution for updating VM disk sizes. The current project that I'm in has a bunch of virtual machines. So, we need a way to update the VM disk with minimal administrative effort and changes.  In this scenario, we have used Bicep as the IAC language Azure DevOps pipelines YAML variable files  Here is the high-level workflow for a particular VM in the solution YAML Pipeline file got two workflows, firstly the VM build pipeline, and the second is the disk update one. If you focus on the green arrow and the purple arrow, basically I'm modifying the same bicep module file and passing the same set of variables. You may wonder why we cannot use the same flow to build the VM and update the disk later, that's because for the disk updates VM needs to be in a shutdown state, and other components in the 1st flow need the VM up and running especially the extension modules YAML Variable Files I have decided t

Deploying an Automation Account with a Runbook and Schedule Using Bicep

Introduction Automation is a key component in many organizations' cloud strategy. Azure Automation allows you to automate the creation, deployment, and management of resources in your Azure environment. In this post, we will walk through the process of deploying an Automation Account with a Runbook and Schedule using Bicep, a new domain-specific language for deploying Azure resources. Intention My intention at the  end is to run a PowerShell  script to start and shutdown Azure VMs based on tag values. PowerShell  script that I have used is from below l ink.  And two  of me   collogue s ( Michael Turnley   and Saudh Mohomad helped to modify the  PowerShell  script. Prerequisites Before we begin, you will need the following: An Azure subscription The Azure CLI installed on your machine. The Azure Bicep extension for the Azure CLI Creating the Automation Account The first step in deploying an Automation Account with a Runbook and Schedule is to create the Aut

Securing Azure Services with Fetian FIDO

Hey Folks  Here again with another security topic with Fetian Fido. And once again Fetian devices proved their excellent quality and stability. For this I choose Fetian K33 -  AllinPass FIDO Security Key – FEITIAN (ftsafe.com) and  K39 -  Single-button FIDO Security Keys | FEITIAN (ftsafe.com) Use case  In an organization following changes needs to be implemented.  1. Update the password policy 2. Update the user session time out to 30 minutes Once these changes being implemented, the following issues need to be addressed 1. Users' complaint new passwords need to be so long 2. Users complain sessions time out makes them work so much slower with the longer passwords 3. Etc... Solution  One of my friends reached out to me to help solve this problem. All I could think of was using passwordless auth with FIDO devices. We have decided to use Fido2 keys for better security and flexibility for the users. The FIDO (Fast IDentity Online) Alliance helps to promote open authentication stand