Azure Infrastructure as Code: With ARM templates and Bicep

Azure Infrastructure as Code
contents
foreword
preface
acknowledgments
about this book
Who should read this book
How this book is organized: A roadmap
About the code
liveBook discussion forum
Other online resources
about the authors
about the cover illustration
Part 1—Introduction
1 Infrastructure as Code
1.1 Working with infrastructure
1.1.1 DevOps
1.1.2 Preventing configuration drift
1.2 The benefits of Infrastructure as Code
1.2.1 IaC allows for automation
1.2.2 IaC allows for a declarative approach
1.2.3 IaC provides a human-readable format
1.3 The Azure Resource Manager
1.3.1 Control plane and data plane
1.3.2 ARM templates
1.3.3 The Bicep language
1.3.4 Azure Service Management (ASM is not ARM)
1.4 Other tools
1.4.1 AWS CloudFormation
1.4.2 Google Cloud Deployment Manager
1.4.3 Terraform
1.4.4 Pulumi
1.4.5 Choosing between cloud-specific and multi-cloud solutions
Summary
2 Writing your first ARM template
2.1 Working with JSON files
2.1.1 Installing the ARM templates extension in VS Code
2.2 Writing ARM templates in VS Code
2.2.1 Adding a resource
2.2.2 Leveraging IntelliSense in VS Code
2.3 Deploying an ARM template
2.4 Monitoring template deployments
2.5 Finding example templates
2.6 Visualizing templates
Summary
Part 2—Taking it up a notch
3 Writing ARM templates
3.1 Resources
3.1.1 Child resources
3.2 Parameters
3.2.1 Parameter types
3.2.2 Limiting and describing parameter values
3.2.3 Specifying parameter values
3.3 Variables
3.4 Outputs
3.5 Functions
3.5.1 Expressions
3.5.2 Built-in functions
3.5.3 User-defined functions
Summary
4 Deploying AR M templates
4.1 An overview of the deployment process
4.2 Submitting a deployment
4.2.1 Choosing a deployment scope
4.2.2 Submitting a template using different tools
4.3 The execution phase
4.3.1 Role-based access control
4.3.2 Azure Policy
4.3.3 Resource locks
4.3.4 Resource provisioning
4.4 The clean-up phase
4.4.1 Incremental deployment mode
4.4.2 Complete deployment mode
4.4.3 Combining deployment modes
4.5 Template validation and what-if deployments
4.5.1 Validating an ARM template
4.5.2 What-if deployments
4.6 Troubleshooting template deployments
Summary
5 Writing advanced AR M templates
5.1 Deploying to multiple scopes using nested templates
5.1.1 Nested templates on a management group
5.1.2 Evaluation scope
5.1.3 Outputs
5.2 How to structure solutions
5.2.1 Small to medium solutions
5.2.2 Large solutions
5.3 Modularizing templates with linked templates
5.3.1 Using a URI
5.3.2 Using a relative path
5.4 Deploying resources in order
5.4.1 Explicit deployment ordering
5.4.2 Implicit deployment ordering
5.5 Conditionally deploying resources
5.5.1 Applying conditions to output
5.6 Using loops to create multiple resources
5.6.1 Using copy on variables
5.6.2 Using copy on properties
5.6.3 Using copy on output
5.6.4 Waiting for a loop to finish, using dependsOn
5.7 Deployment scripts
5.8 Reverse engineering a template
5.8.1 Exporting templates
5.8.2 Using Resource Explorer
5.8.3 Using the JSON view
5.8.4 For a new resource
Summary
6 Simplifying AR M templates using the Bicep DSL
6.1 Bicep: A transpiler
6.1.1 Deploying
6.1.2 Transpiling
6.1.3 Decompiling
6.2 Bicep syntax differences
6.2.1 Parameters
6.2.2 Variables
6.2.3 Outputs
6.2.4 Conditions
6.2.5 Loops
6.2.6 Targeting different scopes
6.2.7 Known limitations
6.3 Other improvements with Bicep
6.3.1 Referencing resources, parameters, and variables
6.3.2 Using references in variables and outputs
6.3.3 Referencing existing resources
6.3.4 Dependency management
6.3.5 String interpolation
6.3.6 No mandatory grouping
6.3.7 Comments
6.3.8 Using the contents of other files
6.4 Modules
6.4.1 Deploying to another scope
6.4.2 Debugging Bicep deployments
6.5 A larger Bicep example
6.5.1 AppConfiguration.bicep
6.5.2 ApplicationInsights.bicep
6.5.3 Configuration.bicep
Summary
7 Complex deployments using Azure DevOps
7.1 Meet Toma Toe Pizzas
7.2 Crafting the Bicep files
7.2.1 Describing the App Service plan
7.2.2 Describing the App Service
7.2.3 Finalizing the template
7.3 Storing templates in source control
7.4 Automated build and release pipelines
7.4.1 Using triggers
7.4.2 Creating tasks
7.4.3 Grouping tasks in a job
7.4.4 Creating service connections
7.4.5 Configuring Azure DevOps to run your pipeline
7.5 Adding logical phases to your pipeline
7.5.1 Identifying the logical phases
7.5.2 Accessing artifacts from different jobs
7.5.3 Transpiling Bicep in a pipeline stage
7.5.4 Deploying a template from a pipeline artifact
7.6 Adding the Traffic Manager
7.6.1 Deploying the Traffic Manager
7.7 Creating a real-world example pipeline
7.7.1 Completing the pipeline
Summary
8 Complex deployments using GitHub Actions
8.1 Forking a repository
8.2 Getting to know GitHub Actions
8.2.1 Workflow events
8.2.2 Runners
8.2.3 Jobs
8.2.4 Steps
8.2.5 Actions
8.3 Building a GitHub Actions workflow
8.3.1 Adding a job to a GitHub Actions workflow
8.4 The deployment phase in GitHub Actions
8.4.1 Connecting to Azure from your GitHub workflow
8.4.2 Generating a service principal using the Azure CLI
8.5 Deploying ARM templates from GitHub Actions
8.5.1 Completing the deployment
Summary
9 Testing AR M templates
9.1 Static analysis and validation
9.1.1 Visual Studio Code extensions
9.1.2 Validation using PowerShell or Azure CLI
9.1.3 ARM template test toolkit
9.1.4 Custom tests using Pester
9.2 Unit tests
9.3 Integration tests
9.4 End-to-end tests
9.5 Pester in CI/CD
Summary
Part 3—Advanced topics
10 Template specs and Bicep registries: Building a repository of templates
10.1 Use case: A repository of compliant resources
10.2 Creating a template spec
10.2.1 Listing template specs
10.2.2 Template spec versions
10.2.3 Creating a template spec from multiple ARM templates
10.2.4 Deploying a template spec using IaC is impractical
10.3 Deploying a template spec
10.3.1 Deploying template specs from an ARM or Bicep template
10.3.2 Upgrading to a newer version of the template spec
10.4 An alternative: A Bicep registry
10.5 Sharing templates using a package manager
10.5.1 Publishing an ARM template as a package
10.5.2 Deploying an ARM template that is in a package
10.5.3 Yet another approach
10.6 Design considerations
10.6.1 Choosing an approach
10.6.2 Pros and cons of template specs
10.6.3 Pros and cons of using a Bicep registry
10.6.4 Pros and cons of using a package manager
Summary
11 Using deployment stacks for grouping resources
11.1 Grouping resources by their lifetime
11.1.1 Complete deployment mode is not good enough
11.1.2 Deployment stacks to the rescue!
11.1.3 Creating a deployment stack
11.1.4 Updating a deployment stack
11.1.5 Removing a deployment stack
11.2 Provisioning resources for others, but disallowing updates
11.2.1 Azure Blueprints: A first solution
11.3 The future of deployment stacks
Summary
12 Governing your subscriptions using Azure Policy
12.1 Azure Policy
12.1.1 Policy definitions
12.1.2 Initiatives or policy sets
12.1.3 Assignment
12.2 Examining the built-in policies and initiatives
12.3 Using custom policies
12.3.1 Creating a custom policy
12.3.2 Testing a policy
12.4 Using the different effects
12.4.1 Append effect
12.4.2 Audit effect
12.4.3 AuditIfNotExists effect
12.4.4 DeployIfNotExists effect
12.4.5 Disabled effect
12.4.6 Modify effect
12.5 Creating your own initiative
12.6 Assigning a policy or initiative
12.7 Reviewing compliance status
12.7.1 Remediating noncompliant resources
12.7.2 Creating an exemption
Summary
13 Case studies
13.1 Building an Azure foundation
13.1.1 The management group layout
13.1.2 Assigning a policy initiative
13.1.3 Creating a management subscription
13.1.4 Creating workload subscriptions
13.2 Subscription level deployments
13.2.1 Configuring budgets
13.2.2 Configuring Microsoft Defender for Cloud
13.2.3 Creating resource groups and providing access
13.3 Creating a highly-available microservice architecture
13.3.1 Resources organized in resource groups
13.3.2 Networking with Bicep
13.3.3 Using the existing keyword to set access to a Key Vault
Summary
index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W