Modify ARM-Template for quick deployment
In my organization, we have quite some ressources in Azure which we want to back up the configuration for. However, we are not reaching a big-enough magnitude or maturity that Iac-solutions like Terraform would be viable for us. So ARM-Templates are okay for us.
I have a powershell script running regularly which exports multiple resource groups of a subscription and pushes them to an Azure DevOps. Everything is working here.
My issue is, i wanted to quickly test a deployment but run into several issues. Eg. one template references VMdiagnostic extensions which do not exist yet. Or it points to a disk in a productive environment which i definetly dont want to use when deplyoing to a TEST-resource group.Example parameters:
When it comes to an arm-template of the API-management, this becomes even more complicated.
Ideally, there is a way to clean up / prepare ARM-templates in a way that they are deployable with minimal configuration.
Or i need to manually clean up ARM templates and check for referenced resources, edit them appropiately etc. so the ARM-template can be deployed.
Do any best practices exist here which i can apply on the whole of the ARM templates or do i need to go into detail and edit every template file by hand, depending on the resources associated with it?
Or maybe it would be better here to export resources individually rather than whole resource groups to enable some modularity?
Modify ARM-Template for quick deployment
As you mentioned the idea of backing up and managing ARM is difficult especially when you are dealing with product resources and dependcies and env-specific configuration.
In order to have minmal manual intervention while using ARM you should follow the mentioned approaches
Modularize ARM templates:
Sectionalizing the resources as per the requirment will definately reduce the complexity.
The furture info on modularization of resources can be seen in the documentation.
This will explain about Split the templates into smaller files & use linked templates or nested templates for resources that need to be grouped.
Parameterization
Define the parameter based configuration based on env so that dynamic reference is possible with this approach.
sample JSON
"parameters": {
"environment": {
"type": "string",
"defaultValue": "TEST"
},
"vmName": {
"type": "string",
"defaultValue": "[concat('vm-', parameters('environment'))]"
},
"diagnosticStorageAccountId": {
"type": "string",
"defaultValue": "/subscriptions/YoursubscriptionID/resourceGroups/rgname/providers/Microsoft.Storage/storageAccounts/storageaccountname"
}
}
It's always a best practice to validate the deployment before execution
New-AzResourceGroupDeployment -TemplateFile <template.json> -TemplateParameterFile <parameters.json> -ResourceGroupName <resource_group_name> -Mode Validate
For more info refer the bicep best pratices doc below
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/parameters
- VM has reported a failure when processing extension AzureDiskEncryption
- How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?
- Trigger / queue build policy pipeline on ADO PR with Azure CLI
- Azure AD B2C Password Reset
- Batch create mailbox folders with GRAPH API (from Graph Explorer)
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- How can I apply name=value tags to service principals in Azure?
- Visual Studio Code: Could not find $web blob container for storage account
- Error when registering data factory integration runtime on windows VM
- Retrieve list of repositories and their tag versions in one call
- Getting Error while running Azure DevOps Pipeline "Error: building account: could not acquire access token to parse claims: clientCredentialsToken
- Create Resource Group with Azure Management C# API
- Azure LDAP Authentication Connection Refused On Cloud Server or Other Desktops
- Create a gpu nodepool on azure with a student account
- How to set redirect URLs to b2clogin.com for Azure Active Directory B2C in React JS application
- Cannot connect to SQL Server from logic app
- How to Resolve Errors When Running Python Jobs in Azure App Service WebJobs
- How do I open Kudu console in Azure functions consumption plan?
- Azure AutoML Image Classification Job
- Onedrive GRAPH API - 403 when getting user's OneDrive
- Azure Government Get incidents returns 401 Forbidden
- Delta Table Partitioning - why only for tables bigger than 1 TB
- How to check if an Azure storage queue has messages
- Azure WAF exclusion, what's the difference between RequestArgNames and RequestArgValues?
- How to order results of a query by the results of an aggregate function in ComosDb?
- Azure routing between different subscriptions - force one, common outbound IP and share Site-to-site (IPSec) defined in Virtual network gateway
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- Azure DevOps - Create a work item from incoming email
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?