Azure Infrastructure as Code: With ARM templates and Bicep
Master ARM templates, Bicep, and other Azure Infrastructure-as-Code tools, techniques, and practices to build infrastructure on the Azure cloud.
In Azure Infrastructure as Code you will learn how to:
- Create reusable infrastructure templates using advanced features of the ARM (Azure Resource Manager) syntax
- Write templates with the Azure Bicep domain-specific language (DSL)
- Test ARM and Bicep templates
- Deploy templates using deployment pipelines
- Guarantee repeated outcomes when you reuse templates to replicate infrastructure
- Share templates between teams
- Provision templates to provide standards and Azure Policy to enforce them
- Orchestrate complex deployments using Azure DevOps and GitHub Actions
- Pre-provision environments for other teams with deployment stacks
Azure Infrastructure as Code teaches you to use Azure’s native infrastructure as code (IaC) tools, like ARM and Bicep, to build, manage, and scale infrastructure with just a few lines of code. You’ll discover ARM templates, deployment stacks, and the powerful new language Bicep. See how easy they make it to create new environments, safely make infrastructure changes, govern your resources using Azure Policy, and prevent configuration drift. Loaded with in-depth coverage of syntax and lots of illustrative examples, this hands-on guide is a must-read for anyone looking to expand their knowledge of provisioning.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
Automating tasks like provisioning servers, operating systems, and storage, saves time and radically increases consistency. The Infrastructure as Code (IaC) approach brings the tools and practices of application deployment, such as Github Actions, automated testing, and pipeline-driven deployments, to infrastructure components. With Azure’s native IaC tools, you can create whole new infrastructures with just a few lines of code using declarative specifications and an intuitive domain-specific language.
About the book
Azure Infrastructure as Code shows you how to manage and automate your infrastructure using Azure’s IaC tools. In this practical guide, you’ll discover how to set up Azure Resource Manager (ARM) templates and to script infrastructure creation using the Bicep DSL. You’ll also explore advanced topics such as testing, reusing templates, and defining policies as code. You’ll even build a complete CI/CD pipeline that can orchestrate a complex infrastructure deployment across multiple regions.
- Create reusable infrastructure templates
- Write templates with the Azure Bicep domain-specific language
- Deploy templates using deployment pipelines
- Share templates between teams
About the reader
For operations, infrastructure, or software engineers with some Azure experience.
About the author
Henry Been is a freelance DevOps and Azure architect and consultant. Erwin Staal is an Azure architect and DevOps consultant. Eduard Keilholz is a cloud solution architect.
inside front cover Azure Infrastructure as Code Copyright contents front matter foreword preface acknowledgments about this book Who should read this book How this book is organized: A roadmap About the code liveBook discussion forum Other online resources about the authors about the cover illustration Part 1. Introduction 1 Infrastructure as Code 1.1 Working with infrastructure 1.1.1 DevOps 1.1.2 Preventing configuration drift 1.2 The benefits of Infrastructure as Code 1.2.1 IaC allows for automation 1.2.2 IaC allows for a declarative approach 1.2.3 IaC provides a human-readable format 1.3 The Azure Resource Manager 1.3.1 Control plane and data plane 1.3.2 ARM templates 1.3.3 The Bicep language 1.3.4 Azure Service Management (ASM is not ARM) 1.4 Other tools 1.4.1 AWS CloudFormation 1.4.2 Google Cloud Deployment Manager 1.4.3 Terraform 1.4.4 Pulumi 1.4.5 Choosing between cloud-specific and multi-cloud solutions Summary 2 Writing your first ARM template 2.1 Working with JSON files 2.1.1 Installing the ARM templates extension in VS Code 2.2 Writing ARM templates in VS Code 2.2.1 Adding a resource 2.2.2 Leveraging IntelliSense in VS Code 2.3 Deploying an ARM template 2.4 Monitoring template deployments 2.5 Finding example templates 2.6 Visualizing templates Summary Part 2. Taking it up a notch 3 Writing ARM templates 3.1 Resources 3.1.1 Child resources 3.2 Parameters 3.2.1 Parameter types 3.2.2 Limiting and describing parameter values 3.2.3 Specifying parameter values 3.3 Variables 3.4 Outputs 3.5 Functions 3.5.1 Expressions 3.5.2 Built-in functions 3.5.3 User-defined functions Summary 4 Deploying ARM templates 4.1 An overview of the deployment process 4.2 Submitting a deployment 4.2.1 Choosing a deployment scope 4.2.2 Submitting a template using different tools 4.3 The execution phase 4.3.1 Role-based access control 4.3.2 Azure Policy 4.3.3 Resource locks 4.3.4 Resource provisioning 4.4 The clean-up phase 4.4.1 Incremental deployment mode 4.4.2 Complete deployment mode 4.4.3 Combining deployment modes 4.5 Template validation and what-if deployments 4.5.1 Validating an ARM template 4.5.2 What-if deployments 4.6 Troubleshooting template deployments Summary 5 Writing advanced ARM templates 5.1 Deploying to multiple scopes using nested templates 5.1.1 Nested templates on a management group 5.1.2 Evaluation scope 5.1.3 Outputs 5.2 How to structure solutions 5.2.1 Small to medium solutions 5.2.2 Large solutions 5.3 Modularizing templates with linked templates 5.3.1 Using a URI 5.3.2 Using a relative path 5.4 Deploying resources in order 5.4.1 Explicit deployment ordering 5.4.2 Implicit deployment ordering 5.5 Conditionally deploying resources 5.5.1 Applying conditions to output 5.6 Using loops to create multiple resources 5.6.1 Using copy on variables 5.6.2 Using copy on properties 5.6.3 Using copy on output 5.6.4 Waiting for a loop to finish, using dependsOn 5.7 Deployment scripts 5.8 Reverse engineering a template 5.8.1 Exporting templates 5.8.2 Using Resource Explorer 5.8.3 Using the JSON view 5.8.4 For a new resource Summary 6 Simplifying ARM templates using the Bicep DSL 6.1 Bicep: A transpiler 6.1.1 Deploying 6.1.2 Transpiling 6.1.3 Decompiling 6.2 Bicep syntax differences 6.2.1 Parameters 6.2.2 Variables 6.2.3 Outputs 6.2.4 Conditions 6.2.5 Loops 6.2.6 Targeting different scopes 6.2.7 Known limitations 6.3 Other improvements with Bicep 6.3.1 Referencing resources, parameters, and variables 6.3.2 Using references in variables and outputs 6.3.3 Referencing existing resources 6.3.4 Dependency management 6.3.5 String interpolation 6.3.6 No mandatory grouping 6.3.7 Comments 6.3.8 Using the contents of other files 6.4 Modules 6.4.1 Deploying to another scope 6.4.2 Debugging Bicep deployments 6.5 A larger Bicep example 6.5.1 AppConfiguration.bicep 6.5.2 ApplicationInsights.bicep 6.5.3 Configuration.bicep Summary 7 Complex deployments using Azure DevOps 7.1 Meet Toma Toe Pizzas 7.2 Crafting the Bicep files 7.2.1 Describing the App Service plan 7.2.2 Describing the App Service 7.2.3 Finalizing the template 7.3 Storing templates in source control 7.4 Automated build and release pipelines 7.4.1 Using triggers 7.4.2 Creating tasks 7.4.3 Grouping tasks in a job 7.4.4 Creating service connections 7.4.5 Configuring Azure DevOps to run your pipeline 7.5 Adding logical phases to your pipeline 7.5.1 Identifying the logical phases 7.5.2 Accessing artifacts from different jobs 7.5.3 Transpiling Bicep in a pipeline stage 7.5.4 Deploying a template from a pipeline artifact 7.6 Adding the Traffic Manager 7.6.1 Deploying the Traffic Manager 7.7 Creating a real-world example pipeline 7.7.1 Completing the pipeline Summary 8 Complex deployments using GitHub Actions 8.1 Forking a repository 8.2 Getting to know GitHub Actions 8.2.1 Workflow events 8.2.2 Runners 8.2.3 Jobs 8.2.4 Steps 8.2.5 Actions 8.3 Building a GitHub Actions workflow 8.3.1 Adding a job to a GitHub Actions workflow 8.4 The deployment phase in GitHub Actions 8.4.1 Connecting to Azure from your GitHub workflow 8.4.2 Generating a service principal using the Azure CLI 8.5 Deploying ARM templates from GitHub Actions 8.5.1 Completing the deployment Summary 9 Testing ARM templates 9.1 Static analysis and validation 9.1.1 Visual Studio Code extensions 9.1.2 Validation using PowerShell or Azure CLI 9.1.3 ARM template test toolkit 9.1.4 Custom tests using Pester 9.2 Unit tests 9.3 Integration tests 9.4 End-to-end tests 9.5 Pester in CI/CD Summary Part 3. Advanced topics 10 Template specs and Bicep registries: Building a repository of templates 10.1 Use case: A repository of compliant resources 10.2 Creating a template spec 10.2.1 Listing template specs 10.2.2 Template spec versions 10.2.3 Creating a template spec from multiple ARM templates 10.2.4 Deploying a template spec using IaC is impractical 10.3 Deploying a template spec 10.3.1 Deploying template specs from an ARM or Bicep template 10.3.2 Upgrading to a newer version of the template spec 10.4 An alternative: A Bicep registry 10.5 Sharing templates using a package manager 10.5.1 Publishing an ARM template as a package 10.5.2 Deploying an ARM template that is in a package 10.5.3 Yet another approach 10.6 Design considerations 10.6.1 Choosing an approach 10.6.2 Pros and cons of template specs 10.6.3 Pros and cons of using a Bicep registry 10.6.4 Pros and cons of using a package manager Summary 11 Using deployment stacks for grouping resources 11.1 Grouping resources by their lifetime 11.1.1 Complete deployment mode is not good enough 11.1.2 Deployment stacks to the rescue! 11.1.3 Creating a deployment stack 11.1.4 Updating a deployment stack 11.1.5 Removing a deployment stack 11.2 Provisioning resources for others, but disallowing updates 11.2.1 Azure Blueprints: A first solution 11.3 The future of deployment stacks Summary 12 Governing your subscriptions using Azure Policy 12.1 Azure Policy 12.1.1 Policy definitions 12.1.2 Initiatives or policy sets 12.1.3 Assignment 12.2 Examining the built-in policies and initiatives 12.3 Using custom policies 12.3.1 Creating a custom policy 12.3.2 Testing a policy 12.4 Using the different effects 12.4.1 Append effect 12.4.2 Audit effect 12.4.3 AuditIfNotExists effect 12.4.4 DeployIfNotExists effect 12.4.5 Disabled effect 12.4.6 Modify effect 12.5 Creating your own initiative 12.6 Assigning a policy or initiative 12.7 Reviewing compliance status 12.7.1 Remediating noncompliant resources 12.7.2 Creating an exemption Summary 13 Case studies 13.1 Building an Azure foundation 13.1.1 The management group layout 13.1.2 Assigning a policy initiative 13.1.3 Creating a management subscription 13.1.4 Creating workload subscriptions 13.2 Subscription level deployments 13.2.1 Configuring budgets 13.2.2 Configuring Microsoft Defender for Cloud 13.2.3 Creating resource groups and providing access 13.3 Creating a highly-available microservice architecture 13.3.1 Resources organized in resource groups 13.3.2 Networking with Bicep 13.3.3 Using the existing keyword to set access to a Key Vault Summary index inside back cover
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.