Saturday, January 25, 2020

Cheat Sheet for ARM Templates in Azure

Posted on 9:59 AM by Sachin Kalia

Cheat Sheet for ARM Templates in Azure

In the recent time I’ve been working on ARM templates and each time I need to automate some stuff or provision some resources. So decided to create a cheat sheet for such purpose rather than jumping each time for Microsoft document.
 This blog post serves as a little cheat sheet for common ARM deployment stuff.
ARM Templates Parameters
Parameters are passed as an input to your ARM template. In general we take an inputs from customer or user as well.
This is most frequent technique we use while create arm template.

"parameters":{
       "actionGroupName":{
          "type":"string",
           "defaultValue":"hm-incident-create",
          "metadata":{
             "description":"Unique name (within the Resource Group) for the Action group."
          }
       },      
       "logicAppName":{
          "type":"string",
          "defaultValue":"hm-alert-splunk",
          "metadata":{
             "description":"Logic app name."
          }
      
       }
    }
Variables
There are various name of resource that  are often used more than once in the ARM template. For that purpose we should create variables . Variables can be used in scope of entire template.  Some examples:
"variables": {
"pingTestName": "[concat('Test-','toLower(parameters('appServiceName')))]"

 "WorkspaceId": "[concat('workspaceId-', toLower(parameters('appName')))]"
 "storageAccountName": "[concat('dotnet', parameters('storageName'), 'storage')]"

Complex objects with parameters
Many times we are not only dependent string , int and bool parameters .Though we have an option to create a complex object and can be use with simple syntax. I’ll be mentioning how to write that with in arm templates
To achieve this, I use nested variables that declare that in such way.
{
   "dotnetpiperspoke":{
      "type":"object",
      "defaultValue":{
         "vnet":{
            "name":"Spoke",
            "addressPrefixes":[
               "10.0.0.0/16"
            ]
         }
      },
      "metadata":{
         "description":"This is an example of using object type in ARM templates"
      }
   }
}

How to access these within template is show here:

{
   "resources":[
      {
         "name":"[parameters('spoke').vnet.name]",
         "type":"Microsoft.Network/virtualNetworks",
         "apiVersion":"2017-10-01",
         "location":"[resourceGroup().location]",
         "properties":{
            "addressSpace":{
               "addressPrefixes":"[parameters(dotnetpiperspoke).vnet.addressPrefixes]"
            }
         }
      }
   ]
}
ARM Template Resource Functions
There are many ARM template functions available, of which the resource functions are quite powerful and often required.  Here you can find some functions I often use.  They can serve as a starting point to be used in other scenarios.

·        Get the location of the resource group you’re deploying to
[resourceGroup().location]

·        Get the subscription id
[subscription().subscriptionId] or "[subscription().id]"

NOTE: Many times while deploying templates I use "[subscription().id]" and it works as anticipated
·        Get the tenant id
[subscription().tenantId]

·        Get the vault URI of a just created KeyVault instance
[reference(resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))).vaultUri]
ResourceId  function

"resourceId":"[resourceId('Microsoft.Logic/workflows', parameters('logicAppName'))]",                 
"callbackUrl": [listCallbackUrl(resourceId(parameters('logicAppRG'),'Microsoft.Logic/workflows/triggers',  parameters('logicAppName'), 'manual'), '2016-06-01').value]"

  • Get the access key of a just created Storage account
[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]
Conditional deployments
Another requirement is having conditions within your deployment.  For example, you only want to validate array length must be greater than 0 Or you want to add resource locks on certain condition like bool is true or not.
One way to achieve this, is by adding a condition to your Azure resource.  These conditions can use a comparison function.  This is demonstrated in the next sample:

{
   "resources":[
      {
        "name":"[concat(variables('storageAccountName'), ‘Microsoft.Authorization/CriticalStorageLock')]",
         "type":"Microsoft.Storage/storageAccounts/providers/locks",
         "apiVersion":"2015-01-01",
    "condition": "[greater(length(variables('productsJArray')), 0)]",
         "dependsOn":[
            "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
         ],
         "properties":{
            "level":"CannotDelete",
            "notes":"Prevent accidental deletion of the storage account."
         }
      }
   ]
}

I believe an above shared cheat sheet concepts would help you while deploying  ARM templates.


Categories: , ,

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )