Azure Infrastructure as Code

Azure Infrastructure as Code

by Henry Been, Eduard Keilholz, Erwin Staal
Released August 2022
Publisher(s): Manning Publications
ISBN: 9781617299421

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Master ARM templates, Bicep, and other Azure Infrastructure-as-Code tools, techniques, and practices to build infrastructure on the Azure cloud.

In Azure Infrastructure as Code you will learn how to:

  • Create reusable infrastructure templates using advanced features of the ARM (Azure Resource Manager) syntax
  • Write templates with the Azure Bicep domain-specific language (DSL)
  • Test ARM and Bicep templates
  • Deploy templates using deployment pipelines
  • Guarantee repeated outcomes when you reuse templates to replicate infrastructure
  • Share templates between teams
  • Provision templates to provide standards and Azure Policy to enforce them
  • Orchestrate complex deployments using Azure DevOps and GitHub Actions
  • Pre-provision environments for other teams with deployment stacks

Azure Infrastructure as Code teaches you to use Azure’s native infrastructure as code (IaC) tools, like ARM and Bicep, to build, manage, and scale infrastructure with just a few lines of code. You’ll discover ARM templates, deployment stacks, and the powerful new language Bicep. See how easy they make it to create new environments, safely make infrastructure changes, govern your resources using Azure Policy, and prevent configuration drift. Loaded with in-depth coverage of syntax and lots of illustrative examples, this hands-on guide is a must-read for anyone looking to expand their knowledge of provisioning.

About the Technology
Automating tasks like provisioning servers, operating systems, and storage, saves time and radically increases consistency. The Infrastructure as Code (IaC) approach brings the tools and practices of application deployment, such as Github Actions, automated testing, and pipeline-driven deployments, to infrastructure components. With Azure’s native IaC tools, you can create whole new infrastructures with just a few lines of code using declarative specifications and an intuitive domain-specific language.

About the Book
Azure Infrastructure as Code shows you how to manage and automate your infrastructure using Azure’s IaC tools. In this practical guide, you’ll discover how to set up Azure Resource Manager (ARM) templates and to script infrastructure creation using the Bicep DSL. You’ll also explore advanced topics such as testing, reusing templates, and defining policies as code. You’ll even build a complete CI/CD pipeline that can orchestrate a complex infrastructure deployment across multiple regions.

What's Inside
  • Create reusable infrastructure templates
  • Write templates with the Azure Bicep domain-specific language
  • Deploy templates using deployment pipelines
  • Share templates between teams


About the Reader
For operations, infrastructure, or software engineers with some Azure experience.

About the Authors
Henry Been is a freelance DevOps and Azure architect and consultant. Erwin Staal is an Azure architect and DevOps consultant. Eduard Keilholz is a cloud solution architect.

Quotes
Join Henry, Erwin, and Eduard on this journey to learn all about Azure Infrastructure as Code!
- From the Foreword by Scott Guthrie, Executive VP at Microsoft

Get up to speed on infrastructure as code using ARM and Bicep.
- Steve Goodman, iMeta Technologies

The authors' experience in enterprise scale organizations oozes. So many useful tips. A must for your bookshelf.
- Lachman Dhalliwal, Netcompany

Thorough, comprehensive, and clear. Highly recommended!
- Aron Trauring, Zoteca

Table of contents

  1. inside front cover
  2. Azure Infrastructure as Code
  3. Copyright
  4. contents
  5. front matter
    1. foreword
    2. preface
    3. acknowledgments
    4. about this book
      1. Who should read this book
      2. How this book is organized: A roadmap
      3. About the code
      4. liveBook discussion forum
      5. Other online resources
    5. about the authors
    6. about the cover illustration
  6. Part 1. Introduction
  7. 1 Infrastructure as Code
    1. 1.1 Working with infrastructure
      1. 1.1.1 DevOps
      2. 1.1.2 Preventing configuration drift
    2. 1.2 The benefits of Infrastructure as Code
      1. 1.2.1 IaC allows for automation
      2. 1.2.2 IaC allows for a declarative approach
      3. 1.2.3 IaC provides a human-readable format
    3. 1.3 The Azure Resource Manager
      1. 1.3.1 Control plane and data plane
      2. 1.3.2 ARM templates
      3. 1.3.3 The Bicep language
      4. 1.3.4 Azure Service Management (ASM is not ARM)
    4. 1.4 Other tools
      1. 1.4.1 AWS CloudFormation
      2. 1.4.2 Google Cloud Deployment Manager
      3. 1.4.3 Terraform
      4. 1.4.4 Pulumi
      5. 1.4.5 Choosing between cloud-specific and multi-cloud solutions
    5. Summary
  8. 2 Writing your first ARM template
    1. 2.1 Working with JSON files
      1. 2.1.1 Installing the ARM templates extension in VS Code
    2. 2.2 Writing ARM templates in VS Code
      1. 2.2.1 Adding a resource
      2. 2.2.2 Leveraging IntelliSense in VS Code
    3. 2.3 Deploying an ARM template
    4. 2.4 Monitoring template deployments
    5. 2.5 Finding example templates
    6. 2.6 Visualizing templates
    7. Summary
  9. Part 2. Taking it up a notch
  10. 3 Writing ARM templates
    1. 3.1 Resources
      1. 3.1.1 Child resources
    2. 3.2 Parameters
      1. 3.2.1 Parameter types
      2. 3.2.2 Limiting and describing parameter values
      3. 3.2.3 Specifying parameter values
    3. 3.3 Variables
    4. 3.4 Outputs
    5. 3.5 Functions
      1. 3.5.1 Expressions
      2. 3.5.2 Built-in functions
      3. 3.5.3 User-defined functions
    6. Summary
  11. 4 Deploying ARM templates
    1. 4.1 An overview of the deployment process
    2. 4.2 Submitting a deployment
      1. 4.2.1 Choosing a deployment scope
      2. 4.2.2 Submitting a template using different tools
    3. 4.3 The execution phase
      1. 4.3.1 Role-based access control
      2. 4.3.2 Azure Policy
      3. 4.3.3 Resource locks
      4. 4.3.4 Resource provisioning
    4. 4.4 The clean-up phase
      1. 4.4.1 Incremental deployment mode
      2. 4.4.2 Complete deployment mode
      3. 4.4.3 Combining deployment modes
    5. 4.5 Template validation and what-if deployments
      1. 4.5.1 Validating an ARM template
      2. 4.5.2 What-if deployments
    6. 4.6 Troubleshooting template deployments
    7. Summary
  12. 5 Writing advanced ARM templates
    1. 5.1 Deploying to multiple scopes using nested templates
      1. 5.1.1 Nested templates on a management group
      2. 5.1.2 Evaluation scope
      3. 5.1.3 Outputs
    2. 5.2 How to structure solutions
      1. 5.2.1 Small to medium solutions
      2. 5.2.2 Large solutions
    3. 5.3 Modularizing templates with linked templates
      1. 5.3.1 Using a URI
      2. 5.3.2 Using a relative path
    4. 5.4 Deploying resources in order
      1. 5.4.1 Explicit deployment ordering
      2. 5.4.2 Implicit deployment ordering
    5. 5.5 Conditionally deploying resources
      1. 5.5.1 Applying conditions to output
    6. 5.6 Using loops to create multiple resources
      1. 5.6.1 Using copy on variables
      2. 5.6.2 Using copy on properties
      3. 5.6.3 Using copy on output
      4. 5.6.4 Waiting for a loop to finish, using dependsOn
    7. 5.7 Deployment scripts
    8. 5.8 Reverse engineering a template
      1. 5.8.1 Exporting templates
      2. 5.8.2 Using Resource Explorer
      3. 5.8.3 Using the JSON view
      4. 5.8.4 For a new resource
    9. Summary
  13. 6 Simplifying ARM templates using the Bicep DSL
    1. 6.1 Bicep: A transpiler
      1. 6.1.1 Deploying
      2. 6.1.2 Transpiling
      3. 6.1.3 Decompiling
    2. 6.2 Bicep syntax differences
      1. 6.2.1 Parameters
      2. 6.2.2 Variables
      3. 6.2.3 Outputs
      4. 6.2.4 Conditions
      5. 6.2.5 Loops
      6. 6.2.6 Targeting different scopes
      7. 6.2.7 Known limitations
    3. 6.3 Other improvements with Bicep
      1. 6.3.1 Referencing resources, parameters, and variables
      2. 6.3.2 Using references in variables and outputs
      3. 6.3.3 Referencing existing resources
      4. 6.3.4 Dependency management
      5. 6.3.5 String interpolation
      6. 6.3.6 No mandatory grouping
      7. 6.3.7 Comments
      8. 6.3.8 Using the contents of other files
    4. 6.4 Modules
      1. 6.4.1 Deploying to another scope
      2. 6.4.2 Debugging Bicep deployments
    5. 6.5 A larger Bicep example
      1. 6.5.1 AppConfiguration.bicep
      2. 6.5.2 ApplicationInsights.bicep
      3. 6.5.3 Configuration.bicep
    6. Summary
  14. 7 Complex deployments using Azure DevOps
    1. 7.1 Meet Toma Toe Pizzas
    2. 7.2 Crafting the Bicep files
      1. 7.2.1 Describing the App Service plan
      2. 7.2.2 Describing the App Service
      3. 7.2.3 Finalizing the template
    3. 7.3 Storing templates in source control
    4. 7.4 Automated build and release pipelines
      1. 7.4.1 Using triggers
      2. 7.4.2 Creating tasks
      3. 7.4.3 Grouping tasks in a job
      4. 7.4.4 Creating service connections
      5. 7.4.5 Configuring Azure DevOps to run your pipeline
    5. 7.5 Adding logical phases to your pipeline
      1. 7.5.1 Identifying the logical phases
      2. 7.5.2 Accessing artifacts from different jobs
      3. 7.5.3 Transpiling Bicep in a pipeline stage
      4. 7.5.4 Deploying a template from a pipeline artifact
    6. 7.6 Adding the Traffic Manager
      1. 7.6.1 Deploying the Traffic Manager
    7. 7.7 Creating a real-world example pipeline
      1. 7.7.1 Completing the pipeline
    8. Summary
  15. 8 Complex deployments using GitHub Actions
    1. 8.1 Forking a repository
    2. 8.2 Getting to know GitHub Actions
      1. 8.2.1 Workflow events
      2. 8.2.2 Runners
      3. 8.2.3 Jobs
      4. 8.2.4 Steps
      5. 8.2.5 Actions
    3. 8.3 Building a GitHub Actions workflow
      1. 8.3.1 Adding a job to a GitHub Actions workflow
    4. 8.4 The deployment phase in GitHub Actions
      1. 8.4.1 Connecting to Azure from your GitHub workflow
      2. 8.4.2 Generating a service principal using the Azure CLI
    5. 8.5 Deploying ARM templates from GitHub Actions
      1. 8.5.1 Completing the deployment
    6. Summary
  16. 9 Testing ARM templates
    1. 9.1 Static analysis and validation
      1. 9.1.1 Visual Studio Code extensions
      2. 9.1.2 Validation using PowerShell or Azure CLI
      3. 9.1.3 ARM template test toolkit
      4. 9.1.4 Custom tests using Pester
    2. 9.2 Unit tests
    3. 9.3 Integration tests
    4. 9.4 End-to-end tests
    5. 9.5 Pester in CI/CD
    6. Summary
  17. Part 3. Advanced topics
  18. 10 Template specs and Bicep registries: Building a repository of templates
    1. 10.1 Use case: A repository of compliant resources
    2. 10.2 Creating a template spec
      1. 10.2.1 Listing template specs
      2. 10.2.2 Template spec versions
      3. 10.2.3 Creating a template spec from multiple ARM templates
      4. 10.2.4 Deploying a template spec using IaC is impractical
    3. 10.3 Deploying a template spec
      1. 10.3.1 Deploying template specs from an ARM or Bicep template
      2. 10.3.2 Upgrading to a newer version of the template spec
    4. 10.4 An alternative: A Bicep registry
    5. 10.5 Sharing templates using a package manager
      1. 10.5.1 Publishing an ARM template as a package
      2. 10.5.2 Deploying an ARM template that is in a package
      3. 10.5.3 Yet another approach
    6. 10.6 Design considerations
      1. 10.6.1 Choosing an approach
      2. 10.6.2 Pros and cons of template specs
      3. 10.6.3 Pros and cons of using a Bicep registry
      4. 10.6.4 Pros and cons of using a package manager
    7. Summary
  19. 11 Using deployment stacks for grouping resources
    1. 11.1 Grouping resources by their lifetime
      1. 11.1.1 Complete deployment mode is not good enough
      2. 11.1.2 Deployment stacks to the rescue!
      3. 11.1.3 Creating a deployment stack
      4. 11.1.4 Updating a deployment stack
      5. 11.1.5 Removing a deployment stack
    2. 11.2 Provisioning resources for others, but disallowing updates
      1. 11.2.1 Azure Blueprints: A first solution
    3. 11.3 The future of deployment stacks
    4. Summary
  20. 12 Governing your subscriptions using Azure Policy
    1. 12.1 Azure Policy
      1. 12.1.1 Policy definitions
      2. 12.1.2 Initiatives or policy sets
      3. 12.1.3 Assignment
    2. 12.2 Examining the built-in policies and initiatives
    3. 12.3 Using custom policies
      1. 12.3.1 Creating a custom policy
      2. 12.3.2 Testing a policy
    4. 12.4 Using the different effects
      1. 12.4.1 Append effect
      2. 12.4.2 Audit effect
      3. 12.4.3 AuditIfNotExists effect
      4. 12.4.4 DeployIfNotExists effect
      5. 12.4.5 Disabled effect
      6. 12.4.6 Modify effect
    5. 12.5 Creating your own initiative
    6. 12.6 Assigning a policy or initiative
    7. 12.7 Reviewing compliance status
      1. 12.7.1 Remediating noncompliant resources
      2. 12.7.2 Creating an exemption
    8. Summary
  21. 13 Case studies
    1. 13.1 Building an Azure foundation
      1. 13.1.1 The management group layout
      2. 13.1.2 Assigning a policy initiative
      3. 13.1.3 Creating a management subscription
      4. 13.1.4 Creating workload subscriptions
    2. 13.2 Subscription level deployments
      1. 13.2.1 Configuring budgets
      2. 13.2.2 Configuring Microsoft Defender for Cloud
      3. 13.2.3 Creating resource groups and providing access
    3. 13.3 Creating a highly-available microservice architecture
      1. 13.3.1 Resources organized in resource groups
      2. 13.3.2 Networking with Bicep
      3. 13.3.3 Using the existing keyword to set access to a Key Vault
    4. Summary
  22. index
  23. inside back cover

Product information

  • Title: Azure Infrastructure as Code
  • Author(s): Henry Been, Eduard Keilholz, Erwin Staal
  • Release date: August 2022
  • Publisher(s): Manning Publications
  • ISBN: 9781617299421