With Modernization and digital transformation initiatives, many teams have moved to the cloud and use Infrastructure as code practices routinely. Infrastructure has become an iterative process as well, teams must cohesively manage infrastructure and application code. Azure Resource Manager templates, popularly referred to as ARM Templates are used to create and manage your Azure resources. Learn how to design and deploy templates to deploy resources to Azure.
What are ARM Templates?
what can ARM Templates do?
You can store the infrastructure code in the source repository and version it similarly to the application code. Through this, a member among your team members can deploy an environment by running the code.
An ARM Template can contain one or more resources from the resource group, or it has the contents of the whole resource group. While deploying these ARM Templates, you have both the option of whether to deploy using complete mode or by using Incremental.
When you work with complete mode, it deletes any object not mentioned in the template or in the resource group you are deploying to, and incremental mode enables you to use the templates to add additional resources to a resource group.
In Ideal deployment cases, we prefer complete mode over Incremental mode; but it needs you to have an excellent automated pipeline. This deployment mode also requires at least one test environment to validate that the template is not destroying your production environment.
What do ARM Templates not do?
The ARM API can only deploy resources to the Azure cloud but can not deploy code on those resources.
It is critical to realize that you can only use ARM API for resources to save time while designing solutions. Once the infrastructure is ready, we will need to employ another technology, like DSC or PowerShell, to handle the deployments.
How to test these templates?
You can test ARM Templates either using functional testing or through basic testing.
Using functional testing
ARM templates are JSON, a block of text optimized for machine-reading rather than human reading. Although formatting helps, it is still a single block of text without any testing framework, so testing essentially boils down to running deployment and observing what it produces. If you have to use this method to perform a suite of tests, then you should follow the below process-
- Deploy code and application tests to a test environment, maybe a dev/test subscription in Azure Deploy.
- Carry out tests
- Report the results
The template is valid if all the tests return ‘success.’
Using Basic Testing
Apart from using the functional test, you can check if a template is deployable to a particular resource group. You can do so by using the PowerShell function “Test-AzureRmResourceGroupDeployment.” Before deployment, it will analyze your template and check that it is syntactically correct and that you fulfill requirements such as not exceeding quota limitations.
Furthermore, with full deployments, it would not be ideal if you decide to remove a few resources and then fails to build all of the new resources that you desired because you had reached your Azure quota restrictions.
We have written another comprehensive article and have discussed Azure Resource Manager — Benefits, ARM Templates — Components and Best Practices. In this article, we will further explore ARM Template Design & Deployment using PowerShell.
It is totally up to you and how you want to manage your solution to set templates and resource groups. For example, you can deploy your three-tier application to a single resource group using a single template.
However, you do not need to define your complete architecture in a single template. It is often advantageous to separate your deployment requirements into different sub-sets of tailored, purpose-specific templates. These templates are easily reusable for various solutions. You first design the main template that connects all required templates to deploy a solution.
If your application tires have different life cycles, you can deploy these three tries of an application to the multiple resource groups.
Deploying ARM Template using PowerShell
There are several ways to deploy Azure Resources using ARM Templates, but here we discuss deploying a storage account using PowerShell. You need the below-mentioned resources to follow through this tutorial —
- Here we use PowerShell version 7.1.3, but you should use at least version 5.1 or higher.
- Secondly, you also need Azure PowerShell Module. We are using version 6.0.0
- Thirdly, you need an Azure administrator account. You should have enough permission to create resources, such as Owner or Contributor.
Step 1 — Connect and Authenticate to Azure
To utilize the Az PowerShell module commands, you must connect to Azure with an authenticated account. When you run the Connect-AzAccount command, PowerShell will launch an Internet browser to complete the authentication process.
Step 2— Create a new Resource Group
You should create a resource group to include the ARM template resources. Give the resource group a name and an Azure region using the New-AzResourceGroup command.
Save the command output to a variable and name it $rg so you can refer to the resource group later. We mention the resource group here as armdemo-rg and; mention resource location WestUs2.
Step 3 — Create an ARM Template with Storage Account
You will need an ARM template with a storage account to create a resource. Here’s a simple ARM template that uses a single parameter named StorageAccountName to specify the name of the storage account. We save this to a file called storageAccount.json.
Alternatively, download this template from this GitHub Repository.
Step 4 – Now deploying the ARM Template
After finishing up the ARM Template, you should now move on to deploying the storage account to your Azure environment. First, run New-AzResourceGroupDeployment with the resource group to deploy to ($rg.ResourceGroupName) and the storageAccount.json template file path. Add the -Verbose argument to see the resource group deployment status.
Because the ARM template uses a parameter, you can specify the value just like any other PowerShell parameter. Enter a valid storage account name in the -StorageAccountName option of the command. The name of the storage account must be globally unique across Azure, including all lowercase digits and letters. Here we have named the storage account as anarsolutionsdemo.
ARM Deployment Modes
There are two types of ARM template deployments: incremental and complete. The Resource Manager service handles existing resources not defined in the template differently in various modes. Let’s understand both deployment modes.
The default mode for ARM template deployments is incremental. Azure delivers the resources provided in the template while leaving other resources alone. In the previous tutorial, you used the template to deploy one storage account and then another storage account with a different name in the same resource group.
Complete mode behaves destructively. While in this mode, the Resource Manager service deletes all resources from the resource group defined in the ARM template.
Consider the following example. First, replace the storage account name in Step 5 of the parameters file with a new one, such as varonisarmtemplatedemo3. Then, execute the deployment command with the Complete Mode.
If prompted, press Y to continue with the deployment.
Upon deployment completion, check the resource group in the Azure portal. You should now only see one storage account from the previous deployment. Azure Resource Manager has eliminated other storage accounts because we have not defined them in the ARM Template.
The use of code to define Azure infrastructure has numerous advantages, including reusability and standardization. You can utilize ARM templates for initial resource deployment but also continuing administration. Using IaC, you can introduce other automation, such as using Azure DevOps to introduce automatic infrastructure changes.