Azure Blueprints
In the last story I’ve written about Azure Policy. Azure Policy — allowed locations. That topic interconnects with Azure Blueprints, so If you are not familiarized with policies, it is a good idea to start there.
Azure Blueprints as the name says is a prepared design of resources which fulfills predefined standards, patterns or requirements. You can create such a plan and share to reuse. A developer can use the blueprint and deploy predefined resources without former knowledge of a project architecture standards.
After this “lengthy” introduction. Let’s make our hands dirty.
Go to Azure Blueprints -> Blueprint definitions and create a new blueprint.
You can choose from a dozen predefined blueprints. We create a blank blueprint this time.
After creating a name and set a definition location (a subscription) …
…we can create artifacts:
- Resource groups,
- Role assignments,
- Policy assignments,
- Resources (ARM templates).
On the subscription level. Create a resource group.
You can provide parameters now or allow user to provide them himself during a deployment.
On the resource group level. Add a Role assignment artifact.
The Role assignment isn’t gonna be dependable on a user and we prepopulate this field.
The next step is to add a policy, in this case we choose the same policy as in the last post.
At the end we deploy a Storage Account ARM template.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.13.1.58284",
"templateHash": "13120038605368246703"
}
},
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Premium_LRS",
"Premium_ZRS",
"Standard_GRS",
"Standard_GZRS",
"Standard_LRS",
"Standard_RAGRS",
"Standard_RAGZRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The storage account location."
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[format('store{0}', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of the storage account"
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2022-09-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[parameters('storageAccountName')]"
},
"storageAccountId": {
"type": "string",
"value": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
}
}
}The blueprint should look this way.
Save a Draft then Publish it. After the blueprint is published you are able to deploy defined resources in one shot. Hit an Assign blueprint button.
Provide all needed parameters.
All the resources have been deployed.
The bottom line. The blueprint has created:
- A resource group: resourcegroupblueprint01,
- set a user as Owner of the resource group,
- assigned a policy restricting resources location to West Europe,
- created a storage account.
