I’ve been doing a lot of work around automation lately (which isn’t a surprise really since it’s what I love to do). Azure comes with great tools for automation and in this blog post I would like to sum up my thought around how to manage your infrastructure as code and deploy like a pro in Azure.
Infrastructure as Code
Developers have known for decades how important it is to manage the source code for the projects they work on. On the Microsoft side, different tools have been used like Visual Studio Team Foundation Server, Visual Studio Team Services and now Azure DevOps and GitHub. And speaking of DevOps… Suddenly the Devs and the Ops are on the same team, working together, sharing responsibilities and learn from each other.
Ops all over the world are finally starting to see the benefits that comes with code management like version control, co-operation, automation and branching to name a few.
So, what if we also put our infrastructure in code? Is that a good idea? Yes, It’s a great idea and the tools are right there so let’s look at what we have available!
ARM Templates in Azure
Azure Resource Manager (ARM) templates let you define your azure resources as code in JSON format. When you do this it’s easy as pie to deploy the same setup over and over again. If something breaks, just redeploy. You can use parameters in ARM templates to make each deployment unique but still keep the defined set of resources and configurations.
You can export ARM templates from any existing resource group or resource you have to document, modify and redeploy. Just go to Automation scripts in the Azure Portal under any resource group or resource.
You can also have a look at the Azure Quickstart Templates gallery to find predefined ARM templates. It’s a good way to get started!
Put your infrastructure code in Azure Blueprints
ARM templates are great but it’s only one peace of the puzzle. In Azure, you also have to think about resource groups, RBAC permissions and Azure policies. You might have multiple Azure subscriptions in your organization and need a way to centrally manage them all.
Azure Blueprints comes to the rescue! It combines ARM templates, Azure policies, resources group structures and RBAC permission in a single package. In Azure Blueprints these different kinds of resources are called artifacts. You apply the blueprints to one or more subscriptions and Azure will automatically build and configure accordingly.
That’s really powerful but what’s even cooler is that Azure keeps track on what was deployed by what artifact in the blueprints and if the blueprint is changed the changes will also apply to your Azure resources it is linked to.
Just like ARM templates, blueprints are JSON code and you can now manage your entire Azure design in code. Keep and manage your blueprints in services like Azure DevOps and Github and integrate them into your DevOps practices. You now have an automatic build process for your entire Azure structure!!
Last but not least, it’s possible to let Azure Blueprints automatically put locks on all your resources in Azure and thereby block manual changes through the Azure Portal, PowerShell and CLI. This makes sure that the cude owns the current design. No cheating in the portal!
Microsoft has a good overview video on Azure Blueprints here.
No more repetitive manual deployments and please follow me here, on LinkedIn and on Twitter!
Daniel Chronlund Cloud Security Blog 
This is excellent article!
Thank you Manjunath š
Hi Daniel,
Is there any demo of how to implement the Blueprints as Code in an Azure DevOps Pipeline way? That would be great.
Hi Daniel,
Is there any demo on how to manage && deploy Blueprints as Code through Azure DevOps? That would be great and useful.
Hi Sebi,
I’m not aware of such a demo, sorry. But there are a lot of documentation out there.