#TechdaysNL 2017 Best Practices ARM Templates

On October 12 2017 I did session on Best Practices ARM Templates at Microsoft TechdaysNL. The presentation shows some best practices we learned while using ARM templates. Download the pdf:

Best_Practices_ARM_Templates_TechDays2017

When I have the recordings of the presentation, I’ll add them to this post.

Thanks to the 160 enthusiast who where there.

Advertisements

#TechdaysNL 2017 Pester session

VSTS Marketplace Pester task hereOn October 13 2017 I did session on start testing with Pester at Microsoft TechdaysNL. The presentation gives a howto start with testing with Pester, simple Pester syntax, start testing functions and infrastructure testing. Download the pdf:

Pester_TechDays2017.pdf

You can find the VSTS Marketplace Pester task here

When I have the recordings of the presentation, I’ll add them to this post.

Thanks to the 80 enthusiast who were there. I really enjoyed your enthusiasm.

ARM template cross resource group deployment

Sometimes you need to deploy to different resource groups in one deployment. Till now you had to split-up you ARM template. With new API versions you can now deploy to multiple resource groups in one deployment:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "StorageAccountName1": {
            "type": "string"
        },
        "StorageAccountName2": {
            "type": "string"
        }
    },
    "variables": {},
    "resources": [
        {
            "apiVersion": "2017-05-10",
            "name": "nestedTemplate",
            "type": "Microsoft.Resources/deployments",
            "resourceGroup": "crossResourceGroupDeployment",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                        {
                            "type": "Microsoft.Storage/storageAccounts",
                            "name": "[parameters('StorageAccountName2')]",
                            "apiVersion": "2015-06-15",
                            "location": "West US",
                            "properties": {
                                "accountType": "Standard_LRS"
                            }
                        }
                    ]
                },
                "parameters": {}
            }
        },
        {
            "type": "Microsoft.Storage/storageAccounts",
            "name": "[parameters('StorageAccountName1')]",
            "apiVersion": "2015-06-15",
            "location": "West US",
            "properties": {
                "accountType": "Standard_LRS"
            }
        }
    ]
}

You can find this source code in Ryan Jones GitHub.

Versioning ARM Template deployments

Getting control over your deployment pipelines to Microsoft Azure Resources Manager with VSTS

When deploying resources on Azure with Azure Resource Manager you want to be in control of which resources are deployed and control their life span. To get the control you need to do deploy in a tested, standardized and reusable manner. This can be done by managing your resource creation as Infrastructure as Code.
Continue reading “Versioning ARM Template deployments”

Use VSTS to deploy Functions as Infrastructure as Code

Create a VSTS release pipeline for Azure Functions

Azure Functions enable you to easily run small pieces of code in the cloud. To do this right, you need to setup continuous delivery of the infrastructure and the code involved. Otherwise you will end with an uncontrolled environment where nobody knows what code is actually running. In this blog post I’ll describe how to setup a deployment pipeline for Functions with VSTS. This will enable you to deploy Functions as Infrastructure as Code.

vstsfunctionpipelineFrom an deployment perspective an Azure Function contains of two parts:

  1. Azure infrastructure
  2. Function code

Both the ARM template and the code can be deployed from VSTS. By doing this, you can manage functions like any other Azure resource.
Continue reading “Use VSTS to deploy Functions as Infrastructure as Code”

Remove locks from Azure resources

In my previous blog post Lock Azure resources to prevent accidental deletion, I showed how to add a lock to a resource with an ARM template to protect it from accidental deletion. When you want to delete the resource, you first need to remove the lock. A lock cannot be removed with an ARM template. To remove the lock you can use:

  • Powershell
  • Rest API
  • Portal

Continue reading “Remove locks from Azure resources”

Lock Azure resources to prevent accidental deletion

How a lock can prevent user from accidental deletion of a resource.

In some cases you want to protect critical resources from accidental deletion. Some examples are a storage account with source data for processing, a Key Vault with disk encryption keys, or another key component in your infrastructure. When losing some resources that are key in your infrastructure, recovery can be dramatic. Resource Manager locks will enable you to protect these critical resources from deletion.

Resource Manager locks
Resource Manager locks apply to the management function of the locked resources. The locks do not have any impact the normal functions of the resource. You have two possible types of locks on a resource:

Locking down a resource can save your contributors from accidently delete a critical resources. An ‘oeps… I deleted the wrong resources’ moment should be a thing of the past.

CannotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Continue reading “Lock Azure resources to prevent accidental deletion”