Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Bicep | User Defined Types

Problem Space Over the years of developing Infrastructure as Code (IaC) with either ARM templates or Bicep (since it was released in 2020), I have made it my best practice where possible to use well-defined base type parameters (Strings | Integers | Booleans) so that the templates are usable and maintainable by collaborators apart from myself. This usually equated to where possible avoiding the use of Object and Array parameters, although in many cases the use of these types was inevitable given the complexity of the infrastructure and resources being deployed.

Posted by Andrew Wilson on Wednesday, February 7, 2024

Azure RBAC Key Vault | Role Assignment for Specific Secret

Background Azure role-based access control (Azure RBAC) provides fine grained control over access to Azure resources. Azure RBAC is founded on top of the Azure Resource Manager which allows us to provide access authorisation at differing scope levels ranging from the Management Group through to individual resources. With RBAC enabled key vaults we can manage access to the resource and data stored in the vault. We can also manage access for individual keys, secrets, and certificates.

Posted by Andrew Wilson on Wednesday, November 22, 2023

Bicep | Deployment Scope Hopping

Background An Azure Tenant is hierarchically structured with the following make up: Tenant One or more Management Groups One or more Subscriptions One or more Resource groups One or more Resources Deployment Scopes {Tenant, Management Group, Subscription, Resource Group} allow us to deploy respective types of resources at each level. A Scope is dictated by two attributes, the selected scope level, and the identifier of the item at that scope level.

Posted by Andrew Wilson on Tuesday, April 25, 2023

Bicep | Conditional Iterative Deployment

Background I have recently been looking at creating multiple of the same resource using Bicep. There is however a condition where I would wish for the set of resources not to be deployed. The following stages show my work through of this particular problem (using a storage account resource as an example): Conditional Deployment Conditional Deployment is used where you may or may not wish to deploy a given resource depending on the outcome of a given condition (if statement).

Posted by Andrew Wilson on Tuesday, April 11, 2023

Bicep Template | Shared Variable File Pattern

Background I have recently been playing around with some of the Bicep functions when I came across a pattern by Microsoft called the Shared Variable File Pattern. This nifty pattern describes a method in which you can extract what would either be commonly used or complex configuration values away from your Bicep Template. Using the pattern will allow you to retain easy to read and manageable Bicep templates where you have modelled large variable configurations and or configuration values that are used repeatedly across your templates (prevents multiple copies of the value that would need to be maintained).

Posted by Andrew Wilson on Wednesday, March 8, 2023

avatar

Andrew Wilson
Husband - Father - Chief Consulting Officer at Black Marble.

Has a passion for creating software [especially solution integrations] that help others execute their jobs faster and more efficiently.

QUICK LINKS
FEATURED TAGS
api management apim apim-policy arm az cli azure azure devops azure integration services azure portal bicep biztalk biztalk deployment framework btdf dsc fluent ui function-app git iac keyvault logic app logic app standard nerd fonts office-ui-fabric ohmyposh powershell rbac react rest client roles security speaking sso storage account strong name key swagger typescript vs code webpack windows terminal winget winget configuration yaml pipeline