Azure Blueprints

Owned by Roger Cruz, created
Last updated: Jan 14, 2022
2 min read

 

Intro

Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they're building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.

Documentation

 

Tips and Tidbits

  • Azure Blueprints lets you define a repeatable set of governance tools and standard Azure resources that your organization requires.

  • Azure Blueprints are used to scale governance practices throughout an organization.

  • Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

    • Role Assignments

    • Policy Assignments

    • Azure Resource Manager templates (ARM templates)

    • Resource Groups

  • The service is designed to help with environment setup.

    • This setup often consists of a set of resource groups, policies, role assignments, and ARM template deployments.

    • A blueprint is a package to bring each of these artifact types together and allow you to compose and version that package, including through a continuous integration and continuous delivery (CI/CD) pipeline.

  • ARM template gets used for deployments of one or more Azure resources, but once those resources deploy there's no active connection or relationship to the template.

  • With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved.

    • This connection supports improved tracking and auditing of deployments.

  • Resources created by a blueprint are locked and even Owners can’t modify them.

    • If a blueprint is unassigned, then the lock is removed.

 

  • When creating a blueprint definition, you'll define where the blueprint is saved.

    • Blueprints can be saved to a management group or subscription that you have Contributor access to.

    • If the location is a management group, the blueprint is available to assign to any child subscription of that management group.

 

  • Each Published Version of a blueprint can be assigned (with a max name length of 90 characters) to an existing management group or subscription.

    • Assigning a blueprint definition to a management group means the assignment object exists at the management group.

      • The deployment of artifacts still targets a subscription.

  • When you delete a core blueprint, any assigned versions of the blueprint remain in place. A blueprint must be unassigned before it can be deleted.

  • Import and export blueprint definitions with PowerShell

Create A Blueprint

 

Â