Azure Resource Manager (ARM)

Owned by Roger Cruz, created
Last updated: Mar 26, 2022
4 min read

 

Intro

 

Documentation



 

Tips and Tidbits

  • This is a must have page that lists all of the limits and quotas provided by the Azure Resource Manager:

  • Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

  • manage your infrastructure through declarative templates rather than scripts.

  • define the dependencies between resources so they're deployed in the correct order.

  • declarative syntax - Syntax that lets you state "Here is what I intend to create" without having to write the sequence of programming commands to create it.

    • The Resource Manager template is an example of declarative syntax

  • Each resource provider offers a set of resources and operations for working with an Azure service.

    • For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider.

      • This resource provider offers a resource type called vaults for creating the key vault.

      • The name of a resource type is in the format: {resource-provider}/{resource-type}. For example, the key vault type is Microsoft.KeyVault/vaults.

 

  •  

Resource Manager Locks

  • Resource Manager locks allow organizations to put a structure in place that prevents the accidental deletion of resources in Azure.

    • You can associate the lock with a subscription, resource group, or resource.

    • Locks are inherited by child resources.

  • There are two types of resource locks.

    • Read-Only locks, which prevent any changes to the resource.

    • Delete locks, which prevent deletion.

  • Only the Owner and User Access Administrator roles can create or delete management locks.

     

Explore Azure Resource Manager

 

"resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-04-01", "name": "mystorageaccount", "location": "westus", "sku": { "name": "Standard_LRS" }, "kind": "StorageV2", "properties": {} } ]

Gets translated into

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/mystorageaccount?api-version=2019-04-01 REQUEST BODY { "location": "westus", "sku": { "name": "Standard_LRS" }, "kind": "StorageV2", "properties": {} }

 

  • Declarative syntax: Azure Resource Manager templates allow you to create and deploy an entire Azure infrastructure declaratively.

  • Repeatable results: Repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner.

    • Templates are idempotent, which means you can deploy the same template many times and get the same resource types in the same state.

  • Orchestration: You don't have to worry about the complexities of ordering operations.

    • Resource Manager orchestrates the deployment of interdependent resources so they're created in the correct order.

    • When possible, Resource Manager deploys resources in parallel so your deployments finish faster than serial deployments.




 

 

  • To deploy a particular solution, you create a master template that links all the required templates.

  • If the template specifies creating a resource but that resource already exists, Azure Resource Manager performs an update instead of creating a new asset.

    • Azure Resource Manager updates the existing asset to the same state as it would be as new.

  • Resource Manager provides extensions for scenarios when you need additional operations such as installing particular software that isn't included in the setup.

    • If you're already using a configuration management service, like DSC, Chef or Puppet, you can continue working with that service by using extensions.

 

  • After creating your template, you may wish to share it with other users in your organization.

    • Template specs enable you to store a template as a resource type.

    • You use role-based access control to manage access to the template spec.

      • Users with read access to the template spec can deploy it, but not change the template.

 

  • Explore conditional deployment

  • Sometimes you need to optionally deploy a resource in an Azure Resource Manager template (Azure Resource Manager template).

    • Use the condition element to specify whether the resource is deployed.

"newOrExisting": { "type": "string", "defaultValue": "new", "allowedValues": [ "new", "existing" ] } }, "functions": [], "resources": [ { "condition": "[equals(parameters('newOrExisting'), 'new')]", "type": "Microsoft.Storage/storageAccounts",

 

  • When deploying your resources, you specify that the deployment is either an incremental update or a complete update.

  • The difference between these two modes is how Resource Manager handles existing resources in the resource group that aren't in the template.

    • The default mode is incremental.

 

  • In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template.

  • In incremental mode, Resource Manager leaves unchanged resources that exist in the resource group but aren't specified in the template.

 

 

Exercise: Create and deploy Azure Resource Manager templates by using Visual Studio Code