Dummies Guide to Azure ARM Templates- Deployment Governance

ARM

This is the second post of series covering Azure ARM Templates. If you are looking at this post without reading the previous one, I’d suggest you to take a quick look at part 1 below before proceeding furthre . We are going to use some of the concepts and code from the previous article here.

Dummies guide to Automating Azure Deployments with ARM Templates

Imagine a situation where you are required to delegate resource deployment access to several devops teams and ending up to deal with a messy infrastructure that is non-compliant in many ways .

Some Challenge in delegation of access to infrastructure deployment

1. Users may not be well versed with all the necessary parameters required for a resource
2. Users may not be compliant to naming conventions
3. Users may be attempting to create resource with higher specifications that are not budgeted

Rings a bell ?. That’s exactly where ARM templates provide governance capabilities.

Let’s quickly get on with how are we going to implement it.

Requirements to successfully complete this tutorial are enlisted in my part 1 of this series. Please ensure to have all of them before proceeding further.

In order to improve standardization further, I have also introduced a Git repository from where the deployment file will be accessed . Feel free to clone my Git repository that has the code for this tutorial . Do make a point to star it and keep it on your watch list . I’ll be adding more such useful deployment configurations soon for advanced concepts.

GitHub - rajeshr6r/arm_templates

In this tutorial , we are going to look at how to use parameters to introduce constraints at the time of resource creation.

First Let’s look at the file azresourcedeploywithparams.json from the repository.

It contains 4 parameters that we are going to use.

1. storageaccountname

Constraints : Length of the storage should be between 8–16 characters

2.storagelocation

Constraints : Default location will be location of the resource group if not specified . Else should be one of the allowed values.

3.storagekind

Constraints : Only StorageV2 accepted

4.storagesku

Constraints : Default sku will be Standard_LRS if not specified . Else should be one of the allowed values.

Now let’s construct a deployment command with deliberate intent to break validation of each parameter and see the errors.Look at the highlighted areas where I have provided a new parameter ( from the previous post ) called template uri . By using template uri , you can simply refer to the json template that you have in a central repository.

az deployment group create --resource-group rg-demo-arm --template-uri "https://raw.githubusercontent.com/rajeshr6r/arm_templates/master/azresourcedeploywithparams.json" --parameters storageaccountname="qwe4" storagelocation="eastus" storagekind="StorageV1" storagesku="Standard_RAGZRS"

Before firing this command , please ensure to login to your azure subscription via Azure CLI .

When you fire the command the CLI will not evaluate all errors at once. As soon as the first error is detected , CLI will throw an error message and stop.

Error 1 :

{“error”:{“code”:”InvalidTemplate”,”message”:”Deployment template validation failed: ‘The provided value for the template parameter ‘storageaccountname’ at line ‘7’ and column ‘26’ is not valid. Length of the value should be greater than or equal to ‘8’. Please see https://aka.ms/arm-template/#parameters for usage details.’.”,”additionalInfo”:[{“type”:”TemplateViolation”,”info”:{“lineNumber”:7,”linePosition”:26,”path”:”parameters.storageaccountname.minlength”}}]}}

Error 2 :

{“error”:{“code”:”InvalidTemplate”,”message”:”Deployment template validation failed: ‘The provided value ‘eastus’ for the template parameter ‘storagelocation’ at line ‘19’ and column ‘30’ is not valid. The parameter value is not part of the allowed value(s): ‘westeurope,northeurope’.’.”,”additionalInfo”:[{“type”:”TemplateViolation”,”info”:{“lineNumber”:19,”linePosition”:30,”path”:”parameters.storagelocation.allowedValues”}}]}}

Error 3 :

{“error”:{“code”:”InvalidTemplate”,”message”:”Deployment template validation failed: ‘The provided value ‘StorageV1’ for the template parameter ‘storagekind’ at line ‘31’ and column ‘30’ is not valid. The parameter value is not part of the allowed value(s): ‘StorageV2’.’.”,”additionalInfo”:[{“type”:”TemplateViolation”,”info”:{“lineNumber”:31,”linePosition”:30,”path”:”parameters.storagekind.allowedValues”}}]}}

Error 4:

{“error”:{“code”:”InvalidTemplate”,”message”:”Deployment template validation failed: ‘The provided value ‘Standard_RAGZRS’ for the template parameter ‘storagesku’ at line ‘43’ and column ‘30’ is not valid. The parameter value is not part of the allowed value(s): ‘Standard_LRS,Standard_GRS’.’.”,”additionalInfo”:[{“type”:”TemplateViolation”,”info”:{“lineNumber”:43,”linePosition”:30,”path”:”parameters.storagesku.allowedValues”}}]}}

As you see, the errors are pretty self explanatory.

Let’s fix all the paramters and fire the command. Observe the highlighted values supplied to each parameter being compliant to the constraints defined.

az deployment group create --resource-group rg-demo-arm --template-uri "https://raw.githubusercontent.com/rajeshr6r/arm_templates/master/azresourcedeploywithparams.json" --parameters storageaccountname="qwe4qwe4" storagelocation="westeurope" storagekind="StorageV2" storagesku="Standard_GRS"

Now let’s fire the command and see if all goes well.

Screenshot after resource being deployed in Azure with all specifications taken care off

As this is a tutorial ,with the command below let’s delete the resources we created.

az group delete --name rg-demo-arm

Closing thoughts:

With that , we have demonstrated how we can implement resource deployment governance with ARM Templates.

There are more complex techniques that can ensure a robust fail-safe resource deployment strategy for Azure Cloud . I’ll be covering this as part of this series. Please stay tuned to my posts .