I want to run deploy an ARM template on every subscription and on future new subscriptions.
In AWS there's stackset for the organization level and it's working.
How can I achieve the same result in Azure?
Thanks
You can use Azure Blueprint:
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
Role Assignments
Policy Assignments Azure
Resource Manager templates (ARM templates)
Resource Groups
Related
Recently I have started doing some Azure Data Factory deployments using the AzureRM_Template_Deployment resource in Terraform using Azure DevOps. I need to be able to browse all the deployments I made using this resource. When I open the Deployments folder in the Azure portal I do not see anything there. But I'm sure this deployment exists because if I use the same name for a future template deployment using Terraform, I get the below error:
resource with the ID "/subscriptions/***/resourceGroups/***/providers/Microsoft.Resources/deployments/<deploymentName>" already exists
Any help is appreciated.
I tried creating a storage account from the sample registry I found from azurerm_template_deployment Terraform Registry, after the deployment was successful, If I go to the deployment folder from portal I don’t find any . Its because we didn’t use the template on subscription level rather we used on resource group. We deploy the resources using the ARM template to the resource group that’s being created by terraform.
So, we can find the template deployment inside the resource group under the deployment blade as shown.
If a blank Azure Subscription is provided, how do you deploy a new Resource Group, and is it free?
And following deployment of a new Resource Group, are there any steps that need to be undertaken before deploying resources to the newly created resource group?
how do you deploy a new Resource Group, and is it free?
There are various API's (REST API, Powershell, Azure CLI) to do this. The easiest is doing it interactively from the Azure portal. A resource group is free
And following deployment of a new Resource Group, are there any steps that need to be undertaken before deploying resources to the newly created resource group?
Generally No. Unless it is locked (by default it isn't) or has specific security stopping you (which won't be an isse if you are the same user)
I created a resource group and various resources inside it. In Resources I have ADF & Pipelines, SQL Server, DBs & Objects, Logics Apps, AAS Models, Storage Accounts etc.
Now I want to check-in all my information into source control for versioning. I have Azure Devops as well. My need is that I want to deploy the resources and objects into another environment.
e.g I have a dev environment. I created all resources in a resource group. I did not use any template or source control while building this environment. I got Azure DevOps now. Now I want to built the test set up from the dev environment. How do I achieve this?
Any help is appreciated. Thank you.
You can first export the Template from your Azure resource group portal. See below:
1, Go to Azure Resource Group portal-->Click Export template under Automation-->Download
You can also use Az cli/Azure powershell to export the template. See example commands here
Please check the documents here to learn more about how to manage your azure resource using ARM Template.
2, Sync the ARM template downloaded in above step to your azure repo.
3, Create an azure Resource Manager service connection to connect your Azure subscription to Azure devops. See this thread for an example.
4, Create an azure devops pipeline to automate the azure resource deployment.
5, Add Azure Resource Manager (ARM) Template Deployment Task in your azure pipeline to deployment the template exported in the first step.
steps:
- task: AzureResourceManagerTemplateDeployment#3
displayName: 'ARM Template deployment: Resource Group scope'
inputs:
azureResourceManagerConnection: 'azuresubscriptionServiceConnection'
subscriptionId: '......'
resourceGroupName: 'Resource-group'
location: 'East US'
csmFile: template.json
csmParametersFile: parameters.json
Above just gives you the general steps you need to take when deploying azure resources via azure devops pipeline. You need to explore the documents for yourself to learn how to customize your pipeline, how to create ARM template, And how to use the AzureResourceManagerTemplateDeployment task.
Is there a way to figure out if resource was deployed manually (via Azure portal) or via arm template?
I would say that your best option, although it won't guarantee 100% accuracy, is to look at the deployment name. If you look at a Resource Group from the Azure Portal and navigate to Deployments, you'll see a list of all deployments to that RG.
From my observations:
if the deployment name is in the format Resource.Provider-Timestamp (Microsoft.RouteTable-20200824154745) it was done via the Portal
if the deployment name is somewhat friendly or irregular (VirtualWanDeployment) it was a manual ARM template deployment (PowerShell in my case)
if the deployment name is in the format resource-date-time-xxxx (applicationGateway-20200821-135645-bf71) it was an Azure DevOps pipeline
I am not able to Create Azure Paas resource "VirtualMachineScaleSets" within DevTestLab, which i am trying by uploading ARM Template to DevtestLab repository through VSTS. It gives "Authorization failed for template resource of type 'Microsoft.Compute/VirtualMachineScaleSets' error
Overall goal is to create "Service fabric cluster" within DevTestLab
MSDN link : https://learn.microsoft.com/en-us/azure/devtest-lab/devtest-lab-create-environment-from-arm
Because DevTestLab is different with Azure resource module. For now, Azure does not support deploy VMSS to DevTestLab.
By the way, we can't use the same template to deploy resource in DevTestLab, there are different resource.
More information about DevTestLab template, please refer to this link.
We have a fix working its way through our safe deployment pipeline. The fix will be deployed soon to all regions.
As a work around you could give "VS Dev Test Lab" application "owner" permission at subscription level and "owner" permission to DevTestLab created.