I have a consomosDB in my azure account created by a script, I want to create an ARM template to manage the resource deployment by ARM template going forward, how can I make sure that ARM template doesn't recreate/overwrite the resource as it is the first time going to be deployed using ARM template?
ARM template willnot recreate/overwrite the existing resource, if the resource is specified in the template. It will update the resource if the property values for a resource are changed. See below extract from the official document.
Resource Manager tries to create all resources specified in the template. If the resource already exists in the resource group and its settings are unchanged, no operation is taken for that resource. If you change the property values for a resource, the resource is updated with those new values. If you try to update the location or type of an existing resource, the deployment fails with an error. Instead, deploy a new resource with the location or type that you need.
In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template
If you don't specify certain properties, Resource Manager interprets the deployment as overwriting those values. Properties that aren't included in the template are reset to the default values. Specify all non-default values for the resource, not just the ones you're updating
So if you want the existing resource remain intact, you can export the resource template from Azure Portal to make sure all the properties are specified and not changed.
You can also lock the resource, set the lock level to CanNotDelete or ReadOnly to keep the resource from deleted or modified. Check document Lock resources to prevent unexpected changes for more information.
To modify existing resources using ARM templates, export the template for the resource from within the Azure Portal. Then download it locally. You can then modify it to update settings for Cosmos resources. ARM templates have api-versions. This will coincide with the underlying version in PS or CLI that you used to create the Cosmos account. When modifying the ARM template you will need to note the api-version and then refer to that version Cosmos DB schema reference to ensure the properties match the api-version in the template you deployed.
Related
I have created an ARM template for deploying resources into an Azure Resource Group. Is there any way I could use the same ARM template to perform automated "Baseline-Checks" in order to check if the resources have been changed in any way?
Are you just trying to determine if the state of the resources in Azure have "drifted" from the state declared in the template? If so you can use the what-if api and parse the results from that to see if something has changed.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-what-if?tabs=azure-powershell
If you want to prevent drift from occurring, you can lock the resources to prevent changes.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
You can perform baseline checks by using ARM template but you need to
create individual template for each resource group in incremental
mode and when there is any changes in the resource it will
automatically updated in the template and by that way you can perform
baseline checks
Here is the documentation which helps in creating
ARM template.
All I want is to copy/recreate all the existing resources which is under resource-grp1 from a Production environment to another resource-grp2.
What would be the very easiest way to re-create the same environment in another Resource Group in the same subscription? I tried to export the resource group and downloaded. The problem is that the file “parameters.json” includes hard coded references to the original resource group name. Is there an way to do this without using Azure CLI/Powershell, only use Azure Portal
resource-grp1 contains following resources
1. 2 app service plans
2. 10 app services
3. 8 azure sql database
4. 3 NSG & vnet
5. Application Insight
6. SendGrid
6. Storage account
7. VM
You can just navigate to your Resource group > Click on Export Template from side Panel
You'll have 3 options
Download
Add to Library
Deploy
When Downloaded, the ARM Template will be saved to the local machine. This will allow for the template to be manually changed or saved somewhere for it to be retrieved for later use.
When Saving, the ARM Template will be saved to a collection accessible from “Browse > Templates” within the Azure Portal. This allows for Resource Group configurations to be saved so they can easily be redeployed later.
When Deploying, the ARM Template will be deployed to a new Resource Group. This essentially allows for the Resource Group to be “copied.” This could be useful for easily cloning a Resource Group to easily spin up a separate hosting environment with identical settings.
enter image description here
I have Downloaded the template and Imported the template using Template Deployments.
Search for Template Deployments > Build your own template in editor > Load File (Add your downloaded template after unzipping) > Save > Create
enter image description here
enter image description here
enter image description here
you can refer this site for more
If you are facing issue with Export template "The problem is that the file “parameters.json” includes hard coded references to the original resource group name" try below.
Azure portal - > Resource group -> Export Template and download the template.
After download the templates (template.json and parameters.json) files find old resource group reference and change into new resource group reference.
Deploy into other resource group:
Search Template Deployment in Azure portal search bar and click on create.
Click on Build your own template in the editor
select parameter and add updated parameters.json file
&
select resources and add updated template.file and save it.
Add subscription and Resource group which you need to deploy.
Click Create it will deploy your resources in a new resource group.
I have already installed my azure environment with a VM, a storage account and a data base server, and it works fine, but now i want to export the ARM template in order to automate the whole proccess to my customers. The problem is that when exporting this message shows up:
error
So the question is how do i export an ARM template correctly from Azure with all my resources without having to do much fixing my final template?
that is expected. some resource types cannot be exported. you'd have to take a look at the api definition and use that to export those (say at resources.azure.com)
Simple: use bicep. Azure Resource Manager's transpiler (it's a sweeter syntax that solves your needs)
In Bicep the directive you're looking for in your Azure Resource Manager "ARM" template is keyword "existing"
https://github.com/Azure/bicep/blob/main/docs/tutorial/05-loops-conditions-existing.md
keyword "existing" lets you reference a resource without a complete definition.
Otherwise you need to provide the entire ARM definition for the object.
Export failures per resource type occur when a given resource types schema is not available. We are looking into how we can autogenerate schemas for Azure resource providers and onboarding them to this new process, improving the overall success of the Export Template API.
When I create an AKS cluster using Azure portal I can see that new resource groups are created. It seems that I have no control over how they are named, especially the one with with "MC_" prefix. I also don't see an option to change its name when using ARM template.
In addition, if I create a cluster in customer's subscription, where I only have access to 1 resource group, I don't even see the newly created RG and can't manage it.
Is there a way to force deployment of all AKS components into a single resource group?
No, there is no way to force it at this point in time. As for the access, you should request access to that RG. No real workarounds.
Secondary resource group name can be inferred, I think, its something like:
MC_original-resource-group-name_aks-resource-name_location
it also creates OMS resource group (if you enable OMS) and Network Watcher (this can be disabled, btw, but its a provider setting). you have no control over that as well.
there is a not implemented yet nodeResourceGroup property: https://learn.microsoft.com/en-us/rest/api/aks/managedclusters/createorupdate#examples
EDIT: this is actually working right now, so the nodeResourceGroup property can be used. But it would still be a new resource group, so you would still need to request access to that group and using this property is not possible with the portal (so ARM Templates\pulumi\terraform)
I am working on Azure Kubernetes service. I am creating AKS through portal successfully. But, I need to do it through the ARM Templates.
How to create AKS with help of ARM Templates?
For this, I followed link
But, here am receiving an issue like:
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template
resource
'AKSsubnet/Microsoft.Authorization/36985XXX-XXXX-XXXX-XXXX-5fb6b7ebXXXX'
for type
'Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments'
at line '53' and column '9' has incorrect segment lengths. A
nested resource type must have identical number of segments as its resource name. A root resource type must have segment length
one greater than its resource name. Please see https://aka.ms/arm-template/#resources for usage details.'.
How to create AKS with help of ARM Templates?
One of the most direct methods, navigate to creating AKS page in the portal, fill the attributes, click Download a template for automation, then you will get the template.
You could test the template in the Custom deployment, it will work fine.
Old thread but here is why the AKS Advanced Networking ARM Template is not working for you.
One of the steps in the deployment assigns the SP as a contributor to the newly created AKS subnets so that the SP can work its advanced networking magic.
In order to assign a role in a RG one needs to have Owner permissions on that RG.
I suspect you have provided the incorrectly formatted string in the "name" field of the resource. It should follow the pattern like this- "{resource-name}/Microsoft.Authorization/{role-assign-GUID}"
More on this here- https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template#resource