I want to do cross regional deployment using ARM Template.
Example 1:
I have two resource group's A & B. A resource group has one storage account. I want to access A's storage account in B's resource group services.
Example 2:
I have two resource group's A & B. A resource group has one application insight service. I want to access A's application insight in B's ApiApp service with Instrumentation key added in ApiApp "appsettings".
I have tried adding below code snippet in ARMTemplate:
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "testresgrp01",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/components",
"name": "[parameters('appinsightname')]",
"apiVersion": "2015-06-15",
"location": "South Central US",
"properties": {
}
}
]
},
"parameters": {}
}
},
{
"type": "Microsoft.Insights/components",
"name": "[parameters('appinsightname')]",
"apiVersion": "2015-06-15",
"location": "South Central US",
"properties": {
}
}
But this section errors while deployment giving below error:
New-AzureRmResourceGroupDeployment : - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The
template resource 'nestedTemplate' at line '224' and column '10' is invalid. The api-version '2016-07-01' used to deploy the
template does not support 'ResourceGroup' property. Please use api-version '2017-05-10' or later to deploy the template.
If I remove "resourceGroup": "testresgrp01", section, the resource deployment creates a new service in resourcegroup.
How to resolve this issue?
Thank you
I'm pretty sure your Azure Powershell modules are outdated, update them to the latest and try again.
I usually delete all modules and install from scratch to ensure no conflicts.
Related
I'm new to Azure and newer to using ARM templates.
I've got an App Service and Service Plan supporting Windows OS that needs to be changed to Linux. From what I can tell, there is no direct modification to achieve this result, I'm going to need to delete and redeploy.
I was looking at steps for manual deletion and re-build, but I'm thinking that using ARM templates would likely be more effective. I'm researching using ARM templates but not getting much information about using them for removal/modify/replacement. I'd guess that I can download the existing ARM templates and re-deploy, but there have to be a handful of gotchas, but I don't know what to look for.
My expectation is that the ARM template would not be able to deploy the custom domain and its certificate ready to go. Also, the existing template has references to snapshots that would likely be gone after deletion, so I'd expect to have to remove those references from the template prior to re-deploy.
Any guidance I can get would be greatly appreciated!
Per
One of the workaround you can follow ;
I'm researching using ARM templates but not getting much information
about using them for removal/modify/replacement
AFAIK, There is no direct command to delete the resources through which are deployed to Azure using ARM.
Instead of that you can use Azure cli as suggested in this SO THREAD,
Because after deployment there is still you can see in the deployment logs your resource are there you can delete from the portal itself.
After remove the app service from portal you can redeploy the same with adding your modifications.
We have tried after deploy the application and then remove/delete from portal as mentioned above and then re-deploy the app service with linux environment and its work fine.
You can make it use of below template(e.g):-
template.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"webAppName": {
"type": "string",
"defaultValue": "AzureLinuxApp",
"metadata": {
"description": "Base name of the resource such as web app name and app service plan "
},
"minLength": 2
},
"sku": {
"type": "string",
"defaultValue": "S1",
"metadata": {
"description": "The SKU of App Service Plan "
}
},
"linuxFxVersion": {
"type": "string",
"defaultValue": "php|7.4",
"metadata": {
"description": "The Runtime stack of current web app"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"webAppPortalName": "[concat(parameters('webAppName'), '-webapp')]",
"appServicePlanName": "[concat('AppServicePlan-', parameters('webAppName'))]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-06-01",
"name": "[variables('appServicePlanName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('sku')]"
},
"kind": "linux",
"properties": {
"reserved": true
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-06-01",
"name": "[variables('webAppPortalName')]",
"location": "[parameters('location')]",
"kind": "app",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"siteConfig": {
"linuxFxVersion": "[parameters('linuxFxVersion')]"
}
}
}
]
}
app.parameter.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"webAppName": {
"value": "mylinuxappp"
}
}
}
OUTPUT DETAILS FOR REFERENCE:-
To deploy webapp with custom domain and ssl certificate need to make sure that its already verified and also need to use existing keyvault for the SSL binding . Please find this arm template for more information.
Please refer the below links for get started with Azure App service using arm template with different scenarios(step by step guidance). It should be help more to understand .
MICROSOFT DOCUMENTATIONS| Azure Resource Manager templates for App Service & Quickstart: Create App Service app using an ARM template
I am experimenting with Azure Management Groups Arm template.
As you can see in this link, I have this Arm template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"mgName": {
"type": "string",
"defaultValue": "[concat('mg-', uniqueString(newGuid()))]"
}
},
"resources": [
{
"type": "Microsoft.Management/managementGroups",
"apiVersion": "2021-04-01",
"name": "[parameters('mgName')]",
"scope": "/",
"location": "eastus",
"properties": {}
}
],
"outputs": {
"output": {
"type": "string",
"value": "[parameters('mgName')]"
}
}
}
Saved as mg.json and it works fine.
Later I start experimenting with validating and testing Arm template using Test-AzTemplate (https://github.com/Azure/arm-ttk). When I run following command to test Arm Template:
Test-AzTemplate -TemplatePath .\mg.json
I get this test error:
[-] Resources Should Have Location (3 ms)
Resource [parameters('mgName')] Location must be an expression or 'global'
Now when I remove "location": "eastus", line form Arm template, the test does not fail and pass the test.
My Question:
Is this location in Management Group Arm required or not required? And why it is failing when it is part of Microsoft documentation! Any idea?
Location is not required in Management Group. As you can check this Azure Create Management Group REST API documentation, location is not needed here.
That's why in the template either you can remove the location or you can provide 'global' as the value, as the test command output specifies.
I have an Azure template and am attempting to deploy two extra resource groups.
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2019-08-01",
"location": "eastus",
"name": "[variables('galleryResourceGroupName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2019-08-01",
"location": "[resourceGroup().location]",
"name": "[variables('tempResourceGroupName')]",
"properties": {}
},
When I run this template, the result for these two resources is:
{
"message": "No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/59b4b...9074/resourcegroups/rgMain/providers/Microsoft.Resources/resourceGroups/rgTemp?api-version=2019-08-01'."
}
NotFound
The docs say you can deploy a resourceGroup:
https://learn.microsoft.com/en-us/azure/templates/microsoft.resources/2019-08-01/resourcegroups
But it is not working...
Any ideas why ?
This template is a subscription level template that creates a resource group. In this documentation you can find the ways to deploy this template.
From the URI you seem to be targeting another resource group. You can't create a resource group within another resource group. You need to target the subscription instead!
I'm working on an ARM template to
A. deploy a resource group
B. deploy an ASE env.
To do both, as I understand I need to run a deployment on scope subscription level
New-AzDeployment -Name TestingASE -TemplateFile $HOME/azuredeploy.json -TemplateParameterFile $HOME/parameters.json -Location 'West Europe'
My template is pretty long already - so here are the most important parts (I think).
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
....
"resources": [
// Resource Group
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('Location')]",
"name": "[parameters('rgName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "storageDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
....
{
"apiVersion": "2019-04-01",
"name": "[parameters('asevnetname')]",
"type": "Microsoft.Network/virtualNetworks",
"location": "[parameters('Location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
...
{
"apiVersion": "2019-02-01",
"type": "Microsoft.Web/hostingEnvironments",
"name": "[parameters('aseName')]",
"kind": "ASEV2",
"location": "[parameters('Location')]",
"properties": {
"name": "[parameters('aseName')]",
"location": "[parameters('Location')]",
"InternalLoadBalancingMode": "[parameters('ilbMode')]",
"virtualNetwork": {
"Id": "[resourceId(subscription().id, resourceGroup().Id, 'Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
}
....
This give me an output "The template function 'RESOURCEGROUP' is not expected at thislocation"
As far as I understand I'm following the guidelines
https://learn.microsoft.com/en-gb/azure/azure-resource-manager/templates/template-functions-resource#resourcegroup
The resourceGroup() function can't be used in a template that is deployed at the subscription level. It can only be used in templates that are deployed to a resource group. You can use the resourceGroup() function in a linked or nested template (with inner scope) that targets a resource group, even when the parent template is deployed to the subscription. In that scenario, the linked or nested template is deployed at the resource group level.
Thanks for helping with this.
The error happened at the resourceId format, it should be
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2], ...)
To get the resource ID for a resource in the same subscription but a
different resource group, provide the resource group name.
"[resourceId('otherResourceGroup', 'Microsoft.Storage/storageAccounts', 'examplestorage')]"
So, in this case, the virtualNetwork ID in the properties of Microsoft.Web/hostingEnvironments should be
"virtualNetwork": {
"Id": "[resourceId(parameters('rgName'), 'Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
}
or
"Id": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
For more information, you could get more references to deploy an ASE within a subnet from this template.
Your deployment schema is subscriptionDeploymentTemplate and the New-AzDeployment cmdlet creates a deployment at the subscription scope. As per the docs you can't use that function when deploying at the subscription scope. You'll also encounter problems with the resourceId() function that wraps around it. The subscriptionResourceId() function should solve your problem.
"virtualNetwork": {
"Id": "[subscriptionResourceId('Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
}
The resource id will be returned in the subscription format as described here, if that isn't an acceptable format for the virtualNetwork.Id property of the Microsoft.Web/hostingEnvironments resource you're trying to deploy you might need to construct the resource id using the concat() function instead.
Does anyone know how to place Resources in an ARM template into specific, and different Resource Groups? This might be the storage in one RG and the network in another, both created in the same, or different, templates (nested, for example).
Full details are below.
Reading through the best practice guide ARM template best practice and the whitepaper World Class ARM Templates Considerations and Proven Practices there's a recommendation that different elements of a deployment should be situated in separate Resource Groups. For example, in an IaaS solution, your DCs might sit in an Admin RG, your back-end servers in another, and your client desktops in a third.
I'm currently trying to deploy such a solution via nested templates, and I've stumbled upon an issue whereby all items being created are automatically placed inside the Resource Group selected when kicking the process off (i.e. the parent template). I've looked through the various documentation online but can't obviously find a way to force resources being created in a template into a specific Resource Group. Has anyone done this?
For anyone else that finds this in google (like I did):
It is now possible to deploy resources to multiple resource groups in one ARM template. Microsoft has details available here: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-cross-resource-group-deployment for the details.
To do this you include a nested deployment template within the main one, and set the nested deployment to another resource group. here is an example from the MS Site:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storagePrefix": {
"type": "string",
"maxLength": 11
},
"secondResourceGroup": {
"type": "string"
},
"secondSubscriptionID": {
"type": "string",
"defaultValue": ""
},
"secondStorageLocation": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
}
},
"variables": {
"firstStorageName": "[concat(parameters('storagePrefix'), uniqueString(resourceGroup().id))]",
"secondStorageName": "[concat(parameters('storagePrefix'), uniqueString(parameters('secondSubscriptionID'), parameters('secondResourceGroup')))]"
},
"resources": [
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('secondResourceGroup')]",
"subscriptionId": "[parameters('secondSubscriptionID')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('secondStorageName')]",
"apiVersion": "2017-06-01",
"location": "[parameters('secondStorageLocation')]",
"sku":{
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
}
}
]
},
"parameters": {}
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('firstStorageName')]",
"apiVersion": "2017-06-01",
"location": "[resourceGroup().location]",
"sku":{
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
}
}
]
}
It is not possible to deploy resources into multiple resource groups from a template. Simply by virtue of the fact that the Azure Resource Manager REST API Reference only has a single place to specify the resource group name.
The concept of ARM templates is that you create a resource group and deploy a template into it, and thus provide a single administrative unit from which to manage those resources. This improves over the Azure Service Management model where you had to manage each resource individually.
Nested resource groups would be quite a nice feature to fulfill your need, but I've never heard of such a thing being planned for Azure.