contents
Part 1. Introduction
1.1 Working with infrastructure
Preventing configuration drift
1.2 The benefits of Infrastructure as Code
IaC allows for a declarative approach
IaC provides a human-readable format
1.3 The Azure Resource Manager
Azure Service Management (ASM is not ARM)
1.4 Other tools
Google Cloud Deployment Manager
Choosing between cloud-specific and multi-cloud solutions
2 Writing your first ARM template
Installing the ARM templates extension in VS Code
2.2 Writing ARM templates in VS Code
Leveraging IntelliSense in VS Code
2.4 Monitoring template deployments
Part 2. Taking it up a notch
3.1 Resources
3.2 Parameters
Limiting and describing parameter values
3.3 Variables
3.4 Outputs
3.5 Functions
4.1 An overview of the deployment process
Submitting a template using different tools
4.5 Template validation and what-if deployments
4.6 Troubleshooting template deployments
5 Writing advanced ARM templates
5.1 Deploying to multiple scopes using nested templates
Nested templates on a management group
5.2 How to structure solutions
5.3 Modularizing templates with linked templates
5.4 Deploying resources in order
5.5 Conditionally deploying resources
5.6 Using loops to create multiple resources
Waiting for a loop to finish, using dependsOn
5.8 Reverse engineering a template
6 Simplifying ARM templates using the Bicep DSL
6.3 Other improvements with Bicep
Referencing resources, parameters, and variables
Using references in variables and outputs
Referencing existing resources
Using the contents of other files
6.4 Modules
7 Complex deployments using Azure DevOps
Describing the App Service plan
7.3 Storing templates in source control
7.4 Automated build and release pipelines
Configuring Azure DevOps to run your pipeline
7.5 Adding logical phases to your pipeline
Identifying the logical phases
Accessing artifacts from different jobs
Transpiling Bicep in a pipeline stage
Deploying a template from a pipeline artifact
7.6 Adding the Traffic Manager
7.7 Creating a real-world example pipeline
8 Complex deployments using GitHub Actions
8.2 Getting to know GitHub Actions
8.3 Building a GitHub Actions workflow
Adding a job to a GitHub Actions workflow
8.4 The deployment phase in GitHub Actions
Connecting to Azure from your GitHub workflow
Generating a service principal using the Azure CLI
8.5 Deploying ARM templates from GitHub Actions
9.1 Static analysis and validation
Validation using PowerShell or Azure CLI
9.2 Unit tests
9.4 End-to-end tests
9.5 Pester in CI/CD
Part 3. Advanced topics
10 Template specs and Bicep registries: Building a repository of templates
10.1 Use case: A repository of compliant resources
Creating a template spec from multiple ARM templates
Deploying a template spec using IaC is impractical
10.3 Deploying a template spec
Deploying template specs from an ARM or Bicep template
Upgrading to a newer version of the template spec
10.4 An alternative: A Bicep registry
10.5 Sharing templates using a package manager
Publishing an ARM template as a package
Deploying an ARM template that is in a package
Pros and cons of template specs
Pros and cons of using a Bicep registry
Pros and cons of using a package manager
11 Using deployment stacks for grouping resources
11.1 Grouping resources by their lifetime
Complete deployment mode is not good enough
Deployment stacks to the rescue!
11.2 Provisioning resources for others, but disallowing updates
Azure Blueprints: A first solution
11.3 The future of deployment stacks
12 Governing your subscriptions using Azure Policy
12.1 Azure Policy
12.2 Examining the built-in policies and initiatives
12.4 Using the different effects
12.5 Creating your own initiative
12.6 Assigning a policy or initiative
12.7 Reviewing compliance status
Remediating noncompliant resources
13 Case studies
13.1 Building an Azure foundation
Creating a management subscription
Creating workload subscriptions
13.2 Subscription level deployments
Configuring Microsoft Defender for Cloud
Creating resource groups and providing access
13.3 Creating a highly-available microservice architecture
Resources organized in resource groups
Using the existing keyword to set access to a Key Vault