front matter

foreword

As an engineer, I know how important it can be to find a solid introduction to a new topic. Blogs, documentation, and Q&A platforms can be a great source of information, but they almost always assume basic knowledge of a topic. A good book is unique in the sense that it can provide you with that basic knowledge.

A good book is designed to take you on a well-thought-out journey along one subject after another to help you build a fundamental understanding of the topic. Once you have completed that journey, other sources can augment your knowledge and help you overcome specific problems. Without that fundamental understanding, other sources can help you overcome problems, but you might have difficulty connecting these smaller nuggets of knowledge to what you already know.

This book, Azure Infrastructure as Code, is such a book that takes you on a learning journey. First, you will learn the basics of IaC and how the Azure Resource Manager works. From there, it takes you on a journey past ARM template syntax, to an understanding of the deployment process, up to Azure Bicep or BicepLang, the latest IaC language for Azure.

Once you have the syntax down and are able to work with Bicep, the remainder of the book takes you past many other capabilities of the Azure Resource Manager that will help you to scale your use of IaC to multiple teams or even complete organizations.

I hope you will join Henry, Erwin, and Eduard on a journey to learn all about Azure Infrastructure as Code!

—Scott Guthrie, Executive Vice President at Microsoft

Henry, Erwin, and Eduard are all deeply involved in the Azure, ARM template, Bicep, and DevOps communities. As a result, all three are experts in this field, and it is no surprise that this book is an immensely valuable resource when it comes to learning about Infrastructure as Code (IaC) on Azure.

What I particularly like about this book is its focus on the fundamentals—first focusing on Infrastructure as Code as a general concept, then spending lots of time on ARM templates, all before teaching Bicep itself. This foundation is something we always try to teach Azure users, as it allows you to learn not just what Azure is today, but how to keep up with Azure as it evolves.

Finally, the last third of the book covers how you use IaC in practice by teaching you how to integrate your code with CI/CD tooling, Azure Policy, testing strategies, and deployment stacks. This next level of depth is what supercharges your already valuable infra code.

This book is exactly what you need to go from 0 to 100 with Azure Infra-as-code. Enjoy!

—Alex Frankel, Program Manager

on the Azure Resource Manager team at Microsoft

preface

Well over a year ago, the three of us set out to write a book to teach people how to manage Azure Infrastructure as Code (IaC) with native Azure tools. Since then, we have written a total of thirteen chapters that we believe will take you from “zero to hero!”

IaC is an important topic, as not a single line of code can run on its own. Everything has to run on top of something. An OS runs on top of the hardware, a program on top of the OS, and most modern applications on top of a runtime. As engineers, we consider most of these things our programs “run on top of ” to be infrastructure.

The cloud has changed the way we look at infrastructure. It is no longer bought and nurtured for two to five years. Instead, it is created when we need it and disregarded when we no longer need it. To fully exploit this flexibility that cloud offerings like Microsoft Azure bring, we need a way to quickly and reliably create our infrastructure. And for engineers, is there a better way than through code?

There are many resources already available about these topics—many blogs written by experienced engineers, and a body of MS Learn and MS docs materials and write-ups about individual features. Yet, there was still one thing missing: a single body of knowledge that captures all you need to get you fully up to speed. A single comprehensive body of knowledge, organized so that you can read it front to back. We hope that is changed by this book.

In this book, we have chosen to take a bottom-up approach, where you will first learn about the basics that will directly help you in your job and also help you understand the topics that follow. A deep understanding of these basics will help you throughout your career, not only when you’re working with the current technologies, but also with what the future will bring.

However, that doesn’t mean that this book doesn’t contain the latest and greatest. Quite the opposite. After the foundational part, you will find more advanced topics that you can use to take your IaC practices to the next level, such as Azure Policy and testing templates. We’ve also added sections about recently released features like template specs and the Bicep registry.

Whether you are just getting started with Azure IaC or are an experienced engineer who wants to keep learning, we believe that there is value in this book for everyone!

acknowledgments

Writing a book is a great undertaking, and it’s not possible without the help of a great many people. We’d like to thank our wives and girlfriend Marjoleine, Gerja, and Marloes for their support when we were on yet another call in the evening, or when we needed another afternoon to write just one more section. We also want to thank the Azure Resource Manager product group, Alex Frankel and Brian Moore in particular, for their support and for reviewing parts of this book.

Also, no book sees the light without reviewers and a whole team of editors who help steer the direction of the book. Thanks to our reviewers: Aleksandar Nikolic, Alexey Vyskubov, Amado Gramajo, Amanda Debler, Aron Trauring, Bikalpa Timilsina, Casey Burnett, Chris Heneghan, Conor Redmond, Daniel Berecz, Danilo Tiago, Darrin Bishop, Edin Kapić, George Chang, Giuliano Latini, James Black, Kamesh Ganesan, Karthikeyarajan Rajendra, Lachman Dhalliwal, Lakshminarayanan A.S, Maciej Jurkowski, Michael Bright, Michael Langdon, Nasir Naeem, Quentin Fortier, Radhakrishna M.V., Renato Gentile, Richard Vaughan, Robin Coe, Ronald Cranston, Sebastian Rogers, Stephen Goodman, Steve Atchue, Steven Oxley, Sylvain Groulx, Vishal Singh, Vivek Dhami, and Vivek Lakhanpal, for your invaluable feedback and tips for improvement. And finally, to Doug Rudder, the development editor; Mihaela Batinić, the reviewing editor; Deirdre Hiam, the project manager; Andy Carroll, the copyeditor; and Jason Everett, the proofreader, thank you for reviewing, commenting, rewriting, redrawing, and crafting it into the work it is now.

about this book

Azure Infrastructure as Code teaches you to use Azure’s native Infrastructure as Code (IaC) tools, like ARM templates and Bicep, to build, manage, and scale infrastructure with just a few lines of code. You’ll discover ARM templates, deployment stacks, and the powerful new programming language Bicep. You’ll see how easy they make it to create new test environments, safely make infrastructure changes, and prevent configuration drift. Loaded with in-depth coverage of syntax and lots of illustrative examples, this hands-on guide is a must-read for anyone looking to expand their knowledge of provisioning.

Who should read this book

This book is for anyone who has been provisioning or managing cloud infrastructure for three months or more. You could be any of the following:

• A software engineer who writes software for Azure and also contributes to managing the infrastructure your software runs on
• An IT professional who is responsible for operating any workload that runs in the Microsoft Azure cloud
• A cloud engineer who deploys and maintains applications in the cloud, be it on virtual machines or container platforms
• A network engineer who manages software-defined networks for Azure

To work with and test the examples in this book, you will need at least one Azure subscription.

How this book is organized: A roadmap

This book has three parts consisting of 13 chapters.

Part 1 explains Infrastructure as Code, talks about its benefits, introduces ARM templates, and walks you through writing and deploying a first template.

• Chapter 1 covers the basics of Infrastructure as Code and talks about its benefits. It also gives a preliminary introduction to ARM templates, Bicep, and the Azure Resource Manager. Lastly, it identifies a few other tools that you could use to manage infrastructure that are not created by Microsoft.
• Chapter 2 introduces ARM templates and walks you through creating a first one. It also explains how to deploy the template to Azure.

Part 2 goes deep into ARM templates and Bicep, explains the deployment process in detail, and talks about testing templates.

• Chapter 3 discusses ARM templates in more detail. It explains all the parts that make up an ARM template, like resources, parameters, variables, functions, and outputs.
• Chapter 4 describes the deployment of a template in detail. It talks about different deployment scopes, different tools for initiating a deployment, the different phases within the deployment, and the validation steps you can use during the deployment.
• Chapter 5 goes deep into ARM templates and touches on the more advanced topics like modularization, loops, deployment scripts, and nested templates.
• Chapter 6 introduces Bicep and explains how to use your knowledge of ARM templates to write Bicep templates.
• Chapter 7 gives a detailed overview into deploying your Infrastructure as Code using Azure DevOps. The different parts that make up a deployment pipeline are discussed and used to deploy your infrastructure into multiple environments and regions.
• Chapter 8 is also about deploying your infrastructure, but this time using GitHub Actions.
• Chapter 9 discusses how to analyze and test your templates and infrastructure using different tools and techniques.

Part 3 discusses a few advanced topics to help you take your infrastructure to a higher level.

• Chapter 10 explains how you can share your templates across your organization for optimal reuse and compliant-by-default infrastructure. It lists various methods and talks about their pros and cons.
• Chapter 11 talks about deployment stacks, which are used to deploy your resources into logical groups.
• Chapter 12 discusses Azure Policy, which allows you to govern your Azure resources. This chapter explains how to create and apply the policies across your environment using Bicep templates.
• Chapter 13 contains a few case studies that will show you larger examples of how to build infrastructure using the practices you’ve seen throughout the book.

In general, you should be sure to read the first six chapters. These cover the basics of both ARM templates and Bicep that you should know. The next two chapters, 7 and 8, discuss how to deploy Infrastructure as Code using either Azure DevOps or GitHub Actions. You can pick neither or read one or both depending on your situation or preference. The rest of the book contains chapters on topics like testing templates, sharing templates, or using policies, and these can be read out of order, based on your particular needs or interests.

About the code

This book contains many examples of source code both in numbered listings and inline with normal text. In both cases, source code is formatted in a fixed-width font like this to separate it from ordinary text. Sometimes code is also in bold to highlight code that has changed from previous steps in the chapter, such as when a new feature adds to an existing line of code.

In many cases, the original source code has been reformatted; we’ve added line breaks and reworked indentation to accommodate the available page space in the book. In rare cases, even this was not enough, and listings include line-continuation markers (➥). Additionally, comments in the source code have often been removed from the listings when the code is described in the text. Code annotations accompany many of the listings, highlighting important concepts.

You can get executable snippets of code from the liveBook (online) version of this book at https://livebook.manning.com/book/azure-infrastructure-as-code. The complete code for the examples in the book is available for download from the Manning website at https://www.manning.com/books/azure-infrastructure-as-code, and from GitHub at https://github.com/AzureIaCBook.

liveBook discussion forum

Purchase of Azure Infrastructure as Code includes free access to liveBook, Manning’s online reading platform. Using liveBook’s exclusive discussion features, you can attach comments to the book globally or to specific sections or paragraphs. It’s a snap to make notes for yourself, ask and answer technical questions, and receive help from the authors and other users. To access the forum, go to https://livebook.manning.com/book/azure-infrastructure-as-code/discussion. You can also learn more about Manning’s forums and the rules of conduct at https://livebook.manning.com/discussion.

Manning’s commitment to our readers is to provide a venue where a meaningful dialogue between individual readers and between readers and the authors can take place. It is not a commitment to any specific amount of participation on the part of the authors, whose contribution to the forum remains voluntary (and unpaid). We suggest you try asking the authors some challenging questions lest their interest stray! The forum and the archives of previous discussions will be accessible from the publisher’s website as long as the book is in print.

Other online resources

Need additional help?

• ARM overview—https://docs.microsoft.com/en-us/azure/azure-resource-manager
• ARM template specs—https://docs.microsoft.com/en-us/azure/templates
• QuickStart templates—https://github.com/Azure/azure-quickstart-templates

about the authors

Henry Been is an independent DevOps & Azure Architect from the Netherlands. He has been active in software development for over 15 years, of which close to 10 years have involved working with Microsoft Azure. He enjoys working with and within DevOps teams to design, write, and deliver great software. He believes in cross-functional teams that own the full delivery process, from inception to delivery and operations, of the software they write. Next to his work, he is active in the community writing blogs, creating videos, hosting MeetUps, and speaking at international conferences. For his community activities, he has been awarded the Microsoft MVP Award since 2019.

Eduard Keilholz is an Azure Architect at 4DotNet (Meppel, the Netherlands). He likes to help customers with their journey to the cloud and build highly performant, scalable cloud solutions. He enjoys lifting team members to a higher level as software engineers and as team members. His focus is on the Microsoft development stack, mainly C# and the Microsoft Azure Cloud. He also has a strong affinity for Angular.

Erwin Staal is an Azure Architect and DevOps Consultant at Xpirit (Hilversum, the Netherlands). He has more than 10 years of experience with both small and large organizations. He likes to immerse himself in the latest technologies. Currently he is working a lot with ASP.NET Core, Docker, and Kubernetes. As a DevOps Consultant, he helps companies with the implementation of DevOps and Continuous Delivery.

about the cover illustration

The figure on the cover of Azure Infrastructure as Code is “Ingrienne,” or “A Woman from the Ingria,” taken from a collection by Jacques Grasset de Saint-Sauveur, published in 1797. Each illustration is finely drawn and colored by hand.

In those days, it was easy to identify where people lived and what their trade or station in life was just by their dress. Manning celebrates the inventiveness and initiative of the computer business with book covers based on the rich diversity of regional culture centuries ago, brought back to life by pictures from collections such as this one.