Skip to content

Infrastructure as Code Using Bicep

Infrastructure as Code (IaC) is a method of automating the process of provisioning infrastructure, enabling a more streamlined and efficient approach to managing cloud resources. With the rise of cloud technology, the need for a more agile and automated way to handle infrastructure has become paramount. That's where Bicep comes in. Bicep, a descriptive coding language designed specifically for Azure, is becoming a popular choice for IaC.

Alt text

Why You Should Consider Using IaC: Top Benefits

1. Increase Confidence in Your Deployments

By adopting IaC, you can:

  • Integration with Current Processes: Adopt standard software development practices for infrastructure deployments.
  • Consistency: Reduce human error, ensuring more reliable deployments.
  • Automated Scanning: Check for errors in code with automated tools.
  • Secret Management: Enhance security by integrating with tools like Azure Key Vault.
  • Access Control: Automate resource provisioning using managed identities or service accounts.
  • Avoid Configuration Drift: Achieve consistent results every time the code is run.

2. Manage Multiple Environments

With IaC, you can:

  • Provision New Environments: Dynamically and consistently provision new environments.
  • Non-production Environments: Reuse configurations between production and non-production with unique input parameters.
  • Disaster Recovery: Quickly recreate your environment in another region during a service outage.

3. Better Understand Your Cloud Resources

IaC helps you:

  • Audit Trail: Track changes with Git's version history.
  • Documentation: Add metadata and comments to describe code purpose.
  • Unified System: Gain insight into the relationship between apps and infrastructure.
  • Better Understanding of Cloud Infrastructure: Have complete control over all created resources.

Declarative Code Insight

With declarative code, you specify only the end configuration, focusing on what you want to achieve rather than how to achieve it.

Example Bicep Template for a Storage Account

Here's a Bicep template that configures a storage account:

resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
  name: 'mystorageaccount'
  location: 'eastus'
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
    supportsHttpsTrafficOnly: true
  }
}

This template defines the storage account details, specifying only what the storage account should look like, leaving Azure to decide the execution steps.

What is Bicep? A Closer Look

Bicep is a Resource Manager template language designed specifically to declaratively deploy Azure resources. As a domain-specific language, it's tailor-made for Azure deployment, offering several advantages.

Benefits of Bicep

  • Simpler Syntax: More accessible and easier to understand.
  • Modules: Encapsulate functionality with reusable code blocks.
  • Automatic Dependency Management: Handles dependencies between resources.
  • Type Validation and IntelliSense: Assists in code writing and validation.

A Practical Example: Azure Storage Account in Bicep

Here's a hands-on example of a Bicep template defining an Azure storage account:

// Define parameters: location and namePrefix
param location string = resourceGroup().location
param namePrefix string = 'storage'
// Generate a unique name
var storageAccountName = '${namePrefix}${uniqueString(resourceGroup().id)}'
// Specify the SKU
var storageAccountSku = 'Standard_RAGRS'
// Create the storage account resource
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
  name: storageAccountName
  location: location
  kind: 'StorageV2'
  sku: {
    name: storageAccountSku
  }
  properties: {
    accessTier: 'Hot'
    supportsHttpsTrafficOnly: true
  }
}
// Output the ID of the storage account
output storageAccountId string = storageAccount.id

Bicep Deployment: How It Works

Bicep templates are compiled into ARM templates and then deployed to Azure, with the conversion happening automatically during deployment.

Bicep Deployment Image Figure 1: Bicep deployment process.

You can deploy a Bicep template to the storage-resource-group using the Azure CLI:

az deployment group create \
  --template-file main.bicep \
  --resource-group storage-resource-group

To view the JSON template submitted to Resource Manager, use:

bicep build main.bicep

Comparing JSON to Bicep: A Visual Comparison

Comparison Image Figure 2: Comparison between JSON and Bicep.

Bicep's more concise and reader-friendly syntax, without complex expressions like in the JSON template, makes it a more attractive option for managing Azure resources.

When to Use Bicep: Making the Right Choice

Choosing the right tool for Infrastructure as Code (IaC) is essential. Bicep is a strong candidate for Azure but may not be suitable for all scenarios.

When Bicep is the Right Tool

  • Azure-native: Up-to-date with the latest Azure resources.
  • Azure Integration: Seamless integration with Azure services.
  • Azure Support: Full support from the Azure team.
  • No State Management: Simplifies the deployment process.
  • Easy Transition from JSON: Switching to Bicep is straightforward.

When Bicep Might Not Be the Right Tool

  • Existing Toolset: If you've already invested in another tool.
  • Multicloud Environments: Bicep is Azure-specific. Open-source tools like Terraform may be a better fit for multicloud deployments.


Building a Bicep Template: A Comprehensive Guide

Overview

Bicep provides an elegant solution for creating reusable templates to deploy Azure resources. Here's how you can leverage it:

1. Define Resources: Like a storage account, using the resource keyword.

resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  name: 'toylaunchstorage'
  location: 'westus3'
  sku: { name: 'Standard_LRS' }
  kind: 'StorageV2'
  properties: { accessTier: 'Hot' }
}

2. Manage Dependencies: Like creating an App Service plan before the App Service app.

// App Service Plan
resource appServicePlan 'Microsoft.Web/serverFarms@2022-03-01' = { /*...*/

 }
// App Service
resource appServiceApp 'Microsoft.Web/sites@2022-03-01' = {
  properties: { serverFarmId: appServicePlan.id }
}

3. Add Flexibility with Parameters and Variables: Use parameters for unique values, locations, and SKUs, and variables for reusable values.

param appServiceAppName string
var appServicePlanName = 'toy-product-launch-plan'

4. Expression Usage: Utilize expressions for dynamic values.

param storageAccountName string = 'toylaunch${uniqueString(resourceGroup().id)}'
var storageAccountSkuName = (environmentType == 'prod') ? 'Standard_GRS' : 'Standard_LRS'

5. Group Resources with Modules: Enhance reusability with Bicep modules.

6. Outputs: Send data back, such as the public IP address of a VM.

output appServiceAppName string = appServiceAppName
output ipFqdn string = publicIPAddress.properties.dnsSettings.fqdn

Building a Bicep template is a flexible and efficient way to manage Azure resources. Mastering Bicep not only enhances your skillset but also aligns you with the latest trends in Azure deployments.

If you're preparing for exams like AZ-104, you'll find that Bicep has become an increasingly significant portion of the content covered.

Conclusion

Infrastructure as Code using Bicep offers a powerful, flexible, and efficient way to manage your Azure resources. Understanding Bicep is an essential skill for modern cloud development.