Linked ARM Templates for a Multi Resource Azure Solution

When deploying a set of azure resources using Azure Resource Manager (ARM) templates in a single file can leave with a large json file that can be difficult to manage and maintain. To employ modularity and reuse, you can break out azure resources into its own ARM template and have an ARM template link or ‘call out’ to it like a typical programming functional call.

I will demonstrate a solution composed of Azure App Service, Azure SQL and Azure Key Vault and will deploy from a public Github repo.

The solution design:

The design of my set of ARM templates:

The Main template is calling out to associated linked templates passing in parameter values. Also, one can deploy those associated templates standalone and independently.

Linked ARM Template syntax

An example json snippet:

The main template has a set of resources (1) and each linked template is defined as a resource. In other words, as much as you deploy a storage account as a resource in the main template, to call out a linked template you define as a resource with the set of properties :

  • Type (2): Deploying through a linked template is treated as a resource of type “Microsoft.Resources/deployments”
  • Mode (3): The deployment mode as only ‘incremental’. Cannot be ‘complete’
  • TemplateLink (4): The uri that is publicly accessible from the arm deployment. In this situation, it is a public non-secured URL to the github repo files. The other alternative is through an Azure storage account that is publicly accessible but secured through a Shared Access Signature (SAS). This would be the recommended approach for the enterprise. To learn more read Securing external template
  • Parameters (5): the set of parameter values to pass to the linked arm template.

To deploy the ARM template in PowerShell.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
$resourceGroupName = "rkfunctionapp-sql"
New-AzResourceGroup -Name $resourceGroupName -Location "Canada Central" -Force 

# Just validates the json file from my github repo
Test-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionapp-sql-main.json' -TemplateParameterUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionappsql.paramaters.json'

New-AzResourceGroup -Name $resourceGroupName -Location "Canada Central" -Force 

# Deploy files from Github repo
$resourceGroupDeployment = New-AzResourceGroupDeployment -Name $resourceGroupName'Deployment' -ResourceGroupName $resourceGroupName `
-TemplateUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionapp-sql-main.json' `
-TemplateParameterUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionappsql.paramaters.json' `
-DeploymentDebugLogLevel All -Mode Complete -Force

Note the url of the ARM template json files in my github repo is a public and non-secured. The deployment execution is in the context of Azure Resource Manager so it is making a call out to the files and not via any user or service account.

You can find the full ARM template solution in my github repo https://github.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault

For further background read the official Microsoft documentation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s