When deploying a set of azure resources using Azure Resource Manager (ARM) templates in a single file can leave with a large json file that can be difficult to manage and maintain. To employ modularity and reuse, you can break out azure resources into its own ARM template and have an ARM template link or ‘call out’ to it like a typical programming functional call.
I will demonstrate a solution composed of Azure App Service, Azure SQL and Azure Key Vault and will deploy from a public Github repo.
The solution design:
The design of my set of ARM templates:
The Main template is calling out to associated linked templates passing in parameter values. Also, one can deploy those associated templates standalone and independently.
Linked ARM Template syntax
An example json snippet:
The main template has a set of resources (1) and each linked template is defined as a resource. In other words, as much as you deploy a storage account as a resource in the main template, to call out a linked template you define as a resource with the set of properties :
- Type (2): Deploying through a linked template is treated as a resource of type “Microsoft.Resources/deployments”
- Mode (3): The deployment mode as only ‘incremental’. Cannot be ‘complete’
- TemplateLink (4): The uri that is publicly accessible from the arm deployment. In this situation, it is a public non-secured URL to the github repo files. The other alternative is through an Azure storage account that is publicly accessible but secured through a Shared Access Signature (SAS). This would be the recommended approach for the enterprise. To learn more read Securing external template
- Parameters (5): the set of parameter values to pass to the linked arm template.
To deploy the ARM template in PowerShell.
1 2 3 4 5 6 7 8 9 10 11 12 13
$resourceGroupName = "rkfunctionapp-sql" New-AzResourceGroup -Name $resourceGroupName -Location "Canada Central" -Force # Just validates the json file from my github repo Test-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionapp-sql-main.json' -TemplateParameterUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionappsql.paramaters.json' New-AzResourceGroup -Name $resourceGroupName -Location "Canada Central" -Force # Deploy files from Github repo $resourceGroupDeployment = New-AzResourceGroupDeployment -Name $resourceGroupName'Deployment' -ResourceGroupName $resourceGroupName ` -TemplateUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionapp-sql-main.json' ` -TemplateParameterUri 'https://raw.githubusercontent.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault/master/azuredeploy-functionappsql.paramaters.json' ` -DeploymentDebugLogLevel All -Mode Complete -Force
Note the url of the ARM template json files in my github repo is a public and non-secured. The deployment execution is in the context of Azure Resource Manager so it is making a call out to the files and not via any user or service account.
You can find the full ARM template solution in my github repo https://github.com/RoyKimYYZ/azuredeploy-functionapp-sql-keyvault
For further background read the official Microsoft documentation
One thought on “Linked ARM Templates for a Multi Resource Azure Solution”
Pingback: Weekly Reading Notes #02 – AllAboutWindowsSL