Create and Manage Blueprints using Azure Portal

In previous post, we have defined what are Azure Blueprints and how they are important to deploy Azure Environments with a set of compliance and standards packaged together into a single definition. In this post, we are going to go through Blueprint lifecycle making use of Azure Portal. Like many resources within Azure, a blueprint in Azure Blueprints has a typical and natural lifecycle. They’re created, deployed, and finally deleted when no longer needed or relevant. Blueprints supports standard lifecycle operations. It then builds upon them to provide additional levels of status that support common continuous
integration and continuous deployment pipelines for organizations that manage their Infrastructure as Code – a key element in DevOps.

To fully understand a blueprint and the stages, we’ll cover a standard lifecycle:

  1. Creating and editing a blueprint
  2. Publishing the blueprint
  3. Creating and editing a new version of the blueprint
  4. Publishing a new version of the blueprint
  5. Deleting a specific version of the blueprint
  6. Deleting the blueprint

Create an Azure Blueprint

To create a blueprint, open Azure Portal, select All services from left pane and then search and select for ‘Blueprint’:

search and select blueprints from all services

After this, select Blueprint definitions from the page on the left and select the ‘+ Create blueprint’ button at the top of the page:

create new blueprint from blueprint definitions

Alternatively, you can select create from the Getting started page to go straight to creating a blueprint.

In the next page, you’ll need to select whether you want to start from blank blueprint or you want to start from one of the built-in Azure Blueprints:

select from built-in blueprints or start from blank one

In our case, we’ll start from a blank blueprint. This will open up a new pane asking for various details such as name, purpose of the blueprint, etc. Provide details as per your needs and then click on ‘Next : Artifacts’:

provide basic name and purpose for the blueprint

Definition box specifies where blueprint will be saved and it will be available for the subscriptions in the downward hierarchy. Note that the Blueprint name and Definition location fields can’t be changed later.

Add a role assignment at the subscription level

Select the ‘+ Add artifact’ row under Subscription:

select add artifact to add artifact

This will open a new window on the right side of the browser. Select Role assignment for Artifact type and add details:

add details for role assignment

We’ll leave the user details as empty. The checkbox indicates a dynamic parameter. After this, select add to add this artifact to the blueprint.

Add a policy assignment at the subscription level

Select the ‘+ Add artifact’ row under Subscription. Again, this will open up a window in the right side of the browser. Select Policy assignment for Artifact type. Here, we’ll use one of the built-in policies for now and select a tag based policy:

add azure policy to the blueprint

We’ll select policy ‘Require tag and its value on resource groups’ which checks for a specified tag on the resource groups. Select Add to add this artifact to the blueprint.

After this, edit parameters and add ‘ApplicationId’ as the required tag. Leave the value field unchecked.

Add a resource group at the subscription level

Select the ‘+ Add artifact’ row under Subscription. Select Resource group for Artifact type.

Leave the Artifact display name, Resource Group Name, and Location boxes blank, but make sure that the check box is checked for each parameter property to make them dynamic parameters. Select Add to add this artifact to the blueprint.

Add a template under the resource group

Select the ‘+ Add artifact’ row under the ResourceGroup entry. Select Azure Resource Manager template for Artifact type, set Artifact display name to ‘storage account’, and leave Description blank.

On the Template tab in the editor box, paste the following Resource Manager template:

After you paste the template, select the Parameters tab and note that the template parameters storageAccountType and location were detected. Each parameter was automatically detected and populated, but configured as a dynamic parameter. Select Add to add this artifact to the blueprint.

Complete Blueprint definition

Your completed blueprint should look similar to the following:

verify completed blueprint and select save draft

Now that all planned artifacts have been added, select Save Draft at the bottom of the page.

Edit a blueprint

From time to time, we’ll need to edit the Blueprint for meeting requirements. To edit blueprint, go to Blueprint definitions, click on the ellipsis next to the name of the blueprint you want to edit and select ‘Edit blueprint’:

edit blueprint to modify blueprint details

Do the required changes and click save draft at bottom of the page.

Publish a blueprint

Before we can start using blueprints, we need to publish the same. Publishing makes the blueprint available to be assigned to a subscription.

For this, Select Blueprint definitions from the page on the left. In the list of blueprints, right-click the one you previously created and select ‘Publish blueprint’:

edit blueprint to modify blueprint detailspublish blueprint to make it available

In the pane that opens, provide a Version (letters, numbers, and hyphens with a maximum length of 20 characters), such as 0.1.1:

publish blueprint

Select Publish at the bottom of the page.

Assign a blueprint

After a blueprint has been published, it can be assigned to a subscription. For this, select Blueprint definitions from the page on the left. In the list of blueprints, right-click the one that you previously created (or select the ellipsis) and select Assign blueprint:

publish blueprint to make it available

On the Assign blueprint page, in the Subscription drop-down list, select the subscriptions that you want to deploy this blueprint to. If blueprint is assigned at the subscription level, this field would become read-only.

For Assignment name, provide a unique name for this assignment and other details such as location. Leave the Blueprint definition version drop-down selection of Published versions on the 0.0.1 entry. (The default is the most recently published version.) For Lock Assignment, leave the default of Don’t Lock:

assign blueprint to subscription

Under Managed Identity, leave the default of System assigned.

Further down the form under the section titled ‘Artifact Parameters’, we’ll need to provide details for the parameters that we selected to be dynamic while creating blueprint:

asssign blueprint - provide details for the blueprint artifact parameters

Provide details as per the requirements. Once done, click Assign.

Track deployment of a blueprint

When a blueprint has been assigned to one or more subscriptions, two things happen:

  1. The blueprint is added to the Assigned blueprints page for each subscription.
  2. The process of deploying all the artifacts defined by the blueprint begins.

To verify the progress of the deployment, select Assigned blueprints from the page on the left. In the list of blueprints, right-click the one that you previously assigned and select View assignment details:

view assignment details for the blueprint assignment

On the Blueprint assignment page, validate that all artifacts were successfully deployed and that there were no errors during the deployment:

verify assignment is completed successfully

At this point, we can go to the subscription and verify the resources have been created successfully.

If errors occurred, see Troubleshooting blueprints for steps to determine what went wrong.

Unassign a blueprint

If the blueprint assignment is no longer needed, you can remove it from a subscription. When a blueprint is removed, the artifacts assigned as part of that blueprint are left behind.

To remove a blueprint assignment, select Assigned blueprints from the page on the left. In the list of blueprints, right-click the one that you previously assigned and select ‘Unassign blueprint’:

select unassign blueprint from the dropdown

Read the confirmation message and then select OK.

Delete a blueprint

To delete a blueprint, select Blueprint definitions from the page on the left.
Right-click the blueprint that you want to delete, and select Delete blueprint. Then select Yes in the confirmation dialog box.

Do note that deleting a blueprint also deletes all published versions of the selected blueprint. To delete a single version, open the blueprint, select the Published versions tab, select the version that you want to delete, and then select Delete This Version. Also, you can’t delete a blueprint until you’ve deleted all blueprint assignment of that blueprint definition.

Summary and Notes

In this post, we have learned how to manage lifecycle of blueprint using Azure Portal. For ones getting started with the blueprints, one should be using Azure Portal since using the graphical interface makes it easy. For organizations using Azure at scale, one can also converts blueprints into code and deploy them as well.

Further reading on Blueprint: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s