In previous post, we have defined what are Azure Blueprints and how they are important to deploy Azure Environments with a set of compliance and standards packaged together into a single definition. In this post, we are going to go through Blueprint lifecycle making use of Azure Portal. Like many resources within Azure, a blueprint in Azure Blueprints has a typical and natural lifecycle. They’re created, deployed, and finally deleted when no longer needed or relevant. Blueprints supports standard lifecycle operations. It then builds upon them to provide additional levels of status that support common continuous
integration and continuous deployment pipelines for organizations that manage their Infrastructure as Code – a key element in DevOps.
To fully understand a blueprint and the stages, we’ll cover a standard lifecycle:
- Creating and editing a blueprint
- Publishing the blueprint
- Creating and editing a new version of the blueprint
- Publishing a new version of the blueprint
- Deleting a specific version of the blueprint
- Deleting the blueprint
Create an Azure Blueprint
To create a blueprint, open Azure Portal, select All services from left pane and then search and select for ‘Blueprint’:
After this, select Blueprint definitions from the page on the left and select the ‘+ Create blueprint’ button at the top of the page:
Alternatively, you can select create from the Getting started page to go straight to creating a blueprint.
In the next page, you’ll need to select whether you want to start from blank blueprint or you want to start from one of the built-in Azure Blueprints:
In our case, we’ll start from a blank blueprint. This will open up a new pane asking for various details such as name, purpose of the blueprint, etc. Provide details as per your needs and then click on ‘Next : Artifacts’:
Definition box specifies where blueprint will be saved and it will be available for the subscriptions in the downward hierarchy. Note that the Blueprint name and Definition location fields can’t be changed later.
Add a role assignment at the subscription level
Select the ‘+ Add artifact’ row under Subscription:
This will open a new window on the right side of the browser. Select Role assignment for Artifact type and add details:
We’ll leave the user details as empty. The checkbox indicates a dynamic parameter. After this, select add to add this artifact to the blueprint.
Add a policy assignment at the subscription level
Select the ‘+ Add artifact’ row under Subscription. Again, this will open up a window in the right side of the browser. Select Policy assignment for Artifact type. Here, we’ll use one of the built-in policies for now and select a tag based policy:
We’ll select policy ‘Require tag and its value on resource groups’ which checks for a specified tag on the resource groups. Select Add to add this artifact to the blueprint.
After this, edit parameters and add ‘ApplicationId’ as the required tag. Leave the value field unchecked.
Add a resource group at the subscription level
Select the ‘+ Add artifact’ row under Subscription. Select Resource group for Artifact type.
Leave the Artifact display name, Resource Group Name, and Location boxes blank, but make sure that the check box is checked for each parameter property to make them dynamic parameters. Select Add to add this artifact to the blueprint.
Add a template under the resource group
Select the ‘+ Add artifact’ row under the ResourceGroup entry. Select Azure Resource Manager template for Artifact type, set Artifact display name to ‘storage account’, and leave Description blank.
On the Template tab in the editor box, paste the following Resource Manager template:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "storageAccountType": { | |
| "type": "string", | |
| "defaultValue": "Standard_LRS", | |
| "allowedValues": [ | |
| "Standard_LRS", | |
| "Standard_GRS", | |
| "Standard_ZRS", | |
| "Premium_LRS" | |
| ], | |
| "metadata": { | |
| "description": "Storage Account type" | |
| } | |
| }, | |
| "location": { | |
| "type": "string", | |
| "defaultValue": "[resourceGroup().location]", | |
| "metadata": { | |
| "description": "Location for all resources." | |
| } | |
| } | |
| }, | |
| "variables": { | |
| "storageAccountName": "[concat('store', uniquestring(resourceGroup().id))]" | |
| }, | |
| "resources": [{ | |
| "type": "Microsoft.Storage/storageAccounts", | |
| "name": "[variables('storageAccountName')]", | |
| "location": "[parameters('location')]", | |
| "apiVersion": "2018-07-01", | |
| "sku": { | |
| "name": "[parameters('storageAccountType')]" | |
| }, | |
| "kind": "StorageV2", | |
| "properties": {} | |
| }], | |
| "outputs": { | |
| "storageAccountName": { | |
| "type": "string", | |
| "value": "[variables('storageAccountName')]" | |
| } | |
| } | |
| } |
After you paste the template, select the Parameters tab and note that the template parameters storageAccountType and location were detected. Each parameter was automatically detected and populated, but configured as a dynamic parameter. Select Add to add this artifact to the blueprint.
Complete Blueprint definition
Your completed blueprint should look similar to the following:
Now that all planned artifacts have been added, select Save Draft at the bottom of the page.
Edit a blueprint
From time to time, we’ll need to edit the Blueprint for meeting requirements. To edit blueprint, go to Blueprint definitions, click on the ellipsis next to the name of the blueprint you want to edit and select ‘Edit blueprint’:
Do the required changes and click save draft at bottom of the page.
Publish a blueprint
Before we can start using blueprints, we need to publish the same. Publishing makes the blueprint available to be assigned to a subscription.
For this, Select Blueprint definitions from the page on the left. In the list of blueprints, right-click the one you previously created and select ‘Publish blueprint’:
In the pane that opens, provide a Version (letters, numbers, and hyphens with a maximum length of 20 characters), such as 0.1.1:
Select Publish at the bottom of the page.
Assign a blueprint
After a blueprint has been published, it can be assigned to a subscription. For this, select Blueprint definitions from the page on the left. In the list of blueprints, right-click the one that you previously created (or select the ellipsis) and select Assign blueprint:
On the Assign blueprint page, in the Subscription drop-down list, select the subscriptions that you want to deploy this blueprint to. If blueprint is assigned at the subscription level, this field would become read-only.
For Assignment name, provide a unique name for this assignment and other details such as location. Leave the Blueprint definition version drop-down selection of Published versions on the 0.0.1 entry. (The default is the most recently published version.) For Lock Assignment, leave the default of Don’t Lock:
Under Managed Identity, leave the default of System assigned.
Further down the form under the section titled ‘Artifact Parameters’, we’ll need to provide details for the parameters that we selected to be dynamic while creating blueprint:
Provide details as per the requirements. Once done, click Assign.
Track deployment of a blueprint
When a blueprint has been assigned to one or more subscriptions, two things happen:
- The blueprint is added to the Assigned blueprints page for each subscription.
- The process of deploying all the artifacts defined by the blueprint begins.
To verify the progress of the deployment, select Assigned blueprints from the page on the left. In the list of blueprints, right-click the one that you previously assigned and select View assignment details:
On the Blueprint assignment page, validate that all artifacts were successfully deployed and that there were no errors during the deployment:
At this point, we can go to the subscription and verify the resources have been created successfully.
If errors occurred, see Troubleshooting blueprints for steps to determine what went wrong.
Unassign a blueprint
If the blueprint assignment is no longer needed, you can remove it from a subscription. When a blueprint is removed, the artifacts assigned as part of that blueprint are left behind.
To remove a blueprint assignment, select Assigned blueprints from the page on the left. In the list of blueprints, right-click the one that you previously assigned and select ‘Unassign blueprint’:
Read the confirmation message and then select OK.
Delete a blueprint
To delete a blueprint, select Blueprint definitions from the page on the left.
Right-click the blueprint that you want to delete, and select Delete blueprint. Then select Yes in the confirmation dialog box.
Do note that deleting a blueprint also deletes all published versions of the selected blueprint. To delete a single version, open the blueprint, select the Published versions tab, select the version that you want to delete, and then select Delete This Version. Also, you can’t delete a blueprint until you’ve deleted all blueprint assignment of that blueprint definition.
Summary and Notes
In this post, we have learned how to manage lifecycle of blueprint using Azure Portal. For ones getting started with the blueprints, one should be using Azure Portal since using the graphical interface makes it easy. For organizations using Azure at scale, one can also converts blueprints into code and deploy them as well.
Further reading on Blueprint: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
mohitgoyal.co 