Skip to content

The library Module usage

CARMLPipelinePrincipal edited this page May 10, 2023 · 11 revisions

This section provides a guideline on how to use the CARML Bicep modules.


Navigation


Deploy template

This section shows you how to deploy a Bicep template.

PowerShell

This sub-section gives you an example on how to deploy a template from your local drive (file) or a publicly available remote location (URI).

Resource Group scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'resourceGroup' or empty (as default)
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"

Using parameter file

New-AzResourceGroup -Name 'ExampleGroup' -Location "Central US"

$inputObject = @{
  DeploymentName        = 'ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
  ResourceGroupName     = 'ExampleGroup'
  TemplateParameterFile = 'parameters.json'
  # Using a local reference
  TemplateFile          = "$home\ResourceModules\modules\KeyVault\vault\main.bicep"
  # Using a remote reference
  # TemplateUri         = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/KeyVault/vaults/main.bicep'
}
New-AzResourceGroupDeployment @inputObject

For more information, please refer to the official Microsoft docs.

Subscription scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'subscription'
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#"
$inputObject = @{
  DeploymentName        = 'ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
  TemplateParameterFile = 'parameters.json'
  Location              = 'EastUS2'
  # Using a local reference
  TemplateFile          = "$home\ResourceModules\modules\Resources\resourceGroups\main.bicep"
  # Using a remote reference
  # TemplateUri         = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Resources/resourceGroups/main.bicep'
}
New-AzDeployment @inputObject

For more information, please refer to the official Microsoft docs.

Management group scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'managementGroup'
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2018-05-01/managementGroupDeploymentTemplate.json#"
$inputObject = @{
  DeploymentName        = 'ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
  ManagementGroupId     = 'myManagementGroup'
  Location              = 'EastUS2'
  TemplateParameterFile = 'parameters.json'
  # Using a local reference
  TemplateFile          = "$home\ResourceModules\modules\Authorization\policyAssignments\managementGroup\main.bicep"
  # Using a remote reference
  # TemplateUri         = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Authorization/policyAssignments/managementGroup/main.bicep'
}
New-AzManagementGroupDeployment @inputObject

For more information, please refer to the official Microsoft docs.

Tenant scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'tenant'
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
$inputObject = @{
  DeploymentName        = 'ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
  TemplateParameterFile = 'parameters.json'
  Location              = 'EastUS2'
  # Using a local reference
  TemplateFile          = "$home\ResourceModules\modules\Subscription\aliases\main.bicep"
  # Using a remote reference
  # TemplateUri         = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Subscription/aliases/main.bicep'
}
New-AzTenantDeployment @inputObject

For more information, please refer to the official Microsoft docs.

Azure CLI

Resource Group scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'resourceGroup' or empty (as default)
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"
az group create --name 'ExampleGroup' --location "Central US"
$inputObject = @(
  '--name',           ('ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])),
  '--resource-group', 'ExampleGroup',
  '--parameters',     '@parameters.json',
  # Using a local reference
  '--template-file',  "$home\ResourceModules\modules\Storage\storageAccounts\main.bicep",
  # Using a remote reference
  # '--template-uri',   'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Storage/storageAccounts/main.bicep'
)
az deployment group create @inputObject

For more information, please refer to the official Microsoft docs.

Subscription scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'subscription'
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#"
$inputObject = @(
  '--name',           ('ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])),
  '--parameters',     '@parameters.json',
  '--location',       'EastUS2',
  # Using a local reference
  '--template-file',  "$home\ResourceModules\modules\Resources\resourceGroups\main.bicep"
  # Using a remote reference
  # '--template-uri',  'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Resources/resourceGroups/main.bicep'
)
az deployment sub create @inputObject

For more information, please refer to the official Microsoft docs.

Management group scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'managementGroup'
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2018-05-01/managementGroupDeploymentTemplate.json#"
$inputObject = @(
  '--name',                ('ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])),
  '--parameters',          '@parameters.json',
  '--location',            'EastUS2',
  '--management-group-id', 'myManagementGroup',
  # Using a local reference
  '--template-file',       "$home\ResourceModules\modules\Authorization\policyAssignments\managementGroup\main.bicep"
  # Using a remote reference
  # '--template-uri',      'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Authorization/policyAssignments/managementGroup/main.bicep'
)
az deployment mg create @inputObject

For more information, please refer to the official Microsoft docs.

Tenant scope

To be used if the targeted scope in the first line of the template is:

  • Bicep: targetScope = 'tenant'
  • ARM: "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
$inputObject = @(
  '--name',           ('ExampleDeployment-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])),
  '--parameters',     '@parameters.json',
  '--location',       'EastUS2',
  # Using a local reference
  '--template-file',  "$home\ResourceModules\modules\Subscription\aliases\main.bicep"
  # Using a remote reference
  # '--template-uri',  'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Subscription/aliases/main.bicep'
)
az deployment tenant create @inputObject

For more information, please refer to the official Microsoft docs.

As nested deployment

You can also reference modules in another template using the below syntax. To deploy this 'orchestration template' you can again use the commands described above. You can also find further information in the 'Template Orchestration' section of Solution Creation site.

// Using local reference
module testDeployment 'ResourceModules/modules/KeyVaults/vaults/main.bicep' = {
  scope: resourceGroup
  name: '${uniqueString(deployment().name)}-example'
  params: { ... }
}

// Using Template-Specs reference (with configuration file)
module testDeployment 'ts/modules:keyvaults.vaults:1.0.0' = {
  scope: resourceGroup
  name: '${uniqueString(deployment().name)}-example'
  params: { ... }
}

// Using Bicep reference
module testDeployment 'br:<registry-name>.azurecr.io/bicep/modules/keyvaults.vaults:1.0.0' = {
  scope: resourceGroup
  name: '${uniqueString(deployment().name)}-example'
  params: { ... }
}

Orchestrate deployment

If you're interested on how to build a solution from the modules, please refer to the corresponding 'Solution creation' section.

Clone this wiki locally