DevOps: Microsoft Azure Bicep And Powershell

Infrastructure as Code

What is it?

Bicep is a domain-specific language (DSL) that uses a declarative syntax to deploy Azure resources. In a Bicep file, you define the infrastructure you want to deploy to Azure, and then use that file throughout the development lifecycle to repeatedly deploy your infrastructure.

Source: Bicep language for deploying Azure resources — Azure Resource Manager | Microsoft Docs

Microsoft offers greater and free training on how to implement and start using Azure Bicep. More can be found here: Discover Bicep on Microsoft Learn — Azure Resource Manager | Microsoft Docs

In this post, I’m just going to run through a simple walkthrough on how to use Azure Bicep using Powershell.


Before we begin, we will need to configure our setup. In this tutorial, we will use Powershell and Visual code, so it’s essential to install the following:

Bicep Extension: Open VS Code, click Extensions, search for Bicep; click install.

Powershell options: You can install the AZ CLI or the AZ Module. Powershell needs to be v5.6+

If you have chosen the CLI route, you will need to run the following: Az bicep install

Bicep Templates

For this tutorial, we will use a basic example but should you need to customize or generate your own, the full repo can be found here: Azure resource reference — Bicep & ARM template reference | Microsoft Docs

For this example, I’ve already created my ResourceGroup:

Below is an example of IaC for a Storage Account:

Once you’ve created your template, load Powershell, or use the VS Code terminal.

First, you will need to authenticate: Connect-AzAccount

Once done, you can set your context (Subscription) and run the following:
New-AzResourceGroupDeployment -Name iacexample -ResourceGroupName biceptest -TemplateFile ./storageacc.bicep

As you can see, once the command has run, my storage account has been created.

This is a very basic and simple example of how Powershell can be used to create resources using Azure Bicep.

For enterprises, this may not be a solution as the premise is too basic. For Enterprises, you may move over to Azure DevOps to create Pipelines in order to build infrastructure. I will cover this in my next post.

I have briefly covered the Security aspects of IaC before Cloud Security: Infrastructure as Code

If you did want to continue with this simple method, definitely look to store them securing, and understand the parameters. For example, for Storage accounts there is a large number of properties that can be set: Microsoft.Storage/storageAccounts — Bicep & ARM template reference | Microsoft Docs

Blocking PublicAccess, and enabling encryption should be hard coded so that you only deploy “secure” resources. Should they need exceptions, running this manual with an exception process will help keep you in control. Deploying it in an unsecured manner and then fixing it could lead to misconfiguration.

If you like my content, please remember to clap and follow! 😁
If you have any requests or content you wish for me to cover, simply drop my an email at! 🦌

Thank you!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

%d bloggers like this: