Infrastructure as Code
What is it?
Bicep is a domain-specific language (DSL) that uses a declarative syntax to deploy Azure resources. In a Bicep file, you define the infrastructure you want to deploy to Azure, and then use that file throughout the development lifecycle to repeatedly deploy your infrastructure.
Source: Bicep language for deploying Azure resources — Azure Resource Manager | Microsoft Docs
Microsoft offers greater and free training on how to implement and start using Azure Bicep. More can be found here: Discover Bicep on Microsoft Learn — Azure Resource Manager | Microsoft Docs
In this post, I’m just going to run through a simple walkthrough on how to use Azure Bicep using Powershell.
Pre-reqs
Before we begin, we will need to configure our setup. In this tutorial, we will use Powershell and Visual code, so it’s essential to install the following:
Bicep Extension: Open VS Code, click Extensions, search for Bicep; click install.
Powershell options: You can install the AZ CLI or the AZ Module. Powershell needs to be v5.6+
- AZ CLI: How to install the Azure CLI | Microsoft Docs
- AZ Module: Open Powershell and run: Install-Module -Name Az -Repository PSGallery -Force
If you have chosen the CLI route, you will need to run the following: Az bicep install
Bicep Templates
For this tutorial, we will use a basic example but should you need to customize or generate your own, the full repo can be found here: Azure resource reference — Bicep & ARM template reference | Microsoft Docs
For this example, I’ve already created my ResourceGroup:
Below is an example of IaC for a Storage Account:
Once you’ve created your template, load Powershell, or use the VS Code terminal.
First, you will need to authenticate: Connect-AzAccount
Once done, you can set your context (Subscription) and run the following:
New-AzResourceGroupDeployment -Name iacexample -ResourceGroupName biceptest -TemplateFile ./storageacc.bicep
As you can see, once the command has run, my storage account has been created.
This is a very basic and simple example of how Powershell can be used to create resources using Azure Bicep.
For enterprises, this may not be a solution as the premise is too basic. For Enterprises, you may move over to Azure DevOps to create Pipelines in order to build infrastructure. I will cover this in my next post.
I have briefly covered the Security aspects of IaC before Cloud Security: Infrastructure as Code
If you did want to continue with this simple method, definitely look to store them securing, and understand the parameters. For example, for Storage accounts there is a large number of properties that can be set: Microsoft.Storage/storageAccounts — Bicep & ARM template reference | Microsoft Docs
Blocking PublicAccess, and enabling encryption should be hard coded so that you only deploy “secure” resources. Should they need exceptions, running this manual with an exception process will help keep you in control. Deploying it in an unsecured manner and then fixing it could lead to misconfiguration.
If you like my content, please remember to clap and follow! 😁
If you have any requests or content you wish for me to cover, simply drop my an email at contact@xstag0.com! 🦌
Thank you!
amoran.io 
Leave a Reply