Understanding Azure Blueprints

In this post, we would look at how Azure Blueprints lets you standardize cloud subscription or environment deployments. Instead of having to configure features like Azure Policy for each new subscription, with Azure Blueprints, you can define repeatable settings and policies that are applied as new subscriptions are created. Need a new test/dev environment? Azure Blueprints lets you deploy a new Test/Dev environment with security and compliance settings already configured. In this way, development teams can rapidly build and deploy new environments with the knowledge that they're building within organizational requirements.

Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

• Role Assignments

• Policy Assignments

• Azure Resource Manager templates (ARM templates)

• Resource Groups

  first, what are artifacts?

  Azure Artifacts is a service in Azure DevOps that enables developers to share their code efficiently and manage all their packages from one place¹. It manages the dependencies used in your codebase and provides easy tools to ensure the immutability and performance of those components². Developers can publish packages to their feeds and share them within the same team, across organizations, and even the public.

Each component in the blueprint definition is known as an artifact.

(A) Role assignments.

To assign Azure roles, you need to follow these steps¹²:

1. Determine who needs access.

2. Select the appropriate role. Permissions are grouped into a role definition.

3. Identify the needed scope. The scope is the set of resources that the access applies to.

4. Check your prerequisites.

5. Assign role.

Role assignments enable you to grant a principal (such as a user, a group, a managed identity, or a service principal) access to a specific Azure resource³.

(B) Policy assignments

Policy assignments are used by Azure Policy to define which resources are assigned to which policies or initiatives. The policy assignment can determine the values of parameters for that group of resources at assignment time, making it possible to reuse policy definitions that address the same resource properties with different compliance needs.

To Assign a policy

1. Go to the Azure portal to assign policies. ...

2. Select Assignments on the left side of the Azure Policy page. ...

3. Select Assign Policy from the top of the Policy - Assignments page.

4. On the Assign Policy page and Basics tab, select the Scope by selecting the ellipsis and selecting either a management group or subscription. ...

5. Resources can be excluded based on the Scope.

C) Azure Resource Manager templates (ARM templates)

An ARM template is a JSON (JavaScript Object Notation) script. This script includes the resource (s) that are being deployed to an Azure Resource Group.

ARM( Azure Resource Manager) Templates' features and benefits are as follow

• You don’t need to worry about the sequence of resource deployment using the ARM template. The resource manager will take care of the interdependent resources’ deployment.

• Whenever possible, the Resource Manager deploys resources parallel. That makes your deployment faster.

• You can deploy the template using a single command rather than executing a series of commands.

• You can break the template and create multiple modules and at the time of deployment, you can just interlink all of them. This way you can achieve reusability for the other deployments.

(D) Resource Groups

Resource Groups in Azure are containers that hold related resources for an Azure solution. They can be used to group a collection of assets that belong to an application or share a unified life cycle.

Resource Groups allow for easy or automatic provisioning, monitoring, access control and cost management of resources.

Azure provides four levels of management: management groups, subscriptions, resource groups, and resources. The following diagram shows the relationship between these levels.

Resource groups at the third hierarchy are logical containers where you can deploy and manage Azure resources like web apps, databases, and storage accounts.

That's it, folks. I hope you find this article helpful.