Introduction

Welcome to Azure Bicep workshop.

Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. In a Bicep file, you define the infrastructure you want to deploy to Azure, and then use that file throughout the development lifecycle to repeatedly deploy your infrastructure. Your resources are deployed in a consistent manner.

We are going to deploy a full stack application to Azure in multiple environments reusing Bicep templates.

Learning objectives:

• Infrastructure-as-Code 101
• ARM and Bicep
• Full stack app
• Authoring, best practices
• DevOps

Prerequisites:

• Fundamental cloud computing knowledge about Microsoft Azure
• Azure subscription (if you don't have, check how to get started)
• Visual Studio Code (VSC) with Bicep extension
• Azure CLI version 2.35 (or above), check how install
• You can also install Bicep CLI manually as described here, but Azure CLI should be able to do this once you execute command that needs Bicep transpiler

Prerequisites checks:

We recommend to follow this workshop using Linux or MacOS terminal, for Windows users it's best to install WSL. Open up your VSC and using terminal window check the following:

# 1. Check version of the Azure CLI
az --version

# 2. Login to Azure Portal
az login

# 3. Create a resource group
az create group -g azure-bicep-worshop-rg -l westeurope

# 4. List resource groups (table output)
az group list -o table

# 5. Delete a resource group
az delete group -g azure-bicep-worshop-rg

Selecting location for the resources you need to keep in mind two things: latency (this website helps to measure it) and products available by region.

Make sure all 5 steps from the above give no errors. If you have access to multiple Azure tenants and subscriptions, double check your workspace and set proper subscription so you won't get any surprises:

# 1. List subscriptions (table output)
az account list -o table

# 2. Set an account (should be marked "True" in "IsDefault")
az account set -is <SubscriptionId>

Repository

Make sure that you have GitHub account! If you don't please follow this link to create one. It should take less than a minutes to register.

Once you have account you need this content. The easiest way to work with it is to fork this repo.

Forked repository can be cloned to your local machine for further changes. You can also propose pull request to the origin repo 🙏

Workshop

We are going to deploy an infrastructure in Azure for full stack application using Bicep:

You can follow the workshop by checking the following links:

0. Getting started with Bicep
1. RBAC as code
2. Policy as code
3. Secrets
4. Prepare database
5. Server side
6. Client with vue.js
7. DevOps
8. Clean up

Repo structure (pretty much self-explanatory)

.
├── Labs
│   ├── 1-rbac
│   ├── 2-policies
│   ├── 3-keyvault
│   ├── 4-full-stack
│   ├── 5-server
│   ├── 6-client
│   ├── db
│   ├── modules
│   └── postman
├── README.md <========= this file
└── Workshop
    ├── 0-Getting-started-with-Bicep.md
    ├── 1-RBAC-as-code.md
    ├── 2-Policy-as-code.md
    ├── 3-Secrets.md
    ├── 4-Prepare-database.md
    ├── 5-Server-side.md
    ├── 6-Client-with-vuejs.md
    ├── 7-DevOps.md
    └── 8-Clean-up.md

You can also follow this workshop by watching two videos:

• Bicep Fundamentals
• Deploy a full stack application to Azure using Bicep templates

Shortcut

In case you can't wait and want to deploy everything in one go, proceed with template.

templates
├── main.bicep
├── main.init.bicep
├── modules
│   ├── acr.bicep
│   ├── keyvault.bicep
│   ├── postgres.bicep
│   ├── staticsite.bicep
│   └── webapp.bicep
├── parameters.gh.json
└── parameters.init.gh.json

1. Generate using az-cli Service Principal: az ad sp create-for-rbac --name AzureBicepWorkshop --role Owner --scopes / and add AZURE_CREDENTIALS variable using this doc
2. Add remaining environment variables (secrets) in your project as described here
3. Make changes in parameters.gh.json and parameters.init.gh.json
4. Commit and push changes, GH workload should pickup several pipelines!

Author

Hi there 👋

I’m Evgeny Rudinsky, an Cloud Architect based in The Netherlands and author of this workshop. These days most of my work I do with Microsoft Azure and I’m certified Azure Solution Architect Expert, DevOps Engineer Expert, Azure Security Engineer, Azure Administrator Associate, Azure Developer Associate and Identity and Access Administrator Associate.

Follow me on @evgenyrudinsky and check my blog if interested in DevOps, cloud native and application security.

Good luck! 🍀