index

A

AAD (Azure Active Directory) 327

role-based access control 78

tenant 69

actions, in GitHub 191

aliases 295

@allowed() decorator 158

allowedValues property 45, 289

Amazon Web Service (AWS) CloudFormation 14

and() function 63

apiVersion property 22, 37, 131

Append effect 80, 279, 294295, 301302

APPINSIGHTS_INSTRUMENTATIONKEY setting 62

approvals 169

ARM (Azure Resource Manager) 1114

Bicep language 13

control plane and data plane 1112

template deployment 6688

clean-up phase 8285

execution phase 7582

overview of process 6768

submitting 6874

troubleshooting deployments 87

validation phase 8586

with Azure DevOps 155187

with GitHub Actions 188200

templates, basics of 1213

template sharing

deploying templates in packages 259

publishing templates as packages 256259

template simplification 129154

benefits of Bicep 130134

improvements with Bicep 138145

modules 145147

syntax differences 134138

template specs

deploying 248253

from multiple templates 245

template testing 201233

end-to-end tests 222229

integration tests 218222

Pester in CI/CD 229232

static analysis and validation 203216

unit tests 216218

template writing 1865

advanced 89128

conditionally deploying resources 109112

creating multiple resources with loops 112118

deploying 2527

deploying resources in order 107109

deployment scripts 118125

finding examples 28

functions 6465

JSON files 1920

linked templates 102106

monitoring deployments 27

nested templates 9099

outputs 5354

parameters 4950

resources 3839

reverse engineering templates 125127

structuring solutions 99101

variables 5152

visualizing 2931

VS Code 2025

ARM TTK (ARM template test toolkit) 208212

installing 209

running 209210

using in Azure DevOps 211212

array parameter 114

array variable 250

ASM (Azure Service Management) 1314

Audit effect 80, 279, 294297

AuditIfNotExists effect 80, 279, 286, 294, 297298

automation 9

build and release pipelines 163173

configuring DevOps to run pipeline 171173

creating service connections 167171

creating tasks 165166

grouping tasks in jobs 166167

triggers 164165

environment reproducibility 9

guaranteed outcomes 9

AWS (Amazon Web Service) CloudFormation 14

az account list command 71

az account set --subscription 71

az bicep build command 193

az deployment command 71

az deployment group create command 71, 247

az deployment group show command 53

az deployment mg create command 96

az deployment sub command 321

az deployment sub create command 306

az login command 70

az ts list command 242

az ts show command 246

Azure Active Directory. See AAD (Azure Active Directory)

Azure Blueprints 272273

Azure CLI 7071

generating service principals using 194195

template testing 207208

Azure Cloud environment

building foundation 317324

assigning policy initiative 319321

creating management subscription 321

creating workload subscriptions 322324

management group layout 317319

connecting from GitHub workflows 194

high-available microservice architecture 327335

networking with Bicep 332333

resources organized in resource groups 329331

use existing keyword to set access to key vault 333335

subscription level deployments 324327

configuring budgets 324325

configuring Microsoft Defender for Cloud 325326

creating resource groups and providing access 327

Azure DevOps 56, 155187

automated build and release pipelines 163173

configuring Azure DevOps to run pipeline 171173

creating service connections 167171

creating tasks 165166

grouping tasks in jobs 166167

triggers 164165

creating Bicep files 157161

describing App Service 159

describing App Service plan 157159

finalizing template 160161

logical phases 173178

accessing artifacts from different jobs 175

deploying template from pipeline artifact 176178

identifying 173174

transpiling Bicep in pipeline stage 175176

real-world example pipeline 182187

storing templates in source control 162163

Toma Toe Pizzas example 156157

Traffic Manager 178182

using ARM TTK in 211212

Azure Login action 197

Azure Policy 7980, 275315

assignment 280284

assignment scope 281284

definition location 281

built-in policies and initiatives 284286

creating initiatives 304308

custom policies 287294

creating 287290

testing 290294

different effects 294303

Append effect 294295

Audit effect 295297

AuditIfNotExists effect 297298

DeployIfNotExists effect 298301

disabled effect 301

Modify effect 301303

initiatives or policy sets 280

policy definitions 278279

reviewing compliance status 308313

creating exemptions 311313

remediating noncompliant resources 310

Azure Resource Manager. See ARM (Azure Resource Manager)

AzureResourceManagerTemplateDeployment task 166

Azure Service Management 1314

azure variable 74

B

Bash task 165

@batchSize annotation 137

batchSize property 113

Bicep 129154

basics of 13

benefits of 130134

creating Bicep files 157161

describing App Service 159

describing App Service plan 157159

finalizing template 160161

decompiling 133134

deploying 132

improvements 138145

comments 143144

dependency management 141

no mandatory grouping 142143

referencing existing resources 141

referencing resources, parameters, and variables 138139

string interpolation 141142

using contents of other files 144145

using references in variables and outputs 139140

large example 147154

modules 145147

debugging deployments 146147

deploying to another scope 146

syntax differences 134138

conditions 135136

known limitations 138

loops 136138

outputs 135

parameters 134

targeting different scopes 138

variables 135

transpiling 132133

bicep build command 175

bicep command 132

boolean data type 19

bool type 40

built-in role definitions 77

C

CanNotDelete lock 8182

checks, approvals and 169

child resources 3839

CI/CD (continuous integration/continuous deployment) 74, 163

linked templates 104106

Pester in 229232

clean-up phase of template deployment 8285

combining modes 8485

Complete deployment mode 8384

Incremental deployment mode 83

code completion 205

comments, in Bicep 143144

Complete deployment mode 8284, 86, 94

composing templates 100

concat(...) function 142

concat() function 44, 153

condition property 136, 303

conditions, in Bicep 135136

configuration drift, preventing 78

Configure() function 228

contains() function 55

contentVersion property 21

Context keyword 213

control plane 1112

copy element 112114

using on output 116117

using on properties 115116

using on variables 114115

copyIndex() function 113114

create keyword 86

csmFile parameter 106

custom role definitions 77

D

DataActions property 77

data plane 1112

declarative approach 910

decompile command 133

decompiling 133134

DefaultPolicy 253

default templates 238

defaultValue property 40, 42

delegations section 225

demofunction.capitalize() function 65

denyAnySqlServerAccessFromInternet policy 291

Deny effect 80, 279, 294

Deny policy 287

dependency management 141

dependsOn element 107109, 117118

dependsOn property 141, 167

deployAvailabilitySet variable 63

DeployIfNotExists effect 80, 279, 294, 298301, 303, 306, 310

deployment mode 67

deployment property 300

deployment scope 67, 69

DeploymentScriptOutputs object 123

deploymentScript resource 118, 120, 123124

deployment scripts 118125

deploymentScripts resource 120

deployment stacks for grouping resources 263274

future of 274

grouping resources by lifetime 264270

complete deployment mode 266267

creating deployment stacks 268269

removing deployment stacks 270

solution 267268

updating deployment stacks 269270

provisioning resources, but disallowing updates 271273

DeployWestEu stage 173

Describe keyword 213

--description parameter 242

description property 4546

details array 295

details property 300

Disabled effect 279, 285, 294301

disabled effect 301

displayName property 165, 319

dotnet publish command 229

E

Elasticity 4

enableDefenderFor array 326

enabledForTemplateDeployment property 50

enabled property 111

endpoints array 180

end-to-end tests 222229

environment input parameter 197

environmentName parameter 158

environmentName variable 186

env parameter 153

equals() function 63

evaluationDetails array 293

evaluationResult property 293

evaluation scope 9698

events 190

exampleQueue queue 269270

execution phase of template deployment 7582

Azure Policy 7980

resource locks 8182

resource provisioning 82

role-based access control 7679

AAD roles and 78

creating and deploying role assignment using templates 7879

role 77

scope 76

security principal 76

existing keyword 141, 334

expiresOn property 313

explicit deployment ordering 107109

expressionEvaluationOptions property 96

expressions 5456

F

feedsToUsePublish option 257

field property 295, 303

forceUpdateTag property 121

forking repositories 189190

Foundation management group 318, 321

FQDN (fully qualified domain name) 52

FromServicePrincipal method 73

functions 6465

built-in functions 5663

logical functions 6263

scope functions 5762

expressions 5456

user-defined functions 6465

G

gateway subnet 332333

GitHub Actions 188200

actions 191

deploying ARM templates 195199

deployment phase 193195

connecting to Azure from workflow 194

generating service principal using Azure CLI 194195

forking repositories 189190

jobs 191

runners 191

steps 191

workflow events 190

workflows

adding jobs to workflows 192193

building 191193

Google Cloud Deployment Manager 1415

governing subscriptions 275315

assignment 280284

assignment scope 281284

definition location 281

built-in policies and initiatives 284286

creating initiatives 304308

custom policies 287294

creating 287290

testing 290294

different effects 294303

Append effect 294295

Audit effect 295297

AuditIfNotExists effect 297298

DeployIfNotExists effect 298301

disabled effect 301

Modify effect 301303

initiatives or policy sets 280

policy definitions 278279

reviewing compliance status 308313

creating exemptions 311313

remediating noncompliant resources 310

greater() function 114

groupId property 123

group keyword 71

GUIs (graphical user interfaces) 4

H

HCL (HashiCorp Configuration Language) 15

--help parameter 71

high-available microservice architecture 327335

networking with Bicep 332333

resources organized in resource groups 329331

use existing keyword to set access to key vault 333335

hub 271

human-readable formats 1011

auditable 11

reviewable 11

version controllable 11

I

IaC (Infrastructure as Code) 317

AWS CloudFormation 14

Azure Resource Manager 1114

Azure Service Management 1314

Bicep language 13

control plane and data plane 1112

templates 1213

benefits of 811

automation 9

declarative approach 910

human-readable format 1011

choosing between cloud-specific and multi-cloud solutions 16

Google Cloud Deployment Manager 1415

Pulumi 16

template deployment 246

Terraform 15

working with 48

Azure DevOps 56

preventing configuration drift 78

id property 135, 139

if() function 63, 111

if clause 136

if condition 294

if statement 224, 279, 298

Implementing Azure DevOps Solutions (Been, van der Gaag) 163

implicit deployment ordering 109

Incremental deployment mode 8284

initiative resource 277

inline parameters 4647

InstrumentationKey property 62

integration subnet 332333

integration tests 218222

IntelliSense 205

internal platform team 317

int resource group 329

int type 40

Invoke-Pester cmdlet 231

ipRules property 295

ipSecurityRestrictions array 224

IsCustom property 77

isCustom property 78

It keyword 213

J

jobs

accessing artifacts from different jobs 175

adding jobs to workflows 192193

basics of 191

grouping tasks in jobs 166167

jobs property 167

json() function 5556, 63

JSON files

installing extension in VS Code 20

template writing 1920

JSON view 127

K

key1 property 58

key2 property 58

key vault

fetching parameters from 4850

use existing keyword to set access to 333335

L

length(...) function 137138

length() function 113114

linkedTemplate resource type 102

linked templates 102106

CI/CD 104106

relative paths 106

URIs 103106

list() function 64

listKeys(...) function 139

listKeys() function 58

loadFileAsBase64(...) function 144

loadTextcontent(...) function 144

loadTextContent(filePath, [encoding]) function 144

locationAbbreviation parameter 158

location property 3637, 42, 55

logical functions 6263

logical phases 173178

accessing artifacts from different jobs 175

deploying template from pipeline artifact 176178

identifying 173174

transpiling Bicep in pipeline stage 175176

logs property 323

Logs resource group 321

loops

creating multiple resources with 112118

using copy element on output 116117

using copy element on properties 115116

using copy element on variables 114115

waiting for loop to finish 117118

in Bicep 136138

M

main template 90

managementGroup(...) function 146

management groups

nested templates on 9496

submitting deployments 69

managementGroup scope 320

Management subscription 321

maxLength parameter property 134

maxValue parameter property 134

minLength parameter property 134

minValue parameter property 134

-Mode Complete parameter 82

mode property 288

Modify effect 80, 279, 294, 301303, 306, 310

modularizing templates 102106

relative path 106

URI 103106

modules, Bicep 145147

debugging deployments 146147

deploying to another scope 146

N

name property 22, 4344, 59, 65, 111, 114, 131

nested templates

deploying to multiple scopes 9099

evaluation scope 9698

nested templates on management group 9496

outputs 99

net resource group 329

not() function 63

null data type 19

O

object type 45

or() function 63

outputs 5254

applying conditions to 112

deploying nested templates to multiple scopes 99

in Bicep

basics of 135

using references in 139140

template writing 5254

using copy element on 116117

outputs property 123, 253

P

package managers

pros and cons of 262

sharing templates 255260

deploying ARM templates in packages 259

publishing ARM templates as packages 256259

parameters 4650

in Bicep

basics of 134

referencing 138139

limiting and describing values 4546

specifying values 4750

fetching from key vault 4850

inline parameters 4647

specifying values in parameter file 4748

types 4345

array type 4243

object type 4345

parameters() function 41, 52, 5455, 142

parameters array 64

--parameters switch 306

parent property 319

permissions array 78

Pester

custom tests using 212216

in CI/CD 229232

pipeline artifact 174

policies

built-in 284286

custom 287294

creating 287290

testing 290294

definitions 278279

policy sets 280

policy assignment resource 277

policy definition 277

PowerShell 7273, 207208

Pulumi 16

Q

queryString property 103104

R

range(...) function 137

RBAC (role-based access control) 7679

AAD roles and 78

creating and deploying role assignment using templates 7879

roles 77

scope 76

security principals 76

ReadOnly lock 81

reference() function 52, 54, 60, 62, 64, 94, 117, 135, 139141, 253

relativePath property 106, 244245

required-properties autocompletion function 204

required-properties option 204

Resource Explorer 126127

resourceGroup() function 42, 55, 57, 96, 132, 146

resource groups 6970

creating and providing access 327

deployment stacks for 263274

future of 274

grouping resources by lifetime 264270

provisioning resources, but disallowing updates 271273

resources organized in 329331

resource group scope 146

resource group template 12

resourceId() function 58, 62, 64, 108, 112, 139, 150, 219

resource locks 8182

resource provisioning 82

resources 3839

child resources 3839

conditional deployment 109112

applying conditions to output 112

creating multiple with loops 112118

using copy element on output 116117

using copy element on properties 115116

using copy element on variables 114115

waiting for loop to finish 117118

deploying in order 107109

explicit deployment ordering 107109

implicit deployment ordering 109

grouping, deployment stacks for 263274

in Bicep

referencing 138139

referencing existing 141

organized in resource groups 329331

reverse engineering templates for new resources 127

resources array 3839

resource templates 100

resource type 19

resourceType property 131

reverse engineering templates 125127

exporting templates 125126

JSON view 127

new resources 127

Resource Explorer 126127

roleDefinitionId property 60, 79, 94, 303

rootManagement group 96

runners, in GitHub 191

S

SAS (shared access signature) token 103

$schema object 21

scope

choosing scope for submitting deployments 6870

deploying Bicep modules to another scope 146

deploying nested templates to multiple scopes 9099

evaluation scope 9698

nested templates on management group 9496

outputs 99

role-based access control 76

scope functions 5762

targeting different scopes in Bicep 138

scope functions 5762

--scope parameter 290

scope property 79, 81, 9697, 327

SDKs (software development kits) 7374

secretName parameter 59

secureObject type 45

secureString type 41, 45, 49, 118

secureValue environment variable option 122

serial mode 113

service connections, creating 167171

shared access signature (SAS) token 103

software development kits (SDKs) 7374

spokes 271

steps, in GitHub 191

steps property 165167, 176, 193

string data type 19

string interpolation 141142

string parameter 4445

string type 4041, 45, 52, 135, 176

subscription() function 57, 63, 9697, 146

subscriptionId parameter 186

subscriptionId property 9697

subscription level 221

subscriptions 69

creating management subscription 321

creating workload subscriptions 322324

governing using Azure Policy 275315

assignment 280284

built-in policies and initiatives 284286

creating initiatives 304308

custom policies 287294

different effects 294303

initiatives or policy sets 280

policy definitions 278279

reviewing compliance status 308313

subscription level deployments 324327

configuring budgets 324325

configuring Microsoft Defender for Cloud 325326

creating resource groups and providing access 327

subscription scope 146, 329

subscription templates 12

T

tags 205, 254

targetScope declaration 138

tasks

creating 165166

grouping in jobs 166167

template: loadTextContent() function 300

templateBasePath variable 152153

template deployment 6688

clean-up phase 8285

combining deployment modes 8485

Complete deployment mode 8384

Incremental deployment mode 83

execution phase 7582

Azure Policy 7980

resource locks 8182

resource provisioning 82

role-based access control 7679

overview of process 6768

submitting 6874

choosing scope 6870

tools for 7074

troubleshooting deployments 87

validation phase 8586

what-if deployments 8687

template deployment, with Azure DevOps 155187

automated build and release pipelines 163173

configuring Azure DevOps to run pipeline 171173

creating service connections 167171

creating tasks 165166

grouping tasks in jobs 166167

triggers 164165

creating Bicep files 157161

describing App Service 159

describing App Service plan 157159

finalizing template 160161

logical phases 173178

accessing artifacts from different jobs 175

deploying template from pipeline artifact 176178

identifying 173174

transpiling Bicep in pipeline stage 175176

real-world example pipeline 182187

completing pipeline 182187

storing templates in source control 162163

Toma Toe Pizzas example 156157

Traffic Manager

adding 178182

deploying 181182

template deployment, with GitHub Actions 188200

actions 191

deploying ARM templates 195199

completing deployment 198199

deployment phase 193195

connecting to Azure from workflow 194

generating service principal using Azure CLI 194195

forking repositories 189190

jobs 191

runners 191

steps 191

workflow events 190

workflows

adding jobs to workflows 192193

building 191193

-TemplateParameterFile parameter 48

-TemplatePath parameter 210

template simplification using Bicep 129154

benefits of Bicep 130134

decompiling 133134

deploying 132

transpiling 132133

improvements with Bicep 138145

comments 143144

dependency management 141

no mandatory grouping 142143

referencing existing resources 141

referencing resources, parameters, and variables 138139

string interpolation 141142

using contents of other files 144145

using references in variables and outputs 139140

large example 147154

AppConfiguration.bicep 148149

ApplicationInsights.bicep 149151

Configuration.bicep 151154

modules 145147

debugging Bicep deployments 146147

deploying to another scope 146

syntax differences 134138

conditions 135136

known limitations 138

loops 136138

outputs 135

parameters 134

targeting different scopes 138

variables 135

--template-spec parameter 247

template specs

creating 239246

creating from multiple ARM templates 243245

listing template specs 242243

versions 243

deploying 246253

from ARM or Bicep templates 248253

upgrading to newer versions 253

using IaC 246

pros and cons of 261

use case 238239

template testing 201233

end-to-end tests 222229

integration tests 218222

Pester in CI/CD 229232

static analysis and validation 203216

ARM template test toolkit 208212

custom tests using Pester 212216

PowerShell or Azure CLI 207208

VS Code extensions 204206

unit tests 216218

template writing 1865

deploying 2527

finding examples 28

functions 6465

built-in functions 5663

expressions 5456

user-defined functions 6465

JSON files 1920

installing ARM templates extension in VS Code 20

monitoring deployments 27

outputs 5254

parameters 4650

limiting and describing values 4546

specifying values 4650

types 4345

resources 3839

variables 5052

visualizing 2931

VS Code 2025

adding resources 2224

leveraging IntelliSense 2425

template writing, advanced 89128

conditionally deploying resources 109112

applying conditions to output 112

creating multiple resources with loops 112118

using copy on output 116117

using copy on properties 115116

using copy on variables 114115

waiting for loop to finish 117118

deploying resources in order 107109

explicit deployment ordering 107109

implicit deployment ordering 109

deployment scripts 118125

linked templates 102106

relative path 106

URI 103106

nested templates 9099

evaluation scope 9698

nested templates on management group 9496

outputs 99

reverse engineering templates 125127

exporting templates 125126

JSON view 127

new resources 127

Resource Explorer 126127

structuring solutions 99101

large solutions 100101

small to medium solutions 99100

tenant(...) function 146

tenantId property 57

tenant keyword 71

Tenant-level templates 12

tenants 69

tenant scope 146

Terraform 15

transpiling 132133, 175176

triggers 164165

ts create command 242

ts show command 245

type inference 135

type property 22, 37, 52, 78

type resource 36

U

unit tests 216218

updateBehavior property 269270

V

validate deployment mode 85

validation phase of template deployment 8586

variables 5052

in Bicep 135

referencing 138139

using references in 139140

using copy element on 114115

variables() function 51, 56

VS Code (Visual Studio Code)

template testing 204206

template writing 2025

adding resources 2224

installing extension 20

leveraging IntelliSense 2425

W

what-if deployments 8687

workflows, in GitHub

adding jobs to workflows 192193

building 191193

connecting to Azure from 194

events 190