AAD (Azure Active Directory) 327
allowedValues property 45, 289
Amazon Web Service (AWS) CloudFormation 14
apiVersion property 22, 37, 131
Append effect 80, 279, 294 – 295, 301 – 302
APPINSIGHTS_INSTRUMENTATIONKEY setting 62
ARM (Azure Resource Manager) 11 – 14
control plane and data plane 11 – 12
troubleshooting deployments 87
deploying templates in packages 259
publishing templates as packages 256 – 259
template simplification 129 – 154
improvements with Bicep 138 – 145
static analysis and validation 203 – 216
conditionally deploying resources 109 – 112
creating multiple resources with loops 112 – 118
deploying resources in order 107 – 109
outputs 53 – 54
reverse engineering templates 125 – 127
structuring solutions 99 – 101
VS Code 20 – 25
ARM TTK (ARM template test toolkit) 208 – 212
using in Azure DevOps 211 – 212
ASM (Azure Service Management) 13 – 14
Audit effect 80, 279, 294 – 297
AuditIfNotExists effect 80, 279, 286, 294, 297 – 298
build and release pipelines 163 – 173
configuring DevOps to run pipeline 171 – 173
creating service connections 167 – 171
grouping tasks in jobs 166 – 167
AWS (Amazon Web Service) CloudFormation 14
az account set --subscription 71
az deployment group create command 71, 247
az deployment group show command 53
az deployment mg create command 96
az deployment sub create command 306
Azure Active Directory. See AAD (Azure Active Directory)
generating service principals using 194 – 195
assigning policy initiative 319 – 321
creating management subscription 321
creating workload subscriptions 322 – 324
management group layout 317 – 319
connecting from GitHub workflows 194
high-available microservice architecture 327 – 335
networking with Bicep 332 – 333
resources organized in resource groups 329 – 331
use existing keyword to set access to key vault 333 – 335
subscription level deployments 324 – 327
configuring Microsoft Defender for Cloud 325 – 326
creating resource groups and providing access 327
Azure DevOps 5 – 6, 155 – 187
automated build and release pipelines 163 – 173
configuring Azure DevOps to run pipeline 171 – 173
creating service connections 167 – 171
grouping tasks in jobs 166 – 167
creating Bicep files 157 – 161
describing App Service plan 157 – 159
accessing artifacts from different jobs 175
deploying template from pipeline artifact 176 – 178
transpiling Bicep in pipeline stage 175 – 176
real-world example pipeline 182 – 187
storing templates in source control 162 – 163
Toma Toe Pizzas example 156 – 157
Azure Policy 79 – 80, 275 – 315
built-in policies and initiatives 284 – 286
creating initiatives 304 – 308
AuditIfNotExists effect 297 – 298
DeployIfNotExists effect 298 – 301
initiatives or policy sets 280
reviewing compliance status 308 – 313
remediating noncompliant resources 310
Azure Resource Manager. See ARM (Azure Resource Manager)
AzureResourceManagerTemplateDeployment task 166
Azure Service Management 13 – 14
creating Bicep files 157 – 161
describing App Service plan 157 – 159
no mandatory grouping 142 – 143
referencing existing resources 141
referencing resources, parameters, and variables 138 – 139
string interpolation 141 – 142
using contents of other files 144 – 145
using references in variables and outputs 139 – 140
debugging deployments 146 – 147
deploying to another scope 146
targeting different scopes 138
CI/CD (continuous integration/continuous deployment) 74, 163
clean-up phase of template deployment 82 – 85
Complete deployment mode 83 – 84
Incremental deployment mode 83
Complete deployment mode 82 – 84, 86, 94
conditions, in Bicep 135 – 136
configuration drift, preventing 7 – 8
copyIndex() function 113 – 114
demofunction.capitalize() function 65
denyAnySqlServerAccessFromInternet policy 291
dependsOn element 107 – 109, 117 – 118
deployAvailabilitySet variable 63
DeployIfNotExists effect 80, 279, 294, 298 – 301, 303, 306, 310
DeploymentScriptOutputs object 123
deploymentScript resource 118, 120, 123 – 124
deploymentScripts resource 120
deployment stacks for grouping resources 263 – 274
grouping resources by lifetime 264 – 270
complete deployment mode 266 – 267
creating deployment stacks 268 – 269
removing deployment stacks 270
updating deployment stacks 269 – 270
provisioning resources, but disallowing updates 271 – 273
Disabled effect 279, 285, 294 – 301
enabledForTemplateDeployment property 50
environment input parameter 197
execution phase of template deployment 75 – 82
role-based access control 76 – 79
creating and deploying role assignment using templates 78 – 79
explicit deployment ordering 107 – 109
expressionEvaluationOptions property 96
forking repositories 189 – 190
Foundation management group 318, 321
FQDN (fully qualified domain name) 52
FromServicePrincipal method 73
user-defined functions 64 – 65
deploying ARM templates 195 – 199
connecting to Azure from workflow 194
generating service principal using Azure CLI 194 – 195
forking repositories 189 – 190
adding jobs to workflows 192 – 193
Google Cloud Deployment Manager 14 – 15
governing subscriptions 275 – 315
built-in policies and initiatives 284 – 286
creating initiatives 304 – 308
AuditIfNotExists effect 297 – 298
DeployIfNotExists effect 298 – 301
initiatives or policy sets 280
reviewing compliance status 308 – 313
remediating noncompliant resources 310
GUIs (graphical user interfaces) 4
HCL (HashiCorp Configuration Language) 15
high-available microservice architecture 327 – 335
networking with Bicep 332 – 333
resources organized in resource groups 329 – 331
use existing keyword to set access to key vault 333 – 335
human-readable formats 10 – 11
IaC (Infrastructure as Code) 3 – 17
Azure Resource Manager 11 – 14
Azure Service Management 13 – 14
control plane and data plane 11 – 12
choosing between cloud-specific and multi-cloud solutions 16
Google Cloud Deployment Manager 14 – 15
preventing configuration drift 7 – 8
Implementing Azure DevOps Solutions (Been, van der Gaag) 163
implicit deployment ordering 109
Incremental deployment mode 82 – 84
InstrumentationKey property 62
ipSecurityRestrictions array 224
accessing artifacts from different jobs 175
adding jobs to workflows 192 – 193
grouping tasks in jobs 166 – 167
installing extension in VS Code 20
fetching parameters from 48 – 50
use existing keyword to set access to 333 – 335
length(...) function 137 – 138
linkedTemplate resource type 102
loadFileAsBase64(...) function 144
loadTextcontent(...) function 144
loadTextContent(filePath, [encoding]) function 144
locationAbbreviation parameter 158
location property 36 – 37, 42, 55
accessing artifacts from different jobs 175
deploying template from pipeline artifact 176 – 178
transpiling Bicep in pipeline stage 175 – 176
creating multiple resources with 112 – 118
using copy element on output 116 – 117
using copy element on properties 115 – 116
using copy element on variables 114 – 115
waiting for loop to finish 117 – 118
managementGroup(...) function 146
maxLength parameter property 134
maxValue parameter property 134
minLength parameter property 134
minValue parameter property 134
Modify effect 80, 279, 294, 301 – 303, 306, 310
modularizing templates 102 – 106
debugging deployments 146 – 147
deploying to another scope 146
name property 22, 43 – 44, 59, 65, 111, 114, 131
deploying to multiple scopes 90 – 99
nested templates on management group 94 – 96
outputs 52 – 54
deploying nested templates to multiple scopes 99
using copy element on 116 – 117
deploying ARM templates in packages 259
publishing ARM templates as packages 256 – 259
limiting and describing values 45 – 46
fetching from key vault 48 – 50
specifying values in parameter file 47 – 48
parameters() function 41, 52, 54 – 55, 142
policy assignment resource 277
PowerShell 72 – 73, 207 – 208
queryString property 103 – 104
RBAC (role-based access control) 76 – 79
creating and deploying role assignment using templates 78 – 79
reference() function 52, 54, 60, 62, 64, 94, 117, 135, 139 – 141, 253
relativePath property 106, 244 – 245
required-properties autocompletion function 204
required-properties option 204
resourceGroup() function 42, 55, 57, 96, 132, 146
creating and providing access 327
deployment stacks for 263 – 274
grouping resources by lifetime 264 – 270
provisioning resources, but disallowing updates 271 – 273
resources organized in 329 – 331
resourceId() function 58, 62, 64, 108, 112, 139, 150, 219
conditional deployment 109 – 112
applying conditions to output 112
creating multiple with loops 112 – 118
using copy element on output 116 – 117
using copy element on properties 115 – 116
using copy element on variables 114 – 115
waiting for loop to finish 117 – 118
explicit deployment ordering 107 – 109
implicit deployment ordering 109
grouping, deployment stacks for 263 – 274
organized in resource groups 329 – 331
reverse engineering templates for new resources 127
reverse engineering templates 125 – 127
roleDefinitionId property 60, 79, 94, 303
SAS (shared access signature) token 103
choosing scope for submitting deployments 68 – 70
deploying Bicep modules to another scope 146
deploying nested templates to multiple scopes 90 – 99
nested templates on management group 94 – 96
targeting different scopes in Bicep 138
scope property 79, 81, 96 – 97, 327
SDKs (software development kits) 73 – 74
secureString type 41, 45, 49, 118
secureValue environment variable option 122
service connections, creating 167 – 171
shared access signature (SAS) token 103
software development kits (SDKs) 73 – 74
steps property 165 – 167, 176, 193
string interpolation 141 – 142
string type 40 – 41, 45, 52, 135, 176
subscription() function 57, 63, 96 – 97, 146
subscriptionId property 96 – 97
creating management subscription 321
creating workload subscriptions 322 – 324
governing using Azure Policy 275 – 315
built-in policies and initiatives 284 – 286
creating initiatives 304 – 308
initiatives or policy sets 280
reviewing compliance status 308 – 313
subscription level deployments 324 – 327
configuring Microsoft Defender for Cloud 325 – 326
creating resource groups and providing access 327
template: loadTextContent() function 300
templateBasePath variable 152 – 153
combining deployment modes 84 – 85
Complete deployment mode 83 – 84
Incremental deployment mode 83
role-based access control 76 – 79
troubleshooting deployments 87
template deployment, with Azure DevOps 155 – 187
automated build and release pipelines 163 – 173
configuring Azure DevOps to run pipeline 171 – 173
creating service connections 167 – 171
grouping tasks in jobs 166 – 167
creating Bicep files 157 – 161
describing App Service plan 157 – 159
accessing artifacts from different jobs 175
deploying template from pipeline artifact 176 – 178
transpiling Bicep in pipeline stage 175 – 176
real-world example pipeline 182 – 187
storing templates in source control 162 – 163
Toma Toe Pizzas example 156 – 157
template deployment, with GitHub Actions 188 – 200
deploying ARM templates 195 – 199
completing deployment 198 – 199
connecting to Azure from workflow 194
generating service principal using Azure CLI 194 – 195
forking repositories 189 – 190
adding jobs to workflows 192 – 193
-TemplateParameterFile parameter 48
template simplification using Bicep 129 – 154
improvements with Bicep 138 – 145
no mandatory grouping 142 – 143
referencing existing resources 141
referencing resources, parameters, and variables 138 – 139
string interpolation 141 – 142
using contents of other files 144 – 145
using references in variables and outputs 139 – 140
AppConfiguration.bicep 148 – 149
ApplicationInsights.bicep 149 – 151
debugging Bicep deployments 146 – 147
deploying to another scope 146
targeting different scopes 138
creating from multiple ARM templates 243 – 245
listing template specs 242 – 243
from ARM or Bicep templates 248 – 253
upgrading to newer versions 253
static analysis and validation 203 – 216
ARM template test toolkit 208 – 212
custom tests using Pester 212 – 216
PowerShell or Azure CLI 207 – 208
user-defined functions 64 – 65
installing ARM templates extension in VS Code 20
outputs 52 – 54
limiting and describing values 45 – 46
VS Code 20 – 25
leveraging IntelliSense 24 – 25
template writing, advanced 89 – 128
conditionally deploying resources 109 – 112
applying conditions to output 112
creating multiple resources with loops 112 – 118
using copy on output 116 – 117
using copy on properties 115 – 116
using copy on variables 114 – 115
waiting for loop to finish 117 – 118
deploying resources in order 107 – 109
explicit deployment ordering 107 – 109
implicit deployment ordering 109
nested templates on management group 94 – 96
reverse engineering templates 125 – 127
structuring solutions 99 – 101
small to medium solutions 99 – 100
transpiling 132 – 133, 175 – 176
type property 22, 37, 52, 78
updateBehavior property 269 – 270
validation phase of template deployment 85 – 86
using copy element on 114 – 115
leveraging IntelliSense 24 – 25