Managing and deploying Azure resources
📘Microsoft Certified: Azure Fundamentals (AZ-900)
1. What is Infrastructure as Code (IaC)?
Infrastructure as Code (IaC) means managing and deploying cloud resources using code instead of manual steps.
Instead of:
- Logging into the Azure portal
- Creating virtual machines one by one
- Manually configuring storage, networking, and security
You define everything in a template file, and Azure automatically creates all resources exactly as defined.
Why IaC is Important in IT Environments
In real IT environments:
- Companies need consistent environments (Dev, Test, Production).
- Multiple teams may deploy the same infrastructure.
- Manual setup can cause errors.
- Large systems require repeatable deployments.
IaC solves these problems by making deployments:
- Automated
- Consistent
- Repeatable
- Version-controlled
- Scalable
2. What is Azure Resource Manager (ARM)?
Azure Resource Manager (ARM) is the deployment and management service for Azure.
It allows you to:
- Deploy resources
- Manage resources
- Organize resources
- Apply access control
- Apply policies
All Azure deployments go through ARM.
When you deploy using:
- Azure Portal
- Azure CLI
- PowerShell
- ARM Templates
- Bicep
They all use Azure Resource Manager behind the scenes.
3. What is an ARM Template?
An ARM template is a JSON file that defines:
- What resources to create
- The configuration of those resources
- The relationships between them
It describes your infrastructure in code.
Example of resources defined in a template:
- Virtual Machine
- Virtual Network
- Storage Account
- SQL Database
- App Service
- Network Security Group
Instead of creating these manually, you describe them in JSON format.
4. Key Benefits of ARM Templates (Important for Exam)
1. Declarative Syntax
ARM templates use a declarative model.
You define:
What you want
Not:
How to create it step by step
Example:
You define:
- 1 VM
- 1 VNet
- 1 Storage Account
Azure automatically figures out:
- Deployment order
- Dependencies
- Resource configuration
2. Idempotent Deployments
ARM templates are idempotent.
This means:
- You can deploy the same template multiple times.
- Azure will only make necessary changes.
- It will not duplicate existing resources.
This ensures consistency.
3. Consistency Across Environments
In IT environments, you often have:
- Development
- Testing
- Production
Using the same ARM template ensures:
- Same configuration
- Same resource types
- Same security settings
This reduces deployment errors.
4. Version Control
Since ARM templates are code files:
- You can store them in GitHub or Azure DevOps.
- Track changes over time.
- Roll back to previous versions.
This is very important in professional IT environments.
5. Automation
ARM templates can be integrated into:
- CI/CD pipelines
- Azure DevOps
- GitHub Actions
This enables:
- Automatic deployments
- Continuous delivery
- Infrastructure automation
5. Structure of an ARM Template
ARM templates are written in JSON and have specific sections.
Main sections:
1. $schema
Defines the template version.
2. contentVersion
Version of the template file.
3. parameters
Inputs to the template.
Example:
- VM name
- Admin username
- Location
Parameters allow you to reuse the same template in different environments.
4. variables
Values used inside the template to simplify configuration.
5. resources
The most important section.
This defines:
- The Azure resources to create
- Resource type
- Resource name
- Location
- Properties
6. outputs
Returns values after deployment.
Example:
- Public IP address
- Resource ID
- Connection string
Outputs are useful for automation.
6. How ARM Handles Dependencies
Some resources depend on others.
Example in IT:
- A virtual machine depends on:
- A virtual network
- A subnet
- A network interface
- A storage account
ARM automatically manages deployment order.
You can define dependencies using:
dependsOn
This ensures resources are created in the correct order.
7. Deployment Scopes in ARM
ARM templates can deploy resources at different levels:
1. Resource Group Level (Most Common)
Deploy resources into a specific resource group.
2. Subscription Level
Create resource groups or policies.
3. Management Group Level
Apply governance across multiple subscriptions.
4. Tenant Level
Used for organization-wide deployments.
For AZ-900, understand that:
ARM supports multiple deployment scopes.
8. Deployment Modes
ARM has two deployment modes:
1. Incremental Mode (Default)
- Adds new resources
- Updates existing ones
- Does NOT delete anything
Most commonly used.
2. Complete Mode
- Deletes resources not defined in the template
- Ensures exact match with template
Used when strict control is required.
9. ARM Templates vs Manual Deployment
| Manual Deployment | ARM Templates |
|---|---|
| Done via Portal | Done via code |
| Time-consuming | Automated |
| Error-prone | Consistent |
| Hard to replicate | Easily repeatable |
| Not version-controlled | Version-controlled |
For the exam, understand that:
ARM templates support automation, repeatability, and consistency.
10. What is Bicep? (Important for AZ-900)
Bicep is a simplified language for writing ARM templates.
Instead of writing complex JSON:
- You write in Bicep (easier syntax)
- It compiles into ARM templates
Microsoft recommends Bicep over raw JSON ARM templates.
For AZ-900, know:
- Bicep is built on ARM.
- Bicep simplifies template creation.
- ARM is the underlying deployment engine.
11. ARM Template Deployment Methods
You can deploy ARM templates using:
- Azure Portal
- Azure CLI
- Azure PowerShell
- REST API
- Azure DevOps
- GitHub Actions
All use Azure Resource Manager behind the scenes.
12. Common Exam Points (Very Important)
Make sure your students understand these clearly:
- ARM is the deployment engine of Azure.
- ARM templates use declarative syntax.
- Templates are written in JSON.
- Templates are idempotent.
- Supports infrastructure as code.
- Enables consistent and repeatable deployments.
- Supports multiple deployment scopes.
- Two deployment modes: Incremental and Complete.
- Bicep is a simplified alternative.
13. Real IT Usage Example (IT-Focused)
In an IT organization:
A company needs to deploy:
- 5 web servers
- 2 database servers
- Virtual network
- Load balancer
- Storage account
- Network security rules
Instead of:
- Manually configuring each server
- Risking different settings
They:
- Create an ARM template.
- Store it in GitHub.
- Deploy using Azure DevOps pipeline.
- Reuse the same template for:
- Testing environment
- Production environment
- Disaster recovery environment
This ensures:
- Identical infrastructure
- Faster deployments
- Reduced human errors
- Better compliance
14. Difference Between ARM Templates and Azure Policies
Students often confuse these.
| ARM Templates | Azure Policy |
|---|---|
| Deploy resources | Enforce rules |
| Define what to create | Define what is allowed |
| Used during deployment | Applied continuously |
Example:
- ARM template creates a VM.
- Azure Policy ensures VM must use approved region.
15. Summary for AZ-900 Exam
For the exam, remember:
- Infrastructure as Code = Managing infrastructure using code.
- Azure Resource Manager (ARM) = Azure’s deployment and management service.
- ARM templates = JSON files that define infrastructure.
- Declarative syntax.
- Idempotent deployments.
- Supports automation and CI/CD.
- Deployment scopes: Resource group, Subscription, Management group, Tenant.
- Deployment modes: Incremental and Complete.
- Bicep simplifies ARM templates.
Final Exam Tip
If a question asks:
“Which Azure feature allows you to deploy infrastructure repeatedly and consistently using code?”
Answer:
Azure Resource Manager (ARM) templates.
If it asks:
“Which service deploys and manages Azure resources?”
Answer:
Azure Resource Manager.
