Deploying Resource Groups with ARM Templates
Ever since they were released, ARM templates required you to supply the name of the Resource Group you want to deploy to as part the deployment command. This restriction meant that the Resource Group always needed to exist before running your deployment. I mentioned in my article on Terraform that one of the advantages of this is that you can create the resource group as part of your deployment template, no need to create it separately. After a recent update, it is now finally possible to create resource groups inside ARM templates and to use them for deploying other resources. However, the process to do this is quite as seamless as you might think, so in this article, we’ll explore how that works.
All the ARM templates in this article can be found on Github here - https://github.com/sam-cogan/Demos/tree/master/ResourceGroups
Pre-Requisites
Deploying Resource Groups is a new feature and requires new commands to deploy, so make sure you have the latest version of either the Azure PowerShell commands or Azure CLI.
Deploying Resource Groups
Define Resouce Groups in ARM
This update adds a new resource of type “Microsoft.Resources/resourceGroups” to the ARM template spec. Creating a Resource Group is as simple as using this and providing a name and a location to create the group.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string"
},
"rgLocation": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('rgLocation')]",
"name": "[parameters('rgName')]",
"properties": {}
}
],
"outputs": {}
}
Deployment
The commands to deploy an ARM template (new-azureRMResourceGroupDeployment or az group deploy) both require you to provide a Resource Group name to deploy to, which does not make sense here. Instead, we have a new command for undertaking subscription level deployments - new-AzureRMDeployment or az deployment. These commands are not just for deploying Resource Groups; they are used for any subscription level resource deployment. These subscription level resources also include Azure Policies, Role Based Access at the subscription level and Azure Security Center. See here for more details on subscription level deployments.
To deploy our the template above we would run:
PowerShell
New-AzureRmDeployment -Name "rg1" -Location "West Europe" -TemplateParameterFile .\template.parameters.json -TemplateFile .\template.json
CLI
az deployment create --name "rg1" --location "West Europe" --template-file template.json --parameters template.parameters.json
Using the Resource Group
So far deployment has been pretty simple, and if all you want to do is deploy a resource group, then your done. However, I suspect most people are going to want to deploy a Resource Group and then deploy some resources into it, and this is where it gets a bit more complicated.
Unlike subscription level resources, most Azure resources need to be deployed into a Resource Group. Up until now the Resource Group to deploy to has been provided as part of the deployment command, and everything in the template uses that Resource Group (with a few exceptions). There is not a way to pass a Resource Group to resources inside the template, and Microsoft has not retrofitted one for this updated. To be able to do what we want we need to use the concept of nested templates.
We’ve looked at nested templates before, it provides a way to call one template from inside another, either as an inline template inside the same file, or call separate files. When you use a nested template, you do define the resource group to us in that template, and so this provides a way for resources to use the Resource Group we just created. In the example below we are going to deploy a storage account into the Resource Group we create. We use an inline nested template and pass the Resource Group in, as well as having a dependency on the Resource Group to ensure it is created first.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string"
},
"rgLocation": {
"type": "string"
},
"storageAccountName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('rgLocation')]",
"name": "[parameters('rgName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "storageDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2017-10-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('rgLocation')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
}
}
],
"outputs": {}
}
}
}
],
"outputs": {}
}
When we run this deployment from scratch, we get a newly created Resource Group, with a Storage account inside.
In reality, if you had complex templates, you would likely have the nested template be a call to another file, rather than doing this inline. If you want more details on how to use nested templates have a look at my article on modularisation of ARM templates
Summary
We now finally have a way to deploy all our Azure resources in one go, including the Resource Group, which is great. The way it works is a little disappointing, I would have preferred an update to allow specifying a Resource Group on a resource, rather than having to use nested templates, but it works.
All the ARM templates in this article can be found on Github here - https://github.com/sam-cogan/Demos/tree/master/ResourceGroups
Image Attribution
Data Center flickr photo by Bob Mical Ⓥ shared under a Creative Commons (BY-NC) license