Dynamically appending Tags to our ARM template with the union function
Todays conundrum: As I am leveraging templates, there will always be some standard tags I require to implement within the template, but I also require to provide additional tags as a parameter to be appended with the deployment.
My objective is to set up tags within an ARM template in accordance with good governance and the Cloud adoption framework.
Dynamically appending Tags to our ARM template with the union function
Todays conundrum: As I am leveraging templates, there will always be some standard tags I require to implement within the template, but I also require to provide additional tags as a parameter to be appended with the deployment.
My objective is to set up tags within an ARM template in accordance with good governance and the Cloud adoption framework.
Solution
ARM Template functions to the rescue. Todays salvation is called union, which you can learn more about on the actual reference Site
This is the existing implementation
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"configVersion": {
"type": "string",
"defaultValue": "1.0.0.0",
"metadata": {
"description": "The version of the parameters file that holds the configuration."
}
},
"purpose": {
"type": "string",
"allowedValues": [
"diag",
"log",
"audit",
"data"
],
"defaultValue": "data",
"metadata": {
"description": "The designated purpose of the storage account. 'diag' for diagnostics, 'log' for logging, 'audit' for auditing, 'data' for data storage"
}
},
"resilience": {
"type": "string",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS"
],
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Choose a level of resilience and tier suitable for the purpose and region"
}
},
"tier": {
"type": "string",
"allowedValues": [
"Standard",
"Premium"
],
"defaultValue": "Standard",
"metadata": {
"description": "Choose tier, Standard or Premium."
}
},
"kind": {
"type": "string",
"allowedValues": [
"Storage",
"StorageV2",
"BlobStorage",
"FileStorage",
"BlockBlobStorage"
],
"defaultValue": "StorageV2",
"metadata": {
"description": "Choose a kind of storage account"
}
}
},
"variables": {
"iacVersion": "undefined",
"rgName": "[resourceGroup().name]",
"rgLocation": "[resourceGroup().location]",
"uniqueString": "[uniqueString(subscription().id, resourceGroup().id)]",
"storageAccountAffix": "[concat(replace(variables('rgName'), '-', ''), parameters('purpose'))]",
"storageAccountName": "[toLower(substring(replace(concat(variables('storageAccountAffix'), variables('uniqueString')), '-', ''), 0, 23) )]"
},
"resources": [
{
"comments": "~~ Storage Account ~~",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-07-01",
"name": "[variables('storageAccountName')]",
"sku": {
"name": "[parameters('resilience')]",
"tier": "[parameters('tier')]"
},
"kind": "[parameters('kind')]",
"location": "[variables('rgLocation')]",
"tags": {
"IaCVersion": "[variables('iacVersion')]",
"ConfigVersion": "[parameters('configVersion')]"
},
"scale": null,
"properties": {
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"accessTier": "[if(equals(parameters('kind'), 'Storage'), json('null'),'Hot')]"
},
"dependsOn": [
]
}
],
"outputs": {
"storageId": {
"type": "string",
"value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
},
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
}
}
}The Change Set
And using our new union we can resolve the puzzle with 3 simple changes
-
To theÂ
parameter we add a new object"tagValues": { "type": "object", "defaultValue": { "Dept": "Undefined", "Environment": "Development" } }, -
In theÂ
variables we can define our default tags"defaultTag": { "IaCVersion": "[variables('iacVersion')]", "ConfigVersion": "[parameters('configVersion')]" }, -
And in theÂ
resource we can use theÂunion function to merge the objects together"tags": "[union(parameters('tagValues'),variables('defaultTag'))]",
The Final Result
The final template will look as follows
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"configVersion": {
"type": "string",
"defaultValue": "1.0.0.0",
"metadata": {
"description": "The version of the parameters file that holds the configuration."
}
},
"tagValues": {
"type": "object",
"defaultValue": {
"Dept": "Undefined",
"Environment": "Development"
}
},
"purpose": {
"type": "string",
"allowedValues": [
"diag",
"log",
"audit",
"data"
],
"defaultValue": "data",
"metadata": {
"description": "The designated purpose of the storage account. 'diag' for diagnostics, 'log' for logging, 'audit' for auditing, 'data' for data storage"
}
},
"resilience": {
"type": "string",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS"
],
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Choose a level of resilience and tier suitable for the purpose and region"
}
},
"tier": {
"type": "string",
"allowedValues": [
"Standard",
"Premium"
],
"defaultValue": "Standard",
"metadata": {
"description": "Choose tier, Standard or Premium."
}
},
"kind": {
"type": "string",
"allowedValues": [
"Storage",
"StorageV2",
"BlobStorage",
"FileStorage",
"BlockBlobStorage"
],
"defaultValue": "StorageV2",
"metadata": {
"description": "Choose a kind of storage account"
}
}
},
"variables": {
"iacVersion": "undefined",
"defaultTag": {
"IaCVersion": "[variables('iacVersion')]",
"ConfigVersion": "[parameters('configVersion')]"
},
"rgName": "[resourceGroup().name]",
"rgLocation": "[resourceGroup().location]",
"uniqueString": "[uniqueString(subscription().id, resourceGroup().id)]",
"storageAccountAffix": "[concat(replace(variables('rgName'), '-', ''), parameters('purpose'))]",
"storageAccountName": "[toLower(substring(replace(concat(variables('storageAccountAffix'), variables('uniqueString')), '-', ''), 0, 23) )]"
},
"resources": [
{
"comments": "~~ Storage Account ~~",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-07-01",
"name": "[variables('storageAccountName')]",
"sku": {
"name": "[parameters('resilience')]",
"tier": "[parameters('tier')]"
},
"kind": "[parameters('kind')]",
"location": "[variables('rgLocation')]",
"tags": "[union(parameters('tagValues'),variables('defaultTag'))]",
"scale": null,
"properties": {
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"accessTier": "[if(equals(parameters('kind'), 'Storage'), json('null'),'Hot')]"
},
"dependsOn": [
]
}
],
"outputs": {
"storageId": {
"type": "string",
"value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
},
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
}
}
}Now, Feel the force, and see what you can create…
All links in a practical list
More articles
Using AI to Empower Cloud Architecture and Deployments
The integration of artificial intelligence (AI) into cloud infrastructure is revolutionizing how we manage and deploy cloud resources. AI, now a pivotal component, optimizes the entire lifecycle of cloud architecture, enhancing tasks like deployment, maintenance, and scaling. This article explores the role of AI in empowering cloud architecture and deployments, especially when combined with Infrastructure as Code (IaC) tools like Bicep and Terraform.
Bicep - Tags as Parameters
Deploying infrastructure ARM Templates to Azure, but using Tags and their respective value as the parameter configuration settings
In a post earlier, we look at using arm to lookup the value of tags’ at both the Subscription and Resource Level.
With Bicep this is much easier to understand. This is the same lab configuration as in the original post, but this time to code should be a lot more readable.
Azure IaC - Tags as Parameters
Deploying infrastructure ARM Templates to Azure, but using Tags and thier respective value as the parameter configuration settings
In the post, I am going to introduce a concept which will allow you to greatly up your Infrastructure as Code game, by using Azure as a State Machine!
One of the typical challenges when deploying ARM templates, is the sheer number of parameters which we find as a requirement to complete a deployment; which as you will appreciate gets considerably harder as we target many environments.
Azure IaC - Function Keys
Retrieve the Function Host Keys while deploying an ARM template
Todays conundrum: As I deploy a new Function Application, I need a simple methodology to retrieve the Host Keys for the function application so that I validate the deployment has been successful; and potentially pass on the key to related services, for example API Management.
As before, I am leveraging templates, and will stay cloud native; this time depending on the functions Output ability to present the keys.
Guacamole Azure Appliance
Apache Guacamole is a free and open source web application which lets you access your dashboard from anywhere using a modern web browser. It is a clientless remote desktop gateway which only requires Guacamole installed on a server and a web browser supporting HTML5.
Guacamole is the best way to keep multiple instances accessible over the internet. Once you add an instance to Guacamole, you don’t need to remember the password as it can securely store the credentials. It also lets you share the desktops among other users in a group. Guacamole supports multiple connection methods such as SSH, Telnet, VNC, and RDP.