{"id":93629,"date":"2022-04-18T17:00:30","date_gmt":"2022-04-18T17:00:30","guid":{"rendered":"https:\/\/www.red-gate.com\/simple-talk\/?p=93629"},"modified":"2022-04-02T22:36:42","modified_gmt":"2022-04-02T22:36:42","slug":"azure-blueprints-defining-the-order-of-artifacts-deployment","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/blogs\/azure-blueprints-defining-the-order-of-artifacts-deployment\/","title":{"rendered":"Azure Blueprints: Defining the order of artifacts deployment"},"content":{"rendered":"<p><strong>Blueprints<\/strong> are (or should be) an important feature for <strong>Azure Cloud<\/strong> provisioning.<\/p>\n<p>Probably you already know about <strong>ARM<\/strong> templates. We can say they are the basic notation for deployment in Azure. But what happens when we need to deploy multiple items at once? Here are some options:<\/p>\n<ul>\n<li>Build everything in a single <strong>ARM<\/strong> template, what will make them difficult to read and re-use<\/li>\n<li>Build each item in a different <strong>ARM<\/strong> template and use a new one to link all the individual files. The syntax isn&#8217;t much straightforward<\/li>\n<li>Use a <strong>Terraform<\/strong> template to link the <strong>ARM<\/strong> template in a single deployment. Many people would say this is an anti-pattern. I don&#8217;t agree, but this is a subject for another time.<\/li>\n<li>Use <strong>Blueprint<\/strong> visual Ui to link many <strong>ARM<\/strong> templates in a single re-usable blueprint.<\/li>\n<\/ul>\n<p>This list talks by itself, illustrating how Blueprints are one of the easiest option to organize a deployments, as easier as <strong>Terraform<\/strong>, but with a UI to make things easier. However, there are some important tricks you need to be aware about.<\/p>\n<p>Let&#8217;s review some basic concepts and jump into the important details you need to know<\/p>\n<h2>\nBlueprints basic concepts<\/h2>\n<p>\nLet&#8217;s analyse 3 basic concepts of the blueprints:<\/p>\n<ul>\n<li>The artifacts supported<\/li>\n<li>Versioning<\/li>\n<li>Link to the deployment<\/li>\n<\/ul>\n<h3>\nArtifacts<\/h3>\n<p>The blueprints can make the deployment of the following artifacts:<\/p>\n<ul>\n<li>A resource group, to organize the items we are deploying<\/li>\n<li>Policy Assignment, to control the governance of the environment<\/li>\n<li>Role Assignment, to control access permissions<\/li>\n<li>ARM Templates<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93643\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint12.png\" alt=\"\" width=\"615\" height=\"279\" \/><\/p>\n<p>\nOn a first look this may seem limited. On the other hand, an ARM template can specify any object on Azure, so we are not limited in relation to what we can deploy.<\/p>\n<h3>Blueprint Versioning<\/h3>\n<p>The blueprints are versioned. Once a blueprint version is created, it can&#8217;t be changed anymore. You can create new versions of the blueprint, but you can&#8217;t change an existing one. The version is created on the moment you publish a Blueprint you already completed.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93640\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint09.png\" alt=\"\" width=\"633\" height=\"429\" \/><\/p>\n<p>This ensures we have control about what&#8217;s deployed. We can compare the version number of a deployed blueprint with the current version number and identify if any change on the blueprint has not be deployed yet.<\/p>\n<h3>Link to the Deployment<\/h3>\n<p>The deployment of the blueprint is made by creating an assignment between the blueprint and a subscription. The deployment is always on subscription level, since we will be deploying at least one resource group.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93641\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint10.png\" alt=\"\" width=\"465\" height=\"131\" \/><\/p>\n<p>The assignment creates a relationship between the blueprint and the deployment. It&#8217;s also possible to lock the deployment, forbidding changes on the objects. This is basically the creation of lock objects on the deployed objects.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93642\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint11.png\" alt=\"\" width=\"612\" height=\"720\" \/><\/p>\n<p>This relationship allows us to keep the deployed objects updated. We can, for example, upgrade the version of a blueprint used on an assignment.<\/p>\n<h2>Steps to build a Blueprint<\/h2>\n<ol>\n<li>Locate Blueprints in the portal and get into the Blueprint screen<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93632\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint01.png\" alt=\"\" width=\"1280\" height=\"430\" \/><\/p>\n<p>1)Click The <em>Create<\/em> button<\/p>\n<p>2) Define the basic values for the blueprint. This includes where the blueprint will be saved. We usually save a blueprint in a management group, so it can be used on any subscription under the hierarchy of that management group<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93633\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint02.png\" alt=\"\" width=\"524\" height=\"720\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>3) On the artifacts tab, include a resource group<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93638\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint07.png\" alt=\"\" width=\"335\" height=\"282\" \/><\/p>\n<p>4) Under the resource group, include the ARM template. On this example I will include a Virtual Network, an Availability Set and two Virtual Machines<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93639\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint08.png\" alt=\"\" width=\"271\" height=\"424\" \/><\/p>\n<p>5) Save the blueprint as draft. Before publishing the blueprint you need to control the order of deployment. The Virtual Network needs to be deployed first, followed by the Availability Set and the Virtual Machines<\/p>\n<h2>Managing the deployment order<\/h2>\n<p>We may include many ARM templates in a single resource group. For example, a virtual network, multiple virtual machines, a load balancer and so on. The items deployed may have dependencies between each other. This requires us to be able to control the deployment order of the deployment inside a resource group.<\/p>\n<p><strong>The Bad News:<\/strong> The UI has no way for us to set dependencies between the artifacts or set a deployment order.<\/p>\n<p><strong>The Solution:<\/strong> This can be done using Azure CLI. We can execute this on the cloudshell<\/p>\n<h2>Using Cloudshell to set the dependency<\/h2>\n<p>The blueprint extension is not default on Azure CLI. The first step we need is to install the blueprint extension using the following statement:<\/p>\n<p><!-- HTML generated using hilite.me --><\/p>\n<div style=\"background: #ffffff;overflow: auto;width: auto;border: solid gray;border-width: .1em .1em .1em .8em;padding: .2em .6em\">\n<pre style=\"margin: 0;line-height: 125%\" class=\"\">az extension add --name blueprint\r\n<\/pre>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93635\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint04.png\" alt=\"\" width=\"1173\" height=\"160\" \/><\/p>\n<p>The second secret is about the artifact names. The beautiful names we see and set while building the blueprint are in fact an alias. Each artifact receives a <strong>GUID<\/strong> as a name. We need to list the artifacts in the blueprint and take a note of each artifact <strong>GUID<\/strong>. We will use the <strong>GUID<\/strong> later. This statement list the artifacts in the blueprint:<\/p>\n<p><!-- HTML generated using hilite.me --><\/p>\n<div style=\"background: #ffffff;overflow: auto;width: auto;border: solid gray;border-width: .1em .1em .1em .8em;padding: .2em .6em\">\n<pre style=\"margin: 0;line-height: 125%\" class=\"\">az blueprint artifact list --blueprint-name myAvailSetBlueprint --management-group 38c8950d-4b86-48cd-b555-9ff7d12c902d\r\n<\/pre>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93636\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint05.png\" alt=\"\" width=\"1280\" height=\"400\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>As you may notice, the management group is also specified as a <strong>GUID<\/strong>. Another bad news: Internally the blueprint is a <strong>JSON<\/strong> document which contains <strong>ARM<\/strong> templates. <strong>ARM<\/strong> templates are also <strong>JSON<\/strong> documents. The result of the above statement will be a huge <strong>JSON<\/strong> listed on the screen and you will need to identify where each artifact starts, so you can find its name.<\/p>\n<p>Once you took note of the GUIDs, you can execute the statement below to set the dependency between the artifacts.<\/p>\n<p><!-- HTML generated using hilite.me --><\/p>\n<div style=\"background: #ffffff;overflow: auto;width: auto;border: solid gray;border-width: .1em .1em .1em .8em;padding: .2em .6em\">\n<pre style=\"margin: 0;line-height: 125%\" class=\"\">az blueprint artifact template update --blueprint-name availabilitySolution --artifact-name <span style=\"background-color: #fff0f0\">\"c4ac3a4f-9d3c-4910-a9a1-642230f63acc\"<\/span> --depends-on <span style=\"background-color: #fff0f0\">\"53ec7c79-14f8-4ae3-9cd8-1cad667f8c1b\"<\/span> --management-group 9c519b25-28e9-41ac-bd8d-e7235e5ea153\r\n<\/pre>\n<\/div>\n<p>After updating the artifacts, you can list them again. You will find a &#8220;Depends&#8221; field on the artifacts, included by the above statement. This will set the order of the deployment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-93637\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2022\/04\/BluePrint06.png\" alt=\"\" width=\"597\" height=\"353\" \/><\/p>\n<h2>The future of Blueprints<\/h2>\n<p>\nBlueprints are in an interesting situation in relation to Azure. At the same time they are still in preview, Microsoft decided to not evolve them further. Microsoft is focused on <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-resource-manager\/bicep\/overview?tabs=bicep\"><strong>BICEP<\/strong>,<\/a> a new language for Azure provisioning, easier than directly coding in ARM. In some ways, we can consider them deprecated.<\/p>\n<h2>Summary<\/h2>\n<p>The Blueprint UI is still very useful and the blueprint as a whole is easy to use, even considering the dependency problem between the artifacts. Managing this problem, we have a powerful tool for Azure deployments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Blueprints are (or should be) an important feature for Azure Cloud provisioning. Probably you already know about ARM templates. We can say they are the basic notation for deployment in Azure. But what happens when we need to deploy multiple items at once? Here are some options: Build everything in a single ARM template, what&#8230;&hellip;<\/p>\n","protected":false},"author":50808,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[145934,5364,145937,145935,145936],"coauthors":[6810],"class_list":["post-93629","post","type-post","status-publish","format-standard","hentry","category-blogs","tag-arm-template","tag-azure","tag-azure-cli","tag-blueprint","tag-cloudshell"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/93629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/50808"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=93629"}],"version-history":[{"count":4,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/93629\/revisions"}],"predecessor-version":[{"id":93645,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/93629\/revisions\/93645"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=93629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=93629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=93629"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=93629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}