Bicep - Deploying an Azure Elastic SAN

Happy New Year, everyone! Kicking off our first article of the year, we’ll explore deploying Azure using Bicep.

Let’s get started and see how this deployment can be done.

Prerequisites>

Prerequisites #

Before you start, you’ll need the following to deploy and manage resources with Bicep:

You need Azure CLI version 2.20.0 or later to deploy Bicep files on your local machine.
A text editor or IDE of your choice (Visual Studio Code with Bicep extension is my recommendation)

Create the Bicep files>

Create the Bicep files #

The first step in deploying a Bicep template is to create the Bicep file that defines your resources. Create a new file named adf.bicep. This file will contain the code needed to define and configure the deployment of your resources.

elasticSan: This block defines the basic configuration for the Azure Elastic SAN resource, specifying parameters like the name, location, base and extended capacity sizes, SKU name, volume group name, volumes, and subnet IDs.

elasticSanResource: Creates an Azure Elastic SAN resource with properties such as name, location, base size, extended capacity, and SKU, also applying the defined tags.

volumeGroup: A nested resource within Elastic SAN, specifying the volume group name and properties including protocol type and network ACLs.

volumes: A nested resource within the volume group, defining each volume’s name and size in GiB.

Deployment scope>

Deployment scope #

You can target your deployment to a resource group, subscription, management group, or tenant. In this case, when creating an Azure Data Factory, a resource group is needed to place all the necessary resources here. By default, when deploying a Bicep template, the scope to which the resource must be deployed is a resource group.

You can use an existing Resource Group, or you can create a new Resource Group. If you want to know how to create a Resource Group using Azure CLI, check out this link.

Deploy the Bicep template using the Azure CLI>

Deploy the Bicep template using the Azure CLI #

Once your Bicep template is prepared, and you’ve selected your desired scope, you can proceed to deploy the template through the Azure CLI. To do so, execute the following commands.

Parameters>

Parameters #

Personalization is key to making your template reusable. With the parameters, you can easily tailor the template to your specific needs. You can use either inline parameters or a parameter file to pass parameter values. In my case, I will use a file to pass the parameters; here is an example.

using './adf.bicep'

param factoryName = 'ADF-BICEP-WE'
param location = 'westeurope'
param identityType = 'UserAssigned'
param userAssignedIdentities = {
  '/subscriptions/000000000-0000-0000-0000000000/resourcegroups/<resource-group-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>': {}
}
param encryption = {
  identity: {
    userAssignedIdentity: '/subscriptions/000000000-0000-0000-0000000000/resourcegroups/<resource-group-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>'
  }
  keyName: '<key-name>'
  keyVersion: '0000000000000000000000000000000'
  vaultBaseUrl: '<key-vault-uri>'
}
param globalParameters = {
  restServiceUrl: {
    type: 'string'
    value: 'https://api.ProjectName.com'
  }
  maxRetryAttempts: {
    type: 'int'
    value: 5
  }
  enableLogging: {
    type: 'bool'
    value: true
  }
  allowedIPs: {
    type: 'array'
    value: [
      '192.168.1.1'
      '192.168.1.2'
    ]
  }
}
param publicNetworkAccess = 'Enabled'
param purviewConfiguration = {
  purviewResourceId: '/subscriptions/000000000-0000-0000-0000000000/resourceGroups/<resource-group-name>/providers/Microsoft.Purview/accounts/<pureview-account-name>'
}
param repoConfiguration = {
  accountName: '<azure-devops-account-name>'
  collaborationBranch: 'main'
  disablePublish: false
  lastCommitId: '0000000000000000000000000000000'
  repositoryName: '<repo-name>'
  rootFolder: '/'
  type: 'FactoryVSTSConfiguration'
  projectName: '<projetc-name>'
}
param tags = {
  bicep: 'true'
  project: 'jorgebernhardt.com'
}
param logAnalyticsWorkspaceId = '/subscriptions/000000000-0000-0000-0000000000/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/workspaces/<log-analytics-wokspace-name>'

Important: Please note that the parameter file stores parameter values in plain text format. If you need to include a parameter with sensitive data, it’s recommended to store the value in a secure key vault.

Preview changes>

Preview changes #

Before deploying a Bicep file, you can preview the changes that will occur to your resources. Using what-if operations does not change existing resources; it simply shows you an output that includes color-coded results that allow you to see different changes.

az deployment group what-if \
--resource-group <resource-group-name> \
--name <deployment-name> \
--parameters <filename>.bicepparam

Deploy the Azure resource>

Deploy the Azure resource #

Finally, to deploy the template, run the following command.

az deployment group create \
--resource-group <resource-group-name> \
--name <deployment-name> \
--parameters <filename>.bicepparam

Validate the deployment>

Validate the deployment #

To check if your Azure Data Factroy resource is set up correctly, you can use Azure Portal or Azure CLI. For Azure CLI, run this command to list resources in a specific group and filter for Elastic SAN:

az datafactory show \
--name <data-factory-name> \
--resource-group <resource-group-name>

References and useful links>

References and useful links #

Thank you for taking the time to read my post. I sincerely hope that you find it helpful.