Continuous Delivery for Bicep and Azure Verified Modules

Over the past several years, Infrastructure as Code (IaC) has evolved significantly, transforming from a niche practice to a foundational element of modern cloud computing. Initially, IaC started with basic scripting, where manual configurations were automated through shell scripts and configuration files. This phase gradually evolved into the adoption of configuration management tools like Puppet, Chef, and Ansible, in addition to provisioning management tools like Bicep and Terraform which introduced more declarative, structured, and repeatable processes to create and configure your cloud infrastructure. Recently, IaC has integrated more deeply with continuous integration and delivery pipelines, facilitating continuous deployment and further automating the infrastructure lifecycle.

If you have been working with IaC templates for a while, you may have encountered persistent challenges and obstacles when attempting to scale out and re-utilize your infrastructure in a manner that is consistently applied across your entire organization. This process can become even more complex when trying to ensure that your infrastructure is kept up-to-date with the most recent security updates, protocols, and design patterns.

You also may have encountered challenges when trying to manage multiple environments. How do you tailor infrastructure for different environments with slightly different configurations without duplicating your infrastructure code? How do you share common configuration values across these environments? How can you safely test infrastructure changes before you actually apply them? How do you ensure consistency across environments when it comes to things like resource naming and resource sizing?

All of these factors are crucial to consider when developing a robust and scalable infrastructure framework for your organization that seamlessly integrates with your software development lifecycle.

Azure Verified Modules

Recently, Microsoft has introduced Azure Verified Modules, a suite of pre-configured, rigorously tested building blocks designed to simplify and accelerate the development of cloud solutions on Microsoft Azure. These modules, verified and supported by Microsoft, provide developers and IT professionals with reliable, reusable components that ensure compliance with best practices, enhance security, and improve performance. By leveraging Azure Verified Modules, organizations can reduce the complexity of cloud deployments, minimize potential errors, and streamline the integration of various services within the Azure ecosystem. This approach not only expedites the development lifecycle but also fosters consistency and scalability across cloud projects, enabling teams to focus more on innovation and strategic initiatives rather than the intricacies of infrastructure management. Whether you’re deploying virtual machines, setting up databases, or configuring networking components, Azure Verified Modules offer a trusted foundation to build upon, ensuring that your cloud solutions are robust, efficient, and ready for production environments.

Azure Verified Modules are categorized into two primary types: Pattern Modules and Resource Modules.

Pattern Modules are higher-level constructs that string multiple resources together, designed to implement common architectural patterns while considering best practices. They encapsulate more complex configurations and workflows, allowing developers to deploy comprehensive solutions with minimal effort.

Resource Modules are more granular, focusing on individual Azure resources. They provide pre-configured templates for deploying and managing specific Azure services, such as virtual machines, storage accounts, databases, and networking components.

Microsoft primarily supports AVM written for two domain specific frameworks:

One of the greatest advantages of Azure Verified Modules is that Microsoft handles all aspects of governance, review, maintenance, and security updates. These modules are continuously updated to meet Microsoft’s internal standards, specifications, and the latest security protocols, ensuring they remain reliable and secure.

You can read more about the governance process and review process here: https://azure.github.io/Azure-Verified-Modules/specs/shared/team-definitions/

You can read more about how to contribute to the project here: https://azure.github.io/Azure-Verified-Modules/contributing/process/

Continuous Integration and Delivery of Bicep Environments

While Azure Verified Modules provide a robust foundation for building your cloud infrastructure, Microsoft leaves it pretty open ended as to how you choose to test and deploy this infrastructure across multiple environments in a continuous fashion.

How do you tailor infrastructure for different environments with slightly different configurations without duplicating your infrastructure code? How do you share common configuration values across these environments?
How can you safely test infrastructure changes before you actually apply them?
How do you ensure consistency across environments when it comes to things like resource naming and resource sizing?

From our experience as a trusted Microsoft partner and implementing various infrastructure solutions at several clients, solution teams at AIS have put together a series of scripts and YAML files to serve as a foundational framework to test and deploy your infrastructure code in continuous manner across multiple environments. This solution is primarily focused around Bicep and Azure DevOps and includes:

Using multiple different bicep parameter files that call the same bicep code to support the differences between environments while also reducing the need for duplicating infrastructure code
Using a consistent naming scheme for parameter files and repo structure as it relate to different environments and different components of the architecture
Leveraging variable groups and Key Vault references to store secure deployment and pipeline variables
Reducing the amount of unnecessary parameters in bicep code by using optional parameters and default parameter values
Leveraging YAML templates to encapsulate common pipeline tasks
Utilizing pipeline conditions and expressions to handle differences between environments
Using separate deployments and pipelines for infrastructure that is shared across environments
Utilizing separate service connections for each of your environments
Creating separate stages for testing infrastructure changes before they are applied and validation stages after they are deployed

Similar concepts will also be used to enable bicep deployments from Github and Github Actions in the future.

Conclusion

Despite the significant advancements in the adoption of Infrastructure as code as an essential component of cloud computing, developers often face persistent challenges in maintaining consistency, security, and scalability across different environments. Azure Verified Modules address these issues by providing pre-configured, rigorously tested building blocks that simplify cloud deployments and ensure adherence to best practices. With governance, review, maintenance, and security updates managed by Microsoft, these modules offer a reliable foundation for creating robust, scalable, and compliant cloud infrastructure. By utilizing specific design patterns while integrating Azure Verified Modules into your continuous integration and delivery pipelines, you can further streamlines infrastructure management to allow your team to focus on innovation and strategic initiatives.