Azure Blueprints – Governed Cloud Environments

Azure Blueprints allows an engineer or an architect to sketch a project’s design parameters. From this we can define a repeatable set of Azure resource that implements and adheres to an organization’s standards, patterns, and requirements. Azure Blueprints will help us to deploy our environment in a rapid way.

Azure Blueprint are declarative way to orchestrate the deployment of various resource templates and artifacts.

  • Role Assignment
  • Policy Assignment
  • Azure Resource Manager Template
  • Resource Groups

Define and Assign an Azure Blueprint in the portal

Before we get start we need to have following

  • Valid one or more Azure Account
  • Azure Management Groups
  • Azure subscriptions should be allocated to relevant management group

First we need to create a Blueprint definitions form Azure Blueprint

In Azure all service search for Blueprint, Select Blueprint

Navigate to Blueprint Definitions, click Create Blueprint

Next step give a Blueprint Name, then Definition Location specify the Management Group Blueprint assigns.

In the Artifacts we define what policies, Role Assignment, ARM Template deployment or Resource Group applies  

In the first artifact, We are adding Azure Policy to apply tags to a resource group if the user did’t specify. This happens without user interaction. and we add this Policy in subscription level, therefore if anyone create resource group without tags in the subscription it add the mentioned tag without any user interaction.

Edit Parameters for the Policy

In the next artifact, adding a Role Assignment  where we will assign a users who has access to the subscription resources. We can use built in Role Assignment and custom Role assignment for this.

Next we create Resource Group t

Next we use our ARM template for the deployment. we can past the ARM JSON to the portal or select a existing JSON file from local machine.

In the template parameter section you can select parameters mentioned in the template. In this example I only use Storage Type as a parameter and specify allowed values. So when we deploy the blueprint we can specify which parameter value we should use.

Next we saved out Blueprint as a draft 

After save as draft we need to publish this Blueprint as below

Next we can assign this to the subscriptions we specified in the Management Groups (Definition Location) in previous step.

After assignment complete we can see the Blueprint automate  the deployment we specify. As a user/admin has less tasks to complete. 

In above we can see it automate the Resource Group  creation and deploy the resources to that RG and do the relevant tagging to RG.