title | description | ms.topic | ms.custom | ms.date |
---|---|---|---|---|
Use Bicep to deploy an Azure Managed Application definition |
Describes how to use Bicep to deploy an Azure Managed Application definition from your service catalog. |
quickstart |
devx-track-azurepowershell, devx-track-bicep, devx-track-azurecli |
06/24/2024 |
This quickstart describes how to use Bicep to deploy an Azure Managed Application definition from your service catalog. The definition's in your service catalog are available to members of your organization.
To deploy a managed application definition from your service catalog, do the following tasks:
- Use Bicep to develop a template that deploys a managed application definition.
- Create a parameter file for the deployment.
- Deploy the managed application definition from your service catalog.
To complete the tasks in this article, you need the following items:
- Deployed a definition with Quickstart: Use Bicep to create and publish an Azure Managed Application definition.
- An Azure account with an active subscription. If you don't have an account, create a free account before you begin.
- Visual Studio Code with the latest Azure Resource Manager Tools extension. For Bicep files, install the Bicep extension for Visual Studio Code.
- The latest version of Azure PowerShell or Azure CLI.
To get the managed application's definition with Azure PowerShell, run the following commands.
In Visual Studio Code, open a new PowerShell terminal and sign in to your Azure subscription.
Connect-AzAccount
The command opens your default browser and prompts you to sign in to Azure. For more information, go to Sign in with Azure PowerShell.
From Azure PowerShell, get your managed application's definition. In this example, use the resource group name bicepDefinitionGroup that was created when you deployed the managed application definition.
Get-AzManagedApplicationDefinition -ResourceGroupName bicepDefinitionGroup
Get-AzManagedApplicationDefinition
lists all the available definitions in the specified resource group, like sampleBicepManagedApplication.
The following command parses the output to show only the definition name and resource group name. You use the names when you deploy the managed application.
Get-AzManagedApplicationDefinition -ResourceGroupName bicepDefinitionGroup | Select-Object -Property Name, ResourceGroupName
To get the managed application's definition with Azure CLI, run the following commands.
In Visual Studio Code, open a new Bash terminal session and sign in to your Azure subscription. For example, if you have Git installed, select Git Bash.
az login
The command opens your default browser and prompts you to sign in to Azure. For more information, go to Sign in with Azure CLI.
From Azure CLI, get your managed application's definition. In this example, use the resource group name bicepDefinitionGroup that was created when you deployed the managed application definition.
az managedapp definition list --resource-group bicepDefinitionGroup
The command lists all the available definitions in the specified resource group, like sampleBicepManagedApplication.
The following command parses the output to show only the definition name and resource group name. You use the names when you deploy the managed application.
az managedapp definition list --resource-group bicepDefinitionGroup --query "[].{Name:name, ResourcGroup:resourceGroup}"
Open Visual Studio Code and create a file name deployServiceCatalog.bicep. Copy and paste the following code into the file and save it.
@description('Region where the resources are deployed.')
param location string = resourceGroup().location
@description('Resource group name where the definition is stored.')
param definitionRG string
@description('Name of the service catalog definition.')
param definitionName string
// Parameters for the managed application's resource deployment
@description('Name of the managed application.')
param managedAppName string
@description('Name for the managed resource group.')
param mrgName string
@maxLength(40)
@description('Service plan name with maximum 40 alphanumeric characters and hyphens. Must be unique within a resource group in your subscription.')
param appServicePlanName string
@maxLength(47)
@description('Globally unique across Azure. Maximum of 47 alphanumeric characters or hyphens.')
param appServiceNamePrefix string
@maxLength(11)
@description('Use only lowercase letters and numbers and a maximum of 11 characters.')
param storageAccountNamePrefix string
@allowed([
'Premium_LRS'
'Standard_LRS'
'Standard_GRS'
])
@description('The options are Premium_LRS, Standard_LRS, or Standard_GRS')
param storageAccountType string
@description('Resource ID for the managed application definition.')
var appResourceId = resourceId('${definitionRG}', 'Microsoft.Solutions/applicationdefinitions', '${definitionName}')
@description('Creates the path for the managed resource group. The resource group is created during deployment.')
var mrgId = '${subscription().id}/resourceGroups/${mrgName}'
resource bicepServiceCatalogApp 'Microsoft.Solutions/applications@2021-07-01' = {
name: managedAppName
kind: 'ServiceCatalog'
location: location
properties: {
applicationDefinitionId: appResourceId
managedResourceGroupId: mrgId
parameters: {
appServicePlanName: {
value: appServicePlanName
}
appServiceNamePrefix: {
value: appServiceNamePrefix
}
storageAccountNamePrefix: {
value: storageAccountNamePrefix
}
storageAccountType: {
value: storageAccountType
}
}
}
}
For more information about the resource type, go to Microsoft.Solutions/applications.
Open Visual Studio Code and create a parameter file named deployServiceCatalog-parameters.bicepparam. Copy and paste the following code into the file and save it.
using './deployServiceCatalog.bicep'
param definitionName = 'sampleBicepManagedApplication'
param definitionRG = 'bicepDefinitionGroup'
param managedAppName = 'sampleBicepManagedApp'
param mrgName = 'placeholder for managed resource group name'
param appServicePlanName = 'demoAppServicePlan'
param appServiceNamePrefix = 'demoApp'
param storageAccountNamePrefix = 'demostg1234'
param storageAccountType = 'Standard_LRS'
You need to provide several parameters to deploy the managed application:
Parameter | Value |
---|---|
definitionName |
Name of the service catalog definition. This example uses sampleBicepManagedApplication. |
definitionRG |
Resource group name where the definition is stored. This example uses bicepDefinitionGroup. |
managedAppName |
Name for the deployed managed application. This example uses sampleBicepManagedApp. |
mrgName |
Unique name for the managed resource group that contains the application's deployed resources. The resource group is created when you deploy the managed application. To create a managed resource group name, run the commands that follow this parameter list and use the $mrgname value to replace the placeholder in the parameters file. |
appServicePlanName |
Create a plan name. Maximum of 40 alphanumeric characters and hyphens. For example, demoAppServicePlan. App Service plan names must be unique within a resource group in your subscription. |
appServiceNamePrefix |
Create a prefix for the plan name. Maximum of 47 alphanumeric characters or hyphens. For example, demoApp. During deployment, the prefix is concatenated with a unique string to create a name that's globally unique across Azure. |
storageAccountNamePrefix |
Use only lowercase letters and numbers and a maximum of 11 characters. For example, demostg1234. During deployment, the prefix is concatenated with a unique string to create a name globally unique across Azure. |
storageAccountType |
The options are Premium_LRS, Standard_LRS, and Standard_GRS. |
You can run the following commands to create a name for the managed resource group.
$mrgprefix = 'mrg-sampleBicepManagedApplication-'
$mrgtimestamp = Get-Date -UFormat "%Y%m%d%H%M%S"
$mrgname = $mrgprefix + $mrgtimestamp
$mrgname
mrgprefix='mrg-sampleBicepManagedApplication-'
mrgtimestamp=$(date +%Y%m%d%H%M%S)
mrgname="${mrgprefix}${mrgtimestamp}"
echo $mrgname
The $mrgprefix
and $mrgtimestamp
variables are concatenated and stored in the $mrgname
variable. The variable's value is in the format mrg-sampleBicepManagedApplication-20230512103059. You use the $mrgname
variable's value when you deploy the managed application.
Use Azure PowerShell or Azure CLI to create a resource group and deploy the managed application.
New-AzResourceGroup -Name bicepApplicationGroup -Location westus
$deployparms = @{
ResourceGroupName = "bicepApplicationGroup"
TemplateFile = "deployServiceCatalog.bicep"
TemplateParameterFile = "deployServiceCatalog-parameters.bicepparam"
Name = "deployServiceCatalogApp"
}
New-AzResourceGroupDeployment @deployparms
The $deployparms
variable uses PowerShell splatting to improve readability for the parameter values.
az group create --name bicepApplicationGroup --location westus
az deployment group create \
--resource-group bicepApplicationGroup \
--template-file deployServiceCatalog.bicep \
--parameters deployServiceCatalog-parameters.bicepparam \
--name deployServiceCatalogApp
Your deployment might display a Bicep linter warning that the managedResourceGroupId
property expects a resource ID. Because the managed resource group is created during the deployment, there isn't a resource ID available for the property.
After the service catalog managed application is deployed, you have two new resource groups. One resource group contains the managed application. The other resource group contains the managed resources that were deployed. In this example, an App Service, App Service plan, and storage account.
After the deployment is finished, you can check your managed application's status.
Run the following command to check the managed application's status.
Get-AzManagedApplication -Name sampleBicepManagedApp -ResourceGroupName bicepApplicationGroup
Expand the properties to make it easier to read the Properties
information.
Get-AzManagedApplication -Name sampleBicepManagedApp -ResourceGroupName bicepApplicationGroup | Select-Object -ExpandProperty Properties
Run the following command to check the managed application's status.
az managedapp show --name sampleBicepManagedApp --resource-group bicepApplicationGroup
The following command parses the data about the managed application to show only the application's name and provisioning state.
az managedapp show --name sampleBicepManagedApp --resource-group bicepApplicationGroup --query "{Name:name, provisioningState:provisioningState}"
You can view the resources deployed to the managed resource group.
To display the managed resource group's resources, run the following command. You created the $mrgname
variable when you created the parameters.
Get-AzResource -ResourceGroupName $mrgname
To display all the role assignments for the managed resource group.
Get-AzRoleAssignment -ResourceGroupName $mrgname
The managed application definition you created in the quickstart articles used a group with the Owner role assignment. You can view the group with the following command.
Get-AzRoleAssignment -ResourceGroupName $mrgname -RoleDefinitionName Owner
You can also list the deny assignments for the managed resource group.
Get-AzDenyAssignment -ResourceGroupName $mrgname
To display the managed resource group's resources, run the following command. You created the $mrgname
variable when you created the parameters.
az resource list --resource-group $mrgname
Run the following command to list only the name, type, and provisioning state for the managed resources.
az resource list --resource-group $mrgname --query "[].{Name:name, Type:type, provisioningState:provisioningState}"
Run the following command to list the role assignment for the group that was used in the managed application's definition.
az role assignment list --resource-group $mrgname
The following command parses the data for the group's role assignment.
az role assignment list --resource-group $mrgname --role Owner --query "[].{ResourceGroup:resourceGroup, GroupName:principalName, RoleDefinition:roleDefinitionId, Role:roleDefinitionName}"
To review the managed resource group's deny assignments, use the Azure portal or Azure PowerShell commands.
When you're finished with the managed application, you can delete the resource groups and that removes all the resources you created. For example, you created the resource groups bicepApplicationGroup and a managed resource group with the prefix mrg-bicepManagedApplication.
When you delete the bicepApplicationGroup resource group, the managed application, managed resource group, and all the Azure resources are deleted.
The command prompts you to confirm that you want to remove the resource group.
Remove-AzResourceGroup -Name bicepApplicationGroup
The command prompts for confirmation, and then returns you to command prompt while resources are being deleted.
az group delete --resource-group bicepApplicationGroup --no-wait
If you want to delete the managed application definition, delete the resource groups you created named packageStorageGroup and bicepDefinitionGroup.
- To learn how to create and publish the definition files for a managed application using Azure PowerShell, Azure CLI, or portal, go to Quickstart: Create and publish an Azure Managed Application definition.
- To use your own storage to create and publish the definition files for a managed application, go to Quickstart: Bring your own storage to create and publish an Azure Managed Application definition.