What is infrastructure as code?


Microsoft Azure provides you with a number of options to deploy yourinfrastructure. In the One Dev Question series, Cloud Developer Advocate AbelWang explains how Azure DevOps provides developer services to support teams toplan work, collaborate on code development, and build and deploy applications.In this video, Abel explains the concepts of Infrastructure as Code (IaC).VIDEOTo meet these challenges, you can automate deployments and use the practice ofinfrastructure as code. In code, you define the infrastructure that needs tobe deployed. The infrastructure code becomes part of your project. Just likethe application code, you store the infrastructure code in a source repositoryand version it. Anyone on your team can run the code and deploy similarenvironments.

Azure Resource Manager Templates (ARM)


To implement infrastructure as code for your Azure solutions, use AzureResource Manager (ARM) templates. The template is a JavaScript Object Notation(JSON) file that defines the infrastructure and configuration for yourproject. The template uses declarative syntax, which lets you state what youintend to deploy without having to write the sequence of programming commandsto create it. In the template, you specify the resources to deploy and theproperties for those resources.You can read more information on ARM templates at the following links:ARM template documentation Understand the structure and syntax of ARM templates Azure Quickstart Templates ARM Template best practices Tutorial: Create and deploy your first ARM template Microsoft Learn: Build Azure Resource Manager templates

Hashicorp Terraform


Another really popular method of deploying your infrastructure to Azure is byusing Terraform by Hashicorp. Hashicorp Terraform is an open-source tool forprovisioning and managing cloud infrastructure. It codifies infrastructure inconfiguration files that describe the topology of cloud resources. Theseresources include virtual machines, storage accounts, and networkinginterfaces. The Terraform CLI provides a simple mechanism to deploy andversion the configuration files to Azure.Terraform is adept at deploying an infrastructure across multiple cloudproviders. It enables developers to use consistent tooling to manage eachinfrastructure definition.You can read more information on Terraform on Azure at the following links:Terraform with Azure Quickstart: Configure Terraform using Azure Cloud Shell Create a Kubernetes cluster with Azure Kubernetes Service using Terraform Tutorial: Terraform testing overview

Infrastructure-as-Code – Overview


First, consider an organization with its infrastructure deployed on-premises.This requires that the organization performs a complete study of itsrequirements and the potential growth they are expecting to accommodate thehardware and infrastructure costs in the coming years. In case they require toupgrade their infrastructure due to some elements that were not foreseen—dueto any reason, user increase (or decrease), software patch requirements,etc.—they would need to redeploy almost everything. In classical methods, thiswould follow up with a waterfall approach to patch everything. This could leadto a huge capital investment requirement and would lead to slow productionreleases due to compliance delays.With the cloud, this has changed. Cloud vendors take care of all theseelements for us, and with DevOps, they have introduced several tools to managethe infrastructure (mentioned as IaC from now on in the blog). IaC tools allowoperations teams to operate at scale while, * Leaving the infrastructure deployment to these tools. * Managing configurations for VMs and compute engines. * Supporting declarative syntax for resource creation and management. * Being version controllable as any other code, in text format.These properties for IaC tools enable operations teams to manage theirinfrastructure, and rollback to an earlier stage in case their infrastructuredoes not perform well, or the budget does not support the updatedinfrastructure demands. In this post, I will discuss two industry-leadingoptions for IaC management, one is Microsoft Azure’s ARM Template and anotherone is Alibaba Cloud’s Resource Orchestration Service or ROS for short.

ARM Template by Microsoft Azure


ARM Template is one of the most used solutions on Microsoft Azure. It ispowered by the Azure Resource Manager, which enables resource grouping andlocation parameters to deploy the solutions on the cloud. Moreover, templatesare also used to define the infrastructure and the resources deployed.ARM Template takes a couple of important details to “manage” aninfrastructure, 1. The location; where to deploy 2. Resources – Their quantity and their types 3. Connections between resources 4. Think of this as the virtual networks they are being deployed in 5. Extra informationInfrastructure is deployed on Azure using the information provided in thistemplate by Azure schedulers and controllers. A template can be downloaded foreach resource that is deployed—whether a single resource or a group ofresources. In each resource, look for “Export Template” and utilize the JSONdocument that is provided. You can also use Azure SDKs to generate thetemplate or consume the template.DevOps tools utilize this template to deploy or re-deploy the infrastructurein case of need. This also leads to the deployment of multiple stages andenvironments— testing, QA, staging, production—which can help differentdepartments and different teams to utilize the platform as per theirnecessities.Security of user data, as well as infrastructure configuration, is takenimportant care of as most details are requested on-demand during thedeployment process. Other Azure services such as Azure Key Vault service canbe utilized to provide the credentials and other sensitive details for thedeployment of infrastructure and configuration.Pros of Azure ARM Templates 1. Native support for the management of Azure resources. 2. It contains conditional scripts to accept input and dropdown selections. 3. Automatically configures and hides sensitive input from users. 4. It comes free of cost, and templates can be stored for later purposes.Cons of Azure ARM Templates 1. It can only be used with Azure resources. 2. No capability to contain automation jobs, only state. 3. No possibility to sketch or generate diagrams of the infrastructure.

Alibaba Cloud Resource Orchestration Service


On Alibaba Cloud, we are provided with Resource Orchestration Service(referred to as ROS from here on) that helps us manage the infrastructure, ascode, while staying on top of security and operational ease. Alibaba Cloud ROSfollows similar patterns as other IaC tools and is provided as a first-classand free service for the customers.On Alibaba Cloud, ROS follows a stack-deployment model—which on MicrosoftAzure is known as a resource group. Stack Deployment is the deployment of atemplate that has been generated by Alibaba Cloud ROS. Sample templates can beused to quickly deploy and test the Alibaba Cloud infrastructure, or fortesting and learning purposes.The most beautiful feature of Alibaba Cloud is the capability of visuallyrepresenting the infrastructure. Alibaba Cloud ROS can be utilized to drawarchitectural diagrams that support business needs. Many consultancyorganizations rely on this type of feature for their cloud platforms that theyare presenting a marketing pitch for. Thus, the portal can convert your JSONdocument to a visual (editable) graph, that you can edit and modify as peryour needs.This template can be deployed to Alibaba Cloud or saved for later uses. Savingthe template in the local environment can help operational teams version thisinfrastructure template using a version control system; such as git. AlibabaCloud SDK can be used to download the templates stored in a subscription forcomplete automation. In case the infrastructure does not perform well, acomplete stack can be deployed again using the same template. Templates aretext-based; thus, they can be used to rollback to a specific infrastructurestate as per the requirements of customers or resources. Now let’s enlist thepros and cons of Alibaba Cloud Resource Orchestration Service, pros first.Pros of Alibaba Cloud Resource Orchestration Service 1. Native integration with Alibaba Cloud platform and resources. 2. Available free of cost for every account. 3. Enables resource provisioning through status queries. 4. Uses a text-based structure to define the infrastructure states and configurations. 5. Out-of-box capabilities to draw a graph of infrastructure for visualization.Cons of Alibaba Cloud Resource Orchestration Service 1. Available only for Alibaba Cloud platform and resources. 2. It does not support automation scripts.

Meet the Azure Resource Manager


Azure Resource Manager, ARM, is the management plane in Microsoft Azure andthe service you connect to when deploying or modifying Azure Resources. Inturn, Azure Resources can be anything from a Virtual Machine to SQL Databaseor Load Balancer. Pretty much everything in Azure is considered a resource.You can “talk” to the Azure Resource Manager via the web based Azure Portal,Azure PowerShell and Azure CLI, to name a few. There’s more information aboutAzure Resource Manager and its terminology in this Microsoft Docs article.

Creating Resources in the Azure Portal


The most basic approach to deploying new resources is to use the Azure Portal.Here’s a screenshot showing the options when creating our Python web app.Notice that we’re using an existing Resource Group and App Service Plan,meaning that our deployment will only contain the actual Web App Instance.

Command line Template deployment using Azure PowerShell


To step things up a bit let’s use Azure Cloud shell to re-deploy our template.Log in to Azure PowerShell and upload the two json files. Edit parameters.jsonand enter a new name, such as app-python-sample2. (remember that Web App namesmust be unique). To start the deployment, use the following command as anexample: New-AzResourceGroupDeployment -Name app-python-sample2-deployment -ResourceGroupName rg-mywebapps -Location westeurope -TemplateFile ./template.json -TemplateParameterFile ./parameters.jsonThe output will be something similar to this. Go back to the resource groupand verify that the new Web App is there.

Deploying our Template from GitHub


Next up we will use GitHub Actions to deploy our ARM Template from a GitHubrepository. If you’re new to GitHub I suggest you check out the resources atdocs.github.com and lab.github.com. Basically GitHub is a web based SourceCode Management and version control service that allows us to store and managecode, in this case an ARM Template. GitHub can also act as a ContinuousIntegration and Continuous Delivery system that compiles and deploys our codeautomatically using what’s called a CI/CD pipeline.To get started you’ll need to create a new GitHub repository and upload your.json files. If you want one already made, make a clone ofhttps://github.com/halderex/CloudTech.life-ARM-template

Creating the GitHub Action


Once we have our repository in place, it’s time to create our workflow. ClickActions and select set up workflow yourselfIn the workflow editor you’ll now be presented with a template to get youstarted. Begin by editing the name, such as Deploy ARM Template. Note that theYAML file format (.yml file) is indentation aware, basically meaning thatthings need to be in the right column and that you might need to add or removewhitespaces for the syntax to be valid.The Github workflow editor enables you to pick Actions from the Marketplaceusing the right hand search and browse sidebar, and fine tune the setup to fityour needs. It’s a bit of trial-and-error and quite a struggle in thebeginning to get everything right. But it’s also very rewarding when you getyour first clean run.

Building your workflow


Build you workflow by first deleting everything after the check-out step. Thenyou’ll need to add the following Actions from the Marketplace:I have also used an optional Action to create a Time Stamp for theDeployments.Next we need to set up Deployment Credentials and store it in a GitHub Secretfor your workflow to authenticate to Azure AD. This is described in the AzureLogin Marketplace entry and also, in more detail, here. Best practise is touse the same approach for other sensitive information, such as the AzureSubscription ID, which can also be stored in a Secret and referenced in theworkflow code.Finally, I replaced the clear text Azure Subscription ID in the ARM Templatewith a Resource Function referencing the Subscription in which the deploymenttakes place.