Azure Insights

How to Build Your First Azure Blueprint

Azure Blueprints are named adequately for what they provided cloud architects who want to quickly stand up a cloud environment that complies with a set of required standards. With Helm as the governance process engine, Microsoft makes it easy to get started. Blueprints can help address business risks outlined in The Five Disciplines of Cloud Governance by assigning resource groups, templates, policies, and roles consistently and proficiently across regions. It is important to remember that the cloud is a model – not a location, and we need to adjust the way we work and build in the cloud. Blueprints are a great start this transitional process especially in regards to Governance in the Microsoft Cloud Adaption Framework for Azure.

We will walk you through the steps to create your first blueprint in this demo so that you can begin to see how Azure Blueprints work directly with ARM Templates and policies. It is important to note that blueprints are meant to work within them, and not that blueprints are meant to replace them. In this example we will build a blueprint that contains the following artifacts:

  • Resource Group
  • Create a resource group to contain our other artifacts with a similar life cycle
  • ARM Template
    • Use Azure Quickstart Templates to quickly get up and running by implementing templates already created by the cloud community to set up a virtual network (vnet) with subnets
  • Policy
    • Implement a tagging policy to append tags to the previously created vnet
  • Role-Based Access Control
    • Assign a role of contributor to the previously created vnet

Getting Started:  

Sign into Azure account.  (Sign up for free if you don’t have an account)

Search for Blueprints 
       Note that it is a service, not a resource. So the “+ Create Resource” button won’t get it done. 

 

Click “Create” under Create a blueprint 

Click “Start with a blank template” 

Fill in the fields to give your blueprint a name, description (optional), and then select the subscription you want your blueprint to located in.  

  • Suggestion(s) for naming: be descriptive when naming your blueprint 
    in our example we named our blueprint: demo-eus-blog-bp 
  • demo (describe purpose – eventually in your environment maybe you’d use dev or 
    prod” for development or production, but ours is just a demo) 
  • eus (location where we’ll place the blueprint – east United States) 
  • blog (description of the blueprint — ours is for documentation blog post) 
  • bp (to indicate this is a blueprint) 

Click “Next: Artifacts” after filling out the field in order begin adding actionable items known as artifacts to your blueprint. 

Artifacts Explained: 

A few Artifact types to pick from: 

  • Policy Assignment 
    • Custom 
    • Built-in (for ease of the demo this is what we will eventually select)  
  • Role Assignment 
    • Several roles to pick from (read through the docs for more info on the specific roles you are looking to implement)   
  • ARM Template 
    • For this demo we are going to use Azure Quickstart Templates on Github. There are several templates contributed by the community that can be copied and pasted in a blueprint template (will show examples of this in the demo), or that a button can simply be clicked to “Deploy to Azure” or “Visualize” (shown in image below) 
    • Note: If you are going to use ARM Templates you must first add a Resource Group first and then add the templates to it
  • Resource Group
    • Note: The blueprint will build in the order in which you artifacts are listed – keep this in mind as you add dependencies later on in your blueprint/cloud journey

Blueprint Note: When adding artifacts, you have to individually clean up everything your blueprints deploys, if you are going to test out some ARM templates I would individually do that first to make sure they are up and running before you deploy all the built-in features. This will prevent you from having to go and delete several artifacts when you want to clean up when you are done with the build.  

Let’s Build a Blueprint: Adding Artifacts

You previously clicked “Start with a blank blueprint”

Now, Click “+ Add artifact…” under your subscription you want to use

 Artifact type: Resource group (image below) 

Create a name for the resource group following similar naming conventions as above 

Note: ours now ends with –rg to indicate a resource group 
(this is a standard naming convention in Azure) 

Blueprint Note: Through out the process of building a blueprint you will find the ability to either allow the individual who deploys the blueprint to set the parameters (in example pictured above: Resource Group Name “check box” is checked indicating that this value will be specified when the blueprint is assigned. To set parameters for the artifact that can’t be adjusted at assignment specify them at this step by un-checking the box and assigning the value now (in example pictured: Location will be set to East US and won’t be able to be changed during assignment)  

 

Click “Add” to have this resource group artifact added to the subscription 

You can now see (below) the demo-eus-blog-vnet-rg listed in the subscription 

Note: You now have the option to “+ Add artifact” to either the entire subscription (like you just did above with the resource group) or you can “+ Add artifact” to the specific resource group which was just created (this is the route we’ll go for this example) 

Add ARM Template to our new resource group: 

Click “+Add artifact” and select Azure Resource Manager template from the drop down menu 

For this example, lets add a vnet with two subnets (therefore I will name this artifact something like  “vnet-two-snet-temp” (because it is a template of a virtual network with two subnets). We do not need to create this template from scratch!  Navigate to the Azure Quick Starts: https://github.com/Azure/azure-quickstart-templates and search for ‘vnet-two-subnets’ 

Find the repo (below in orange) that does what we want for this example: