Azure – Cloud Governance – Azure Blueprints
Hello Everybody !!!
I hope you all had a great Holi today !!! 😊.
Today in this article, we will talk about a little different topic and that is Cloud Governance. Following are some tools provided by Azure to support Cloud Governance model.
- Azure Blueprints
- Azure Tags
- Azure Management Group
- Azure Policies
Azure Blueprints is one of the most important tool provided by Azure to enable Cloud Governance. In this article, we will discuss about Azure Blueprints and in our next article we will discuss, how to Create and Assign Blueprints on an Azure Subscription through Azure Portal.
What is Azure Blueprint :
- Azure blueprint is a new feature which allows to define a package of artifacts (resource groups, Azure policies, role assignments & Resource Manager templates and more) which can be targeted to one or multiple Azure subscriptions to create consistent and repeatable environments.
- Azure Blueprints can pass parameters to either a azure policy or to an ARM template.One can define the parameters at artifact creation time or at assignment time
- The default location of all the Azure blueprints is Azure Management Group.It means Blueprints can only be saved to a Management Group or subscription that having Contributor access to .
- Azure Cosmos DB is backing Azure Blueprint service and replicated to multiple Azure Regions to provide the high availability and disaster recovery capability.
Sequencing Order Of Blueprint :
If we have not defined any directive for the order to deploy artifacts or the directive is null, then azure will deploy in the following order.
- Role assignment artifacts sorted by artifact name.
- Policy assignment artifacts sorted by artifact name.
- ARM template artifacts sorted by artifact name.
- Resource group artifacts (including child artifacts) sorted by placeholder name.
If we have Resource Group artifact with child artifact then those artifacts also follow the above sequence when deploying. Sequence order can be customized via API.
what happens to already deployed Blueprint resources :
When a Role Assignments modified then a new role assignment is created and the old deployed role are left in place. If a parameter updated/changed of a Policy Assignment then only the old assignment is updated.But if the definition of a Policy assignment changed/removed then new assignment is created and the old deployed are let in place.
Azure Blueprint API :
Till now, Azure Blueprints can only be created via the portal or REST API. Using REST API we can automate the deployment of Blueprints as Code.
I hope this article provide you basic idea of Azure Blueprint. In our next article we will discuss, how to Create and Assign Blueprints on an Azure Subscription through Azure Portal.
Thanks for reading 🙂
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubts, you are most welcome.
Stay tuned on Knowledge-Junction, will come up with more such articles.