Azure Resource Manager (ARM) - Infrastructure as Code on Azure

As the name suggests, infrastructure as Code(IaC) is related to the codification of a given infrastructure. So in this blog, we will be going through what is IaC, what is the need for IaC, and when it comes to Azure, what do we have in store to achieve the IaC process.

Infrastructure as code is a provisioning & managing infrastructure like VM/EC2 VPC with code/configuration files. It allows us to treat infrastructure configuration and provisioning just like we handle application code, enabling us to version code in any popular SCM to take advantage of CI/CD pipelines easily.

Need of IaC

Previously, infrastructure management & configuration was done manually. Each environment has its unique configuration, which was configured manually, and that led to several problems like:

1. Cost as you have to hire many professionals to manage and maintain infrastructure.
2. Scaling as a manual configuration of infrastructure tasks is time-consuming, making you struggle to meet spikes on request.
3. Inconsistency because the manual configuration of infrastructure is error-prone. When several people do manual configurations, errors are unavoidable.

Whereas IaC is idempotent, ensuring the same deployment results in a given environment.

Why IaC on Azure?

Globally, 90% of fortune 500 have shown their belief in Azure to drive their business. It has various services to resolve business problems, from storage to AI/ML to IAM over a single platform. With IaC, Azure resources management gets way easier through configuration files with consistency, which ensures fewer errors & provides preciseness. The two important methods to implement IaC on Azure are:

1. ARM Templates
2. Terraform

IaC on Azure using ARM

To implement IaC on Azure, use Azure Resource Manager templates (ARM templates). It is a file written in json based on declarative syntax, which lets you define the state of the infrastructure you want to deploy without writing a sequence of commands to achieve that state.

In the ARM template, resources & their properties are specified for deployment. It is a native option for Azure.

Features of Azure Resource Manager(ARM)

ARM is compact with various features, making it an ideal choice for the IaC tool. Here are a few of them.

1. Declarative syntax- It allows you to define the state of the infrastructure you want to deploy without mentioning steps/commands to achieve that state.
2. Consistent Results-Every time you deploy, resources get deployed consistently with the same result over a given environment as Templates are idempotent.
3. Orchestration- Resource managers ensure the deployment of interdependent resources so they may get deployed in the correct order, which makes work easier without getting into the complexity of ordering operations.
4. Modular files- It allows you to break your desired infrastructure into smaller reusable components, which can also be nested in other templates.
5. Extensibility - You may add PowerShell/Bash script in a template. It ensures that the users get extended ability to set up the required resources.& many more features like built-in validation to ensure the success of deployment & tracked deployments to get information about deployment history & other information related to deployments.

How does the Azure Resource Manager(ARM) work?

Azure Resource Manager service centralizes resource management, security & deployment via tags to enable users to create, modify & delete resources.

All requests from APIs, Azure tools or SDKs, and Resource Manager firstly get authenticated & authorized, then these requests are sent to the Azure service, which performs the requested action. All requests are handled via the same API, so you get consistent results.

Benefits of IaC on Azure Resource Manager(ARM)

Choosing ARM for IaC on Azure enables you with:

1. Managing infrastructure through declarative templates (ARM Templates) rather than scripts.
2. It allows you to manage, monitor & deploy all your solutions' resources as a group, rather than handling resources individually.
3. It assures you of the consistent state over a given environment throughout the development lifecycle.
4. You can define dependencies between resources for getting deployed in the correct order & for faster deployment, and ARM runs independent jobs parallelly.
5. Allows you to implement access control to all services as Azure RBAC is integrated into the management platform.
6. Attach tags to resources to logically organize resources in subscription & get clarity on the organization's billing by viewing costs for a group of resources of the same tag

Template limits

Limit the size of your template to 4 MB. This applies to the template's final state after expansion with iterative resources & values for variables & parameters. Also, each parameter file should be limited to 64 KB.

With further limitations:

1. 256 parameters
2. 256 variables
3. 800 resources (including copy count)
4. 64 output values
5. 24,576 characters in a template expression
6. Some of the limits can be exceeded using a nested template.

Resource groups

Create a resource group in the same region as resources as it contains metadata of resources. If the resource group deployed in another region is temporarily unavailable, you won't be able to update resources in the resource group as metadata is unavailable.

API version

Set the hard-coded value of the API version property for the resource type. While creating a new template, we recommend using the latest API version for a resource type to determine available values. When your template works as expected, the recommendation is to use the same API version so you don't worry about the changes.

Use test toolkit

It's a script that ensures best practices are followed in a given template. If the template isn't compatible with the best practices, it returns a list of warnings and suggested changes.

IaC on Azure using Terraform

After ARM templates, the second most popular method to implement and use IaC principles on Azure is Terraform. It is the most popular and open-source tool provided by HashiCorp for infrastructure automation. It creates IaC for cloud providers like Azure, AWS, GCP with the same workflow. It helps in configuring, provisioning, and managing the infrastructure as code as it allows codification of infrastructure like VM, storage & other Azure resources through its configuration files. It enables developers to manage infrastructure with consistent tooling across various cloud platforms.

Benefits of using IaC on Azure using Terraform

1. Automation of Infrastructure management - Terraform allows  to create, provision, and alter your resources using template-based configuration files. 
2. Automation across several clouds that is platform agnostic - Terraform is likely the only full-featured automation solution that is platform agnostic and can be used to automate on-premises systems. Most organizations use cloud services from multiple providers and this could be great benefit. 
3. Before implementing changes to infrastructure, be sure you understand what's going on - Terraform plans may be used for both configuration and documentation. This ensures that your team understands how your infrastructure is configured and how changes might influence it. 

ReadA Complete Guide to Terraform - Open Source IaC tool

Conclusion

IaC is a process of representation and management of the infrastructure in the form of code that tends to be consistent & efficient. Additionally, Azure is one of the leading & reliable public CSP for IaC implementation due to its native service ARM template & its compatibility with open source tools like terraform.

Read Next

• Read about A Complete Guide to Terraform - Open Source IaC tool
• How AWS supports Infrastructure as Code ? -  AWS CloudFormation