Welcome to the “Introducing” series (check here for the full list of blog posts in this series). In the previous blog post, we introduced the Azure Marketplace. In this blog post, we Azure Resource Manager (also known as ARM). We have a special guest author for this blog post, Steve Buchanan! Steve is a Microsoft Azure MVP and a great contributor to the technical community. To find out more about Steve, check out his blog at www.buchatech.com or on Twitter as @Buchatech! With no further delay, let’s learn about ARM!
By this point you should be familiar with Microsoft’s public cloud service Azure (which we introduced in this blog post in the series). In this blog post we are going to explore the engine of Azure “Azure Resource Manager” aka “ARM”. As the engine for Azure ARM is core to Azure being the deployment and management service for Azure. What do we mean by deployment and management service? This is what allows you to create, update, and delete resources in Azure.
Relevant Azure Structure
Within ARM you need to be familiar with the following: (for more on the structure of Azure see this blog post in the series)
Item in Azure that needs to be managed. This is created or assigned. Examples of a resource is Virtual Machines, Load Balancers, a Virtual Network, Storage Account, IP Address and more.
This is a container that holds resources. You place resources that share the same lifecycle in the same resource group so you can manage them together.
A service in Azure that provides various Azure services and their resources. Every service in Azure has a resource provider for example you have Microsoft.Network for virtual networks, load balancers etc, Microsoft.Kubernetes for AKS, Microsoft.Compute for virtual machines, and Microsoft.Storage for storage resources. A full list of the Azure resource providers can be found here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-services-resource-providers
How to interact with Azure ARM
Next it is important to understand how you can interact with Azure ARM. There are many ways to interact with ARM these are:
This is https://portal.azure.com. It is a web UI that you log into to interact with Azure.
The ARM API is how you can access a number of REST operation groups to interact with ARM. Full list of the REST operations can be found here: https://docs.microsoft.com/en-us/rest/api/resources/
The ARM SDK is used to programmatically interact with Azure. You can access the SDK downloads for many languages here: https://azure.microsoft.com/en-us/downloads/
Azure PowerShell Module
The Az PowerShell module allows you to work with Azure directly from PowerShell. The Az PowerShell module has a set of cmdlets for working with Azure resources. You can learn more about this here: https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-5.9.0
The Azure CLI is Azure’s official Command-Line Interface. The CLI is a set of commands used to work with Azure resources. To learn more about the CLI visit: https://docs.microsoft.com/en-us/cli/azure/
Bicep is a domain-specific language (DSL) language for writing IaC for Azure. Bicep is an abstraction to ARM Templates being an easier language to work with compared to ARM Templates that are based on JASON. Bicep files compile into ARM Templates and then are deployed to automate Azure. To learn more about Bicep visit: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/bicep-overview
Azure Bicep, ARM Templates, the Az PowerShell module, and Azure CLI are often used for automation with Azure. Regardless of what tool and way you chose to work with ARM the key is that the experience and result is going to be consistent.
What is ARM used for?
ARM was designed for efficient resource organization and management. With ARM you have the following hierarchical structure available to help you organize from the tenant level down to the resource groups:
You can apply settings and policies at each level for configuration and compliance needs. You also can add tags to resources for labeling the resources and locks to lock resources from change or accidental deletion.
ARM was built to be resilient never down for maintenance, not dependent on any single Azure data center, and it is distributed across regions and availability zones for continuous availability.
ARM was built to be secure allowing you to control who sees what resources and perform actions on those resources. ARM is controlled through Role-Based Access Control (RBAC) powered by Azure Active Directory giving you confidence in security on a group or user-based level.
As you can see to truly understand Azure it is important to understand ARM. ARM is central to Azure. As you work with Azure no matter what services you are using, how you are connecting to Azure, and what you are doing you are essentially interacting with ARM. Thanks for reading and I hope this blog post was insightful giving you an introduction to Azure Resource Manager.
Thank you to Steve for your contribution to the Introducing series!