Quickstart: Use Bicep to deploy an Azure Managed Application definition
This quickstart describes how to use Bicep to deploy an Azure Managed Application definition from your service catalog. The definition's in your service catalog are available to members of your organization.
To deploy a managed application definition from your service catalog, do the following tasks:
- Use Bicep to develop a template that deploys a managed application definition.
- Create a parameter file for the deployment.
- Deploy the managed application definition from your service catalog.
Prerequisites
To complete the tasks in this article, you need the following items:
- Deployed a definition with Quickstart: Use Bicep to create and publish an Azure Managed Application definition.
- An Azure account with an active subscription. If you don't have an account, create a Trial before you begin.
- Visual Studio Code with the latest Azure Resource Manager Tools extension. For Bicep files, install the Bicep extension for Visual Studio Code.
- The latest version of Azure PowerShell or Azure CLI.
Get managed application definition
To get the managed application's definition with Azure PowerShell, run the following commands.
In Visual Studio Code, open a new PowerShell terminal and sign in to your Azure subscription.
Connect-AzAccount -Environment AzureChinaCloud
The command opens your default browser and prompts you to sign in to Azure. For more information, go to Sign in with Azure PowerShell.
From Azure PowerShell, get your managed application's definition. In this example, use the resource group name bicepDefinitionGroup that was created when you deployed the managed application definition.
Get-AzManagedApplicationDefinition -ResourceGroupName bicepDefinitionGroup
Get-AzManagedApplicationDefinition
lists all the available definitions in the specified resource group, like sampleBicepManagedApplication.
The following command parses the output to show only the definition name and resource group name. You use the names when you deploy the managed application.
Get-AzManagedApplicationDefinition -ResourceGroupName bicepDefinitionGroup | Select-Object -Property Name, ResourceGroupName
Create the Bicep file
Open Visual Studio Code and create a file name deployServiceCatalog.bicep. Copy and paste the following code into the file and save it.
@description('Region where the resources are deployed.')
param location string = resourceGroup().location
@description('Resource group name where the definition is stored.')
param definitionRG string
@description('Name of the service catalog definition.')
param definitionName string
// Parameters for the managed application's resource deployment
@description('Name of the managed application.')
param managedAppName string
@description('Name for the managed resource group.')
param mrgName string
@maxLength(40)
@description('Service plan name with maximum 40 alphanumeric characters and hyphens. Must be unique within a resource group in your subscription.')
param appServicePlanName string
@maxLength(47)
@description('Globally unique across Azure. Maximum of 47 alphanumeric characters or hyphens.')
param appServiceNamePrefix string
@description('Resource ID for the managed application definition.')
var appResourceId = resourceId('${definitionRG}', 'Microsoft.Solutions/applicationdefinitions', '${definitionName}')
@description('Creates the path for the managed resource group. The resource group is created during deployment.')
var mrgId = '${subscription().id}/resourceGroups/${mrgName}'
resource bicepServiceCatalogApp 'Microsoft.Solutions/applications@2021-07-01' = {
name: managedAppName
kind: 'ServiceCatalog'
location: location
properties: {
applicationDefinitionId: appResourceId
managedResourceGroupId: mrgId
parameters: {
appServicePlanName: {
value: appServicePlanName
}
appServiceNamePrefix: {
value: appServiceNamePrefix
}
}
}
}
For more information about the resource type, go to Microsoft.Solutions/applications.
Create the parameter file
Open Visual Studio Code and create a parameter file named deployServiceCatalog-parameters.bicepparam. Copy and paste the following code into the file and save it.
using './deployServiceCatalog.bicep'
param definitionName = 'sampleBicepManagedApplication'
param definitionRG = 'bicepDefinitionGroup'
param managedAppName = 'sampleBicepManagedApp'
param mrgName = 'placeholder for managed resource group name'
param appServicePlanName = 'demoAppServicePlan'
param appServiceNamePrefix = 'demoApp'
You need to provide several parameters to deploy the managed application:
Parameter | Value |
---|---|
definitionName |
Name of the service catalog definition. This example uses sampleBicepManagedApplication. |
definitionRG |
Resource group name where the definition is stored. This example uses bicepDefinitionGroup. |
managedAppName |
Name for the deployed managed application. This example uses sampleBicepManagedApp. |
mrgName |
Unique name for the managed resource group that contains the application's deployed resources. The resource group is created when you deploy the managed application. To create a managed resource group name, run the commands that follow this parameter list and use the $mrgname value to replace the placeholder in the parameters file. |
appServicePlanName |
Create a plan name. Maximum of 40 alphanumeric characters and hyphens. For example, demoAppServicePlan. App Service plan names must be unique within a resource group in your subscription. |
appServiceNamePrefix |
Create a prefix for the plan name. Maximum of 47 alphanumeric characters or hyphens. For example, demoApp. During deployment, the prefix is concatenated with a unique string to create a name that's globally unique across Azure. |
You can run the following commands to create a name for the managed resource group.
$mrgprefix = 'mrg-sampleBicepManagedApplication-'
$mrgtimestamp = Get-Date -UFormat "%Y%m%d%H%M%S"
$mrgname = $mrgprefix + $mrgtimestamp
$mrgname
The $mrgprefix
and $mrgtimestamp
variables are concatenated and stored in the $mrgname
variable. The variable's value is in the format mrg-sampleBicepManagedApplication-20230512103059. You use the $mrgname
variable's value when you deploy the managed application.
Deploy the managed application
Use Azure PowerShell or Azure CLI to create a resource group and deploy the managed application.
New-AzResourceGroup -Name bicepApplicationGroup -Location chinanorth3
$deployparms = @{
ResourceGroupName = "bicepApplicationGroup"
TemplateFile = "deployServiceCatalog.bicep"
TemplateParameterFile = "deployServiceCatalog-parameters.bicepparam"
Name = "deployServiceCatalogApp"
}
New-AzResourceGroupDeployment @deployparms
The $deployparms
variable uses PowerShell splatting to improve readability for the parameter values.
Your deployment might display a Bicep linter warning that the managedResourceGroupId
property expects a resource ID. Because the managed resource group is created during the deployment, there isn't a resource ID available for the property.
View results
After the service catalog managed application is deployed, you have two new resource groups. One resource group contains the managed application. The other resource group contains the managed resources that were deployed. In this example, an App Service, App Service plan, and storage account.
Managed application
After the deployment is finished, you can check your managed application's status.
Run the following command to check the managed application's status.
Get-AzManagedApplication -Name sampleBicepManagedApp -ResourceGroupName bicepApplicationGroup
Expand the properties to make it easier to read the Properties
information.
Get-AzManagedApplication -Name sampleBicepManagedApp -ResourceGroupName bicepApplicationGroup | Select-Object -ExpandProperty Properties
Managed resources
You can view the resources deployed to the managed resource group.
To display the managed resource group's resources, run the following command. You created the $mrgname
variable when you created the parameters.
Get-AzResource -ResourceGroupName $mrgname
To display all the role assignments for the managed resource group.
Get-AzRoleAssignment -ResourceGroupName $mrgname
The managed application definition you created in the quickstart articles used a group with the Owner role assignment. You can view the group with the following command.
Get-AzRoleAssignment -ResourceGroupName $mrgname -RoleDefinitionName Owner
You can also list the deny assignments for the managed resource group.
Get-AzDenyAssignment -ResourceGroupName $mrgname
Clean up resources
When you're finished with the managed application, you can delete the resource groups and that removes all the resources you created. For example, you created the resource groups bicepApplicationGroup and a managed resource group with the prefix mrg-bicepManagedApplication.
When you delete the bicepApplicationGroup resource group, the managed application, managed resource group, and all the Azure resources are deleted.
The command prompts you to confirm that you want to remove the resource group.
Remove-AzResourceGroup -Name bicepApplicationGroup
If you want to delete the managed application definition, delete the resource groups you created named packageStorageGroup and bicepDefinitionGroup.
Next steps
- To learn how to create and publish the definition files for a managed application using Azure PowerShell, Azure CLI, or portal, go to Quickstart: Create and publish an Azure Managed Application definition.
- To use your own storage to create and publish the definition files for a managed application, go to Quickstart: Bring your own storage to create and publish an Azure Managed Application definition.