Quickstart: Use Bicep to deploy an Azure Managed Application definition

This quickstart describes how to use Bicep to deploy an Azure Managed Application definition from your service catalog. The definition's in your service catalog are available to members of your organization.

To deploy a managed application definition from your service catalog, do the following tasks:

  • Use Bicep to develop a template that deploys a managed application definition.
  • Create a parameter file for the deployment.
  • Deploy the managed application definition from your service catalog.

Prerequisites

To complete the tasks in this article, you need the following items:

Get managed application definition

To get the managed application's definition with Azure PowerShell, run the following commands.

In Visual Studio Code, open a new PowerShell terminal and sign in to your Azure subscription.

Connect-AzAccount -Environment AzureChinaCloud

The command opens your default browser and prompts you to sign in to Azure. For more information, go to Sign in with Azure PowerShell.

From Azure PowerShell, get your managed application's definition. In this example, use the resource group name bicepDefinitionGroup that was created when you deployed the managed application definition.

Get-AzManagedApplicationDefinition -ResourceGroupName bicepDefinitionGroup

Get-AzManagedApplicationDefinition lists all the available definitions in the specified resource group, like sampleBicepManagedApplication.

The following command parses the output to show only the definition name and resource group name. You use the names when you deploy the managed application.

Get-AzManagedApplicationDefinition -ResourceGroupName bicepDefinitionGroup | Select-Object -Property Name, ResourceGroupName

Create the Bicep file

Open Visual Studio Code and create a file name deployServiceCatalog.bicep. Copy and paste the following code into the file and save it.

@description('Region where the resources are deployed.')
param location string = resourceGroup().location

@description('Resource group name where the definition is stored.')
param definitionRG string

@description('Name of the service catalog definition.')
param definitionName string

// Parameters for the managed application's resource deployment
@description('Name of the managed application.')
param managedAppName string

@description('Name for the managed resource group.')
param mrgName string

@maxLength(40)
@description('Service plan name with maximum 40 alphanumeric characters and hyphens. Must be unique within a resource group in your subscription.')
param appServicePlanName string

@maxLength(47)
@description('Globally unique across Azure. Maximum of 47 alphanumeric characters or hyphens.')
param appServiceNamePrefix string

@description('Resource ID for the managed application definition.')
var appResourceId = resourceId('${definitionRG}', 'Microsoft.Solutions/applicationdefinitions', '${definitionName}')

@description('Creates the path for the managed resource group. The resource group is created during deployment.')
var mrgId = '${subscription().id}/resourceGroups/${mrgName}'

resource bicepServiceCatalogApp 'Microsoft.Solutions/applications@2021-07-01' = {
  name: managedAppName
  kind: 'ServiceCatalog'
  location: location
  properties: {
    applicationDefinitionId: appResourceId
    managedResourceGroupId: mrgId
    parameters: {
      appServicePlanName: {
        value: appServicePlanName
      }
      appServiceNamePrefix: {
        value: appServiceNamePrefix
      }
    }
  }
}

For more information about the resource type, go to Microsoft.Solutions/applications.

Create the parameter file

Open Visual Studio Code and create a parameter file named deployServiceCatalog-parameters.bicepparam. Copy and paste the following code into the file and save it.

using './deployServiceCatalog.bicep'

param definitionName = 'sampleBicepManagedApplication'
param definitionRG = 'bicepDefinitionGroup'
param managedAppName = 'sampleBicepManagedApp'
param mrgName = 'placeholder for managed resource group name'
param appServicePlanName = 'demoAppServicePlan'
param appServiceNamePrefix = 'demoApp'

You need to provide several parameters to deploy the managed application:

Parameter Value
definitionName Name of the service catalog definition. This example uses sampleBicepManagedApplication.
definitionRG Resource group name where the definition is stored. This example uses bicepDefinitionGroup.
managedAppName Name for the deployed managed application. This example uses sampleBicepManagedApp.
mrgName Unique name for the managed resource group that contains the application's deployed resources. The resource group is created when you deploy the managed application. To create a managed resource group name, run the commands that follow this parameter list and use the $mrgname value to replace the placeholder in the parameters file.
appServicePlanName Create a plan name. Maximum of 40 alphanumeric characters and hyphens. For example, demoAppServicePlan. App Service plan names must be unique within a resource group in your subscription.
appServiceNamePrefix Create a prefix for the plan name. Maximum of 47 alphanumeric characters or hyphens. For example, demoApp. During deployment, the prefix is concatenated with a unique string to create a name that's globally unique across Azure.

You can run the following commands to create a name for the managed resource group.

$mrgprefix = 'mrg-sampleBicepManagedApplication-'
$mrgtimestamp = Get-Date -UFormat "%Y%m%d%H%M%S"
$mrgname = $mrgprefix + $mrgtimestamp
$mrgname

The $mrgprefix and $mrgtimestamp variables are concatenated and stored in the $mrgname variable. The variable's value is in the format mrg-sampleBicepManagedApplication-20230512103059. You use the $mrgname variable's value when you deploy the managed application.

Deploy the managed application

Use Azure PowerShell or Azure CLI to create a resource group and deploy the managed application.

New-AzResourceGroup -Name bicepApplicationGroup -Location chinanorth3

$deployparms = @{
  ResourceGroupName = "bicepApplicationGroup"
  TemplateFile = "deployServiceCatalog.bicep"
  TemplateParameterFile = "deployServiceCatalog-parameters.bicepparam"
  Name = "deployServiceCatalogApp"
}

New-AzResourceGroupDeployment @deployparms

The $deployparms variable uses PowerShell splatting to improve readability for the parameter values.

Your deployment might display a Bicep linter warning that the managedResourceGroupId property expects a resource ID. Because the managed resource group is created during the deployment, there isn't a resource ID available for the property.

View results

After the service catalog managed application is deployed, you have two new resource groups. One resource group contains the managed application. The other resource group contains the managed resources that were deployed. In this example, an App Service, App Service plan, and storage account.

Managed application

After the deployment is finished, you can check your managed application's status.

Run the following command to check the managed application's status.

Get-AzManagedApplication -Name sampleBicepManagedApp -ResourceGroupName bicepApplicationGroup

Expand the properties to make it easier to read the Properties information.

Get-AzManagedApplication -Name sampleBicepManagedApp -ResourceGroupName bicepApplicationGroup | Select-Object -ExpandProperty Properties

Managed resources

You can view the resources deployed to the managed resource group.

To display the managed resource group's resources, run the following command. You created the $mrgname variable when you created the parameters.

Get-AzResource -ResourceGroupName $mrgname

To display all the role assignments for the managed resource group.

Get-AzRoleAssignment -ResourceGroupName $mrgname

The managed application definition you created in the quickstart articles used a group with the Owner role assignment. You can view the group with the following command.

Get-AzRoleAssignment -ResourceGroupName $mrgname -RoleDefinitionName Owner

You can also list the deny assignments for the managed resource group.

Get-AzDenyAssignment -ResourceGroupName $mrgname

Clean up resources

When you're finished with the managed application, you can delete the resource groups and that removes all the resources you created. For example, you created the resource groups bicepApplicationGroup and a managed resource group with the prefix mrg-bicepManagedApplication.

When you delete the bicepApplicationGroup resource group, the managed application, managed resource group, and all the Azure resources are deleted.

The command prompts you to confirm that you want to remove the resource group.

Remove-AzResourceGroup -Name bicepApplicationGroup

If you want to delete the managed application definition, delete the resource groups you created named packageStorageGroup and bicepDefinitionGroup.

Next steps