When creating a landing zone for your new Azure resources do you have to repeat the same set of configurations on your Azure subscriptions each time? For example:
Have you wondered if there was a better way to complete this repeatable configuration? There is and it’s called Azure Blueprints.
Azure Blueprints is a Microsoft governance tool which works with Azure Policy and Azure Resource Manager (ARM) templates to define a set of Azure configurations. An Azure Blueprint can be used to expedite the deployment and build of an environment to a particular set of standards, in a repeatable way.
With Azure Blueprint you can deploy the following artifacts:
Once a Blueprint has been built and tested it can be exported and redeployed to each new subscription(s) you have in your organisation.
At the time of writing Azure Blueprints is in Preview and is expected to be released into general availability shortly.
How do Blueprints work?
The Azure Blueprint package can be built from the Azure Portal and applied to a specific subscription or to Azure Management Groups, including multiple subscriptions. Each Azure Blueprint package contains a group of artifacts, an artifact defines the deployment parameters such as Policy, Role, ARM or Resource Group.
During the build process a Blueprint will go through the following stages:
Stage 1 – Draft
Once a Blueprint has been built or changed, the Blueprint is saved as a Draft version.
Stage 2 – Published
Once the Draft version is complete the Blueprint is Published. This requires a version number and change note to be added to the Blueprint. Azure always defaults to the latest version of the Blueprint.
Stage 3 – Assigned
Once the Blueprint has been published it is ready to be assigned to either a subscription or Management Group. During the assignment process it is possible to apply a lock to the deployed resources. There are three possible locks for an assignment:
Once the Blueprint has deployed the specified resources, permissions, and policies the Assigned Blueprints section will show the latest version of the Blueprint.
If Azure Policies have been defined in the Blueprint, the specific policies are shown in the Azure Policy section of the Azure Portal. Using the Azure Policy portal, we can see which resources are compliant or not. Azure Policy will be discussed in a future blog.
Azure Blueprints will save you time when deploying your Azure landing zones and ensure your environment meets a defined standards for a consistent approach when setting up Azure subscriptions.
If you would like more information on how to use Azure Blueprints for your deployments, please contact email@example.com for a demonstration and walk through.