Tips for developing, deploying and troubleshooting Azure ARM Templates
This guide can help cloud developers or architects writing IaS code to create their Azure cloud environments.
For visual studio 2019 developers: start using a resource group deployment template. It will give you intellisense and deploy options right from the IDE.
For Visual Studio Code users: download the ARM tools extension from the marketplace. In addition, download the super cool ARM Viewer that will show you a graphical preview of all the objects from the template.
In some cases, I have used the Azure portal to deploy a template, and I was able to get some extra troubleshooting information (e.g. line numbers) with it.
If you are using Azure DevOps for your CD pipelines, you could automate using the ARM deployment task.
Some other effective practices:
- Use parameters files for each environment (DEV, QA, STAGE, UAT, PROD etc).
- Create variables for all the parameters and other items needed in the template, then use only variables throughout the template so you only need to look in one place (variables section).
- Avoid linked templates. It creates unnecessary complications as all linked templates need to be hosted as a public URLs (file storage or some other exposed URL).
- Use securestring and key vault to store your secure app settings (resolve in ARM or store references). Example: app setting: @Microsoft.KeyVault(SecretUri=https://mykeyvault.vault.azure.net/secrets/MyConnectionString/17dd40cc4f2b91fba3297be3ec56) or
Now my most frustrating experience with deploying ARM templates: usually it validates fine as long as JSON is valid, but the ‘az deployment group create’ fails with an error that is not helpful but gives a correlation ID for troubleshooting. I initially had to ask for help from Microsoft support with correlation IDs, but eventually learned how to fix some errors. ARM template create calls Azure REST endpoints and errors are logged on Microsoft servers. You can get more information using below:
- Azure portal > go to Resource group deployments: and drill down on a deployment name > it will show you more details.
2. Run az deployment group with debug flag.
3. Get more info using Get-AzureRmLog -CorrelationId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -DetailedOutput or az monitor activity-log list — correlation-id b5eac9d2-e829–4c9a-9efb-586d19417c5f
Hopefully, implementing some of these tips will help you in your ARM development experience.