How to validate, plan, and deploy ARM templates
Azure Resource Manager templates are used for creating reproducible deployments in Azure.
In this post I will explain the lifecycle of an ARM template.
The sections on this post are in the order that I think the deployments should be made: Validate syntax, execute plan, and Deploy the template, but if you don’t have experience with Azure Deployments I recommend you to read the Deploy template section first because it explains the concept ‘scope’ that you must know to understand the commands in this post.
Software tools used in this post
- Ubuntu 22.04
- Azure CLI 2.44.1
- Powershell Core 7.3.1
- ARM Template test toolkit 0.21
- ARM example template: Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json
What is an ARM template?
An Azure Resource Manager (ARM) template is a JSON file that defines the infrastructure and configuration for an Azure solution so that users can deploy and manage those resources consistently and repeatedly.
ARM templates can be used to deploy and manage resources from individual services like virtual machines and storage accounts to entire solutions such websites or streaming farms. It can also be used to change resources already deployed in Azure.
The templates use declarative syntax to define resources and their properties, which means that the file defines the desired final state of the deployment and Azure will calculate and run the necessary steps for deploying or changing those resources.
How to validate an ARM template
The official tool for validating ARM syntax is the Microsoft Powershell module “ARM Template test toolkit1
Open Powershell Core and load the module:
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ pwsh
PowerShell 7.3.1
PS /home/branyac/Downloads/arm-template-toolkit/arm-ttk> Import-Module ./arm-ttk.psd1
A newer version of the ARM-TTK is available at: https://github.com/Azure/arm-ttk/releases
Installed Version: 0.21
Latest Version: 0.22
PS /home/branyac/Downloads/arm-template-toolkit/arm-ttk>
After, use the command Test-AzTemplate -TemplatePath <path-to-template> to run the Template validation.
The first lines of the command output will show the result of the JSONFile validation which checks file syntax is correct, the next messages are additional checks and recommendations based on the Microsoft Best Practices.
In the next example you will see that the syntax of the template that I use in this post is correct, but there are lots of recommendations because the template was written for an outdated version of the API. At this time fails shown in the output aren’t blockers and the template can be run without any problem. Since this is an example I won’t do any changes to the template, but when working with production templates you should apply the most recommendations you can to have a working and easily maintainable template.
PS /home/branyac/Downloads> Test-AzTemplate -TemplatePath ./Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json
Validating Downloads\Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json
JSONFiles Should Be Valid
[+] JSONFiles Should Be Valid (20 ms)
Total : 1
Pass : 1
Fail : 0
adminUsername Should Not Be A Literal
[+] adminUsername Should Not Be A Literal (53 ms)
apiVersions Should Be Recent In Reference Functions
[+] apiVersions Should Be Recent In Reference Functions (105 ms)
apiVersions Should Be Recent
[-] apiVersions Should Be Recent (102 ms)
Api versions must be the latest or under 2 years old (730 days) - API version 2019-09-01 of Microsoft.KeyVault/vaults is 1241 days old Line: 70, Column: 14
Valid Api Versions:
2022-07-01
2022-07-01
2022-02-01-preview
2021-11-01-preview
2021-10-01
2021-06-01-preview
2021-04-01-preview
Microsoft.KeyVault/vaults/secrets uses a preview version ( 2021-04-01-preview ) and there are more recent versions available. Line: 70, Column: 14
Valid Api Versions:
2022-07-01
2022-07-01
2022-02-01-preview
2021-11-01-preview
2021-10-01
2021-06-01-preview
2021-04-01-preview
artifacts parameter
[+] artifacts parameter (12 ms)
CommandToExecute Must Use ProtectedSettings For Secrets
[+] CommandToExecute Must Use ProtectedSettings For Secrets (18 ms)
DependsOn Best Practices
[-] DependsOn Best Practices (30 ms)
Depends On Must not start with [concat(
Depends On Must not start with [concat(
Depends On Must not start with [concat(
Deployment Resources Must Not Be Debug
[+] Deployment Resources Must Not Be Debug (12 ms)
DeploymentTemplate Must Not Contain Hardcoded Uri
[-] DeploymentTemplate Must Not Contain Hardcoded Uri (16 ms)
Found hardcoded reference to management.azure.com Line: 2, Column: 31
DeploymentTemplate Schema Is Correct
[-] DeploymentTemplate Schema Is Correct (2 ms)
DeploymentTemplate has an unexpected Schema.
It should be one of the following:
https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#
https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#
https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#
https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#
Dynamic Variable References Should Not Use Concat
[+] Dynamic Variable References Should Not Use Concat (5 ms)
IDs Should Be Derived From ResourceIDs
[+] IDs Should Be Derived From ResourceIDs (25 ms)
Location Should Not Be Hardcoded
[-] Location Should Not Be Hardcoded (66 ms)
Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json must use the location parameter, not resourceGroup().location or deployment().location (except when used as a default value in the main template)
ManagedIdentityExtension must not be used
[+] ManagedIdentityExtension must not be used (3 ms)
Min And Max Value Are Numbers
[+] Min And Max Value Are Numbers (7 ms)
Outputs Must Not Contain Secrets
[+] Outputs Must Not Contain Secrets (10 ms)
Parameter Types Should Be Consistent
[+] Parameter Types Should Be Consistent (34 ms)
Parameters Must Be Referenced
[+] Parameters Must Be Referenced (43 ms)
Password params must be secure
[+] Password params must be secure (5 ms)
providers apiVersions Is Not Permitted
[+] providers apiVersions Is Not Permitted (9 ms)
ResourceIds should not contain
[+] ResourceIds should not contain (31 ms)
Resources Should Have Location
[+] Resources Should Have Location (6 ms)
Resources Should Not Be Ambiguous
[+] Resources Should Not Be Ambiguous (6 ms)
Secure Params In Nested Deployments
[+] Secure Params In Nested Deployments (31 ms)
Secure String Parameters Cannot Have Default
[+] Secure String Parameters Cannot Have Default (4 ms)
Template Should Not Contain Blanks
[+] Template Should Not Contain Blanks (50 ms)
URIs Should Be Properly Constructed
[+] URIs Should Be Properly Constructed (16 ms)
Variables Must Be Referenced
[+] Variables Must Be Referenced (15 ms)
Virtual Machines Should Not Be Preview
[+] Virtual Machines Should Not Be Preview (17 ms)
VM Images Should Use Latest Version
[+] VM Images Should Use Latest Version (1 ms)
VM Size Should Be A Parameter
[+] VM Size Should Be A Parameter (16 ms)
Total : 31
Pass : 26
Fail : 5
Alternative: Use Azure deployment Validate Operation
Azure deployment Validate operation checks the syntax of the ARM template. It can be used in automated deployments because its output is in JSON format that can be easily consumed by scripts or other programs.
Unlike ARM Template test toolkit, the validate command doesn’t check for best practices.
To use the Validate operation replace create by validate in the deployment command.
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az deployment group validate \
--resource-group whatifexample \
--template-uri "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json" \
--parameters keyvaultName=kvexampletac storageAccountName=stexampletac storageKeyNumber=0 \
--mode complete
{
"error": null,
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Resources/deployments/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
"name": "Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
"properties": {
"correlationId": "bbc186d6-8af5-4643-ace8-d88b88a541f5",
"debugSetting": null,
"dependencies": [
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac/default",
"resourceType": "Microsoft.Storage/storageAccounts/blobServices"
},
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac/default",
"resourceType": "Microsoft.Storage/storageAccounts/blobServices"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac/default",
"resourceType": "Microsoft.Storage/storageAccounts/fileservices"
},
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
"resourceGroup": "whatifexample",
"resourceName": "kvexampletac",
"resourceType": "Microsoft.KeyVault/vaults"
},
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
"resourceGroup": "whatifexample",
"resourceName": "kvexampletac",
"resourceType": "Microsoft.KeyVault/vaults"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
},
{
"actionName": "listKeys",
"apiVersion": "2021-06-01",
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
"resourceGroup": "whatifexample",
"resourceName": "kvexampletac/stexampletac-key",
"resourceType": "Microsoft.KeyVault/vaults/secrets"
}
],
"duration": "PT0S",
"error": null,
"mode": "Complete",
"onErrorDeployment": null,
"outputResources": null,
"outputs": null,
"parameters": {
"keyvaultName": {
"type": "String",
"value": "kvexampletac"
},
"storageAccountName": {
"type": "String",
"value": "stexampletac"
},
"storageKeyNumber": {
"type": "Int",
"value": 0
}
},
"parametersLink": null,
"providers": [
{
"id": null,
"namespace": "Microsoft.Storage",
"providerAuthorizationConsentState": null,
"registrationPolicy": null,
"registrationState": null,
"resourceTypes": [
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
"westeurope"
],
"properties": null,
"resourceType": "storageAccounts",
"zoneMappings": null
},
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
null
],
"properties": null,
"resourceType": "storageAccounts/blobServices",
"zoneMappings": null
},
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
null
],
"properties": null,
"resourceType": "storageAccounts/fileservices",
"zoneMappings": null
}
]
},
{
"id": null,
"namespace": "Microsoft.KeyVault",
"providerAuthorizationConsentState": null,
"registrationPolicy": null,
"registrationState": null,
"resourceTypes": [
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
"westeurope"
],
"properties": null,
"resourceType": "vaults",
"zoneMappings": null
},
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
null
],
"properties": null,
"resourceType": "vaults/secrets",
"zoneMappings": null
}
]
}
],
"provisioningState": "Succeeded",
"templateHash": "4527112459590866177",
"templateLink": {
"contentVersion": "1.0.0.0",
"id": null,
"queryString": null,
"relativePath": null,
"uri": "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json"
},
"timestamp": "0001-01-01T00:00:00+00:00",
"validatedResources": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
"resourceGroup": "whatifexample"
}
]
},
"resourceGroup": "whatifexample",
"type": "Microsoft.Resources/deployments"
}
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$
How to execute plan for an ARM template
Plan is a process that simulates the deployment of the template to catch errors that can’t be detected in previous validation steps such duplicated resource names, the lack of permissions for applying some template changes, and check the collateral changes like deletion of resources that are not defined in the template.
The official Microsoft tool for running ARM template plans is the What-If operation2 To use it, add the param (--confirm-with-what-if) at the end of the deployment command.
What-If operation shows a list of operations such creation, modification, and deletion in azure resources or properties in human readable format.
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az group create --location westeurope --resource-group whatifexample
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample",
"location": "westeurope",
"managedBy": null,
"name": "whatifexample",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az deployment group create \
--resource-group whatifexample \
--template-uri "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json" \
--parameters keyvaultName=kvexampletac storageAccountName=stexampletac storageKeyNumber=0 \
--mode complete \
--confirm-with-what-if
Note: The result may contain false positive predictions (noise).
You can help us improve the accuracy of the result by opening an issue here: https://aka.ms/WhatIfIssues
Resource and property changes are indicated with this symbol:
+ Create
The deployment will update the following scope:
Scope: /subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample
+ Microsoft.KeyVault/vaults/kvexampletac [2019-09-01]
apiVersion: "2019-09-01"
id: "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac"
location: "westeurope"
name: "kvexampletac"
properties.sku.family: "A"
properties.sku.name: "Standard"
properties.tenantId: "xxxx-xxxx-xxxx-xxxx-xxxx"
type: "Microsoft.KeyVault/vaults"
+ Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key [2021-04-01-preview]
apiVersion: "2021-04-01-preview"
id: "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key"
name: "stexampletac-key"
properties.value: "*******"
type: "Microsoft.KeyVault/vaults/secrets"
+ Microsoft.Storage/storageAccounts/stexampletac [2021-06-01]
apiVersion: "2021-06-01"
id: "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac"
kind: "StorageV2"
location: "westeurope"
name: "stexampletac"
sku.name: "Standard_LRS"
type: "Microsoft.Storage/storageAccounts"
+ Microsoft.Storage/storageAccounts/stexampletac/blobServices/default [2021-06-01]
apiVersion: "2021-06-01"
id: "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default"
name: "default"
type: "Microsoft.Storage/storageAccounts/blobServices"
+ Microsoft.Storage/storageAccounts/stexampletac/fileservices/default [2021-06-01]
apiVersion: "2021-06-01"
id: "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default"
name: "default"
type: "Microsoft.Storage/storageAccounts/fileservices"
Resource changes: 5 to create.
Are you sure you want to execute the deployment? (y/n): n
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$
How to deploy an ARM template
Templates are applied in an scope. Scope is the parent Azure resource where the ARM Template resources will be deployed.
These are the posible scopes for each resource type, and the command to run the deploy:
| Scope | Command |
|---|---|
| Resource group | az deployment group create –resource-group <resource-group-name> –template-file <path-to-template> |
| Subscription | az deployment sub create –location <location> –template-file <path-to-template> |
| Management group | az deployment mg create –location <location> –template-file <path-to-template> |
| Tenant | az deployment tenant create –location <location> –template-file <path-to-template> |
The next example shows a deploy with resource group as scope:
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az deployment group create \
--resource-group whatifexample \
--template-uri "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json" \
--parameters keyvaultName=kvexampletac storageAccountName=stexampletac storageKeyNumber=0 \
--mode complete
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Resources/deployments/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
"location": null,
"name": "Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
"properties": {
"correlationId": "0bdcdfcd-9919-439e-b375-dfc6f3f6fc26",
"debugSetting": null,
"dependencies": [
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac/default",
"resourceType": "Microsoft.Storage/storageAccounts/blobServices"
},
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac/default",
"resourceType": "Microsoft.Storage/storageAccounts/blobServices"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac/default",
"resourceType": "Microsoft.Storage/storageAccounts/fileservices"
},
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
"resourceGroup": "whatifexample",
"resourceName": "kvexampletac",
"resourceType": "Microsoft.KeyVault/vaults"
},
{
"dependsOn": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
"resourceGroup": "whatifexample",
"resourceName": "kvexampletac",
"resourceType": "Microsoft.KeyVault/vaults"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
},
{
"actionName": "listKeys",
"apiVersion": "2021-06-01",
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample",
"resourceName": "stexampletac",
"resourceType": "Microsoft.Storage/storageAccounts"
}
],
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
"resourceGroup": "whatifexample",
"resourceName": "kvexampletac/stexampletac-key",
"resourceType": "Microsoft.KeyVault/vaults/secrets"
}
],
"duration": "PT44.0666372S",
"error": null,
"mode": "Complete",
"onErrorDeployment": null,
"outputResources": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
"resourceGroup": "whatifexample"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
"resourceGroup": "whatifexample"
}
],
"outputs": {},
"parameters": {
"keyvaultName": {
"type": "String",
"value": "kvexampletac"
},
"storageAccountName": {
"type": "String",
"value": "stexampletac"
},
"storageKeyNumber": {
"type": "Int",
"value": 0
}
},
"parametersLink": null,
"providers": [
{
"id": null,
"namespace": "Microsoft.Storage",
"providerAuthorizationConsentState": null,
"registrationPolicy": null,
"registrationState": null,
"resourceTypes": [
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
"westeurope"
],
"properties": null,
"resourceType": "storageAccounts",
"zoneMappings": null
},
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
null
],
"properties": null,
"resourceType": "storageAccounts/blobServices",
"zoneMappings": null
},
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
null
],
"properties": null,
"resourceType": "storageAccounts/fileservices",
"zoneMappings": null
}
]
},
{
"id": null,
"namespace": "Microsoft.KeyVault",
"providerAuthorizationConsentState": null,
"registrationPolicy": null,
"registrationState": null,
"resourceTypes": [
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
"westeurope"
],
"properties": null,
"resourceType": "vaults",
"zoneMappings": null
},
{
"aliases": null,
"apiProfiles": null,
"apiVersions": null,
"capabilities": null,
"defaultApiVersion": null,
"locationMappings": null,
"locations": [
null
],
"properties": null,
"resourceType": "vaults/secrets",
"zoneMappings": null
}
]
}
],
"provisioningState": "Succeeded",
"templateHash": "4527112459590866177",
"templateLink": {
"contentVersion": "1.0.0.0",
"id": null,
"queryString": null,
"relativePath": null,
"uri": "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json"
},
"timestamp": "2023-01-24T21:48:49.094338+00:00",
"validatedResources": null
},
"resourceGroup": "whatifexample",
"tags": null,
"type": "Microsoft.Resources/deployments"
}
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$
References and sources
- 1learn.microsoft.com - Use ARM template test toolkit
- 2learn.microsoft.com - ARM template deployment what-if operation
- learn.microsoft.com - Manage Azure resource groups by using the Azure portal
- learn.microsoft.com - How to use Azure Resource Manager (ARM) deployment templates with Azure CLI
- learn.microsoft.com - Test cases for ARM templates
- learn.microsoft.com - az deployment group validate
Last update: 24 Jan 2023
