Azure Blueprint as a package with reference architecture, code, data Blueprints include resources such as example code, test data, security, and compliance support targeting industry compliance scenarios like HIPAA, PCI-DSS etc. These are packages that include reference architectures, guidance, how-to guides, and other documentation, as well as executable code and sample test data. https://aka.ms/azureblueprints https://github.com/Azure/Health-Data-and-AI-Blueprint https://azure.microsoft.com/en-us/blog/customizing-azure-blueprints-to-accelerate-ai-in- healthcare/
allowing Cloud Engineers to construct and govern enterprise cloud environments for multiple application teams Allows cloud engineers to define and orchestrate the automatic roll out of an cloud environment for multiple app teams in an enterprise Lays down and locks foundational infrastructure that could be shared across subscriptions to multiple applications or to a specific application while providing flexibility in resource selection and app design Application teams can operate within a governed subscription in a self-service manner but abide by organizational standards defined in the blueprint
in a repetitive manner • Design environments that comply with organizational standards, patterns, requirements and contain required components, protect those components by applying assignment locks • Orchestrate the deployment of multiple resource templates and other artifacts like Resource Groups, Role assignments, Policy/Initiative assignments • Share Blueprints across the organization – define and publish Blueprints on a Management Groups level • Apply/Assign a Blueprint to multiple subscriptions – blueprints can upgrade several subscriptions at once that are governed by the same blueprint • Update, track, and audit assignments, use versioning • Blueprint definition = what should be deployed vs. Blueprint assignment = what was deployed
This can be a built-in or custom policy. Role Assignments Lets you add a user, app, or group and set the role. Only built-in roles are currently supported. Azure Resource Manager templates Lets you add an ARM Template. This does not let you import a parameters file. It does let you pre- set the parameters or set the parameters during assignment of the Blueprint. Resource Groups Lets you add a Resource Group to be created as a part of this Blueprint.
Blueprint definition o Draft state Publish a blueprint o Published state o Read-only o Can be assigned Assign a blueprint* o Assigned state o Assign to a subscription De-assign a blueprint o Required before deleting a blueprint (version) o Does not delete resources Delete a version or core blueprint o Core BP: deletes all versions o Version: only this Develop a new version of a blueprint o Edit existing version o Unpublished changes → Draft * or update existing assignment
defined and published at MG level • Subscriptions – Blueprints can only be assigned to existing subscriptions • Custom policy / initiative definitions • (vNext: Custom role definition) • User (or SP) with rights to Blueprint lifecycle management • Create a blueprint – rights at MG (assigned or inherited) • Microsoft.Blueprint/blueprints/write • Microsoft.Blueprint/blueprints/artifacts/write • Microsoft.Blueprint/blueprints/versions/write • Assign a blueprint – rights on a subscription or parent MG • Microsoft.Blueprint/blueprintAssignments/write • Microsoft.Blueprint/blueprintAssignments/delete
10,000 MGs in a single directory. • An MG tree supports up to six levels of depth. • Each management group and subscription can only support one parent. • Each management group can have multiple children. • All subscriptions and management groups are contained within a single hierarchy in each directory.
chars max, no spaces or special chars Description Definition location – must be a MG Operations View | Publish | Edit | Delete Artifacts Display Name Description Type: Policy assignment | Role Assignment | Resource Group | Resource template Details: RG - Name and location, Resource template – template + parameters
where the Blueprint is defined) Assignment name Location Blueprint definition version Blueprint parameters or artifact parameters – Blueprint can pass parameters to policy/initiative or resource template. It can also have its own parameters Lock assignment (aka Blueprint lock): None or All Resources • Resources created by artifacts in a blueprint assignment have three states: Not Locked, Read Only, or Cannot Edit / Delete. • Non-resource group artifacts have Read Only state • Resource groups have Cannot Edit / Delete states. The resource group object is read only, but it's possible to make changes to non-locked resources within the resource group.
in source control • Putting blueprints in a CI/CD or release pipeline Guide (Alex Frankel) https://github.com/ajf214/personal-arm-templates/blob/master/Boilerplate/managing-blueprints- as-code.md Blueprints Rest API Reference https://docs.microsoft.com/en-us/rest/api/blueprints/blueprints/createorupdate#blueprint
Security and Governance Across your Azure Subscriptions BRK3085 – Deep dive into Implementing governance at scale through Azure Policy Alex Frankel’s GitHub Repo https://github.com/ajf214/personal-arm-templates
pazdedav
iwashi86
brainpadpr
oasis1994liveforever
hamukazu
moulongzhang
nic_sugiyama
line_developers_tw
tomoki10
aeonpeople
sonic
kairim0
iwamot
helmedeiros
aleyda
lynnandtonic
khoart
.png){kind=avatar}
helenjbeal
nonsquared
keathley
hannesfritz
samtorres
rasmusluckow
eileencodes
