Overview

If you have worked with Terraform Sentinel IaC policies, Azure Building Blocks are similar. While not as powerful as Sentinel policies, these building blocks can ensure several best practices when spinning up infrastructure.

Example AzBB - Spinning up VMs using Azure VM Building Blocks

Some common tasks around spinning up VMs include:

  • Ensuring that the OS (on a newly spun up VM) is always the latest Windows Server image
  • Ensuring that Public IPs are automatically created for each new VM
  • Enabling diagnostics on newly created VMs
  • Ensuring that all VMs are deployed in an availability set
  • Ensuring that VM disks are managed disks

Spinning up VMs is great, but what about spinning up the entire VNET (address spaces, NSGs etc.)?

That is available on github as well. This post will create a sample hub spoke

azure hub spoke building blocks
azure vnet hub spoke

Installing and Running Azure Building Blocks

AzBB works off Parameter files - these files are available here: https://github.com/mspnp/template-building-blocks/tree/master/scenarios

Step 1 – Install NPM/Node.js

To run the AZBB tool locally we first need to install NPM/Nodejs so on my local machine I downloaded/ran the Windows x64 client installer from https://www.npmjs.com/get-npm.

Then I ran npm install from a VSCode terminal to setup Azure Building Blocks and then azbb to test the tool was installed correctly.

npm install -g @mspnp/azure-building-blocks
azbb  --> Should display the menu of commands

Step 2 - Deploy with Azure Building Blocks

From my VSCode terminal I authenticated into Azure then noted my Subscription ID which I’ll need soon.

# AuthN to Azure
 az login

# Note Subscription ID
az account show

Run azbb to kickoff the deployment of the demo deployment referencing the existing .JSON parameter file which we cloned earlier.

azbb -g "VNET-AZBB-RG" -s "your-subscription-id" -l "your-azure-region" -p "C:\Temp\template-building-blocks\scenarios\multi-tier\vnet-complete.json" --deploy

 

azure building block switches

  • -g is the resource group you are deploying to-s is your subscription id
  • -l is the Azure region your are deploying to
  • -p is the parameter file (.JSON) which contains deployment details
  • –deploy is required to initiate the deployment to Azure

Summary

Azure building blocks are poor man's way to implement IaS policies - similar to Terraform Sentinel tfplan and tfconfig policies.

Appendix - Template Building Blocks for  Azure Infrastructure

Can be found here