Azure Resource Manager (ARM) Concepts

Core Concepts of Azure Resource Manager

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. ARM offers a consistent management experience across the various management tools available for Azure.

Resources and Resource Groups

In Azure, a resource is anything that can be managed on Azure. Some common examples of resources are virtual machines, storage accounts, virtual networks, web apps, databases, and SQL databases.

A resource group is a logical container that holds related Azure resources for an Azure solution. The resource group can contain the resources that you want to manage as a group. You decide how to allocate resources to resource groups based on what makes the most sense for your organization.

Key benefits of using resource groups:

• Deploy, manage, and monitor all resources for an application as a single unit.
• Redeploy resources when the application is updated, by updating the group.
• Manage access to resources by assigning roles at the resource group level.
• Tag resources to organize them logically and by billing.

ARM Templates

ARM templates are JavaScript Object Notation (JSON) files that declaratively define the infrastructure and configuration for your Azure solution. An ARM template is a string that contains one or more JSON resource definitions. You can use a template to deploy a new instance of your solution consistently and repeatedly.

An ARM template has at least one required property, schema, which specifies the version of the ARM template schema to use. The core of the template is the resources array, which defines the Azure resources you want to deploy.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-04-01",
      "name": "[concat(uniqueString(resourceGroup().id), 'storage')]",
      "location": "[resourceGroup().location]",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2"
    }
  ],
  "outputs": {}
}

Deployments

A deployment is the process of using an ARM template to create resources in a resource group. You can deploy a template to a new or existing resource group.

When you deploy a template, ARM processes the JSON file and creates the specified resources in your Azure subscription. Deployments can be made through various tools like the Azure portal, Azure CLI, Azure PowerShell, and REST APIs.

Azure Policy

Azure Policy is a service that you use to create, assign, and manage policies. Policies enforce different rules and effects over your resources so that those resources comply with your corporate standards and service level agreements. Azure Policy helps you enforce standards and assess compliance at scale.

You can use policies to control:

• Resource creation (e.g., only allowing certain VM sizes)
• Resource configuration (e.g., enforcing tags)
• Compliance of existing resources

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is a system that you use to manage access to Azure resources. With RBAC, you can grant specific permissions to users, groups, or service principals. RBAC is a critical component of managing security in Azure.

Permissions are granted by assigning a role to a principal at a certain scope.

• Principal: An object that requests access to an Azure resource.
• Role: A collection of permissions.
• Scope: The level at which access is granted (e.g., management group, subscription, resource group, or individual resource).