Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You can use management features that are common across the Azure services, such as access control, locking, and tagging, to implement your solutions.
A resource is a manageable item that is available through Azure. Common examples of resources include virtual machines, storage accounts, virtual networks, and web apps. Each resource is represented by a unique URI. Resources are organized into resource groups.
A resource group is a logical container into which Azure resources like virtual machines, storage accounts, and virtual networks are deployed and managed. Resource groups can contain resources of different types and lifecycles. By grouping resources, you can manage them as a single entity, simplifying tasks like deployment, updates, and deletion.
Resource providers are services that supply the Azure resources. Each resource provider offers resources that you can deploy to your subscriptions. For example, the Microsoft.Compute resource provider offers virtual machine resources, and the Microsoft.Storage resource provider offers storage account resources.
You must register resource providers for your subscription before you can deploy resources from them.
An Azure Resource Manager (ARM) template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. ARM templates use a declarative syntax, which means you define what you want to deploy without writing the commands to create it. When you deploy a template, the resource provider makes sure that the resources are in the desired state.
Key sections of an ARM template include:
$schema: Specifies the ARM template schema version.contentVersion: A user-defined version for the template.parameters: Values that you provide when you deploy the template to customize it.variables: Values that are used as JSON fragments within the template.resources: The resources to be deployed.outputs: Values that are returned after deployment.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "mystorageaccount",
"location": "eastus",
"sku": {
"name": "Standard_LRS"
},
"kind": "StorageV2"
}
],
"outputs": {}
}
A deployment is the operation of deploying ARM templates. You can deploy templates through the Azure portal, Azure CLI, Azure PowerShell, REST API, or SDKs. Each deployment is recorded in the resource group, allowing you to track what was deployed and roll back if necessary.
Tags are metadata that you apply to resources and resource groups. Tags consist of a name-value pair that helps you identify resources for management purposes. For example, you can tag resources with their environment (e.g., "Production", "Staging") or owner.
RBAC enables fine-grained access management for Azure resources. You can grant permissions to users, groups, and service principals for specific scopes (subscription, resource group, or individual resource). ARM uses RBAC to enforce access policies during resource creation and management.
Azure Resource Manager locks help prevent accidental deletion or modification of critical resources. You can apply two types of locks: CanNotDelete (read-only access) and ReadOnly (prevents all modification and deletion).
For more in-depth information and examples, please refer to the official Azure documentation.