APIM via Azure Bicep (Infrastructure as a Code.)

In this article, I will describe how to configure Azure API management using Azure Bicep and what factors we should consider when doing so.

Below are some of the common challenges:

• How to automate deployment of APIs into API Management?
• How to migrate configurations from one environment to another?
• How to avoid interference between different development teams who share the same API Management instance?

Key benefit of using the Bicep

• It's easy to start, it reduces the complexity of the ARM template. You can have your comments and place the variables close to the objects they belong to.
• the 'build' command is helpful during the development.?bicep build .\filename.bicep
• the?decompile?command can speed up the bicep development.
• bicep allows to break down the ARM complexity by defining MODULES. For every module a 'Microsoft.Resources/deployments' resource will be created in the output ARM template.

I'm using the below technology and tools for this setup.

1. VIsual Studio Code (1.75.1)
2. Azure Subscription (Pay as you go)
3. Azure APIM Instance
4. Github repo (Open source)
5. Azure DevOps (Pay as you go)
6. Bicep Visualiser

The first step is to setup the Azure APIM manually and automate it using the Azure Bycep, here are the steps

Setup a new resource group in the Azure

Setup a new APIM instance

Please note, these steps can also be done via Azure CLI or Powershell, here is the referece link

Setup a new Azure DevOps Project

The second step is to setup the project, at this point, you should consider the structure of your solution to ensure it adheres to the base architecture principle of coupling and cohesion.?

Keep the IAC setup at a root to run the deployment stages and execute the job, the same structure would be like this

Now, at this stage, you can have a separate pipeline for the individual feature or team or can be combined based on the group.

Here is the simple DevOps Pipeline.

apim-main.yaml will be executed by the pipelines and it will point to the team specific folder, we can have multiple template(IoC) as a pipelines.

trigger
? branches:
? ? include:
? ? - main
? paths:
? ? include:
? ? - .pipeline/apim
? ? - templates/apim
lockBehavior: runLatest
stages:
- stage: Artifacts
? jobs:
? ? - job: publish_artifacts
? ? ? pool:
? ? ? ? vmImage: ubuntu-latest
? ? ? steps:
? ? ? ? - task: PublishBuildArtifacts@1
? ? ? ? ? displayName: "Pushing deployment artifacts"
? ? ? ? ? inputs:
? ? ? ? ? ? PathtoPublish: "$(Build.Repository.LocalPath)/templates/apim"
? ? ? ? ? ? ArtifactName: "drop"
? ? ? ? ? ? publishLocation: "Container"

- template: apim-stages.yaml:        

apim-stages will be executed and start deploying the artifacts.

stages
- stage: DEV
? jobs:
? - template: apim-jobs.yaml
? ? parameters:
? ? ? variableGroup: APIM - DEV
? ? ? serviceAccount: bicep-connection
? ? ? agentPool: Azure Pipelines
? ? ? environment: APIM - DEV

- stage: TEST
? jobs:
? - template: apim-jobs.yaml
? ? parameters:
? ? ? variableGroup: APIM - TEST
? ? ? serviceAccount: bicep-connection
? ? ? agentPool: Azure Pipelines
? ? ? environment: APIM - TEST

- stage: PROD
? jobs:
? - template: apim-jobs.yaml
? ? parameters:
? ? ? variableGroup: APIM - PROD
? ? ? serviceAccount: bicep-connection
? ? ? agentPool: Azure Pipelines
? ? ? environment: APIM - PROD:        

Apim-job will be called for each stage of the environment variable, the job will basically pick the artifacts for the particular team and run the job, as example below.

parameters
? - name: 'variableGroup'
? ? type: string
? - name: 'serviceAccount'
? ? type: string
? - name: 'agentPool'
? ? type: string
? - name: 'environment'
? ? type: string
 
jobs:
? - deployment: DeployAPIMAPI
? ? displayName: APIM APIs deployment
? ? environment: ${{ parameters.environment }}
? ? variables:
? ? ? - group: ${{ parameters.variableGroup }}
? ? pool:
? ? ? name: ${{ parameters.agentPool }}
? ? strategy:
? ? ? runOnce:
? ? ? ? deploy: ?
? ? ? ? ? steps:
? ? ? ? ? - task: DownloadPipelineArtifact@2
? ? ? ? ? ? inputs:
? ? ? ? ? ? ? buildType: 'current'
? ? ? ? ? ? ? artifactName: 'drop'
? ? ? ? ? ? ? targetPath: '$(System.ArtifactsDirectory)/templates'
? ? ? ? ? - task: AzureCLI@2
? ? ? ? ? ? displayName: 'APIM API Deployment'
? ? ? ? ? ? inputs:
? ? ? ? ? ? ? azureSubscription: ${{ parameters.serviceAccount }}
? ? ? ? ? ? ? deploymentScope: 'Resource Group'
? ? ? ? ? ? ? scriptType: pscore
? ? ? ? ? ? ? scriptLocation: inlineScript
? ? ? ? ? ? ? inlineScript: |
? ? ? ? ? ? ? ? az deployment group create `
? ? ? ? ? ? ? ? --resource-group $(RESOURCE_GROUP_APIM) `
? ? ? ? ? ? ? ? --template-file $(System.ArtifactsDirectory)/templates/apim-main.bicep `
? ? ? ? ? ? ? ? --parameters `
? ? ? ? ? ? ? ? ? apimName=$(APIM_NAME) `
? ? ? ? ? ? ? ? ? apiName=$(API_NAME) `
? ? ? ? ? ? ? ? ? apiDisplayName=$(API_DISPLAY_NAME) `
? ? ? ? ? ? ? ? ? apiDescription=$(API_DESCRIPTION) 
? ? ? ? ? ?? ? ? ? ? ? ?:        

At this stage individual team bicep will be called (apim-main.bicep), this bicep can have multiple modules.

param apimName strin
param apiName string
param apiDisplayName string
param apiDescription string
param apiServiceUrl string

//module for test-api-main.bicep
module testAPIModule './apim/apim-api-main.bicep' = {
? name: 'rg-deploy-apim-test-api'
? params: {
? ? apimName: apimName
? ? apimAPIName: apiName ? ?
? ? apimDisplayName: apiDisplayName ? ?
? ? apimDescription: apiDescription
? ? apimServiceUrl: apiServiceUrl


? }
}        

Bicep enables the deployments into modules. A module is a Bicep file (or an ARM JSON template) that is deployed from another Bicep file. With modules, it basically improve the readability of Bicep files by encapsulating complex details of deployment. We can easily reuse modules for different deployments.

I will give you an exemple here, Let's say if you have 20 API's you can create a module and pass the variables like name and required parameters as a input, that way your code would be very well managed and easily maintanamble.

References

Here is the referene for the Azure Bicep Module

https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/modules

Don't forget to use some tools like Bicep Visualizer.

Here is the link for following the best Practcies like namving convenstion, variable declarion and resources defination etc.

Project Bicep GitHub repo:?https://github.com/Azure/bicep

Project Bicep playground:?https://bicepdemo.z22.web.core.windows.net/

I hope this article will help to Microsoft Developer Community.