Bicep Templates: A Better Approach to Azure Infrastructure-as-Code

As businesses increasingly adopt cloud-based infrastructure, Infrastructure-as-Code (IaC) tools like Azure Resource Manager (ARM) templates have enabled teams to define and consistently deploy Azure resources. However, while powerful, ARM templates can be verbose and complex to manage for larger environments. That’s where Bicep templates come in—a modern simplified alternative streamlining Azure IaC processes.

What is Bicep?

Like ARM templates, Bicep?is a domain-specific language (DSL) for deploying Azure resources declaratively. It’s designed to improve the developer experience by providing cleaner, more readable code while offering ARM templates full power and flexibility. Unlike ARM templates, which rely on JSON, Bicep uses a more concise syntax, making templates more effortless to write, review, and maintain.

How Bicep Differs from ARM Templates

While ARM templates are still effective, Bicep introduces several key advantages:

• Simplified Syntax: ARM templates with nested structures, conditions, and loops can become quite complex. Bicep’s syntax is far more streamlined, reducing the need for repeated code and manual workarounds. This makes templates more straightforward to write and manage without sacrificing functionality.
• Modularization: Bicep encourages modularization, allowing you to break down large deployments into smaller, reusable modules. This results in better organization and maintainability of templates, especially for large-scale environments.
• No More Manual Management of JSON: Bicep compiles directly into ARM templates, meaning you no longer need to hand-write or manage JSON files. This drastically simplifies development and debugging efforts.
• Improved Tooling and Intellisense Support: Visual Studio Code and other editors provide built-in support for Bicep with Intellisense, which helps you avoid syntax errors and auto-completes resource definitions. This feature wasn’t as advanced with ARM templates.

How Bicep Works

At its core, Bicep works as a transparent layer over ARM templates. Bicep files are compiled into standard ARM JSON templates during deployment, so the underlying infrastructure works precisely the same way. This means you retain all the benefits of ARM, such as idempotency, consistency, and access to all Azure services while using a more developer-friendly tool.

Steps to Convert ARM Templates to Bicep

You don’t need to start using Bicep from scratch if you have existing ARM templates. Microsoft provides a simple way to decompile ARM templates to Bicep. Here’s how you can do it:

1. Install Bicep CLI: Start by installing the Bicep CLI via the Azure CLI or downloading it manually. This tool allows you to interact with and compile Bicep files.
2. Decompile Your ARM Template: Use the Bicep CLI to decompile an ARM template into a Bicep file. The following command converts your ARM template JSON file into a readable Bicep file.
3. Review and Refactor: After decompiling, review the newly generated Bicep file. In many cases, the Bicep file will be much cleaner and easier to understand than the original ARM JSON. You can refactor it further for modularization or optimizations.
4. Deploy Your Bicep Template: Just like with ARM templates, you can deploy your Bicep templates using Azure CLI or Azure PowerShell. The underlying processes remain the same since Bicep templates compile down to ARM templates.

Why Switch to Bicep?

For teams working in Azure, adopting Bicep is a natural evolution of Infrastructure-as-Code. The more intuitive syntax, better tooling, and ability to leverage existing ARM knowledge make Bicep a strong option for modern cloud projects. Here are a few compelling reasons to switch:

• Faster Development: Developers spend less time debugging complex syntax and more time focusing on building the infrastructure.
• More Maintainable Code: Bicep’s modularity and cleaner syntax improve code readability and make it easier to manage over time.
• Future-Proofing: As Microsoft actively supports and improves Bicep, it's more aligned with the future of Azure infrastructure automation.

Example of Converting an ARM Template to a Bicep Template

To give you a complete example, let’s first walk through an ARM template that deploys a Virtual Machine along with prerequisites like Resource Group, Virtual Network (VNET), Network Security Group (NSG), and Storage Account. Then, I’ll show how to convert it to a Bicep template and deploy it using Azure DevOps. Please ensure that you have Azure CLI installed.

Step 1: Example ARM Template

Here’s a simple ARM template (vm-deployment.json) that deploys a virtual machine with the required resources. This ARM template provisions a VM, VNET, NSG, and a storage account. You can customize the parameter values (like vmName, location, and adminUsername) when deploying it.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "vmName": {
      "type": "string",
      "defaultValue": "myVM"
    },
    "adminUsername": {
      "type": "string",
      "metadata": {
        "description": "Admin username for the VM."
      }
    },
    "adminPassword": {
      "type": "securestring",
      "metadata": {
        "description": "Admin password for the VM."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "eastus"
    }
  },
  "resources": [
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2020-06-01",
      "name": "myVnet",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": ["10.0.0.0/16"]
        }
      }
    },
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2020-06-01",
      "name": "myNSG",
      "location": "[parameters('location')]",
      "properties": {}
    },
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "[concat(parameters('vmName'), 'storage')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "Storage",
      "properties": {}
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2020-06-01",
      "name": "[parameters('vmName')]",
      "location": "[parameters('location')]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "Standard_DS1_v2"
        },
        "osProfile": {
          "computerName": "[parameters('vmName')]",
          "adminUsername": "[parameters('adminUsername')]",
          "adminPassword": "[parameters('adminPassword')]"
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), 'nic'))]"
            }
          ]
        }
      }
    }
  ]
}        

Step 2: Converting ARM to Bicep

To convert this ARM template into a Bicep template, use the Bicep CLI as mentioned earlier:

az bicep decompile --file vm-deployment.json        

This will output the following Bicep template (vm-deployment.bicep). The Bicep version is significantly cleaner and easier to read. This file defines the same resources but uses simpler, less verbose syntax.

param vmName string = 'myVM'
param adminUsername string
param adminPassword secureString
param location string = 'eastus'

resource vnet 'Microsoft.Network/virtualNetworks@2020-06-01' = {
  name: 'myVnet'
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.0.0.0/16'
      ]
    }
  }
}

resource nsg 'Microsoft.Network/networkSecurityGroups@2020-06-01' = {
  name: 'myNSG'
  location: location
  properties: {}
}

resource storage 'Microsoft.Storage/storageAccounts@2019-06-01' = {
  name: '${vmName}storage'
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'Storage'
  properties: {}
}

resource vm 'Microsoft.Compute/virtualMachines@2020-06-01' = {
  name: vmName
  location: location
  properties: {
    hardwareProfile: {
      vmSize: 'Standard_DS1_v2'
    }
    osProfile: {
      computerName: vmName
      adminUsername: adminUsername
      adminPassword: adminPassword
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: resourceId('Microsoft.Network/networkInterfaces', '${vmName}nic')
        }
      ]
    }
  }
}        

Step 3: Deploy Bicep Template Using Azure DevOps

To deploy this Bicep template in Azure DevOps, follow these steps:

Create an Azure DevOps Pipeline

1. Go to your Azure DevOps project.
2. Navigate to Pipelines and create a new pipeline.
3. Select the repository where you have stored your Bicep file (vm-deployment.bicep).
4. Choose to create a YAML-based pipeline.

Define the Pipeline YAML for Deployment

Here’s an example pipeline YAML file to deploy the Bicep template. This assumes you have a service connection to Azure set up in Azure DevOps.

trigger:
- main  # Adjust to your branch name

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: AzureCLI@2
  inputs:
    azureSubscription: '<Azure-service-connection>'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az group create --name MyResourceGroup --location eastus
      az deployment group create \
        --resource-group MyResourceGroup \
        --template-file vm-deployment.bicep \
        --parameters adminUsername='<your-admin>' adminPassword='<your-password>'
  displayName: 'Deploy Bicep Template'        

Explanation:

• Trigger: This specifies the branch that triggers the pipeline. In this case, it’s set to trigger on changes in the main branch.
• Pool: Specifies that the pipeline runs on the ubuntu-latest image.
• AzureCLI@2 task: This task deploys the Bicep template using the Azure CLI. It creates a Resource Group in the specified location. Deploys the Bicep template using the az deployment group create command.

Make sure to replace <Azure-service-connection> with your actual Azure DevOps service connection and adjust the admin credentials.

Run the Pipeline

1. Commit and push your pipeline YAML and Bicep template to the repository.
2. In Azure DevOps, run the pipeline, which will deploy the resources defined in the Bicep template to your Azure subscription.

Step 4: Verify Deployment in Azure

Once the pipeline finishes running, you can verify the deployment by navigating to the Azure portal. In the Resource Groups section, find your resource group (e.g., MyResourceGroup), and you’ll see the VM, VNET, NSG, and Storage account created by the Bicep template.

Conclusion

By converting your ARM templates to Bicep and using Azure DevOps for continuous deployment, you simplify the code and automate the process end-to-end. This approach streamlines infrastructure management and enables better DevOps practices with fewer errors and faster deployments.