Azure Resource Manager overview

The infrastructure for your application is typically made up of many components – maybe a
virtual machine, storage account, and virtual network, or a web app, database, database
server, and third-party services. You don't see these components as separate entities, instead
you see them as related and interdependent parts of a single entity. You want to deploy,
manage, and monitor them as a group. Azure Resource Manager enables you to work with
the resources in your solution as a group. You can deploy, update, or delete all the resources
for your solution in a single, coordinated operation. You use a template for deployment and
that template can work for different environments such as testing, staging, and production.
Resource Manager provides security, auditing, and tagging features to help you manage your
resources after deployment.

Export an Azure Resource Manager

template from existing resources
In this article, you learn how to export a Resource Manager template from existing resources
in your subscription. You can use that generated template to gain a better understanding of
template syntax.

There are two ways to export a template:

 You can export the actual template used for deployment. The exported template
includes all the parameters and variables exactly as they appeared in the original
template. This approach is helpful when you deployed resources through the portal,
and want to see the template to create those resources. This template is readily usable.
 You can export a generated template that represents the current state of the
resource group. The exported template isn't based on any template that you used for
deployment. Instead, it creates a template that is a "snapshot" or "backup" of the
resource group. The exported template has many hard-coded values and probably not
as many parameters as you would typically define. Use this option to redeploy
resources to the same resource group. To use this template for another resource group,
you may have to significantly modify it.

This article shows both approaches through the portal.

Deploy resources
Let's start by deploying resources to Azure that you can use for exporting as a template. If
you already have a resource group in your subscription that you want to export to a template,
you can skip this section. The rest of this article assumes you've deployed the web app and
SQL database solution shown in this section. If you use a different solution, your experience
might be a little different, but the steps to export a template are the same.

1. In the Azure portal, select Create a resource.

2. Search for web app + SQL and select it from the available options.

3. Select Create.
4. Provide the required values for the web app and SQL database. Select Create.
The deployment may take a minute. After the deployment finishes, your subscription contains
the solution.

View template from deployment history

1. Go to the resource group for your new resource group. Notice that the portal shows
the result of the last deployment. Select this link.
2. You see a history of deployments for the group. In your case, the portal probably lists
only one deployment. Select this deployment.

3. The portal displays a summary of the deployment. The summary includes the status of
the deployment and its operations and the values that you provided for parameters. To
see the template that you used for the deployment, select View template.

4. Resource Manager retrieves the following seven files for you:

 1. Template - The template that defines the infrastructure for your solution.
When you created the storage account through the portal, Resource Manager
used a template to deploy it and saved that template for future reference.
2. Parameters - A parameter file that you can use to pass in values during
deployment. It contains the values that you provided during the first
deployment. You can change any of these values when you redeploy the
template.
3. CLI - An Azure CLI script file that you can use to deploy the template.
4. PowerShell - An Azure PowerShell script file that you can use to deploy the
template.
5. .NET - A .NET class that you can use to deploy the template.
6. Ruby - A Ruby class that you can use to deploy the template.

By default, the portal displays the template.

This template is the actual template used to create your web app and SQL database. Notice it
contains parameters that enable you to provide different values during deployment. To learn
more about the structure of a template, see Authoring Azure Resource Manager templates.

Export the template from resource group

If you've manually changed your resources or added resources in multiple deployments,
retrieving a template from the deployment history doesn't reflect the current state of the
resource group. This section shows you how to export a template that reflects the current state
of the resource group. It is intended as a snapshot of the resource group, which you can use to
redeploy to the same resource group. To use the exported template for other solutions, you
must significantly modify it.

Note

You can't export a template for a resource group that has more than 200 resources.

1. To view the template for a resource group, select Automation script.

Resource Manager evaluates the resources in the resource group and generates a
template for those resources. Not all resource types support the export template
function. You may see an error stating that there is a problem with the export. You
learn how to handle those issues in the Fix export issues section.

2. You again see the six files that you can use to redeploy the solution. However, this
time the template is a little different. Notice that the generated template contains
fewer parameters than the template in previous section. Also, many of the values (like
location and SKU values) are hard-coded in this template rather than accepting a
 parameter value. Before reusing this template, you might want to edit the template to
make better use of parameters.
3. You have a couple of options for continuing to work with this template. You can
either download the template and work on it locally with a JSON editor. Or, you can
save the template to your library and work on it through the portal.

If you're comfortable using a JSON editor like VS Code or Visual Studio, you might
prefer downloading the template locally and using that editor. To work locally, select
Download.

If you aren't set up with a JSON editor, you might prefer editing the template through
the portal. The rest of this article assumes you've saved the template to your library in
the portal. However, you make the same syntax changes to the template whether
working locally with a JSON editor or through the portal. To work through the portal,
select Add to library.

When adding a template to the library, you give the template a name and description.
Then, select Save.
4. To view a template saved in your library, select More services, type Templates to
filter results, select Templates.
5. Select the template with the name you saved.
Customize the template
The exported template works fine if you want to create the same web app and SQL database
for every deployment. However, Resource Manager provides options so that you can deploy
templates with a lot more flexibility. This article shows you how to add parameters for the
database administrator name and password. You can use this same approach to add more
flexibility for other values in the template.

1. To customize the template, select Edit.

2. Select the template.

3. To pass values that you might want to specify during deployment, add the following
two parameters to the parameters section in the template:
 JSON

 "administratorLogin": {
"type": "String"
},
"administratorLoginPassword": {
"type": "SecureString"
},

 To use the new parameters, replace the SQL server definition in the resources section.
Notice that administratorLogin and administratorLoginPassword now use parameter
values.

JSON
4. {
5. "comments": "Generalized from resource:
'/subscriptions/{subscription-id}/resourceGroups/exportsite/providers
/Microsoft.Sql/servers/tfserverexport'.",
6. "type": "Microsoft.Sql/servers",
7. "kind": "v12.0",
8. "name": "[parameters('servers_tfserverexport_name')]",
9. "apiVersion": "2014-04-01-preview",
10. "location": "South Central US",
11. "scale": null,
12. "properties": {
13. "administratorLogin": "[parameters('administratorLogin')]",
14. "administratorLoginPassword":
"[parameters('administratorLoginPassword')]",
15. "version": "12.0"
16. },
17. "dependsOn": []
18. },
19.
20. Select OK when you're done editing the template.
21. Select Save to save the changes to the template.

22. To redeploy the updated template, select Deploy.

 23. Provide parameter values, and select a resource group to deploy the resources to.

Fix export issues

Not all resource types support the export template function. You only see export issues when
exporting from a resource group rather than from your deployment history. If your last
deployment accurately represents the current state of the resource group, you should export
the template from the deployment history rather than from the resource group. Only export
from a resource group when you have made changes to the resource group that aren't defined
in a single template.

To resolve export issues, manually add the missing resources back into your template. The
error message includes the resource types that can't be exported. Find that resource type in
Template reference. For example, to manually add a virtual network gateway, see
Microsoft.Network/virtualNetworkGateways template reference. The template reference
gives you the JSON to add the resource to your template.

After getting the JSON format for the resource, you need to get the resource values. You can
see the values for the resource by using the GET operation in the REST API for the resource
type. For example, to get the values for your virtual network gateway, see Virtual Network
Gateways - Get.

 To see how to export a template through Azure CLI, see Export Azure Resource
Manager templates with Azure CLI.
 Deploy resources with Resource Manager
templates and Azure PowerShell
This article explains how to use Azure PowerShell with Resource Manager templates to
deploy your resources to Azure. If you are not familiar with the concepts of deploying and
managing your Azure solutions, see Azure Resource Manager overview.

The Resource Manager template you deploy can either be a local file on your machine, or an
external file that is located in a repository like GitHub. The template you deploy in this article
is available in the Sample template section, or as storage account template in GitHub.

If needed, install the Azure PowerShell module using the instructions found in the Azure
PowerShell guide, and then run Connect-AzureRmAccount to create a connection with
Azure.

Deploy a template from your local machine

When deploying resources to Azure, you:

1. Log in to your Azure account

2. Create a resource group that serves as the container for the deployed resources. The
name of the resource group can only include alphanumeric characters, periods,
underscores, hyphens, and parenthesis. It can be up to 90 characters. It cannot end in a
period.
3. Deploy to the resource group the template that defines the resources to create

A template can include parameters that enable you to customize the deployment. For
example, you can provide values that are tailored for a particular environment (such as dev,
test, and production). The sample template defines a parameter for the storage account SKU.

The following example creates a resource group, and deploys a template from your local
machine:

PowerShell
Connect-AzureRmAccount

Select-AzureRmSubscription -SubscriptionName <yourSubscriptionName>

New-AzureRmResourceGroup -Name ExampleResourceGroup -Location "South

Central US"
New-AzureRmResourceGroupDeployment -Name ExampleDeployment -
ResourceGroupName ExampleResourceGroup `
-TemplateFile c:\MyTemplates\storage.json -storageAccountType
Standard_GRS

The deployment can take a few minutes to complete. When it finishes, you see a message that
includes the result:

PowerShell
ProvisioningState : Succeeded

Deploy a template from an external source

Instead of storing Resource Manager templates on your local machine, you may prefer to
store them in an external location. You can store templates in a source control repository
(such as GitHub). Or, you can store them in an Azure storage account for shared access in
your organization.

To deploy an external template, use the TemplateUri parameter. Use the URI in the example
to deploy the sample template from GitHub.

PowerShell
New-AzureRmResourceGroupDeployment -Name ExampleDeployment -
ResourceGroupName ExampleResourceGroup `
-TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-
templates/master/101-storage-account-create/azuredeploy.json `
-storageAccountType Standard_GRS

The preceding example requires a publicly accessible URI for the template, which works for
most scenarios because your template should not include sensitive data. If you need to
specify sensitive data (like an admin password), pass that value as a secure parameter.
However, if you do not want your template to be publicly accessible, you can protect it by
storing it in a private storage container. For information about deploying a template that
requires a shared access signature (SAS) token, see Deploy private template with SAS token.

Deploy template from Cloud Shell

You can use Cloud Shell to deploy your template. However, you must first load your
template into the storage account for your Cloud Shell. If you have not used Cloud Shell, see
Overview of Azure Cloud Shell for information about setting it up.

1. Sign in to the Azure portal.

2. Select your Cloud Shell resource group. The name pattern is cloud-shell-storage-
<region>.
3. Select the storage account for your Cloud Shell.

4. Select Blobs.
5. Select + Container.

6. Give your container a name and an access level. The sample template in this article
contains no sensitive information, so allow anonymous read access. Select OK.
7. Select the container you created.

8. Select Upload.
9. Find and upload your template.

10. After it has uploaded, select the template.

11. Copy the URL.

 12. Open the prompt.

In the Cloud Shell, use the following commands:

PowerShell
New-AzureRmResourceGroup -Name ExampleResourceGroup -Location "South
Central US"
New-AzureRmResourceGroupDeployment -ResourceGroupName ExampleResourceGroup
`
-TemplateUri <copied URL> `
-storageAccountType Standard_GRS

Deploy to more than one resource group or subscription

Typically, you deploy all the resources in your template to a single resource group. However,
there are scenarios where you want to deploy a set of resources together but place them in
different resource groups or subscriptions. You can deploy to only five resource groups in a
single deployment. For more information, see Deploy Azure resources to more than one
subscription or resource group.

Parameter files
Rather than passing parameters as inline values in your script, you may find it easier to use a
JSON file that contains the parameter values. The parameter file must be in the following
format:

JSON
{
"$schema":
"https://schema.management.azure.com/schemas/2015-01-01/deploymentParameter
s.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"value": "Standard_GRS"
 }
}
}

Notice that the parameters section includes a parameter name that matches the parameter
defined in your template (storageAccountType). The parameter file contains a value for the
parameter. This value is automatically passed to the template during deployment. You can
create multiple parameter files for different deployment scenarios, and then pass in the
appropriate parameter file.

Copy the preceding example and save it as a file named storage.parameters.json.

To pass a local parameter file, use the TemplateParameterFile parameter:

PowerShell
New-AzureRmResourceGroupDeployment -Name ExampleDeployment -
ResourceGroupName ExampleResourceGroup `
-TemplateFile c:\MyTemplates\storage.json `
-TemplateParameterFile c:\MyTemplates\storage.parameters.json

To pass an external parameter file, use the TemplateParameterUri parameter:

PowerShell
New-AzureRmResourceGroupDeployment -Name ExampleDeployment -
ResourceGroupName ExampleResourceGroup `
-TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-
templates/master/101-storage-account-create/azuredeploy.json `
-TemplateParameterUri https://raw.githubusercontent.com/Azure/azure-
quickstart-templates/master/101-storage-account-create/
azuredeploy.parameters.json

You can use inline parameters and a local parameter file in the same deployment operation.
For example, you can specify some values in the local parameter file and add other values
inline during deployment. If you provide values for a parameter in both the local parameter
file and inline, the inline value takes precedence.

However, when you use an external parameter file, you cannot pass other values either inline
or from a local file. When you specify a parameter file in the TemplateParameterUri
parameter, all inline parameters are ignored. Provide all parameter values in the external file.
If your template includes a sensitive value that you cannot include in the parameter file, either
add that value to a key vault, or dynamically provide all parameter values inline.

If your template includes a parameter with the same name as one of the parameters in the
PowerShell command, PowerShell presents the parameter from your template with the
postfix FromTemplate. For example, a parameter named ResourceGroupName in your
template conflicts with the ResourceGroupName parameter in the New-
AzureRmResourceGroupDeployment cmdlet. You are prompted to provide a value for
ResourceGroupNameFromTemplate. In general, you should avoid this confusion by not
naming parameters with the same name as parameters used for deployment operations.

Test a template deployment

To test your template and parameter values without actually deploying any resources, use
Test-AzureRmResourceGroupDeployment.

PowerShell
Test-AzureRmResourceGroupDeployment -ResourceGroupName ExampleResourceGroup
`
-TemplateFile c:\MyTemplates\storage.json -storageAccountType
Standard_GRS

If no errors are detected, the command finishes without a response. If an error is detected, the
command returns an error message. For example, attempting to pass an incorrect value for the
storage account SKU, returns the following error:

PowerShell
Test-AzureRmResourceGroupDeployment -ResourceGroupName testgroup `
-TemplateFile c:\MyTemplates\storage.json -storageAccountType badSku

Code : InvalidTemplate
Message : Deployment template validation failed: 'The provided value
'badSku' for the template parameter 'storageAccountType'
at line '15' and column '24' is not valid. The parameter value is
not part of the allowed value(s):

'Standard_LRS,Standard_ZRS,Standard_GRS,Standard_RAGRS,Premium_LRS'.'.
Details :

If your template has a syntax error, the command returns an error indicating it could not parse
the template. The message indicates the line number and position of the parsing error.

PowerShell
Test-AzureRmResourceGroupDeployment : After parsing a value an unexpected
character was encountered:
". Path 'variables', line 31, position 3.

Incremental and complete deployments

When deploying your resources, you specify that the deployment is either an incremental
update or a complete update. The primary difference between these two modes is how
Resource Manager handles existing resources in the resource group that are not in the
template:

 In complete mode, Resource Manager deletes resources that exist in the resource
group but are not specified in the template.
 In incremental mode, Resource Manager leaves unchanged resources that exist in the
resource group but are not specified in the template.

For both modes, Resource Manager attempts to provision all resources specified in the
template. If the resource already exists in the resource group and its settings are unchanged,
the operation results in no change. If you change the settings for a resource, the resource is
provisioned with those new settings. If you attempt to update the location or type of an
existing resource, the deployment fails with an error. Instead, deploy a new resource with the
location or type that you need.
By default, Resource Manager uses the incremental mode.

To illustrate the difference between incremental and complete modes, consider the following
scenario.

Existing Resource Group contains:

 Resource A
 Resource B
 Resource C

Template defines:

 Resource A
 Resource B
 Resource D

When deployed in incremental mode, the resource group contains:

 Resource A
 Resource B
 Resource C
 Resource D

When deployed in complete mode, Resource C is deleted. The resource group contains:

 Resource A
 Resource B
 Resource D

To use complete mode, use the Mode parameter:

PowerShell
New-AzureRmResourceGroupDeployment -Mode Complete -Name ExampleDeployment `
-ResourceGroupName ExampleResourceGroup -TemplateFile c:\MyTemplates\
storage.json

Sample template
The following template is used for the examples in this article. Copy and save it as a file
named storage.json. To understand how to create this template, see Create your first Azure
Resource Manager template.

JSON
{
"$schema":
"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.
json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
 "type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
"variables": {
"storageAccountName": "[concat(uniquestring(resourceGroup().id),
'standardsa')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-01-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {
}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
}
}
}

**********************************************************************************

Deploy a template to Azure Stack using

PowerShell
You can use PowerShell to deploy Azure Resource Manager templates to Azure Stack. This
article shows you how to use PowerShell to deploy a template.

Run AzureRM PowerShell cmdlets

This example uses AzureRM PowerShell cmdlets and a template stored on GitHub. The
template creates a Windows Server 2012 R2 Datacenter virtual machine.

Note
Before you try this example, make sure that you've configured PowerShell for an Azure Stack
user.

1. Go to http://aka.ms/AzureStackGitHub and find the 101-simple-windows-vm

template. Save the template to this location: C:\templates\azuredeploy-101-simple-
windows-vm.json.
2. Open an elevated PowerShell command prompt.
3. Replace username and password in the following script with your username and
password, and then run the script.

PowerShell

 # Set Deployment Variables

$myNum = "001" #Modify this per deployment
$RGName = "myRG$myNum"
$myLocation = "local"

# Create Resource Group for Template Deployment

New-AzureRmResourceGroup -Name $RGName -Location $myLocation

# Deploy Simple IaaS Template

New-AzureRmResourceGroupDeployment `
-Name myDeployment$myNum `
-ResourceGroupName $RGName `
-TemplateFile c:\templates\azuredeploy-101-simple-windows-vm.json `
-NewStorageAccountName mystorage$myNum `
-DnsNameForPublicIP mydns$myNum `
-AdminUsername <username> `
-AdminPassword ("<password>" | ConvertTo-SecureString -AsPlainText
-Force) `
-VmName myVM$myNum `
-WindowsOSVersion 2012-R2-Datacenter

Important

Everytime you run this script, increment the value of the "$myNum" parameter to prevent
overwriting your deployment.

 Open the Azure Stack portal, select Browse, and then select Virtual machines to find
your new virtual machine (myDeployment001).

Deploy templates in Azure Stack using

Visual Studio
Applies to: Azure Stack integrated systems and Azure Stack Development Kit

You can use Visual Studio to deploy Azure Resource Manager templates to Azure Stack.

To deploy a template
1. Install and connect to Azure Stack with Visual Studio.
2. Open Visual Studio.
3. Select File, and then select New. In New Project, select Azure Resource Group.
4. Enter a Name for the new project, and then select OK.
5. In Select Azure Template, pick Azure Stack Quickstart from the drop-down list.
6. Select 101-create-storage-account, and then select OK.
7. In your new project, expand the Templates node in Solution Explorer to see the
available templates.
8. In Solution Explorer, pick the name of your project, and then select Deploy. Select
New Deployment.
9. In Deploy to Resource Group, use the Subscription drop-down list to select your
Microsoft Azure Stack subscription.
10. From the Resource Group list, choose an existing resource group or create a new
one.
11. From the Resource group location list, choose a location, and then select Deploy.
12. In Edit Parameters, provide values for the parameters (which vary by template), and
then select Save.