Azure Arm Templates
π What are ARM Templates?
ARM (Azure Resource Manager) templates are JSON files that define the infrastructure and configuration you want to deploy in Azure.
Think of them as Infrastructure as Code (IaC) for Azure. Instead of manually creating resources in the portal or using CLI/PowerShell, you write a template once and deploy it repeatedly.
πΉ Key Points
Format: JSON file (.json)
-
Declarative: You describe what you want (VM, Storage, SQL, etc.), Azure figures out how to create it.
-
Idempotent: You can deploy the same template multiple times, Azure wonβt create duplicates β it ensures the desired state.
-
Repeatable: Use the same template for dev, test, prod environments.
-
Automation: Works well with CI/CD (e.g., GitHub Actions, Azure DevOps).
Custom Template to Create Storage Account
@description('Unique Name for Storage Account')
param storageAccountName string
@description('Azure Region for Deployment')
param location string = 'eastus2'
@allowed([
'Standard_LRS'
'Standard_GRS'
'Standard_ZRS'
'Premium_LRS'
])
@description('Performance and replication type.')
param skuName string = 'Standard_LRS'
// Resource: Storage Account
resource storageAccount 'Microsoft.Storage/storageAccounts@2025-06-01' = {
name: storageAccountName
location: location
sku: {
name: skuName
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
isHnsEnabled: true // Hierarchical namespace for ADLS Gen2
networkRuleSet: {
defaultAction: 'Deny' // Block public access
bypass: [
'AzureServices'
]
}
}
}
Deploying using azπ
az deployment group create \
--resource-group MyResourceGroup \
--template-file storage-gen2.json \
--parameters storageAccountName=mystorageacctgen2
This is an Azure Resource Manager (ARM) template. It defines how to deploy a Storage Account in Azure. Let me walk you through every section in depth:
Okay, let me explain your fixed Bicep template in a simple way, step by step:
1. Parametersπ
Parameters let you pass values when you deploy, so the template is reusable.
- storageAccountName β The unique name of the storage account.
- location β The Azure region (default is
eastus2). -
skuName β The storage accountβs performance/replication option. Allowed values are:
-
Standard_LRSβ locally redundant Standard_GRSβ geo-redundantStandard_ZRSβ zone redundantPremium_LRSβ premium performance
2. Resource Definitionπ
This creates the storage account itself.
- Tells Azure: βI want to create a storage account using API version 2022-01-01.β
3. Storage Account Settingsπ
Inside the resource block, you configure:
- name β uses the
storageAccountNameparameter. - location β uses the
locationparameter. - sku β set to whatever you passed in
skuName. - kind: 'StorageV2' β makes it a modern storage account that supports all services.
-
properties:
-
accessTier: 'Hot'β assumes data is accessed frequently. isHnsEnabled: trueβ turns on Hierarchical Namespace, required for Data Lake Gen2.-
networkRuleSet:defaultAction: 'Deny'β blocks public access by default.bypass: ['AzureServices']β allows trusted Azure services (like Databricks, Synapse) to still connect.
4. What happens when you deployπ
- Azure will create a new StorageV2 account.
- It will use the name, location, and SKU you provided (or the defaults).
- The account will support Data Lake Gen2.
- Public access is blocked, but Azure services can still use it.
In one line:π
This Bicep template deploys a secure StorageV2 account with ADLS Gen2 enabled, parameterized for name, location, and redundancy type, and blocks public access except for trusted Azure services.