In the previous article, we discussed the Azure Landing Zones concept and how it relates to DevOps automation. However there are many scenarios where Azure cloud is already utilized but we would like to improve Azure infrastructure management, deployments, and standardization in our organization. This is why this article will discuss some important concepts and solutions to manage Azure infrastructure in the code, and how we, at Formula5, approach these kinds of solutions and challenges with our Modular DevSecOps framework.
Azure Infrastructure Management and relation to DevOps
Utilizing tools like Azure portal to manage Azure resources is convenient and provides easy way to create and configure Azure resources. However, what about the scenario when we would like to create Azure resources with exactly the same configuration for the future projects? Of course writing the detailed documentation can be beneficial but there is a better way – with Azure infrastructure kept as source code and DevOps automation.
Infrastructure as code (IaC) uses DevOps methodology and versioning with a descriptive model to define and deploy infrastructure, such as virtual networks, virtual machines, azure web apps, and connection topologies. Utilizing IaC we can create same environment every time it deploys.
Azure cloud infrastructure can be declared as code using ARM Templates, Bicep files, Terraform modules, and other tools. Once we store infrastructure code in DevOps platforms like GitHub or Azure DevOps platforms, we can utilize DevOps automation, and CI/CD pipelines to create resources in the Azure cloud presented in the below flow.
Azure cloud environments automation with Formula5’s DevSecOps modular framework
Many organizations that utilize Azure cloud very often have DevOps practices in place and some of them already utilize the Infrastructure as a Code approach. However, a very common challenge is related to proper Azure infrastructure code management, and process around it like sharing base templates with teams within our organization. For instance, there can be a question of how to share some common infrastructure templates created in the past so other teams can use them and extend them in the new projects. Based on our experience in the past, we created our Modular DevSecOps framework which consists of practices and templates.
Managing Azure infrastructure in a secure, predictable, and reusable way requires three things, based on our experience:
- Technical knowledge of Azure infrastructure
- Set of tools to automate and store infrastructure code
- Practice and process around sharing and extending infrastructure code
This is why we decided to prepare some pre-defined practices and templates which can be helpful for you at each stage of your journey with the Infrastructure as a Code approach.
Azure resources modules
As a part of Modular DevSecOps we prepared Azure infrastructure templates (modules) which can be helpful for you at each stage of your journey with the Infrastructure as a Code approach. They can help you start creating Azure environments from the code but also if you are already familiar with the IaC approach, you can just use them to extend your current base of infrastructure templates within your organization.
Templates for infrastructure deployment with Azure DevOps and GitHub
Keeping Azure infrastructure code in the version control is not enough. We need DevOps automation and a review process for them to make sure that accidental changes in the infrastructure code will not break the production environment. This is why we architected CI/CD templates for Azure DevOps and GitHub to securely and in a controlled way, automate Azure infrastructure deployments. They can be easily extended and what is more important – they can be easily shared with other teams in your organization to implement automation for their Azure infrastructure templates.
Practices to store and share infrastructure templates
Even with the best tools and templates, it is not possible to implement an efficient, and secure deployment process for Azure infrastructure. This is why in our Formula5’s Modular DevSecOps framework we strongly focus on practices and processes. We not only focus on how to securely store Azure infrastructure code, and which tool to choose but also we focus on the efficient process which helps enable the easiness of sharing existing, base Azure infrastructure templates within your organization. Our framework utilizes tools like private registries for Bicep modules hosted on Azure Container Registry or the recently released Azure Deployment Environments service. We also focus on efficiency when it comes to creating Azure infrastructure by development teams. We know that not every developer has to know how to write Azure infrastructure code from scratch. This is why our framework focuses on the approach where development teams can create Azure environments quickly for their solutions but in a secure way compliant with your organization’s standards.
With the Infrastructure as a Code approach, we can avoid manual configuration and enforces consistency by representing desired environment states in well-documented code. We can also quickly provision and tear down Azure environments utilizing DevOps automation, and cloud environment definitions in the source code. However, without the right process around Azure infrastructure code, we will not be able to get the full potential out of this approach. We know it and this is why in Formula5’s Modular DevSecOps framework we focus on templates, tools, and processes.