Azure / ResourceModules

This repository includes a CI platform for and collection of mature and curated Bicep modules. The platform supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.
https://aka.ms/carml
MIT License
724 stars 456 forks source link
arm azure bicep bicep-templates building-block deployment-automation iac microsoft modules platform publishing testing

⚠️ CARML - AVM transition ⚠️

CARML evolved to and has been rebranded as the Bicep version of Azure Verifiefd Modules (AVM). AVM is a straight-line successor of CARML, the next evolutionary step. A lot of CARML’s principles and architecture decisions have formed the basis for AVM.

While this means some minor changes in things such as parameter names or "standard interfaces" (e.g., diagnostic settings, etc.), you can still use the same modules you're used to and love, as they have been transitioned to AVM as resource or pattern modules.

A notice with additional details has been placed in each module. If for any reason, you still need access to the CARML version of the module, you can find it in the CARML repository by following the links in the module's README.md file.

Going forward, only the AVM version of the modules will receive updates and new features.

NOTE: A few modules have been retired without being moved to AVM as is. In most of these cases, capabilities originally provided by these modules have been implemented differently in AVM - e.g., as part of all AVM modules.

In the upcoming period, the AVM team will work on ensuring full compatibility of CARML's inner-sourcing solution (CI environment) with AVM.

AzureIcon Common Azure Resource Modules Library

Description

This repository includes a library of mature and curated Bicep modules as well as a Continuous Integration (CI) environment leveraged for modules' validation and versioned publishing.

The CI environment supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.

Get started

Note: To ensure the modules and environment work as expected, please ensure you are using the latest version of the used tools such as PowerShell and Bicep. Especially in case of the latter, note, that you need to manually update the Bicep CLI. For further information, see our troubleshooting guide.

Available Resource Modules

Provider namespace Resource Type Name
Microsoft.AAD domainServices Azure Active Directory Domain Services
Microsoft.AnalysisServices servers Analysis Services Servers
Microsoft.ApiManagement service API Management Services
Microsoft.App containerApps Container Apps
jobs Container App Jobs
managedEnvironments App ManagedEnvironments
Microsoft.AppConfiguration configurationStores App Configuration Stores
Microsoft.Authorization locks Authorization Locks (All scopes)
policyAssignments Policy Assignments (All scopes)
policyDefinitions Policy Definitions (All scopes)
policyExemptions Policy Exemptions (All scopes)
policySetDefinitions Policy Set Definitions (Initiatives) (All scopes)
roleAssignments Role Assignments (All scopes)
roleDefinitions Role Definitions (All scopes)
Microsoft.Automation automationAccounts Automation Accounts
Microsoft.Batch batchAccounts Batch Accounts
Microsoft.Cache redis Redis Cache
redisEnterprise Redis Cache Enterprise
Microsoft.Cdn profiles CDN Profiles
Microsoft.CognitiveServices accounts Cognitive Services
Microsoft.Compute availabilitySets Availability Sets
disks Compute Disks
diskEncryptionSets Disk Encryption Sets
galleries Azure Compute Galleries
images Images
proximityPlacementGroups Proximity Placement Groups
sshPublicKeys Public SSH Keys
virtualMachines Virtual Machines
virtualMachineScaleSets Virtual Machine Scale Sets
Microsoft.Consumption budgets Consumption Budgets
Microsoft.ContainerInstance containerGroups Container Instances Container Groups
Microsoft.ContainerRegistry registries Azure Container Registries (ACR)
Microsoft.ContainerService managedClusters Azure Kubernetes Service (AKS) Managed Clusters
Microsoft.DataFactory factories Data Factories
Microsoft.DataProtection backupVaults Data Protection Backup Vaults
Microsoft.Databricks accessConnectors Azure Databricks Access Connectors
workspaces Azure Databricks Workspaces
Microsoft.DBforMySQL flexibleServers DBforMySQL Flexible Servers
Microsoft.DBforPostgreSQL flexibleServers DBforPostgreSQL Flexible Servers
Microsoft.DesktopVirtualization applicationGroups Azure Virtual Desktop (AVD) Application Groups
hostPools Azure Virtual Desktop (AVD) Host Pools
scalingPlans Azure Virtual Desktop (AVD) Scaling Plans
workspaces Azure Virtual Desktop (AVD) Workspaces
Microsoft.DevTestLab labs DevTest Labs
Microsoft.DigitalTwins digitalTwinsInstances Digital Twins Instances
Microsoft.DocumentDB databaseAccounts DocumentDB Database Accounts
Microsoft.EventGrid domains Event Grid Domains
systemTopics Event Grid System Topics
topics Event Grid Topics
Microsoft.EventHub namespaces Event Hub Namespaces
Microsoft.HealthBot healthBots Azure Health Bots
Microsoft.HealthcareApis workspaces Healthcare API Workspaces
microsoft.insights actionGroups Action Groups
activityLogAlerts Activity Log Alerts
components Application Insights
dataCollectionEndpoints Data Collection Endpoints
dataCollectionRules Data Collection Rules
diagnosticSettings Diagnostic Settings (Activity Logs) for Azure Subscriptions
metricAlerts Metric Alerts
privateLinkScopes Azure Monitor Private Link Scopes
scheduledQueryRules Scheduled Query Rules
webtests Web Tests
Microsoft.KeyVault vaults Key Vaults
Microsoft.KubernetesConfiguration extensions Kubernetes Configuration Extensions
fluxConfigurations Kubernetes Configuration Flux Configurations
Microsoft.Logic workflows Logic Apps (Workflows)
Microsoft.MachineLearningServices workspaces Machine Learning Services Workspaces
Microsoft.Maintenance maintenanceConfigurations Maintenance Configurations
Microsoft.ManagedIdentity userAssignedIdentities User Assigned Identities
Microsoft.ManagedServices registrationDefinitions Registration Definitions
Microsoft.Management managementGroups Management Groups
Microsoft.NetApp netAppAccounts Azure NetApp Files
Microsoft.Network applicationGateways Network Application Gateways
ApplicationGatewayWebApplicationFirewallPolicies Application Gateway Web Application Firewall (WAF) Policies
applicationSecurityGroups Application Security Groups (ASG)
azureFirewalls Azure Firewalls
bastionHosts Bastion Hosts
connections Virtual Network Gateway Connections
ddosProtectionPlans DDoS Protection Plans
dnsForwardingRulesets Dns Forwarding Rulesets
dnsResolvers DNS Resolvers
dnsZones Public DNS Zones
expressRouteCircuits ExpressRoute Circuits
expressRouteGateways Express Route Gateways
firewallPolicies Firewall Policies
frontDoors Azure Front Doors
FrontDoorWebApplicationFirewallPolicies Front Door Web Application Firewall (WAF) Policies
ipGroups IP Groups
loadBalancers Load Balancers
localNetworkGateways Local Network Gateways
natGateways NAT Gateways
networkInterfaces Network Interface
networkManagers Network Managers
networkSecurityGroups Network Security Groups
networkWatchers Network Watchers
privateDnsZones Private DNS Zones
privateEndpoints Private Endpoints
privateLinkServices Private Link Services
publicIPAddresses Public IP Addresses
publicIPPrefixes Public IP Prefixes
routeTables Route Tables
serviceEndpointPolicies Service Endpoint Policies
trafficmanagerprofiles Traffic Manager Profiles
virtualHubs Virtual Hubs
virtualNetworks Virtual Networks
virtualNetworkGateways Virtual Network Gateways
virtualWans Virtual WANs
vpnGateways VPN Gateways
vpnSites VPN Sites
Microsoft.OperationalInsights workspaces Log Analytics Workspaces
Microsoft.OperationsManagement solutions Operations Management Solutions
Microsoft.PolicyInsights remediations Policy Insights Remediations
Microsoft.PowerBIDedicated capacities Power BI Dedicated Capacities
Microsoft.Purview accounts Purview Accounts
Microsoft.RecoveryServices vaults Recovery Services Vaults
Microsoft.Relay namespaces Relay Namespaces
Microsoft.ResourceGraph queries Resource Graph Queries
Microsoft.Resources deploymentScripts Deployment Scripts
resourceGroups Resource Groups
tags Resources Tags
Microsoft.Search searchServices Search Services
Microsoft.Security azuresecuritycenter Azure Security Center (Defender for Cloud)
Microsoft.ServiceBus namespaces Service Bus Namespaces
Microsoft.ServiceFabric clusters Service Fabric Clusters
Microsoft.SignalRService signalR SignalR Service SignalR
webPubSub SignalR Web PubSub Services
Microsoft.Sql managedInstances SQL Managed Instances
servers Azure SQL Servers
Microsoft.Storage storageAccounts Storage Accounts
Microsoft.Synapse privateLinkHubs Azure Synapse Analytics
workspaces Synapse Workspaces
Microsoft.VirtualMachineImages imageTemplates Virtual Machine Image Templates
Microsoft.Web connections API Connections
hostingEnvironments App Service Environments
serverfarms App Service Plans
sites Web/Function Apps
staticSites Static Web Apps

Platform

Name Status
Update API Specs file .Platform: Update API Specs file
Assign Pull Request to Author .Platform: Assign Pull Request to Author
Test - ConvertTo-ARMTemplate.ps1 .Platform: Test - ConvertTo-ARMTemplate.ps1
Clean up deployment history .Platform: Clean up deployment history
Library PSRule pre-flight validation .Platform: Library PSRule pre-flight validation
Broken Links Check .Platform: Broken Links Check
Linter (audit) .Platform: Linter (audit)
Manage issues for failing pipelines .Platform: Manage issues for failing pipelines
Update ReadMe Module Tables .Platform: Update ReadMe Module Tables
Update Static Test Documentation .Platform: Update Static Test Documentation
Sync Docs/Wiki .Platform: Sync Docs/Wiki

Disclaimer

Please note that the main branch of this repository always contains the latest available version of the code. Some of the updates may introduce breaking changes as well.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

For specific guidelines on how to contribute to this repository please refer to the Contribution guide Wiki section.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Learn More

Telemetry

Modules provided in this library have telemetry enabled by default. To learn more about this feature, please refer to the Telemetry article in the wiki.