Azure ARM Templates

Deploy-ARMVnet function added to AZSBTools PowerShell module


Deploy-ARMVnet function has been added to AZSBTools PowerShell module. This function will deploy a Vnet in a given Azure subscription including details such as subnets and the level of DDoS protection. This function uses API version 2019-09-01 which addresses the issue of having to make each subnet dependent on prior subnets.

To use this function, you need to be connected to Azure, such as using the Login-AzAccount cmdlet.

This function uses an optional Parameter; SubscriptionId. This is used to ensure that you’re deploying the Vnet in the correct Azure subscription.

You can obtain the desired SubscriptionId via the Get-AzSubscription cmdlet.

Here’s an example of using this function:

$Subscription = Get-AzSubscription -SubscriptionName 'Visual Studio Enterprise Subscription – MPN'
$ParameterSet = @{
   SubscriptionId = $Subscription.Id 
   ResourceGroupName = 'Picard_Hub_RG'
   AzureLocation = 'centralus'
   VnetName = 'Picard_Hub_Vnet'
   VnetPrefix = '10.12.0.0/16'
   SubnetList = @(
      @{ Name = 'Hub_Gateway_Subnet'; Prefix = '10.12.0.0/27' } 
      @{ Name = 'Hub_NVA_Subnet'; Prefix = '10.12.0.32/27' }
      @{ Name = 'Hub_Infra_Subnet'; Prefix = '10.12.0.64/27' }
   )
   DdosProtection = $false
   ShowTemplate = $true
}
Deploy-ARMVnet @ParameterSet

and the output may be similar to:

The ResourceGroupName parameter is used to specify which RG to deploy the Vnet into. This function will create the specified RG if it did not exist

DdosProtection is a switch that defaults to False. The False setting enables ‘Basic DDoS Protection’ while the True setting enables ‘Standard DDoS Protection’. See this link for more details.

ShowTemplate is also a switch that defaults to False. When set to True, this function will display the resulting ARM template in notepad, will display the ARM template to the console before deploying it (see above), and will also make it part of the script log file.

Here’s an example of the resulting ARM template displayed in notepad when setting the ShowTemplate switch to True.

The script logs the console output to a log file such as “Deploy-ARMVnet – 11February2020_12-42-18_PM.txt

The SubnetList parameter takes zero or more hashtables, each containing the following 2 keys:

  • Name: This is the subnet name
  • Prefix: This is the subnet Prefix in CIDR format.

Each subnet Prefix must fall inside the Vnet Prefix specified by the VnetPrefix parameter.

If no value is provided for the SubnetList parameter, no subnets will be provisioned in this Vnet. Furthermore, any existing subnets in this Vnet will be removed. Although ARM templates are deployed in ‘incremental mode‘ by default, where resources in the template are added to the resource group without deleting resources not specified in the ARM template, Subnets are considered part of the Vnet resource. Meaning that this function may delete existing subnets, and only subnets specified in the input of this function will remain.

This function will display verbose details during ARM Template processing.

You can review the new Vnet in the Azure portal

 

Notice that Azure creates the NetworkWatcherRG and a Network Watcher

The new RG shows the new Vnet

Which shows the 3 configured subnets

 


To use the AZSBTools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type

$PSVersionTable

To download and install the latest version of AZSBTools from the PowerShell Gallery and its dependencies, type

Set-PSRepository -Name PSGallery -InstallationPolicy Trusted

To trust the Microsoft PowerShell Gallery repository, then

Install-Module AZSBTools,Az -Force -AllowClobber -Scope CurrentUser

AZSBTools contains functions that depend on Az module, and they’re typically installed together.

To load the AZSBTools, and Az modules type:

Import-Module AZSBTools,Az -DisableNameChecking

To view a list of cmdlets/functions in AZSBTools, type

Get-Command -Module AZSBTools

To view the built-in help of one of the AZSBTools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help New-SBAZServicePrincipal -show


Expand-Json cmdlet to expand custom PowerShell object in a more readable format added to AZSBTools PowerShell module


Microsoft Azure REST API version 2 (ARM – Azure Resource Manager) takes input request body and returns output in JSON format. Consequently, Azure PowerShell cmdelts and Azure CLI tend to use similar JSON objects for input, also known as ARM Templates.

For example, using this PowerShell cmdlet:

Get-AzureRmResource -ResourceId /subscriptions/xxxxx/resourceGroups

where xxxxx is your Azure subscription Id, may return output similar to:

Name : prod-mgt
ResourceId : /subscriptions/xxxxx/resourceGroups/prod-mgt
ResourceGroupName : prod-mgt
Location : eastus
SubscriptionId : xxxxx
Properties : @{provisioningState=Succeeded}

Name : TestAuto1
ResourceId : /subscriptions/xxxxx/resourceGroups/TestAuto1
ResourceGroupName : TestAuto1
Location : westeurope
SubscriptionId : xxxxx
Properties : @{provisioningState=Succeeded}

What the PowerShell cmdlet did is to send a GET request to the Azure Management API that looks partially like:

https://management.azure.com/subscriptions/xxxxx/resourceGroups?api-version=2014-04-01

Which returned JSON output similar to:

{
  "value": [
    {
      "id": "/subscriptions/xxxxx/resourceGroups/prod-mgt",
      "name": "prod-mgt",
      "location": "eastus",
      "properties": {
        "provisioningState": "Succeeded"
      }
    },
    {
      "id": "/subscriptions/xxxxx/resourceGroups/TestAuto1",
      "name": TestAuto1
      "location": "westeurope",
      "properties": {
        "provisioningState": "Succeeded"
      }
    }
  ]
}

In the course of working with Azure ARM templates, such as this template to create a Storage Account:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountType": {
      "type": "string",
      "defaultValue": "Standard_LRS",
      "allowedValues": [
        "Standard_LRS",
        "Standard_GRS",
        "Standard_ZRS",
        "Premium_LRS"
      ],
     "metadata": {
       "description": "Storage Account type"
     }
   }
  },
  "variables": {
    "storageAccountName": "[concat(uniquestring(resourceGroup().id), 'standardsa')]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "name": "[variables('storageAccountName')]",
      "apiVersion": "2016-01-01",
      "location": "[resourceGroup().location]",
      "sku": {
        "name": "[parameters('storageAccountType')]"
      },
      "kind": "Storage", 
      "properties": {
      }
    }
  ],
  "outputs": {
    "storageAccountName": {
      "type": "string",
      "value": "[variables('storageAccountName')]"
    }
  }
}

It may not be very clear what are the objects in the template and their hierarchy. Using the ConvertFrom-Json cmdlet of the Microsoft.PowerShell.Utility module produces a PS custom object with display similar to:

Get-Content E:\Scripts\ARMTemplates\Storage1.json | ConvertFrom-Json

$schema : https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
contentVersion : 1.0.0.0
parameters : @{storageAccountType=}
variables : @{storageAccountName=[concat(uniquestring(resourceGroup().id), ‘standardsa’)]}
resources : {@{type=Microsoft.Storage/storageAccounts; name=[variables(‘storageAccountName’)]; apiVersion=2016-01-01; location=[resourceGroup().location]; sku=; kind=Storage; properties=}}
outputs : @{storageAccountName=}

This is better but it doesn’t show some of the information in the source JSON file/ARM template. The new Expand-Json cmdlet further expands the ConvertFrom-Json output:

Get-Content E:\Scripts\ARMTemplates\Storage1.json | ConvertFrom-Json | Expand-JSON


To use the AZSBTools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type

$PSVersionTable

To download and install the latest version of AZSBTools from the PowerShell Gallery and its dependencies, type

Install-Module POSH-SSH,SB-Tools,AZSBTools,AzureRM -Force

AZSBTools contains functions that depend on POSH-SSH, SB-Tools, and AzureRM modules, and they’re typically installed together.

To load the POSH-SSH, SB-Tools, AZSBTools, and AzureRM modules type:

Import-Module POSH-SSH,SB-Tools,AZSBTools,AzureRM -DisableNameChecking

To view a list of cmdlets/functions in SB-Tools, type

Get-Command -Module AZSBTools

To view the built-in help of one of the AZSBTools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help New-SBAZServicePrincipal -show