Key concepts for Azure Deployment Environments
Learn about the key concepts and components of Azure Deployment Environments. This knowledge can help you more effectively deploy environments for your scenarios.
This diagram shows the key components of Deployment Environments and how they relate to each other. You can learn more about each component in the following sections.
A dev center is a collection of projects that require similar settings. Dev centers enable platform engineers to:
- Use catalogs to manage infrastructure as code (IaC) templates that are available to the projects.
- Use environment types to configure the types of environments that development teams can create.
A project is the point of access for the development team. When you associate a project with a dev center, all the settings for the dev center are automatically applied to the project.
Each project can be associated with only one dev center. Platform engineers can configure environments for a project by specifying which environment types are appropriate for the development team.
An environment is a collection of Azure resources on which your application is deployed. For example, to deploy a web application, you might create an environment that consists of Azure App Service, Azure Key Vault, Azure Cosmos DB, and a storage account. An environment could consist of both Azure platform as a service (PaaS) and infrastructure as a service (IaaS) resources such as an Azure Kubernetes Service (AKS) cluster, virtual machines, and databases.
in Azure Deployment Environments, you use managed identities to provide elevation-of-privilege capabilities. Identities can help you provide self-serve capabilities to your development teams without giving them access to the target subscriptions in which the Azure resources are created.
The managed identity that's attached to the dev center needs to be granted appropriate access to connect to the catalogs. You should grant owner access to the target deployment subscriptions that are configured at the project level. The Azure Deployment Environments service uses the specific managed identity to perform the deployment on behalf of the developer.
Dev center environment types
You can define the types of environments that development teams can create: for example, dev, test, sandbox, preproduction, or production. Azure Deployment Environments provides the flexibility to name the environment types according to the nomenclature that your enterprise uses. You can configure settings for various environment types based on the specific needs of the development teams.
Project environment types
Project environment types are a subset of the environment types that you configure for the dev center. They help you preconfigure the types of environments that specific development teams can create. You can configure the target subscription in which Azure resources are created per project and per environment type.
Project environment types allow you to automatically apply the right set of policies on environments and help abstract the Azure governance-related concepts from your development teams. The service also provides the flexibility to preconfigure:
- The managed identity that is used to perform the deployment.
- The access levels that the development teams will get after a specific environment is created.
Catalogs help you provide a set of curated IaC templates for your development teams to create environments. You can attach either a GitHub repository or an Azure DevOps Services repository as a catalog.
Deployment environments scan the specified folder of the repository to find environment definitions. The environments then make those environment definitions available to all the projects associated with the dev center.
An environment definition is a combination of an IaC template and a manifest file. The template defines the environment, and the manifest provides metadata about the template. Your development teams use the items that you provide in the catalog to create environments in Azure.
Azure Deployment Environments uses Azure Resource Manager (ARM) templates.
ARM templates help you implement the IaC for your Azure solutions by defining the infrastructure and configuration for your project, the resources to deploy, and the properties of those resources.
To learn about the structure of an ARM template, the sections of a template, and the properties that are available in those sections, see Understand the structure and syntax of Azure Resource Manager templates.
Resources shared with Microsoft Dev Box
Azure Deployment Environments and Microsoft Dev Box are complementary services that share certain architectural components. Dev centers and projects are common to both services, and they help organize resources in an enterprise. You can configure projects for Deployment Environments and projects for Dev Box resources in the same dev center.
To learn more about the components common to Deployment Environments and Dev Box, see Components common to Microsoft Dev Box and Azure Deployment Environments.