Blueprints - Create a new blueprint definition
This template is a subscription level template that creates a blueprint definition.
This template deploys a blueprint definition.
Overview
This template deploys an Azure Blueprints blueprint definition. The blueprint definition includes a single artifact, a policy assignment. The Azure Policy built-in policy definition Not allowed resource types. View the policy definition in Azure portal or the source in GitHub.
Microsoft.Blueprint
The Microsoft.Blueprint resource provider is used by Azure Blueprints for blueprint definitions, artifacts, versions, and assignments.
- blueprints: This is the core resource and defines the blueprint definition itself.
- artifacts: These are child types of a blueprint definition. These can be role assignments, policy assignments, resource groups, and Azure Resource Manager templates.
- versions: The version object reflects a blueprint definition moving from draft to published. For more information, see Azure Blueprint lifecycle.
- blueprintAssignments: This is the resource object that assigns a blueprint definition and deploys it to a target scope.
A note about blueprint-level parameters
This example sets the parameters on the blueprint definition itself. These are blueprint-level parameters and can then be used on any included artifact. The alternative would be to set the parameters on each artifact.
The artifact definition makes use of one of these blueprint-level parameters, specifically
listOfResourceTypesNotAllowed. Azure Blueprints uses the same Azure Resource Manager function,
parameters()
, to fetch and re-use a parameter value in the object. The ARM template would normally
process the block [parameters('listOfResourceTypesNotAllowed')]
as an ARM function, but since this
is inteded to be handed by Azure Blueprints instead, an extra [
is placed in front the function.
This bypasses the function being executed in ARM during template deployment, but still enabled Azure
Blueprints to use the function as part of its artifact object.
Deployment steps
You can click the "Deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.
Once the blueprint definition has been deployed, it must be Published to deploy to a management group or subscription. With the definitions from this template, the assignment would specify the following:
- sampleRG Resource Group: Name and Location
- Blocked Resource Types policy definition: Resource types to pass to the policy assignment artifact.
Notes
If you are new to Azure Blueprints, see:
- Azure Blueprints documentation
- Azure Blueprints - Lifecycle
- Azure Blueprints - Stages of deployment
- Azure Blueprints - Resource locking
- Azure Blueprints - Dynamic parameters
If you are new to template deployment, see:
Tags: Blueprints, blueprint definition, artifacts, policy assignment, blueprint-level parameters, Microsoft.Blueprint/blueprints, Microsoft.Blueprint/blueprints/artifacts