Blueprints - Create a new blueprint definition

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure Deploy To Azure US Gov Visualize

This template is a subscription level template that creates a blueprint definition.

This template deploys a blueprint definition.

Overview

This template deploys an Azure Blueprints blueprint definition. The blueprint definition includes a single artifact, a policy assignment. The Azure Policy built-in policy definition Not allowed resource types. View the policy definition in Azure portal or the source in GitHub.

Microsoft.Blueprint

The Microsoft.Blueprint resource provider is used by Azure Blueprints for blueprint definitions, artifacts, versions, and assignments.

  • blueprints: This is the core resource and defines the blueprint definition itself.
  • artifacts: These are child types of a blueprint definition. These can be role assignments, policy assignments, resource groups, and Azure Resource Manager templates.
  • versions: The version object reflects a blueprint definition moving from draft to published. For more information, see Azure Blueprint lifecycle.
  • blueprintAssignments: This is the resource object that assigns a blueprint definition and deploys it to a target scope.

A note about blueprint-level parameters

This example sets the parameters on the blueprint definition itself. These are blueprint-level parameters and can then be used on any included artifact. The alternative would be to set the parameters on each artifact.

The artifact definition makes use of one of these blueprint-level parameters, specifically listOfResourceTypesNotAllowed. Azure Blueprints uses the same Azure Resource Manager function, parameters(), to fetch and re-use a parameter value in the object. The ARM template would normally process the block [parameters('listOfResourceTypesNotAllowed')] as an ARM function, but since this is inteded to be handed by Azure Blueprints instead, an extra [ is placed in front the function. This bypasses the function being executed in ARM during template deployment, but still enabled Azure Blueprints to use the function as part of its artifact object.

Deployment steps

You can click the "Deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.

Once the blueprint definition has been deployed, it must be Published to deploy to a management group or subscription. With the definitions from this template, the assignment would specify the following:

  • sampleRG Resource Group: Name and Location
  • Blocked Resource Types policy definition: Resource types to pass to the policy assignment artifact.

Notes

If you are new to Azure Blueprints, see:

If you are new to template deployment, see:

Tags: Blueprints, blueprint definition, artifacts, policy assignment, blueprint-level parameters, Microsoft.Blueprint/blueprints, Microsoft.Blueprint/blueprints/artifacts