Jeff Brown Tech

Cloud and DevOps Engineering

Azure

Working with ARM Template Deployment Modes

By Jeff Brown #azure, #devops, #powershell

Azure Resource Manager (or ARM) templates provide a way for you to describe Azure resources using code. There are also two different ARM template deployment modes: incremental and complete. Both deployment modes provide different capabilities, with one being more destructive than the other.

In this post, you will learn:

  • How to deploy ARM templates using PowerShell
  • The differences between the different ARM template
Contents hide
Deploying ARM Templates Using PowerShell
Deploying an ARM Template using Incremental Mode
Deploying an ARM Template using Complete Mode
Summary

Deploying ARM Templates Using PowerShell

Azure provides two options for ARM template deployment modes: incremental and complete. This blog post will cover the difference between the two using an ARM template to deploy a virtual network using the Azure PowerShell module.

You target Azure Resource Manager (ARM) templates deployments to subscriptions or resource groups. Using JSON formatted files, you deploy Azure resources such as networks, virtual machines, storage accounts, really just about any resource.

However, you also use ARM templates as a way to validate a deployment after its initial use. The ARM template is standard for how Azure should configure the environment. If a resource is accidentally deleted, you can use the same ARM template to deploy the resource again.

Here’s an ARM template to deploy a virtual network name vnetA using the address space 192.168.1.0/24:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        {
            "name": "vnetA",
            "type": "Microsoft.Network/virtualNetworks",
            "apiVersion": "2019-09-01",
            "location": "centralus",
            "properties": {
                "addressSpace": {
                    "addressPrefixes": [
                        "192.168.1.0/24"
                    ]
                }
            }
        }
    ]
}

Use the New-AzResourceGroupDeployment and specify the JSON file hosting the ARM template code and deploy to the armdemo resource group:

New-AzResourceGroupDeployment -ResourceGroupName armdemo `
    -TemplateFile .\deploy-vnet.json

And this will successfully deploy the virtual network:

azure virtual network
Virtual network deployed using ARM template

Deploying an ARM Template using Incremental Mode

Next, change the “name” property in the ARM template to “vnetB” as well as the “addressPrefixes” to “192.168.2.0/24”. Re-run my PowerShell deployment command from above, and Azure will perform an incremental deployment.

An incremental deployment deploys any resources to the resource group that don’t exist but leaves any existing ones alone. The resource group ends up with both a vnetA and a vnetB:

azure virtual network
Additional virtual network deployed using incremental mode

To summarize, the incremental mode will deploy any resources defined in the ARM template that don’t already exist but leaves any resources not defined in the ARM template alone. To explicitly use incremental, use -Mode Incremental with the previous command:

New-AzResourceGroupDeployment -ResourceGroupName armdemo `
    -TemplateFile .\deploy-vnet.json `
    -Mode Incremental

Deploying an ARM Template using Complete Mode

If you switch the value from Incremental to Complete, you end up with different behavior. Complete deployment mode will delete any resources that are not defined in the ARM template. If you deploy the same template with just vnetB defined using complete mode, Azure will verify that vnetB is deployed but then remove vnetA since it is not defined in the template.

In fact, you will get a prompt saying that resources not defined will be deleted:

New-AzResourceGroupDeployment -ResourceGroupName armdemo `
    -TemplateFile .\deploy-vnet.json `
    -Mode Complete
arm template deployment mode warning
Complete deployment mode warning

Going back to the virtual networks in the portal, only virtual network vnetB remains as vnetA was not defined in the ARM template, therefore Azure deleted it.

azure virtual network
Remaining virtual network after complete mode deployment

Summary

You use incremental mode to make changes to existing resources by specifying the changes in the ARM template but not delete other resources. However, Microsoft’s document recommends always specifying other values for the resource, not just the ones being modified by the template as Resource Manager could end up overwriting those values as well.

Another important point for complete mode is it does not do a complete re-deployment of all the resources; it will just verify the resources defined in the template are already created and remove any resources that are not defined.

Also, note the version of REST API being used. If using a version earlier than 2019-05-10, the resources are not deleted. The complete delete actions are only applied if using a REST API later than 2019-05-10.

Check out more of my Azure articles!

Questions or comments? If so, drop me a note below or find me on Twitter or LinkedIn to discuss further.

Reference:

Microsoft Docs: Azure Resource Manager deployment modes

https://docs.microsoft.com/azure/azure-resource-manager/deployment-modes

Related Post

Connect GitHub and Azure using OpenID Connect

Avoid Terraform and Azure Function Application Settings Drift

Azure Automation Managed Identity: Getting Started