Logo

dev-resources.site

for different kinds of informations.

Azure Verified Modules: Consolidated Standards for a Good IaC

Published at
9/4/2024
Categories
azure
terraform
bicep
cloudcomputing
Author
rafaelherik
Author
11 person written this
rafaelherik
open
Azure Verified Modules: Consolidated Standards for a Good IaC

Microsoft introduced the AVM(Azure Verified Modules) as part of an effort to help internal and external parties build well-designed and reliable infrastructure using infrastructure as code.

"Azure Verified Modules enable and accelerate consistent solution development and delivery of cloud-native or migrated applications and their supporting infrastructure by codifying Microsoft guidance (WAF - Well-Architected Framework), with best practice configurations." - Azure Verified Modules

With AVM, Microsoft aims to provide a single definition of a suitable IaC module. This initiative is not about Bicep but multiple IaC languages, following the principles of the well-architected framework.

These clearly defined statements will help organizations drive Cloud Adoption and mature their cloud infrastructure according to best practices.

Why AVM?

The community has been throwing a bunch of Infrastructure as Code (IaC) modules at the wall, but nothing's really stuck as the go-to, trustworthy source. We've got modules in different languages, styles, and support levels scattered all over the place.

This new effort is about creating a unified strategy for IaC modules that customers and partners can rely on. The goal is to build a consistent, supported, and available library of modules in whatever language you prefer.

This should help speed up projects like Landing Zone Accelerators and give users solid building blocks, no matter where they are in their IaC journey. Plus, it addresses the big headache of support - customers need to know Microsoft's got their back when using these modules, especially in enterprise settings.

Basically, they're trying to clean up the chaos and give people something they can trust and build on without worrying about it falling apart when it matters most.

The proposed design

Architecture of AVM

On the image above you can see the AVM design, it's supported by Azure Resource Manager, then all Domain Specific Languages such Bicep and Terraform implements the resource management.

AVM provides three types of Modules: Resource Modules, Patern Modules and Utility Modules. See more about Modules Classification here

Resource Modules

Resource modules are designed to manage specific Azure Resources like Virtual Machines, Virtual Networks, and Azure Kubernetes Services(AKS).

Pattern Modules

Pattern modules are designed to implement specific architectural patterns, often involving multiple resources working together. A prime example is a production-ready Azure Kubernetes Service (AKS) deployment. Setting up AKS properly involves more than just provisioning the AKS resource itself - it requires configuring network-related resources, setting up a private container registry for enhanced security, and applying various other specific configurations. Pattern modules simplify this process by encapsulating all these components and best practices into a single, easy-to-use module. This approach significantly reduces complexity and helps users deploy comprehensive, well-architected solutions with less effort and reduced risk of misconfiguration. See this module example for AKS production ready Terraform module.

Utility Modules

Utility modules implement functions and routines that can be used by Resouce and Pattern modules, but they MUST NOT deploy any Azure Resource; they are only utilities.

If you use IaC to provision Azure infrastructure, the AVM Overview must be read.

Available Modules

For now (Sep 2024), only Bicep and Terraform are supported, AVM uses Bicep Registry and Terraform Registry to share the modules:

Framework Module Type Published Proposed
Bicep Resource 135 14
Pattern 11 31
Utility 0 1
Terraform Resource 51 86
Pattern 9 22
Utility 0 1

Note: Data as of September 2024

Contributing

If you want to contribute, you can even propose a new module or develop or contribute to an existing module:

Bicep

Terraform

Update: I've missed adding the observation that only Microsoft full-time employees can be module owners for now.

Final Thoughts

For large cloud environments, the AVM still needs to deliver its full potential; it needs some maturing and the implementation of new modules. However, as it is a good standard, you can get started with the modules already available and contribute to the initiative.

References

bicep Article's
30 articles in total
Favicon
Deploying and Configuring a Hybrid Identity Lab Using Bicep - Part 1: Active Directory Setup and Sync
Favicon
How to setup an Azure Machine Learning Workspace securelyπŸ›‘οΈπŸ”’πŸ”‘
Favicon
Creating a Custom Role for Secure Bicep Deployments in Azure
Favicon
Create a GitHub pipeline to test, review, and deploy a Bicep template.
Favicon
A KeyVault for the Power Platform
Favicon
Kickstart projects with azd Templates
Favicon
Conditional deployment in Azure Bicep
Favicon
Rush configuration
Favicon
user-defined type in Azure Bicep, an introduction
Favicon
Set version numbers in Bicep templates
Favicon
Securing your Azure deployments with PSRule
Favicon
Versioned Bicep templates- Deployment
Favicon
Change Management in Infrastructure as a Code (IaC)
Favicon
Azure Verified Modules: Consolidated Standards for a Good IaC
Favicon
Getting Started with Azure Bicep
Favicon
Using Azure Bicep to deploy MS Graph resources
Favicon
Deploying static webs apps with the Azure cli and bicep
Favicon
Azure API Management: Harnessing Bicep for Effortless User and Subscription Creation
Favicon
User-defined function in Azure Bicep
Favicon
Expose your Open API specs with Azure API management
Favicon
Deploy multiple APIs in Azure API management, hosted in the same App service.
Favicon
Add Azure Developer CLI deployment ID and UTC timestamp to Bicep files
Favicon
🦾 Top 5 Azure Bicep tips & tricks to get started πŸš€
Favicon
Exploring the awesome Bicep Test Framework πŸ§ͺ
Favicon
The issue of recursive module calls in declarative infrastructure-as-code
Favicon
Azure Bicep - Finally functions to manipulate CIDRs
Favicon
Multi Scopes Deployment with Azure Bicep
Favicon
Azure Deployment Stacks, deploy and manage a landing zone with Bicep
Favicon
Azure Open AI: handling capacity and quota limits with Bicep
Favicon
Learn bicep based on the GUI of Azure Portal

Featured ones: