Challenge 22: Azure Arc & ARM Templates
20-30 min | Cost: Free | Domain: Management & Governance (30-35%)
Exam skills covered
- Describe the purpose of Azure Arc
- Describe Azure Resource Manager (ARM) and ARM templates (including Bicep)
Overview
Azure Resource Manager (ARM) is the management layer that handles all requests to Azure. Whether you use the Portal, CLI, PowerShell, or REST API — everything goes through ARM. ARM templates allow you to define infrastructure as code (JSON or Bicep). Azure Arc extends Azure management to resources running outside of Azure (on-premises, other clouds).
Explore
Task 1: Understand Azure Resource Manager
ARM is the deployment and management service for Azure:
Key ARM features:
- All management requests go through the same API layer
- Consistent results regardless of the tool used
- Access control (RBAC), tags, and locks are applied at the ARM layer
- Resources are deployed in a declarative way (describe desired state)
Task 2: Understand ARM templates
ARM templates define infrastructure as code in JSON:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-01-01",
"name": "mystorageaccount",
"location": "eastus",
"sku": { "name": "Standard_LRS" },
"kind": "StorageV2"
}
]
}
Benefits of ARM templates:
- Declarative: Describe WHAT you want, not HOW to create it
- Repeatable: Deploy the same environment consistently
- Idempotent: Deploy again without duplicating resources
- Version controlled: Store templates in Git
- Modular: Compose templates from smaller pieces
Task 3: Understand Bicep
Bicep is a simpler language that compiles to ARM JSON:
resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: 'mystorageaccount'
location: 'eastus'
sku: { name: 'Standard_LRS' }
kind: 'StorageV2'
}
Bicep vs ARM JSON:
| Aspect | ARM JSON | Bicep |
|---|---|---|
| Syntax | Verbose JSON | Concise DSL |
| Readability | Harder | Easier |
| Tooling | Good | Excellent (VS Code extension) |
| Output | Native format | Compiles to ARM JSON |
Task 4: Understand Azure Arc
Azure Arc extends Azure management to resources OUTSIDE of Azure:
| Arc-enabled resource | What it does |
|---|---|
| Arc-enabled servers | Manage on-premises or multi-cloud VMs from Azure |
| Arc-enabled Kubernetes | Manage K8s clusters anywhere from Azure |
| Arc-enabled SQL Server | Manage SQL Servers anywhere from Azure |
| Arc-enabled data services | Run Azure data services on any infrastructure |
Why Azure Arc?
- Single pane of glass: Manage Azure + non-Azure from one place
- Apply Azure Policy to on-premises servers
- Use Azure Monitor on non-Azure resources
- Consistent governance across hybrid environments
Task 5: Explore ARM templates in Cloud Shell
# In Azure Cloud Shell, export a resource group template
# (This shows the ARM template for existing resources)
az group export --name rg-az900-learning 2>/dev/null || echo "Create the RG first (Challenge 08)"
# View what an ARM deployment would create (what-if)
# az deployment group what-if --resource-group myRG --template-file template.json
# Check if Azure Arc is available (browse Arc in portal)
az connectedmachine list 2>/dev/null || echo "No Arc-enabled machines (expected for learning)"
# Validate a Bicep file (if you have one)
# az bicep build --file main.bicep
Key Concepts
| Concept | Description |
|---|---|
| ARM | Azure Resource Manager — management layer for all Azure operations |
| ARM template | JSON file defining Azure infrastructure declaratively |
| Bicep | Simplified language that compiles to ARM templates |
| Infrastructure as Code (IaC) | Manage infrastructure through version-controlled files |
| Declarative | Define desired state; ARM figures out how to achieve it |
| Idempotent | Can deploy multiple times without duplicating resources |
| Azure Arc | Extend Azure management to non-Azure resources |
Knowledge Check
1. What is Azure Resource Manager (ARM)?
2. What is a key benefit of using ARM templates?
3. What is the purpose of Azure Arc?
4. What is the relationship between Bicep and ARM templates?
5. What does "idempotent" mean in the context of ARM template deployments?