Azure Governance: Azure Blueprints overview

IT governance enables you to create a process through which you can ensure that your business companies can efficiently use their IT resources, with the aim of being able to effectively reach their goals. Governance in the Azure Environment is made possible by a set of services specifically designed to enable large-scale management and control of various Azure resources. These tools include Azure Blueprints which allows for the design and creation of new components in Azure, fully complying with company specifications and standards. This article provides an overview of the solution to provide the necessary elements for its use.

Azure Blueprints allows Cloud Architects and Cloud Engineers, responsible for building architectures in Azure, to define and implement a set of Azure resources in a repeatable way, with the certainty of adhering to the standards, models and company-defined requirements. Azure Blueprints also allows you to quickly release new environments, adopting integrated components and accelerating development time and the delivery.

The main strengths of the solution Azure Blueprints can be summarized as follows.

Simplify the creation of Azure environments

  • Centralize the creation of new Azure environments using templates.
  • Allows you to add resources, policies and roles.
  • Allows you to track project updates through versioning.

Azure Blueprints through a declarative model allows you to orchestrate the deployment of various resource templates and other Azure artifacts. The service Azure Blueprints is based and supported by Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions, thus obtaining a low-latency, high availability and consistent access to them, regardless of the region in which the resources are deployed.

It allows to enforce compliance

  • Enables developers to create fully governed environments through self-service methodologies.
  • Provides the ability to centrally create multiple Azure environments and subscriptions.
  • Leverage integration with Azure Policies and devOps lifecycle.

Allows you to control locks on resources

  • It ensures that the base resources can not be modified.
  • It manages lock centrally.
  • It allows you to update the resources locked by means of changes to the definition of the blueprint model.

How to use Azure BluePrints

The article shows the steps to follow in order to adopt the solution Azure Blueprints.

Figure 1 - How Azure Blueprint works

The first steps include the creation of a blueprint that can be done via Azure portal, PowerShell or REST API.

Figure 2 - Initial screen of Bluprints in the Azure portal

By starting the creation process from the Azure portal it is possible to start from a blank blueprint or use some available examples.

Figure 3 - Creation of the blueprint by the Azure portal

The blueprint consists of different artifacts like: Role Assignments, Policy Assignments, Azure Resource Manager templates and Resource Group. After the creation you must publish the blueprint (at the end of creation will be in the draft state) specifying versioning. Azure Blueprints is very useful for companies that use the infrastructure-as-code model as it contemplates the processes of continuous integration and continuous deployment.

Only after publishing a blueprint you can assign it to one or more Azure subscriptions, specifying the lock type according to the following states:

  • Don’t Lock: means that resources created by Blueprints will not be protected.
  • Do Not Delete: means that resources can be changed, but not removed.
  • Read Only: the allocation results in locked and the resulting resources can not be modified or removed, even from subscription owners. In this case, it should specify that not all Azure resources support the lock and that the allocation of the lock can take up to 30 minutes to be effective.

Figure 4 – Blueprint Assignment

During the Blueprint assignment, you will also be prompted for the parameters to deploy the resources.

Figure 5 – Blueprint parameter request example

An interesting aspect of the solution Azure Blueprints is that the blueprints you create maintain a relationship with the assigned resources and can be monitored and audited, this is not possible using simple ARM templates and policies.

Conclusions

Azure Blueprints is a service that provides those involved to realize Azure architectures in the ability to define a set of resources into easily repeatable manner, in compliance with corporate standards and your organization's requirements. By adopting the blueprint you can rapidly build and deploy new environments, contemplating a series of integrated components. This allows not only to distribute consistent environments, but to do so in agile, enabling organizations to accelerate the development and delivery of solutions in Azure.