ConsumerGuide
This repository has been created to help customers and partners to create, deploy and deliver landing zone Subscriptions into an Microsoft Entra Tenant utilizing Bicep as the Infrastructure-as-Code (IaC) tooling and language of choice.
The recommend way is to consume the module directly from the Bicep public registry
targetScope = 'managementGroup'
module sub001 'br/public:lz/sub-vending:1.5.1' = {
name: 'sub001'
params: {
subscriptionAliasEnabled: true
subscriptionBillingScope: '/providers/Microsoft.Billing/billingAccounts/1234567/enrollmentAccounts/123456'
subscriptionAliasName: 'sub-test-001'
subscriptionDisplayName: 'sub-test-001'
subscriptionTags: {
example: 'true'
}
subscriptionWorkload: 'Production'
subscriptionManagementGroupAssociationEnabled: true
subscriptionManagementGroupId: 'corp'
// Other parameter inputs available, see docs
}
}There are a number of other ways to consume the Bicep modules included in bicep-lz-vending. The options are:
- Creating your own GitHub Repository & Utilizing the
Invoke-GitHubReleaseFetcher.ps1script &gh-release-checker.ymlGitHub Action Workflow- See detailed instruction on using this below
- Use and reference the modules directly from the Bicep Module Registry (Public)
- Bicep Landing Zone (Subscription) Vending Module on Bicep Module Registry (Public)
- See a live demo using the Bicep Module Registry on the Bicep Community Call - November 2022 📽️🎬🎞️
- Clone this repository
- Fork & Clone this repository
- Download a
.zipcopy of this repo - Upload a copy of the locally cloned/downloaded modules to your own:
- Git Repository
- Private Bicep Module Registry
- Template Specs
The option to use will be different per consumer based on their experience and skill levels with the various pieces of technology and their features.
Creating your own GitHub Repository & Utilizing the Invoke-GitHubReleaseFetcher.ps1 script & gh-release-checker.yml GitHub Action Workflow
We have created a GitHub Action Workflow (gh-release-checker.yml) and a supporting PowerShell script (Invoke-GitHubReleaseFetcher.ps1) that enables you to place only these 2 into a new GitHub repository and then either manually trigger the workflow or leave it to trigger on its schedule (every weekday at 00:00) and it will check for the latest releases available from this repository, Azure/bicep-lz-vending, and create a Pull Request into a ./releases/<VERSION> folder in your repository.
- Create a new GitHub repository
- See Create a repo for guidance
- Copy the
Invoke-GitHubReleaseFetcher.ps1script into the following location in your new GitHub repository:.github/scripts/ - Copy the
gh-release-checker.ymlGitHub Action into the following location in your new GitHub repository:.github/workflows/ - Commit these files into the
main(default branch) in your GitHub repository - Manually trigger the GitHub action called:
Check & Pull Latest Upstream GitHub Releasefrom the "Actions" blade in your GitHub repository- Further guidance on this can be found here in Manually running a workflow
- A Pull Request should now exist on your GitHub Repository like shown below:
- Review the Pull Request, approve and merge it into your
main(default branch) into your GitHub repository - You will now have the latest release from the
Azure/bicep-lz-vendingrepository available in its own folder, based on the release version number, within thereleasesfolder of your GitHub repository - Create a
landingZonesfolder in the root of your GitHub repository to contain your individual parameter files for each of the landing zone Subscriptions you wish to provision - You can now build your own GitHub Actions to deploy your landing zone Subscriptions based on the
main.bicepmodule being available from the./releases/<VERSION>folder and then you are in full control of moving to newer release of the Bicep Landing Zone (aka Subscription) vending module, but the process checking and pulling in the latest release is automatically handled for you by the above mentioned GitHub Action and PowerShell script.