Mastering Parameters in ARM Templates: A Comprehensive Guide
Learn how to use parameters in ARM templates for flexible, secure, and reusable deployments!
Mastering Parameters in ARM Templates: A Comprehensive Guide
Parameters in ARM (Azure Resource Manager) templates are a powerful way to make your templates dynamic, reusable, and flexible. With parameters, you can pass values into the template during deployment, allowing you to customize your infrastructure without having to modify the template itself.In this post, we’ll explore how to define parameters in ARM templates with various data types and additional features like allowedValues and secureString.
Defining Parameters
A parameter is defined in the parameters section of the template, you can define parameters for values like resource names, sizes, and locations that needs to be flexible between deployments. Basic String Parameters{
"parameters": {
"resourceName": {
"type": "string",
"defaultValue": "myResource",
"metadata": {
"description": "Name of the resource to be created"
}
}
}
}
- type: Defines the data type, in this case,
string
. - defaultValue: Provides a default value that will be used if no input is provided during deployment.
- metadata: Adds a description to the parameter for clarity during deployment. This will be visible when hovering over the information icon when deploying.
Integer Parameter with Constraints
You can define parameters of typeint
for numeric values. To add constraints, you can use
the minValue
and maxValue
properties.
Integer Parameter Example
{
"parameters": {
"vmSize": {
"type": "int",
"defaultValue": 2,
"minValue": 1,
"maxValue": 5,
"metadata": {
"description": "Number of VM instances"
}
}
}
}
- vmSize: accepts an integer between
1
and5
, with a default value of2
. - You can adjust the range using
minValue
andmaxValue
. - Can be used together with
copy
to spin up multiple VM or attach multiple disks to a VM.
Using Allowed Values
You can enforce a set of predefined values for parameters using theallowedValues
property.
This ensures that only specified values are used in the deployment.
String Parameter with Allowed Values
{
"parameters": {
"environment": {
"type": "string",
"allowedValues": [
"development",
"test",
"staging",
"production"
],
"defaultValue": "development",
"metadata": {
"description": "The environment used in the naming of resources, tags and budgets in which the resources are deployed"
}
}
}
}
- environment: Allow only specific values:
"development"
,"test"
,"staging"
and"production"
. - defaultValue: defaultValue: Provides a default value that will be used if no input is provided during deployment.
- This setup is useful when deploying to different environments and enforcing correct configurations for each.
- I often use these to determine the naming of resources, tags and budgets.
Secure String Parameter
For sensitive information, such as password or connection strings, ARM Templates offer thesecureString
type for sensitive data. This ensures that the parameter value is encrypted
and not exposed in
logs or output.
Secure String Example
{
"parameters": {
"adminPassword": {
"type": "secureString",
"metadata": {
"description": "The password for the virtual machine's administrator account"
}
}
}
}
- secureString: Keeps sensitive data safe during deployment.
Array parameters
Sometimes, you may want to pass multiple values in a single parameter. ARM templates allow you to definearray
types to handle a list of values.
Array Parameter Example
{
"parameters": {
"allowedIpAddresses": {
"type": "array",
"defaultValue": [
"10.0.0.1",
"10.0.0.2"
],
"metadata": {
"description": "List of allowed IP addresses"
}
}
}
}
- The
allowedIpAddresses
parameter accepts an array of values (in this case, IP addresses). - I often use these when creating the contact emails for budgets or emails for action groups
Boolean Parameter
If you want to include an option that can be true or false, you can use the bool type. Boolean Parameter Example{
"parameters": {
"enableDiagnostics": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable diagnostics for virtual machines"
}
}
}
}
- The
enableDiagnostics
parameter accepts eithertrue
orfalse
, and defaults totrue
because of"defaultValue": true,
.
Complex example: combining Allowed Values and SecureString
In this example we will combine various parameter types, includingallowedValues
and
secureString
.
{
"parameters": {
"adminUsername": {
"type": "string",
"defaultValue": "adminuser",
"allowedValues": [
"adminuser",
"superuser",
"sysadmin"
],
"metadata": {
"description": "The username for the administrator account"
}
},
"adminPassword": {
"type": "secureString",
"metadata": {
"description": "The password for the administrator account"
}
},
"vmSize": {
"type": "string",
"allowedValues": [
"Standard_DS1_v2",
"Standard_DS2_v2",
"Standard_DS3_v2"
],
"defaultValue": "Standard_DS1_v2",
"metadata": {
"description": "The size of the virtual machine"
}
},
"enableAutoShutdown": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable auto-shutdown for the virtual machine"
}
}
}
}
- adminUsername allows only specific usernames.
- adminPassword is a secure string, making sure the password remains encrypted.
- vmSize accepts only specific VM sizes, ensuring correct configurations.
- enableAutoShutdown is a boolean that controls whether the virtual machine will have an automatic shutdown feature enabled.
Parameters are essential to making ARM templates flexible, reusable, and secure. By defining parameters for various data types—such as strings, integers, arrays, and booleans—you can make your templates adaptable to different deployment scenarios.
- Use
allowedValues
to enforce specific options for parameters. - Secure sensitive data like passwords with
secureString
. - Combine different types of parameters for more complex deployments.