Mastering Parameters in ARM Templates: A Comprehensive Guide

Learn how to use parameters in ARM templates for flexible, secure, and reusable deployments!

Anders Moth Falk

Mastering Parameters in ARM Templates: A Comprehensive Guide

Parameters in ARM (Azure Resource Manager) templates are a powerful way to make your templates dynamic, reusable, and flexible. With parameters, you can pass values into the template during deployment, allowing you to customize your infrastructure without having to modify the template itself.

In this post, we’ll explore how to define parameters in ARM templates with various data types and additional features like allowedValues and secureString.

Defining Parameters

A parameter is defined in the parameters section of the template, you can define parameters for values like resource names, sizes, and locations that needs to be flexible between deployments.

Basic String Parameters
{
	"parameters": {
		"resourceName": {
			"type": "string",
			"defaultValue": "myResource",
			"metadata": {
				"description": "Name of the resource to be created"
			}
		}
	}
}
  • type: Defines the data type, in this case, string.
  • defaultValue: Provides a default value that will be used if no input is provided during deployment.
  • metadata: Adds a description to the parameter for clarity during deployment. This will be visible when hovering over the information icon when deploying.

Integer Parameter with Constraints

You can define parameters of type int for numeric values. To add constraints, you can use the minValue and maxValue properties.

Integer Parameter Example
{
    "parameters": {
        "vmSize": {
            "type": "int",
            "defaultValue": 2,
            "minValue": 1,
            "maxValue": 5,
            "metadata": {
                "description": "Number of VM instances"
            }
        }
    }
}
  • vmSize: accepts an integer between 1 and 5, with a default value of 2.
  • You can adjust the range using minValue and maxValue.
  • Can be used together with copy to spin up multiple VM or attach multiple disks to a VM.

Using Allowed Values

You can enforce a set of predefined values for parameters using the allowedValues property. This ensures that only specified values are used in the deployment.

String Parameter with Allowed Values
{
    "parameters": {
        "environment": {
            "type": "string",
            "allowedValues": [
                "development",
                "test",
                "staging",
                "production"
            ],
            "defaultValue": "development",
            "metadata": {
                "description": "The environment used in the naming of resources, tags and budgets in which the resources are deployed"
            }
        }
    }
}
  • environment: Allow only specific values: "development", "test", "staging"and "production".
  • defaultValue: defaultValue: Provides a default value that will be used if no input is provided during deployment.
  • This setup is useful when deploying to different environments and enforcing correct configurations for each.
  • I often use these to determine the naming of resources, tags and budgets.

Secure String Parameter

For sensitive information, such as password or connection strings, ARM Templates offer the secureString type for sensitive data. This ensures that the parameter value is encrypted and not exposed in logs or output.

Secure String Example
{
    "parameters": {
        "adminPassword": {
            "type": "secureString",
            "metadata": {
                "description": "The password for the virtual machine's administrator account"
            }
        }
    }
}
  • secureString: Keeps sensitive data safe during deployment.

Array parameters

Sometimes, you may want to pass multiple values in a single parameter. ARM templates allow you to define array types to handle a list of values.

Array Parameter Example
{
    "parameters": {
        "allowedIpAddresses": {
            "type": "array",
            "defaultValue": [
                "10.0.0.1",
                "10.0.0.2"
            ],
            "metadata": {
                "description": "List of allowed IP addresses"
            }
        }
    }
}
  • The allowedIpAddresses parameter accepts an array of values (in this case, IP addresses).
  • I often use these when creating the contact emails for budgets or emails for action groups

Boolean Parameter

If you want to include an option that can be true or false, you can use the bool type.

Boolean Parameter Example
{
    "parameters": {
        "enableDiagnostics": {
            "type": "bool",
            "defaultValue": true,
            "metadata": {
                "description": "Enable diagnostics for virtual machines"
            }
        }
    }
}
  • The enableDiagnostics parameter accepts either true or false, and defaults to true because of "defaultValue": true,.

Complex example: combining Allowed Values and SecureString

In this example we will combine various parameter types, including allowedValues and secureString.

{
    "parameters": {
        "adminUsername": {
            "type": "string",
            "defaultValue": "adminuser",
            "allowedValues": [
                "adminuser",
                "superuser",
                "sysadmin"
            ],
            "metadata": {
                "description": "The username for the administrator account"
            }
        },
        "adminPassword": {
            "type": "secureString",
            "metadata": {
                "description": "The password for the administrator account"
            }
        },
        "vmSize": {
            "type": "string",
            "allowedValues": [
                "Standard_DS1_v2",
                "Standard_DS2_v2",
                "Standard_DS3_v2"
            ],
            "defaultValue": "Standard_DS1_v2",
            "metadata": {
                "description": "The size of the virtual machine"
            }
        },
        "enableAutoShutdown": {
            "type": "bool",
            "defaultValue": true,
            "metadata": {
                "description": "Enable auto-shutdown for the virtual machine"
            }
        }
    }
}
  • adminUsername allows only specific usernames.
  • adminPassword is a secure string, making sure the password remains encrypted.
  • vmSize accepts only specific VM sizes, ensuring correct configurations.
  • enableAutoShutdown is a boolean that controls whether the virtual machine will have an automatic shutdown feature enabled.

Parameters are essential to making ARM templates flexible, reusable, and secure. By defining parameters for various data types—such as strings, integers, arrays, and booleans—you can make your templates adaptable to different deployment scenarios.

  • Use allowedValues to enforce specific options for parameters.
  • Secure sensitive data like passwords with secureString.
  • Combine different types of parameters for more complex deployments.
Mastering parameters will significantly improve your ability to automate infrastructure deployment in a scalable and consistent way across multiple environments.