6 min read
September 17, 2020


If you have not heard, Azure is releasing a new way to manage resources. They have created a new Infrastructure as Code Language. The language is currently in alpha, this means that you can be guaranteed that there will be some breaking changes. However, for early adopters or people looking to play around on personal projects, this shouldn't be a show stopper, and if you are dealing with clients something they should probably be aware of, and all the ARM templates are probably not going away anytime soon, more on that later.
If you prefer to just go to the source and get the information feel free:
Azure Bicep - GitHub
Azure Bicep - InfoWorld

There is also a YouTube video from Microsoft:


If you are like me you could already be asking some of the following questions, even before knowing what Bicep is or isn't:
  • What is Bicep?
  • What does this mean for ARM Templates?
  • Why another language?
  • Why should I care I use a third-party tool like Hasicorp's Terraform?


I will start with Terraform first. Terraform is great, and it gives a sense of cloud-agnostic. Terraform is not cloud-agnostic, it is a great tool, but it is a framework. You cannot take Terraform wrote for GCP, and apply it on Azure, or AWS (and visa versa). It is however a framework that has the capabilities to connect to multiple providers, even at the same time. I would compare Terraform to something like .NET. It is a framework that creates possibilities. Not saying there isn't some overlap or something that might not be agnostic, but as a whole, you wouldn't take one and expect it to just work.


What this means for ARM. Bicep compiles down to a standard ARM Template. So the ARM Template JSON files are being treated as an Intermediate Language (IL). So in the near and mid-term future, and possibly the foreseeable future, ARM Templates are still what is being deployed in the end. This could end up being like .NET. In the beginning, .NET more a quick replacement for VB. However, as computers and technology have evolved you have games and other software being created with it. There is an OS Development Kit called Cosmos, Go Cosmos. If your curious about games that are built with .NET check this out, .NET Gaming. Also, if you want to just stay writing in ARM Templates using JSON, looks like that will be fine for a while at least.


Why another language, this would all be speculation. If I had to guess, and once you see it you will probably agree, to compete a little easier with Terraform. There are several things about the ARM Templates with JSON that can be confusing or not as friendly to use, plus something that is designed as a language with scripting can be nicer. For example, it becomes easier to build keys. I worked on one deployment where I was deploying a network along with subnets, and a few other things and had to keep things as separate as I could. So when I would have to pass in a subnet Id I would easily be able to dynamically configure it, but if you were setting up the resource in an array, it got messy fast, and I learned the resources were not being processed until needed, and wouldn't always process one variable before processing the next. This would have been easily done in Bash or PowerShell, but just was a limit in ARM Template. However, I have done similar things in Terraform without issue. I can reference other deployments and just pull the information I need, so that loop to generate certain values becomes less of a need. So for some of these reasons I can see why they would develop a language.


What is Bicep? Just to make it easier I am going to directly quote what they have on GitHub (this could change but this will be as of 2020-16-09).
" Bicep is a Domain Specific Language (DSL) for deploying Azure resources declaratively. It aims to drastically simplify the authoring experience with a cleaner syntax and better support for modularity and code re-use. Bicep is a transparent abstraction over ARM and ARM templates, which means anything that can be done in an ARM Template can be done in bicep (outside of temporary known limitations). All resource types, apiVersions, and properties that are valid in an ARM template are equally valid in Bicep on day one.
Bicep compiles down to standard ARM Template JSON files, which means the ARM JSON is effectively being treated as an Intermediate Language (IL). "
Azure Bicep - GitHub


The last thing I want to do is include a sample of creating something basic. On the GitHub it has a few examples, the one I will share is the keyvault, Azure Bicep Key Vault Example - GitHub. You can see some similarities between Terraform and Bicep. It looks like it might be easier to deal with objects in Bicep but we will see.


      param name string = 'bicepKeyVaultTutorial
      param location string = 'westuS'
      param sku string = 'Standard'
      param tenant string = '72f988bf-86f1-41af-91ab-2d7cd011db47'
      param accessPolicies array = [
        {
          tenantId: tenant
          objectId: '414d10da-615f-49a7-90a0-a7008fb31cd3'
          permissions: {
              keys: [ 
                  'Get'
                  'List'
                  'Update'
                  'Create'
                  'Import'
                  'Delete'
                  'Recover'
                  'Backup'
                  'Restore'
              ]
              secrets: [
                  'Get'
                  'List'
                  'Set'
                  'Delete'
                  'Recover'
                  'Backup'
                  'Restore'
                  ]
              certificates: [
                  'Get'
                  'List'
                  'Update'
                  'Create'
                  'Import'
                  'Delete'
                  'Recover'
                  'Backup'
                  'Restore'
                  'ManageContacts'
                  'ManageIssuers'
                  'GetIssuers'
                  'ListIssuers'
                  'SetIssuers'
                  'DeleteIssuers'
              ]
          }
        }
      ]
      
      param enabledForDeployment bool = true
      param enabledForTemplateDeployment bool = true
      param enabledForDiskEncryption bool = true 
      param enableRbacAuthorization bool = false
      param enableSoftDelete bool = true 
      param softDeleteRetentionInDays int = 90
      
      param networkAcls object = {
          bypass: 'AzureServices'
          defaultAction: 'allow'
          ipRules: [
          ]
          virtualNetworkRules: [
          ]
      }
      
      resource keyvault 'Microsoft.KeyVault/vaults@2019-09-01' = {    
          name: name       
          location: location 
          properties:{
              tenantId: tenant
              sku: {
                  family: 'A'
                  name: sku
              }
              accessPolicies: accessPolicies
              enabledForDeployment: enabledForDeployment
              enabledForDiskEncryption: enabledForDiskEncryption
              enabledForTemplateDeployment: enabledForTemplateDeployment
              enableSoftDelete: enableSoftDelete
              softDeleteRetentionInDays: softDeleteRetentionInDays
              enableRbacAuthorization: enableRbacAuthorization
              networkAcls: networkAcls
          }
      }


Now that our ARM has a Bicep does that mean we could do a curl? If anyone from MS comes across this, I think Bicep needs a curl command. Even if its nothing more then something like HTTP status code 418. It would be a good easter egg.