Flex Your DevSecOps Muscles With Bicep
Bicep is a new language that has been created by Microsoft for deploying resources on Azure.
The objective of Bicep is to make it easier to implement an "infrastructure as code" approach to provisioning resources such as storage, compute and networks on the cloud.
In our opinion, it is a significant step forward over the existing "ARM template" tooling, which involves creating JSON files which can quickly become large and fiddly to work with.
We have also found the adoption of Bicep to be relatively straightforward. Microsoft have made a significant investment in the tooling, documentation, training and quick start examples to help get you up to speed quickly. Microsoft are clearly committed to Bicep and we anticipate there will be further exciting features to be released over the coming months.
If Microsoft Azure is a key platform for you, Bicep could offer significant benefits over the tooling you are using today or provide an opportunity to accelerate adoption of infrastructure as code within your organisation. Therefore, we recommend putting an evaluation of Bicep at the top of your DevSecOps backlog.
What is new about Bicep?
Here are some of the key improvements that we have found adopting Bicep:
A domain-specific language - Bicep has been designed specifically to perform one task: to automate your infrastructure provisioning on Azure. This enables the syntax to be simplified significantly as it is not attempting to be a general programming language;
More succinct - Bicep is more compact and concise than the alternative "ARM template" based approach. Making it easier to author and read. In our experience, you need less than half the code to achieve the same result!
Tooling - an extension for Visual Studio Code provides a range of productivity features such as type checking and IntelliSense. This makes the whole experience of authoring Bicep templates more streamlined. This enables syntax errors to be captured very early in the process.
Promotes greater levels of re-use - Bicep provides better support for re-using the templates that you develop through features such as modules and parameters. A Bicep registry can be set up on Azure Container Registry (ACR) to make it straightforward to publish and consume Bicep modules across your organisation. Modularisation also helps to make Bicep more concise readable by abstracting some of the underlying complexities from higher level scripts;
An Azure-native first class service - Bicep has been developed by Microsoft. It supports all resource types on Azure. Furthermore, when new Azure resources are released or updated, Bicep will support those features on day one.
Why should you consider adopting Bicep?
Bicep can play a key role in enabling DevSecOps practices by automating your infrastructure provisioning on Azure. This will deliver a range of benefits:
Mitigate risk - Bicep will make your deployments consistent, remove the opportunity for human error and lock in best practices around non-functional concerns such as security, scale and the resilience of services;
Remove friction from the software development lifecycle - Bicep enables you to keep the code and the infrastructure required to support it in sync, therefore avoiding many of the issues that can often make deploying new releases into production a stressful experience;
Increase the capacity of your IT team - through automation of repetitive tasks, Bicep will allow IT Security and Infrastructure experts to meet the increasing demands being placed on them and to shift focus to higher value work;
Reduce total cost of ownership - Bicep provides benefits across the full lifetime of a resource. For example, making tasks such as adding additional capacity or re-configuring a resource more straightforward to carry out;
Competitive advantage - automated deployments can play a significant role in shortening the time to release new products and services by underpinning continuous integration and continuous deployment processes;
Cloud accounting - Bicep deployments create a more robust audit trail for your cloud infrastructure. They also enable you to apply consistent resource tagging, allowing you to map cloud expenditure onto relevant concepts within your organisation such as departments, propositions and/or individual customers.
When is Bicep not the right tool?
Bicep is Azure-native, so other cloud providers don't support it as a template language. So if your organization consumes infrastructure across multiple cloud providers, it might not be the right tool.
If you have existing skills, processes and tools in place for infrastructure as code-based resource provisioning, you should assess whether the benefits that Bicep could deliver will outweigh the effort required to migrate over to it.
Finally, your own organisational maturity may be a barrier to adoption. If you are early in your adoption of DevSecOps practices, you may want to invest time and effort in building capability in other areas before committing to Bicep. For example, to be successful in adoption of Bicep you need your development, infrastructure, security and operational professionals to be committed to the goal of "infrastructure as code", to be collaborating effectively and to be open to adapting their traditional ways of working in order to make it work.
In our experience, the jump from traditional ARM templates to Bicep has certainly been worth it. It has boosted our productivity and created artefacts that are easier to maintain. For example we are now using Bicep to provision our Modern Data Platform for clients: which encompasses a complex set of Azure resources. From a green field Azure subscription, we use Bicep to deploy development, test, acceptance and production (DTAP) environments in a matter of minutes, enabling us to focus on delivering value to our clients from early in the project lifecycle.
Bicep Cheat Sheet
To help adopt Bicep, we have created a cheat sheet that we use as a reference point for the syntax and structure of the language. Feel free to download and use this to explore Bicep and accelerate your own adoption:
Want to learn more?
There is a range of resources available from Microsoft to help you adopt Bicep. This includes:
A video of the presentation from Microsoft at their Ignite conference in March 2021 that provides background about Bicep and live demo of it in action.
An excellent Microsoft Learn course Deploy and manage resources in Azure by using Bicep that steps through all of the core functionality and provides practical coding exercises.
The documentation site for Bicep has a range of useful guides, quick starts and reference material to support you in adopting the tool.
Finally the Azure Bicep Github repository contains hundreds of examples of Bicep templates that you can download, re-use and adapt.