Microsoft recently announced the public preview of deployment stacks in Azure, a new resource type for managing a collection of Azure resources as a single unit for faster update and delete (cleanup). In addition, it brings more granular capabilities for preventing unwanted changes to resources.
The company introduces deployment stacks to solve the current problem of handling the lifecycle (creation, updates, and deletions) of resources across various Azure scopes, such as Resource Groups, Management Groups, and Subscriptions, which can be complex and time-consuming. Furthermore, ensuring that essential resources are equipped with appropriate guardrails further contributes to the complexity of resource management.
With deployment stacks, developers and DevOps engineers have a way of managing a collection of resources across scopes as a single atomic unit. It enables 1-to-many CRUD operations and resource change prevention, providing the following benefits:
- Simple cleanup - delete or update resources across scopes with a single call to the deployment stack resource as a 1-to-many operation.
- Unwanted changes - block changes to managed resources with deny settings capability of a deployment stack.
Angel Perez, a program manager of Azure Deployments at Microsoft, explains in a Tech Community blog post:
A deployment stack is a resource that deploys a template file (ARM or Bicep) as a deployment object. Beyond the familiar capabilities of the deployments object, the resources a deployment stack creates are known as "managedResources" and can be easily updated/deleted with a single operation on the deployment stack. "managedResources" can be deleted directly via delete of a deployment stack or indirectly via updates to the template and "actionOnUnmanage" behavior of the deployment stack, specified via delete flags.
Developers and DevOps engineers can leverage Azure CLI, Azure PowerShell, the Azure portal, and Bicep files to create and update a deployment stack. Bicep files are transformed into ARM JSON templates, which are subsequently deployed as a deployment object by the stack.
To create a deployment stack at the resource group scope, the CLI command and parameters will look like:
az stack group create \
--name '<deployment-stack-name>' \
--resource-group '<resource-group-name>' \
--template-file '<bicep-file-name>' \
--deny-settings-mode 'none'
Once a deployment stack is created, a developer can find it through the Azure portal by navigating to the correct scope.
Deployment stack resource in the Azure portal (Source: Tech Community Blog post)
Azure deployment stacks will provide features developers and DevOps engineers requested and anticipated in the past.
Stanislav Zhelyazkov, a Microsoft MVP and cloud infrastructure engineer, tweeted:
Something that I have pushed for years to be made is now available in preview. Thanks to all who all requested this as well and the people who made it happen.
One requested feature was the destroy feature similar to Terraform destroy command. Terraform is an infrastructure-as-code tool that enables the provisioning and management of cloud resources through declarative configuration files. It has providers for various cloud providers, SaaS providers, and other APIs – thus also for Azure and an option for developers and DevOps engineers.
Freek Berson, a Microsoft MVP, concluded in a blog post:
Deployment stacks unlock lots of great scenarios like removing resources from a deployment that reside across various different resource groups, subscriptions, and management groups providing similar functionality like the destroy option that e.g. Terraform has.
And:
Deployment stacks improve the overall life cycle management of Azure resources, it can prevent accidental deletion of a single resource that is part of a stack of resources that depend on each other and have the same life cycle, and it provides easy ways to roll back to a good known state.
Lastly, more details are available in the documentation and GitHub repo with samples and tutorials.