You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-resource-manager/bicep/migrate-blueprint.md
+4-10Lines changed: 4 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,24 +12,18 @@ This document outlines the steps to re-author your Blueprint definitions and ass
12
12
13
13
## Migration steps
14
14
15
-
1. Export the blueprint definitions into the blueprint definition JSON files which include the artifacts of Azure policies, Azure role assignments, and templates. For more information see [Export your blueprint defintion](../../governance/blueprints/how-to/import-export-ps#export-your-blueprint-definition).
15
+
1. Export the blueprint definitions into the blueprint definition JSON files which include the artifacts of Azure policies, Azure role assignments, and templates. For more information see [Export your blueprint defintion](../../governance/blueprints/how-to/import-export-ps.md#export-your-blueprint-definition).
16
16
2. Convert the blueprint definitio JSON files into a single ARM template or Bicep file to be deployed via deployment stacks with the following considerations:
17
17
18
18
-**Role assingments**: Convert any [role assignments](/azure/templates/microsoft.authorization/policyassignments).
19
19
-**Policies**: Convert any [policy assignments](/azure/templates/microsoft.authorization/policyassignments) into the Bicep (or ARM JSON template) syntax, and then add them to your main template. You can also embedd the [`policyDefinitions`](/azure/templates/microsoft.authorization/policydefinitions) into the JSON template.
20
20
-**Templates**: Convert any templates into a main template for submission to a deployment stack. You can use [modules](./modules.md) in Bicep, embed templates as nested templates or template links, and optionally use [template specs](./template-specs.md) to store your templates in Azure. Template Specs are not required to leverage deployment stacks.
21
-
-**Locks**: Deployment stack [DenySettingsMode](./deployment-stacks.md#protect-managed-resources) gives you the ability to block unwanted changes via `DenySettingsMode` (similar to [Blueprint locks](../../governance/blueprints/concepts/resource-locking.md). You can configure these via Azure CLI or Azure PowerShell. In order to leverage this, you need to corresponding roles to be able to set deny settings. For more information, see [Deployment stacks](./deployment-stacks.md).
22
-
23
-
Define deny settings behavior (locks)
24
-
25
-
- Microsoft.Authorization/locks ~ Deny Settings via Stack, therefore NO BICEP/JSON needed
Note: You can optionally control the excluded actions and principals to the deny assignment created by the specified deny setting mode.
21
+
-**Locks**: Deployment stack [DenySettingsMode](./deployment-stacks.md#protect-managed-resources) gives you the ability to block unwanted changes via `DenySettingsMode` (similar to [Blueprint locks](../../governance/blueprints/concepts/resource-locking.md)). You can configure these via Azure CLI or Azure PowerShell. In order to leverage this, you need to corresponding roles to be able to set deny settings. For more information, see [Deployment stacks](./deployment-stacks.md).
30
22
31
23
## Sample
32
24
25
+
The folloing Bicep files is a sample migration file.
0 commit comments