Merge pull request #104239 from mumian/0210-deployment-tutorial

add a new tutorial

Author: PMEds28

.openpublishing.redirection.json

@@ -13638,7 +13638,7 @@
       "source_path": "articles/event-hubs/event-hubs-tutorial-virtual-networks-firewalls.md",
       "redirect_url": "/azure/event-hubs/event-hubs-service-endpoints",
       "redirect_document_id": false
-    },    
+    },
     {
       "source_path": "articles/active-directory/active-directory-saml-protocol-reference.md",
       "redirect_url": "/azure/active-directory/develop/active-directory-saml-protocol-reference",
@@ -17078,7 +17078,7 @@
       "source_path": "articles/sql-data-warehouse/create-data-warehouse-powershell.md",
       "redirect_url": "/azure/synapse-analytics/sql-data-warehouse/create-data-warehouse-powershell",
       "redirect_document_id": true
-    }, 
+    },
     {
       "source_path": "articles/sql-data-warehouse/viewing-maintenance-schedule.md",
       "redirect_url": "/azure/sql-data-warehouse/maintenance-scheduling#view-a-maintenance-schedule",
@@ -17173,7 +17173,7 @@
       "source_path": "articles/sql-data-warehouse/release-notes-10-0-10106-0.md",
       "redirect_url": "/azure/synapse-analytics/sql-data-warehouse/release-notes-10-0-10106-0",
       "redirect_document_id": true
-    }, 
+    },
     {
       "source_path": "articles/sql-data-warehouse/sql-data-warehouse-concept-recommendations.md",
       "redirect_url": "/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-concept-recommendations",
@@ -35209,7 +35209,7 @@
       "source_path": "articles/multi-factor-authentication/end-user/index.md",
       "redirect_url": "/azure/multi-factor-authentication/end-user/multi-factor-authentication-end-user",
       "redirect_document_id": false
-    },    
+    },
     {
       "source_path": "articles/notification-hubs/configure-android-device-messaging.md",
       "redirect_url": "/azure//notification-hubs/configure-google-firebase-cloud-messaging",
@@ -49493,7 +49493,7 @@
     {
       "source_path": "articles/cli/index.yml",
       "redirect_url": "/cli/azure",
-      "redirect_document_id": false 
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/virtual-machines/linux/tutorial-build-deploy-jenkins.md",
@@ -49611,8 +49611,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "articles/lab-services/classroom-labs/class-type-deep-learning-natural-processing.md", 
-      "redirect_url": "/azure/lab-services/classroom-labs/class-type-deep-learning-natural-language-processing", 
+      "source_path": "articles/lab-services/classroom-labs/class-type-deep-learning-natural-processing.md",
+      "redirect_url": "/azure/lab-services/classroom-labs/class-type-deep-learning-natural-language-processing",
       "redirect_document_id": false
     }
   ]

articles/azure-resource-manager/templates/deployment-tutorial-linked-template.md

@@ -0,0 +1,173 @@
+---
+title: Tutorial - Deploy a linked template
+description: Learn how to deploy a linked template
+ms.date: 03/13/2020
+ms.topic: tutorial
+ms.author: jgao
+---
+
+# Tutorial: Deploy a linked template
+
+In the [previous tutorials](./deployment-tutorial-local-template.md), you learned how to deploy a template that is stored in your local computer. To deploy complex solutions, you can break a template into many templates, and deploy these templates through a main template. In this tutorial, you learn how to deploy a main template that contains the reference to a linked template. When the main template gets deployed, it triggers the deployment of the linked template. You also learn how to store and secure the linked template by using SAS token. It takes about **12 minutes** to complete.
+
+## Prerequisites
+
+We recommend that you complete the previous tutorial, but it's not required.
+
+## Review template
+
+In the previous tutorials, you deploy a template that creates a storage account, App Service plan, and web app. The template used was:
+
+:::code language="json" source="~/resourcemanager-templates/get-started-deployment/local-template/azuredeploy.json":::
+
+## Create a linked template
+
+You can separate the storage account resource into a linked template:
+
+:::code language="json" source="~/resourcemanager-templates/get-started-deployment/linked-template/linkedStorageAccount.json":::
+
+The following template is the main template.  The highlighted **Microsoft.Resources/deployments** object shows how to call a linked template. The linked template cannot be stored as a local file or a file that is only available on your local network. You can only provide a URI value that includes either *http* or *https*. Resource Manager must be able to access the template. One option is to place your linked template in a storage account, and use the URI for that item. The URI is passed to template using a parameter. See the highlighted parameter definition.
+
+:::code language="json" source="~/resourcemanager-templates/get-started-deployment/linked-template/azuredeploy.json" highlight="27-32,40-58":::
+
+Save a copy of the main template to your local computer with the .json extension, for example, azuredeploy.json. You don't need to save a copy of the linked template.  The linked template will be copied from a GitHub repository to a storage account.
+
+## Store the linked template
+
+The following PowerShell script creates a storage account, creates a container, and copies the linked template from a GitHub repository to the container. A copy of the linked template is stored in [GitHub](https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/get-started-deployment/linked-template/linkedStorageAccount.json).
+
+Select **Try-it** to open the Cloud Shell, select **Copy** to copy the PowerShell script, and right-click the shell pane to paste the script:
+
+> [!IMPORTANT]
+> Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. The name must be unique. In the template, the storage account name is the project name with "store" appended, and the project name must be between 3 and 11 characters. So the project name must meet the storage account name requirements and has less than 11 characters.
+
+```azurepowershell-interactive
+$projectName = Read-Host -Prompt "Enter a project name:"   # This name is used to generate names for Azure resources, such as storage account name.
+$location = Read-Host -Prompt "Enter a location (i.e. centralus)"
+
+$resourceGroupName = $projectName + "rg"
+$storageAccountName = $projectName + "store"
+$containerName = "templates" # The name of the Blob container to be created.
+
+$linkedTemplateURL = "https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/get-started-deployment/linked-template/linkedStorageAccount.json" # A completed linked template used in this tutorial.
+$fileName = "linkedStorageAccount.json" # A file name used for downloading and uploading the linked template.
+
+# Download the template
+Invoke-WebRequest -Uri $linkedTemplateURL -OutFile "$home/$fileName"
+
+# Create a resource group
+New-AzResourceGroup -Name $resourceGroupName -Location $location
+
+# Create a storage account
+$storageAccount = New-AzStorageAccount `
+    -ResourceGroupName $resourceGroupName `
+    -Name $storageAccountName `
+    -Location $location `
+    -SkuName "Standard_LRS"
+
+$context = $storageAccount.Context
+
+# Create a container
+New-AzStorageContainer -Name $containerName -Context $context -Permission Container
+
+# Upload the template
+Set-AzStorageBlobContent `
+    -Container $containerName `
+    -File "$home/$fileName" `
+    -Blob $fileName `
+    -Context $context
+
+Write-Host "Press [ENTER] to continue ..."
+```
+
+## Deploy template
+
+To deploy a private template in a storage account, generate a SAS token and include it in the URI for the template. Set the expiry time to allow enough time to complete the deployment. The blob containing the template is accessible to only the account owner. However, when you create a SAS token for the blob, the blob is accessible to anyone with that URI. If another user intercepts the URI, that user is able to access the template. A SAS token is a good way of limiting access to your templates, but you should not include sensitive data like passwords directly in the template.
+
+If you haven't created the resource group, see [Create resource group](./deployment-tutorial-local-template.md#create-resource-group).
+
+# [PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+
+$projectName = Read-Host -Prompt "Enter a project name:"   # This name is used to generate names for Azure resources, such as storage account name.
+$templateFile = Read-Host -Prompt "Enter the main template file and path"
+
+$resourceGroupName="${projectName}rg"
+$storageAccountName="${projectName}store"
+$containerName = "templates"
+$fileName = "linkedStorageAccount.json" # A file name used for downloading and uploading the linked template.
+
+$key = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName).Value[0]
+$context = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $key
+
+# Generate a SAS token
+$linkedTemplateUri = New-AzStorageBlobSASToken `
+    -Context $context `
+    -Container $containerName `
+    -Blob $fileName `
+    -Permission r `
+    -ExpiryTime (Get-Date).AddHours(2.0) `
+    -FullUri
+
+# Deploy the template
+New-AzResourceGroupDeployment `
+  -Name DeployLinkedTemplate `
+  -ResourceGroupName $resourceGroupName `
+  -TemplateFile $templateFile `
+  -projectName $projectName `
+  -linkedTemplateUri $linkedTemplateUri `
+  -verbose
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli
+
+echo "Enter a project name that is used to generate resource names:"
+read projectName
+echo "Enter the main template file:"
+read templateFile
+
+resourceGroupName="${projectName}rg"
+storageAccountName="${projectName}store"
+containerName="templates"
+fileName="linkedStorageAccount.json"
+
+key=$(az storage account keys list -g $resourceGroupName -n $storageAccountName --query [0].value -o tsv)
+
+linkedTemplateUri=$(az storage blob generate-sas \
+  --account-name $storageAccountName \
+  --account-key $key \
+  --container-name $containerName \
+  --name $fileName \
+  --permissions r \
+  --expiry `date -u -d "120 minutes" '+%Y-%m-%dT%H:%MZ'` \
+  --full-uri)
+
+linkedTemplateUri=$(echo $linkedTemplateUri | sed 's/"//g')
+az deployment group create \
+  --name DeployLinkedTemplate \
+  --resource-group $resourceGroupName \
+  --template-file $templateFile \
+  --parameters projectName=$projectName linkedTemplateUri=$linkedTemplateUri \
+  --verbose
+```
+
+---
+
+## Clean up resources
+
+Clean up the resources you deployed by deleting the resource group.
+
+1. From the Azure portal, select **Resource group** from the left menu.
+2. Enter the resource group name in the **Filter by name** field.
+3. Select the resource group name.
+4. Select **Delete resource group** from the top menu.
+
+## Next steps
+
+You learned how to deploy a linked template. In the next tutorial, you learn how to create a DevOp pipeline to deploy a template.
+
+> [!div class="nextstepaction"]
+> [Create a pipeline](./deployment-tutorial-pipeline.md)

articles/azure-resource-manager/templates/deployment-tutorial-local-template.md

@@ -0,0 +1,165 @@
+---
+title: Tutorial - Deploy a local Azure Resource Manager template
+description: Learn how to deploy an Azure Resource Manager template from your local computer
+ms.date: 03/13/2020
+ms.topic: tutorial
+ms.author: jgao
+---
+
+# Tutorial: Deploy a local Azure Resource Manager template
+
+Learn how to deploy an Azure Resource Manager template from your local machine. It takes about **8 minutes** to complete.
+
+This tutorial is the first of a series. As you progress through the series, you modularize the template by creating a linked template, you store the linked template in a storage account, and secure the linked template by using SAS token, and you learn how to create a DevOp pipeline to deploy templates. This series focuses on template deployment.  If you want to learn template development, see the [beginner tutorials](./template-tutorial-create-first-template.md).
+
+## Get tools
+
+Let's start by making sure you have the tools you need to deploy templates.
+
+### Command-line deployment
+
+You  need either Azure PowerShell or Azure CLI to deploy the template. For the installation instructions, see:
+
+- [Install Azure PowerShell](/powershell/azure/install-az-ps)
+- [Install Azure CLI on Windows](/cli/azure/install-azure-cli-windows)
+- [Install Azure CLI on Linux](/cli/azure/install-azure-cli-linux)
+
+After installing either Azure PowerShell or Azure CLI, make sure you sign in for the first time. For help, see [Sign in - PowerShell](/powershell/azure/install-az-ps#sign-in) or [Sign in - Azure CLI](/cli/azure/get-started-with-azure-cli#sign-in).
+
+### Editor (Optional)
+
+Templates are JSON files. To review/edit templates, you need a good JSON editor. We recommend Visual Studio Code with the Resource Manager Tools extension. If you need to install these tools, see [Use Visual Studio Code to create Azure Resource Manager templates](use-vs-code-to-create-template.md).
+
+## Review template
+
+The template used in this tutorial is similar to the template used in the [tutorial about Quickstart templates](template-tutorial-quickstart-template.md). If you are interested in creating the template, you can go through that tutorial. However it's not required for completing this tutorial.
+
+The template deploys a storage account, app service plan, and web app.
+
+:::code language="json" source="~/resourcemanager-templates/get-started-deployment/local-template/azuredeploy.json":::
+
+> [!IMPORTANT]
+> Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. The name must be unique. In the template, the storage account name is the project name with "store" appended, and the project name must be between 3 and 11 characters. So the project name must meet the storage account name requirements and has less than 11 characters.
+
+Save a copy of the template to your local computer with the .json extension, for example, azuredeploy.json. You deploy this template later in the tutorial.
+
+## Sign in to Azure
+
+To start working with Azure PowerShell/Azure CLI to deploy a template, sign in with your Azure credentials.
+
+# [PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+Connect-AzAccount
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli
+az login
+```
+
+---
+
+If you have multiple Azure subscriptions, select the subscription you want to use:
+
+# [PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+Select-AzSubscription [SubscriptionID/SubscriptionName]
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli
+az account set --subscription [SubscriptionID/SubscriptionName]
+```
+
+---
+
+## Create resource group
+
+When you deploy a template, you specify a resource group that will contain the resources. Before running the deployment command, create the resource group with either Azure CLI or Azure PowerShell. Select the tabs in the following code section to choose between Azure PowerShell and Azure CLI. The CLI examples in this article are written for the Bash shell.
+
+# [PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+$projectName = Read-Host -Prompt "Enter a project name that is used to generate resource and resource group names"
+$resourceGroupName = "${projectName}rg"
+
+New-AzResourceGroup `
+  -Name $resourceGroupName `
+  -Location "Central US"
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli
+echo "Enter a project name that is used to generate resource and resource group names:"
+read projectName
+resourceGroupName="${projectName}rg"
+
+az group create \
+  --name $resourceGroupName \
+  --location "Central US"
+```
+
+---
+
+## Deploy template
+
+Use one or both deployment options to deploy the template.
+
+# [PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+$projectName = Read-Host -Prompt "Enter the same project name"
+$templateFile = Read-Host -Prompt "Enter the template file path and file name"
+$resourceGroupName = "${projectName}rg"
+
+New-AzResourceGroupDeployment `
+  -Name DeployLocalTemplate `
+  -ResourceGroupName $resourceGroupName `
+  -TemplateFile $templateFile `
+  -projectName $projectName `
+  -verbose
+```
+
+To learn more about deploying template by using Azure PowerShell, see [Deploy resources with Resource Manager templates and Azure PowerShell](./deploy-powershell.md).
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli
+echo "Enter the same project name:"
+read projectName
+echo "Enter the template file path and file name:"
+read templateFile
+resourceGroupName="${projectName}rg"
+
+az deployment group create \
+  --name DeployLocalTemplate \
+  --resource-group $resourceGroupName \
+  --template-file $templateFile \
+  --parameters projectName=$projectName \
+  --verbose
+```
+
+To learn more about deploying template by using Azure CLI, see [Deploy resources with Resource Manager templates and Azure CLI](./deploy-cli.md).
+
+---
+
+## Clean up resources
+
+Clean up the resources you deployed by deleting the resource group.
+
+1. From the Azure portal, select **Resource group** from the left menu.
+2. Enter the resource group name in the **Filter by name** field.
+3. Select the resource group name.
+4. Select **Delete resource group** from the top menu.
+
+## Next steps
+
+You learned how to deploy a local template. In the next tutorial, you separate the template into a main template and a linked template, and learn how to store and secure the linked template.
+
+> [!div class="nextstepaction"]
+> [Deploy a linked template](./deployment-tutorial-linked-template.md)