Ask Downloads
Domain 4 β€” Module 3 of 4 75%
21 of 28 overall
Domain 4: Configure and Manage Automation of Tasks Free ⏱ ~12 min read

Deploy with ARM, Bicep, PowerShell, and CLI

Automate Azure SQL deployment using ARM templates, Bicep, Azure PowerShell, and Azure CLI. Monitor and troubleshoot automated deployments.

Infrastructure as Code for Azure SQL

Simple explanation

Instead of clicking buttons in the Azure Portal, you write a recipe.

ARM/Bicep templates are like a blueprint β€” β€œI want a SQL server in East US with a 4-vCore database.” You hand it to Azure, and it builds exactly that. Run the same blueprint in another region, get the exact same result.

PowerShell and CLI are like verbal instructions β€” β€œFirst create the server, then create the database, then set the firewall.” More flexible, but you control each step.

Bicep deployment

Bicep is Microsoft’s recommended IaC language for Azure (compiles to ARM JSON):

// deploy-sql.bicep β€” Azure SQL Database
param location string = resourceGroup().location
param serverName string
param databaseName string
param adminLogin string
@secure()
param adminPassword string

resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
  name: serverName
  location: location
  properties: {
    administratorLogin: adminLogin
    administratorLoginPassword: adminPassword
    minimalTlsVersion: '1.2'
  }
}

resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
  parent: sqlServer
  name: databaseName
  location: location
  sku: {
    name: 'GP_Gen5'
    tier: 'GeneralPurpose'
    capacity: 4
  }
  properties: {
    collation: 'SQL_Latin1_General_CP1_CI_AS'
    maxSizeBytes: 34359738368  // 32 GB
    zoneRedundant: false
    requestedBackupStorageRedundancy: 'Local'
  }
}

Deploy:

az deployment group create \
  --resource-group NorthStarRG \
  --template-file deploy-sql.bicep \
  --parameters serverName=northstar-sql databaseName=NorthStarERP \
               adminLogin=sqladmin adminPassword=<secure>

Azure PowerShell deployment

# Create a SQL server
New-AzSqlServer -ResourceGroupName "ScaleWaveRG" `
  -ServerName "scalewave-sql" `
  -Location "EastUS" `
  -SqlAdministratorCredentials (Get-Credential)

# Create a database
New-AzSqlDatabase -ResourceGroupName "ScaleWaveRG" `
  -ServerName "scalewave-sql" `
  -DatabaseName "TenantDB" `
  -Edition "GeneralPurpose" `
  -Vcore 4 `
  -ComputeGeneration "Gen5"

# Set firewall rule
New-AzSqlServerFirewallRule -ResourceGroupName "ScaleWaveRG" `
  -ServerName "scalewave-sql" `
  -FirewallRuleName "AllowOffice" `
  -StartIpAddress "203.0.113.10" `
  -EndIpAddress "203.0.113.10"

Azure CLI deployment

# Create a SQL server
az sql server create \
  --resource-group ScaleWaveRG \
  --name scalewave-sql \
  --location eastus \
  --admin-user sqladmin \
  --admin-password <secure>

# Create a database
az sql db create \
  --resource-group ScaleWaveRG \
  --server scalewave-sql \
  --name TenantDB \
  --edition GeneralPurpose \
  --capacity 4 \
  --compute-model Provisioned

# Set firewall rule
az sql server firewall-rule create \
  --resource-group ScaleWaveRG \
  --server scalewave-sql \
  --name AllowOffice \
  --start-ip-address 203.0.113.10 \
  --end-ip-address 203.0.113.10

Monitoring deployments

Azure Portal

  • Resource group β†’ Deployments β†’ view status, inputs, outputs, errors
  • Each Bicep/ARM deployment creates a deployment record

CLI / PowerShell

# Check deployment status
az deployment group show --resource-group NorthStarRG --name deploy-sql

# List all deployments
az deployment group list --resource-group NorthStarRG --output table

Common deployment failures

ErrorCauseFix
NameNotAvailableServer name already taken (globally unique)Choose a different name
QuotaExceededSubscription limit hit (vCores, servers)Request quota increase or use different region
InvalidParameterValueWrong SKU, tier, or capacity combinationCheck valid combinations in docs
AuthorizationFailedDeploying identity lacks RBAC permissionsGrant Contributor on the resource group
ConflictErrorResource already exists with different configUse incremental mode or delete existing first
Exam tip: declarative vs imperative troubleshooting
  • Bicep/ARM failures: Check the deployment record in the portal β€” it shows the exact resource and property that failed
  • PowerShell/CLI failures: Check the error output β€” often includes a correlation ID for support tickets
  • Idempotent retry: Bicep/ARM deployments can be rerun safely. PowerShell/CLI may create duplicates unless you add existence checks.
Question

What is the advantage of Bicep over raw ARM JSON?

Click or press Enter to reveal answer

Answer

Cleaner, more readable syntax (no JSON boilerplate). Bicep compiles to ARM templates β€” same deployment engine, same capabilities, but much easier to write and maintain.

Click to flip back
Question

Where do you check the status of a failed Bicep deployment?

Click or press Enter to reveal answer

Answer

Azure Portal: Resource group β†’ Deployments β†’ click the failed deployment to see error details. Or use az deployment group show --name <deployment-name>.

Click to flip back
Knowledge Check

Priya's Bicep deployment fails with 'QuotaExceeded β€” not enough vCore quota in East US.' What are her two options?

Next up: Elastic Jobs and Azure Automation β€” run T-SQL across multiple databases and automate Azure resource management.