Azure Verified Modules: Consolidated Standards for a Good IaC

rafaelherik

Rafael Herik de Carvalho

Posted on September 4, 2024

Azure Verified Modules: Consolidated Standards for a Good IaC

Microsoft introduced the AVM(Azure Verified Modules) as part of an effort to help internal and external parties build well-designed and reliable infrastructure using infrastructure as code.

"Azure Verified Modules enable and accelerate consistent solution development and delivery of cloud-native or migrated applications and their supporting infrastructure by codifying Microsoft guidance (WAF - Well-Architected Framework), with best practice configurations." - Azure Verified Modules

With AVM, Microsoft aims to provide a single definition of a suitable IaC module. This initiative is not about Bicep but multiple IaC languages, following the principles of the well-architected framework.

These clearly defined statements will help organizations drive Cloud Adoption and mature their cloud infrastructure according to best practices.

Why AVM?

The community has been throwing a bunch of Infrastructure as Code (IaC) modules at the wall, but nothing's really stuck as the go-to, trustworthy source. We've got modules in different languages, styles, and support levels scattered all over the place.

This new effort is about creating a unified strategy for IaC modules that customers and partners can rely on. The goal is to build a consistent, supported, and available library of modules in whatever language you prefer.

This should help speed up projects like Landing Zone Accelerators and give users solid building blocks, no matter where they are in their IaC journey. Plus, it addresses the big headache of support - customers need to know Microsoft's got their back when using these modules, especially in enterprise settings.

Basically, they're trying to clean up the chaos and give people something they can trust and build on without worrying about it falling apart when it matters most.

The proposed design

Architecture of AVM

On the image above you can see the AVM design, it's supported by Azure Resource Manager, then all Domain Specific Languages such Bicep and Terraform implements the resource management.

AVM provides three types of Modules: Resource Modules, Patern Modules and Utility Modules. See more about Modules Classification here

Resource Modules

Resource modules are designed to manage specific Azure Resources like Virtual Machines, Virtual Networks, and Azure Kubernetes Services(AKS).

Pattern Modules

Pattern modules are designed to implement specific architectural patterns, often involving multiple resources working together. A prime example is a production-ready Azure Kubernetes Service (AKS) deployment. Setting up AKS properly involves more than just provisioning the AKS resource itself - it requires configuring network-related resources, setting up a private container registry for enhanced security, and applying various other specific configurations. Pattern modules simplify this process by encapsulating all these components and best practices into a single, easy-to-use module. This approach significantly reduces complexity and helps users deploy comprehensive, well-architected solutions with less effort and reduced risk of misconfiguration. See this module example for AKS production ready Terraform module.

Utility Modules

Utility modules implement functions and routines that can be used by Resouce and Pattern modules, but they MUST NOT deploy any Azure Resource; they are only utilities.

If you use IaC to provision Azure infrastructure, the AVM Overview must be read.

Available Modules

For now (Sep 2024), only Bicep and Terraform are supported, AVM uses Bicep Registry and Terraform Registry to share the modules:

Framework Module Type Published Proposed
Bicep Resource 135 14
Pattern 11 31
Utility 0 1
Terraform Resource 51 86
Pattern 9 22
Utility 0 1

Note: Data as of September 2024

Contributing

If you want to contribute, you can even propose a new module or develop or contribute to an existing module:

Bicep

Terraform

Update: I've missed adding the observation that only Microsoft full-time employees can be module owners for now.

Final Thoughts

For large cloud environments, the AVM still needs to deliver its full potential; it needs some maturing and the implementation of new modules. However, as it is a good standard, you can get started with the modules already available and contribute to the initiative.

References

💖 💪 🙅 🚩
rafaelherik
Rafael Herik de Carvalho

Posted on September 4, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related