Resource naming reloaded: Azure Policy and Bicep for the winner!

by: Luise Freese
Oct 01, 2024

Let’s solidify naming conventions with Azure Policy

In one of my last blog posts, How to use Azure Policy to enforce resource naming conventions in your DevOps pipelines I explained how one could leverage Azure Policy to standardize naming of your Azure resources. But it would be too easy, if it was that easy. We have a few issues with that:

some resources can’t handle the pattern that Microsoft suggests - for example Storage Accounts can only have lowercase letters and numbers in the name and only up to 24 characters
if we want people to stick to a certain pattern it’s easier if they can choose from a list of valid values

So we will parameterize the resource name with in Organization Unit, the appName that the requester provides us with, the location, the appType, the environment and the instance. This is how that looks like in Bicep:



param orgUnit string = 'Contoso' // Organization Unit
param appName string // Name provided by the requester

@allowed([
  'weu'   // Short name for West Europe
  'eus'   // Short name for East US
])
param shortLocation string // Selectable location for naming purposes

@allowed([
  'storageaccount'
  'webapp'
  'functionapp'
  'logicapp'
  'sqlserver'
  'cosmosdb'
])
param appType string // Selectable app type from a predefined array

@allowed([
  'Dev'
  'Demo'
  'Test'
  'Prod'
])
param environment string // Environment (e.g., 'Prod', 'Dev', etc.)

@allowed([
  '01', '02', '03', '04', '05'
])
param instanceNumber string // Instance number or other identifier

// Mapping for short location codes to full Azure region names
var locationMapping = {
  weu: 'westeurope'
  eus: 'eastus'
}

// Get the full Azure location name for deployment
var fullLocation = locationMapping[shortLocation]

// Base resource name using short location code
var baseResourceName = '${orgUnit}-${appName}-${shortLocation}-${appType}-${environment}-${instanceNumber}'

// Exception for storage account
var storageAccountName = toLower('${appName}${environment}${instanceNumber}')
var truncatedStorageAccountName = length(storageAccountName) > 24 ? substring(storageAccountName, 0, 24) : storageAccountName

// Final resource name with exception handling
var resourceName = appType == 'storageaccount' ? truncatedStorageAccountName : baseResourceName

// Resource declaration for an Azure Storage Account
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = if (appType == 'storageaccount') {
  name: resourceName
  location: fullLocation // Use full location name for deployment
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
}

// Resource declaration for an Azure Web App
resource webApp 'Microsoft.Web/sites@2021-02-01' = if (appType == 'webapp') {
  name: resourceName
  location: fullLocation // Use full location name for deployment
  kind: 'app'
  properties: {
    serverFarmId: 'your-app-service-plan-id'
  }
}

// Resource declaration for an Azure Function App
resource functionApp 'Microsoft.Web/sites@2021-02-01' = if (appType == 'functionapp') {
  name: resourceName
  location: fullLocation // Use full location name for deployment
  kind: 'functionapp'
  properties: {
    serverFarmId: 'your-app-service-plan-id'
  }
}

// Resource declaration for an Azure Logic App
resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = if (appType == 'logicapp') {
  name: resourceName
  location: fullLocation // Use full location name for deployment
  properties: {
    definition: {
      '$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#'
      actions: {}
      contentVersion: '1.0.0.0'
      outputs: {}
      parameters: {}
      triggers: {}
    }
    parameters: {} // Add your logic app parameters here
  }
}

// Resource declaration for an Azure SQL Server
resource sqlServer 'Microsoft.Sql/servers@2021-05-01-preview' = if (appType == 'sqlserver') {
  name: resourceName
  location: fullLocation // Use full location name for deployment
  properties: {
    administratorLogin: 'your-admin-login'
    administratorLoginPassword: 'your-admin-password'
  }
}

// Resource declaration for an Azure Cosmos DB Account
resource cosmosDb 'Microsoft.DocumentDB/databaseAccounts@2021-04-15' = if (appType == 'cosmosdb') {
  name: resourceName
  location: fullLocation // Use full location name for deployment
  kind: 'GlobalDocumentDB'
  properties: {
    databaseAccountOfferType: 'Standard'
    locations:fullLocation
  }
}

// Output the generated resource name and location for verification
output resourceName string = resourceName
output fullLocation string = fullLocation

Save this as main.bicep, We can now deploy this using Azure CLI:

$resourceGroup = "<your resourcegroup>"
az deployment group create  --resource-group $resourceGroup  --template-file main.bicep

If you run the CLI command, you will notice that you now get prompted for the parameters and for those that only allow a choice of values, you can choose but not use any free text. The template will now craft the resourceName out of the provided values:

As a result, we get nicely named resources:

Logic app in Azure Portal

Conclusion

Don’t get me wrong though! Having Azure Policy in place ensures, that regardless which way someone chooses to create resources, they need to stick to the naming pattern that you defined! So while this template makes it easy to deploy resources via Bicep, people could still use the Azure Portal and do what they want - if there is no policy in place! So in fact, this is yet another better together scenario! So in case you don’t have a policy so far, please go back to my previous blog post and set up a policy that fulfills your needs of consistent naming.