Deploy Bicep files with the Azure CLI

This article explains how to use the Azure CLI with Bicep files to deploy your resources to Azure. If you aren't familiar with deploying and managing your Azure solutions, see What is Bicep?.

Prerequisites

You need a Bicep file to deploy, and the file must be local. You also need the Azure CLI and to be connected to Azure:

  • Install Azure CLI commands on your local computer. To deploy Bicep files, you need Azure CLI version 2.20.0 or later.
  • Use az login to connect to Azure. If you have multiple Azure subscriptions, you might also need to run az account set.

Samples for the Azure CLI are written for the bash shell. To run this sample in Windows PowerShell or Command Prompt (cmd), you might need to change elements of the script.

If you don't have the Azure CLI installed, you can use Azure Cloud Shell. For more information, see Deploy Bicep files with Azure Cloud Shell.

Required permissions

To deploy a Bicep file or ARM template, you need write access on the resources you're deploying and access to all operations on the Microsoft.Resources/deployments resource type. For example, to deploy a virtual machine, you need Microsoft.Compute/virtualMachines/write and Microsoft.Resources/deployments/* permissions. The what-if operation has the same permission requirements.

For a list of roles and permissions, see Azure built-in roles.

Deployment scope

You can target your deployment to a resource group, subscription, management group, or tenant. Depending on the scope of the deployment, you use different commands, and the user deploying the Bicep file must have the required permissions to create resources for every scope.

Deploy local Bicep file

You can deploy a Bicep file from your local machine or an external one. This section describes how to deploy a local Bicep file.

If you're deploying to a resource group that doesn't exist, create the resource group. The name of the resource group can only include alphanumeric characters, periods, underscores, hyphens, and parenthesis. It can be up to 90 characters and can't end in a period.

az group create --name ExampleGroup --location "Central US"

To deploy a local Bicep file, use the --template-file switch in the deployment command. The following example also shows how to set a parameter value:

az deployment group create \
  --name ExampleDeployment \
  --resource-group ExampleGroup \
  --template-file <path-to-bicep> \
  --parameters storageAccountType=Standard_GRS

The deployment can take a few minutes to complete. When it finishes, you see a message that includes the following result:

"provisioningState": "Succeeded",

Deploy remote Bicep file

The Azure CLI doesn't currently support deploying remote Bicep files. You can use the Bicep CLI to build the Bicep file to a JSON template and then load the JSON file to a remote location. For more information, see Deploy remote template.

Parameters

To pass parameter values, you can use either inline parameters or a parameters file. The parameters file can be either a Bicep parameters file or a JSON parameters file.

Inline parameters

To pass inline parameters, provide the values in parameters. For example, to pass a string and array to a Bicep file in a Bash shell, use:

az deployment group create \
  --resource-group testgroup \
  --template-file <path-to-bicep> \
  --parameters exampleString='inline string' exampleArray='["value1", "value2"]'

If you're using the Azure CLI with the cmd or PowerShell, pass the array in the format: exampleArray="['value1','value2']".

You can also get the contents of file to provide that content as an inline parameter. Preface the file name with @:

az deployment group create \
  --resource-group testgroup \
  --template-file <path-to-bicep> \
  --parameters exampleString=@stringContent.txt exampleArray=@arrayContent.json

Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide cloud-init values for a Linux virtual machine.

The arrayContent.json format is:

[
  "value1",
  "value2"
]

To pass in an object, use JSON (when setting tags, for example). Your Bicep file might include a parameter like this one:

"resourceTags": {
  "type": "object",
  "defaultValue": {
    "Cost Center": "IT Department"
  }
}

As shown in the following Bash script, you can also can pass in a JSON string to set the parameter. Use double quotes around the JSON that you want to pass into the object:

tags='{"Owner":"Contoso","Cost Center":"2345-324"}'
az deployment group create --name addstorage  --resource-group myResourceGroup \
--template-file $bicepFile \
--parameters resourceName=abcdef4556 resourceTags="$tags"

If you're using the Azure CLI with cmd or PowerShell, pass the object in the following format:

$tags="{'Owner':'Contoso','Cost Center':'2345-324'}"
az deployment group create --name addstorage  --resource-group myResourceGroup \
--template-file $bicepFile \
--parameters resourceName=abcdef4556 resourceTags=$tags

You can use a variable to contain the parameter values. Set the variable to all of the parameter values in your Bash script, and add it to the deployment command:

params="prefix=start suffix=end"

az deployment group create \
  --resource-group testgroup \
  --template-file <path-to-bicep> \
  --parameters $params

However, if you're using the Azure CLI with cmd or PowerShell, set the variable to a JSON string. Escape the quotation marks: $params = '{ \"prefix\": {\"value\":\"start\"}, \"suffix\": {\"value\":\"end\"} }'.

The evaluation of parameters follows a sequential order, meaning that if a value is assigned multiple times, then only the last assigned value is used. To assign parameters properly, it's recommended that you provide your parameters file initially and then use the KEY=VALUE syntax to selectively override specific parameters. If you're supplying a .bicepparam parameters file, you can only use this argument once.

Bicep parameters files

Rather than passing parameters as inline values in your script, you might find it easier to use a Bicep parameters file or a JSON parameters file that contains the parameter values. The parameters file must be a local file since the Azure CLI doesn't support external parameters files. For more information about parameters files, see Create parameters files for Bicep deployment.

You can use a Bicep parameters file to deploy a Bicep file with Azure CLI version 2.53.0 or later and Bicep CLI version 0.22.X or later. With the using statement within the Bicep parameters file, there's no need to provide the --template-file switch when specifying a Bicep parameters file for the --parameters switch. Including the --template-file switch will prompt an, "Only a .bicep template is allowed with a .bicepparam file," error.

The following example shows a parameters file named storage.bicepparam. The file is in the same directory where the command runs:

az deployment group create \
  --name ExampleDeployment \
  --resource-group ExampleGroup \
  --parameters storage.bicepparam

JSON parameters files

The following example shows a parameters file named storage.parameters.json. The file is in the same directory where the command runs:

az deployment group create \
  --name ExampleDeployment \
  --resource-group ExampleGroup \
  --template-file storage.bicep \
  --parameters '@storage.parameters.json'

You can use inline parameters and a location parameters file in the same deployment operation. For more information, see Parameter precedence.

Preview changes

Before deploying your Bicep file, you can preview the changes the Bicep file will make to your environment. Use the what-if operation to verify that the Bicep file makes the changes that you expect. What-if also validates the Bicep file for errors.

Deploy template specs

Currently, the Azure CLI doesn't provide Bicep files to help create template specs. However, you can create a Bicep file with the Microsoft.Resources/templateSpecs resource to deploy a template spec. The Create template spec sample shows how to create a template spec in a Bicep file. You can also build your Bicep file to JSON by using the Bicep CLI and then a JSON template to create a template spec.

Deployment name

When deploying a Bicep file, you can give the deployment a name. This name can help you retrieve the deployment from the deployment history. If you don't provide a name for the deployment, its name becomes the name of the Bicep file. For example, if you deploy a Bicep file named main.bicep and don't specify a deployment name, the deployment is named main.

Every time you run a deployment, an entry is added to the resource group's deployment history with the deployment name. If you run another deployment and give it the same name, the earlier entry is replaced with the current deployment. If you want to maintain unique entries in the deployment history, give each deployment a unique name.

To create a unique name, you can assign a random number:

deploymentName='ExampleDeployment'$RANDOM

Or, add a date value:

deploymentName='ExampleDeployment'$(date +"%d-%b-%Y")

If you run concurrent deployments to the same resource group with the same deployment name, only the last deployment is completed. Any deployments with the same name that haven't finished are replaced by the last deployment. For example, if you run a deployment named newStorage that deploys a storage account named storage1 and run another deployment named newStorage that deploys a storage account named storage2 at the same time, you deploy only one storage account. The resulting storage account is named storage2.

However, if you run a deployment named newStorage that deploys a storage account named storage1 and immediately run another deployment named newStorage that deploys a storage account named storage2 after the first deployment finishes, then you have two storage accounts. One is named storage1, and the other is named storage2. But, you only have one entry in the deployment history.

When you specify a unique name for each deployment, you can run them concurrently without conflict. If you run a deployment named newStorage1 that deploys a storage account named storage1 and run another deployment named newStorage2 that deploys a storage account named storage2 at the same time, then you have two storage accounts and two entries in the deployment history.

To avoid conflicts with concurrent deployments and to ensure unique entries in the deployment history, give each deployment a unique name.

Next steps

To understand how to define parameters in your file, see Understand the structure and syntax of Bicep files.