Create a deployment stack

  • 7 minutes

An Azure deployment stack is a collection of Azure resources that can be managed as a single unit even if they span multiple resource groups or subscriptions.

You're planning for the deployment of the test version of the new deposits application. You need to learn more about how to create a deployment stack and verify its managed resources.

In this unit, you learn how to create a deployment stack, verify its deployment, and list all deployment stacks in your environment.

Note

The commands in this unit are shown to illustrate concepts. Don't run the commands yet. You'll practice what you learn here soon.

Deployment stacks revisited

Deployment stacks change how you think about resource organization across resource groups and subscriptions. A deployment stack allows you to group all the resources that make up your application, regardless of where they're in your Azure resource organizational hierarchy. You can manage them as a single unit. With deployment stacks, you're able to perform lifecycle operations on the collection of resources that make up the stack.

A graphic representing an application and its managed by a resource group scoped deployment stack.

Think of deployment stacks as a series of pointers that groups your application's resources into a single unit. Deployment stacks can be created at different scopes, such as resource groups, subscriptions, and management groups.

Define resources

Deployment stacks support the use of Bicep files, ARM JSON templates, or template specs for defining resources in a stack. When creating a deployment stack using the Azure CLI or Azure PowerShell, you're able to point to the specific template file (Bicep file or ARM JSON template) or template spec. It isn't necessary to change how you define your resources.

We use the following Bicep file for our first deployment stack. The file defines an app service plan and a web app. These resources become managed resources when we create the deployment stack.

// Parameters
@description('The location for all resources.')
param location string = 'eastus'

@description('The name of the web application.')
param webApplicationName string = 'webapp-${uniqueString(resourceGroup().id)}'

// Variables
@description('The name of the app service plan.')
var appServicePlanName = 'plan-deposits'

// Resource - App Service Plan
resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: 'F1'
    capacity: 1
  }
}

// Resource - Web App
resource webApplication 'Microsoft.Web/sites@2023-12-01' = {
  name: webApplicationName
  location: location
  properties: {
    serverFarmId: appServicePlan.id
  }
}

Note

You may notice the ${uniqueString(resourceGroup().id)} syntax on the webApplicationName parameter. The uniqueString function creates a string based on the id of the resource group and adds it as a suffix to webapp-deposits. Many Azure services require unique names. This function helps generate a unique name.

Creating a deployment stack

Creating and deploying a deployment stack and its resources is nearly identical to a standard Azure deployment. Whether you're using Azure CLI, Azure PowerShell, or an infrastructure as code pipeline, the process feels the same. For example:

The Azure CLI command to deploy a Bicep file to a resource group is:

az deployment group create \
    --resource-group rg-depositsApplication \
    --template-file ./main.bicep

The Azure CLI command to create a deployment stack at the resource group scope is:

az stack group create \
    --name stack-deposits \
    --resource-group rg-depositsApplication \
    --template-file ./main.bicep \
    --action-on-unmanage detachAll \
    --deny-settings-mode none

Notice that the only changes in the command are the words deployment and stack, and differences in the parameters used. The same is true for deployments to subscriptions and management groups.

Note

In later modules, we explore how to manage a deployment stack's resources using --action-on-unmanage and how to prevent unwanted changes using --deny-settings-mode.

The Azure PowerShell command to deploy a Bicep file to a resource group is:

New-AzResourceGroupDeployment `
    -ResourceGroupName rg-depositsApplication `
    -TemplateFile ./main.bicep

The Azure PowerShell command to create a deployment stack at the resource group scope is:

New-AzResourceGroupDeploymentStack `
    -Name stack-deposits `
    -ResourceGroupName rg-depositsApplication `
    -TemplateFile ./main.bicep `
    -ActionOnUnmanage DetachAll `
    -DenySettingsMode None

Notice that the only change in the command is the word stack, and differences in the parameters used. The same is true for deployments to subscriptions and management groups.

Note

In later modules, we explore how to manage a deployment stack's resources using -ActionOnUnmanage and how to prevent unwanted changes using -DenySettingsMode.

Now, lets take a look at creating a deployment stack at the resource group scope.

To create a deployment stack using Azure CLI, use the az stack group create command. The following commands first create a resource group called rg-depositsApplication then creates the deployment stack at the scope of the resource group.

az group create \
    --name rg-depositsApplication \
    --location eastus

az stack group create \
    --name stack-deposits \
    --resource-group rg-depositsApplication \
    --template-file ./main.bicep \
    --action-on-unmanage detachAll \
    --deny-settings-mode none

To create a deployment stack using Azure PowerShell, use the New-AzResourceGroupDeploymentStack command. The following commands first create a resource group called rg-depositsApplication then creates the deployment stack at the scope of the resource group.

New-AzResourceGroup `
    -Name rg-depositsApplication `
    -Location eastus

New-AzResourceGroupDeploymentStack `
    -Name stack-deposits `
    -ResourceGroupName rg-depositsApplication `
    -TemplateFile ./main.bicep `
    -ActionOnUnmanage DetachAll `
    -DenySettingsMode None

Showing deployment stacks

Resource groups may have multiple deployment stacks scoped to them. You can show details about a specific deployment stack scoped to a resource group.

To show a specific deployment stack resource scoped to a resource group using Azure CLI, use the az stack group show command, specifying the name of the deployment stack and the target resource group.

az stack group show \
    --resource-group rg-depositsApplication \
    --name stack-deposits

The results include the properties of the deployment stack and the status of the managed resources. The output should appear familiar to the following section:

{
  "actionOnUnmanage": {
    "managementGroups": "detach",
    "resourceGroups": "detach",
    "resources": "detach"
  },
  "bypassStackOutOfSyncError": null,
  "correlationId": ".",
  "debugSetting": null,
  "deletedResources": [],
  "denySettings": {
    "applyToChildScopes": false,
    "excludedActions": null,
    "excludedPrincipals": null,
    "mode": "none"
  },
  "deploymentId": "/subscriptions/././rg-depositsApplication/./Microsoft.Resources/deployments/stack-deposits",
  "deploymentScope": null,
  "description": null,
  "detachedResources": [],
  "duration": "PT2M53.2734284S",
  "error": null,
  "failedResources": [],
  "id": "/subscriptions/././rg-depositsApplication/./Microsoft.Resources/deploymentStacks/stack-deposits",
  "location": null,
  "name": "stack-deposits",
  "outputs": null,
  "parametersLink": null,
  "provisioningState": "succeeded",
  "resourceGroup": "rg-depositsApplication",
  "resources": [
    {
      "denyStatus": "none",
      "id": "/subscriptions/././rg-depositsApplication/././serverfarms/plan-deposits",
      "resourceGroup": "rg-depositsApplication",
      "status": "managed"
    },
    {
      "denyStatus": "none",
      "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././sites/webapp-eque2jlrboltq",
      "resourceGroup": "rg-depositsApplication",
      "status": "managed"
    }
  ],
  "systemData": {
    "createdAt": "2024-01-01T00:00:01.000000+00:00",
    "createdBy": "depositsapplication@contoso.com",
    "createdByType": "User",
    "lastModifiedAt": "2024-01-01T00:00:01.000000+00:00",
    "lastModifiedBy": "depositsapplication@contoso.com",
    "lastModifiedByType": "User"
  },
  "tags": {},
  "template": null,
  "templateLink": null,
  "type": "Microsoft.Resources/deploymentStacks"
}

Take notice of the resources section of the output. For each resource, it shows its status as managed, its resource group, its resource ID, and its deny settings.

To show a specific deployment stack resource scoped to a resource group using Azure PowerShell, use the Get-AzResourceGroupDeploymentStack command, specifying the name of the deployment stack and the target resource group.

Get-AzResourceGroupDeploymentStack `
    -ResourceGroupName rg-depositsApplication `
    -Name stack-deposits

The results include the properties of the deployment stack and the status of the managed resources. The output should appear familiar to the following section:

Id                            : /subscriptions/././rg-depositsApplication/././deploymentStacks/stack-deposits
Name                          : stack-deposits
ProvisioningState             : succeeded
resourcesCleanupAction        : detach
resourceGroupsCleanupAction   : detach
managementGroupsCleanupAction : detach
CorrelationId                 : .
DenySettingsMode              : none
CreationTime(UTC)             : 1/01/2024 0:00:01 AM
DeploymentId                  : /subscriptions/././rg-depositsApplication/././deployments/stack-deposits
Resources                     : /subscriptions/././rg-depositsApplication/././serverfarms/plan-deposits
                                /subscriptions/././rg-depositsApplication/././sites/webapp-eque2jlrboltq

Take notice of the resources section of the output. It defines the resources managed by the deployment stack. You see the full resource ID of each resource.

You can also view deployment stacks in the Azure portal. They're available at their respective scopes. For a resource group, navigate to the resource group where the deployment stack is scoped. Under settings, you see an option for deployment stacks.

A screenshot of the Azure portal showing the settings of a resource group and where to find deployment stacks.

When you click on deployment stacks, it lists any stacks scoped to the resource group. Clicking on a deployment stack takes you to the property page of the deployment stacks.

A screenshot of the Azure portal showing the properties of a deployment stack, including its managed resources.

Listing deployment stacks

You can also list all deployment stacks scoped to a specific resource group.

To list all deployment stack resources scoped to a resource group using Azure CLI, use the az stack group list command, specifying the target resource group.

az stack group list \
    --resource-group rg-depositsApplication

To list all deployment stack resources scoped to a resource group using Azure PowerShell, use the Get-AzResourceGroupDeploymentStack command, specifying the target resource group.

Get-AzResourceGroupDeploymentStack `
    -ResourceGroupName rg-depositsApplication

Note

Azure PowerShell uses the same command, Get-AzResourceGroupDeploymentStack for both the show and list operations.