Exercise - Detach and delete managed resources from a deployment stack

8 minutes

Sprint 3 for the new deposits application is coming to an end. The deposits team requested that you detach the Log Analytics workspace and Application Insights instance from the deployment stack. Those resources need to continue to exist in Azure. Additionally, they requested that the Azure SQL server and database are deleted from the deployment stack and Azure.

In this exercise, you detach and delete Azure resources from the deployment stack that are no longer needed for the deposits application. You start by detaching resources from the deployment stack that need to continue to exist within Azure. You then delete resources from the deployment stack that are no longer needed. Finally, you delete the deployment stack, its managed resources, and the resource group.

During the process, you'll

Modify the Bicep file to remove the Log Analytics workspace and the Application Insights instance
Update the deployment stack to detach the managed resources
Validate the deployment stack's managed resources and the detached resources
Modify the Bicep file to remove the Azure SQL server and database
Update the deployment stack to delete the managed resources
Validate the deployment stack's managed resources and the deleted resources
Delete the deployment stack and managed resources.
Validate the deletion of the deployment stack and the managed resources.

Modify the Bicep file to detach the Log Analytics workspace and the Application Insights instance

The deposits team requested that we detach the Log Analytics workspace and Application Insights instance from the deployment stack. They also requested that the resources continue to exist in Azure. We start by modifying the Bicep file.

Open the main.bicep file in Visual Studio Code.

Remove the highlighted code from the variables section of your file:

// Variables
@description('The name of the Application Insights instance.')
var applicationInsightsName = 'appinsights-deposits'

@description('The name of the app service plan.')
var appServicePlanName = 'plan-deposits'

@description('The name of the Log Analytics Workspace.')
var logAnalyticsWorkspaceName = 'log-deposits'

Remove the highlighted code from the resources section of the file:

// Resource - App Service Plan
resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: 'S1'
    capacity: 1
  }
}

// Resource - Web App
resource webApplication 'Microsoft.Web/sites@2023-12-01' = {
  name: webApplicationName
  location: location
  properties: {
    serverFarmId: appServicePlan.id
    siteConfig: {
      appSettings: [
        {
          name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
          value: applicationInsights.properties.InstrumentationKey
        }     
      ]
    }    
  }
}

// Resource - SQL Server
resource sqlServer 'Microsoft.Sql/servers@2021-11-01' ={
  name: sqlServerName
  location: location
  properties: {
    administratorLogin: sqlServerAdminUserName
    administratorLoginPassword: sqlServerAdminPassword
  }
}

// Resource - SQL Database
resource sqlServerDatabase 'Microsoft.Sql/servers/databases@2021-11-01' = {
  parent: sqlServer
  name: sqlDatabaseName
  location: location
  sku: {
    name: 'Standard'
    tier: 'Standard'
  }
}

// Resource - Log Analytics Workspace
resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
  name: logAnalyticsWorkspaceName
  location: location
  properties: {
    retentionInDays: 30
    sku: {
      name: 'PerGB2018'
    }
  }
}

// Resource - Application Insights
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
  name: applicationInsightsName
  location: location
  kind: 'web'
  properties: {
    Application_Type: 'web'
    WorkspaceResourceId: logAnalyticsWorkspace.id
  }
}

Save the changes to the file.

Update the deployment stack to detach the managed resources

With the Bicep file modified, we want to update the deployment stack so that the Log Analytics workspace and Application Insights instance are detached from the stack. We use --action-on-unmanage detachAll to accomplish this result.

To update the deployment stack, run the following command from the terminal in Visual Studio Code.

az stack group create \
    --name stack-deposits \
    --resource-group 'rg-depositsApplication' \
    --template-file ./main.bicep \
    --action-on-unmanage detachAll \
    --deny-settings-mode none

You receive a message stating that the stack already exists in the current subscription. If the value of the action on unmanage parameter changed, the warning alerts you of the new values. Press y, followed by 'Enter`.

Wait for the update operation to complete before moving on to the next task.

With the Bicep file modified, we want to update the deployment stack so that the Log Analytics workspace and Application Insights instance are detached from the stack. We use ActionOnUnmanage DetachAll to accomplish this result.

To update the deployment stack, run the following command from the terminal in Visual Studio Code.

Set-AzResourceGroupDeploymentStack `
    -Name stack-deposits `
    -ResourceGroupName rg-depositsApplication `
    -TemplateFile ./main.bicep `
    -ActionOnUnmanage DetachAll `
    -DenySettingsMode none

Wait for the update operation to complete before moving on to the next task.

Validate the deployment stack's managed resources and the detached resources

With the update complete, we want to validate that the deployment stack is no longer managing the Log Analytics workspace and Application Insights instance.

To view the configuration of the deployment stack, run the following command from the terminal in Visual Studio Code.
```
az stack group show \
    --resource-group rg-depositsApplication \
    --name stack-deposits
```
Take notice of the actionOnUnmanage section of the output. The values are all set to detach. This result is because you performed the deployment stack update with the --action-on-unmanage detachAll.
```
"actionOnUnmanage": {
  "managementGroups": "detach",
  "resourceGroups": "detach",
  "resources": "detach"
},
```

Now look at the resources section of the output. We no longer see the Log Analytics workspace and Application Insights instance as managed resources.

"resources": [
  {
    "denyStatus": "none",
    "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././servers/sql-brpdm7iotbwjm",
    "resourceGroup": "rg-depositsApplication",
    "status": "managed"
  },
  {
    "denyStatus": "none",
    "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././servers/sql-brpdm7iotbwjm/databases/sqldb-brpdm7iotbwjm",
    "resourceGroup": "rg-depositsApplication",
    "status": "managed"
  },
  {
    "denyStatus": "none",
    "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././serverfarms/plan-deposits",
    "resourceGroup": "rg-depositsApplication",
    "status": "managed"
  },
  {
    "denyStatus": "none",
    "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././sites/webapp-brpdm7iotbwjm",
    "resourceGroup": "rg-depositsApplication",
    "status": "managed"
  }
],

With the update complete, we want to validate that the deployment stack is no longer managing the Log Analytics workspace and Application Insights instance.

To view the configuration of the deployment stack, run the following command from the terminal in Visual Studio Code.
```
Get-AzResourceGroupDeploymentStack `
    -ResourceGroupName rg-depositsApplication `
    -Name stack-deposits
```
Take notice of the values for resourcesCleanupAction, resourceGroupsCleanupAction, and managementGroupsCleanupAction. The values are all set to detach. This result is because you performed the deployment stack update with the -ActionOnUnmanage DetachAll.
```
resourcesCleanupAction        : detach
resourceGroupsCleanupAction   : detach
managementGroupsCleanupAction : detach
```

Now look at the resources section of the output. We no longer see the Log Analytics workspace and Application Insights instance as managed resources.

Resources                     : /subscriptions/./resourceGroups/rg-depositsApplication/././servers/sql-brpdm7iotbwjm
                                /subscriptions/./resourceGroups/rg-depositsApplication/././servers/sql-brpdm7iotbwjm/databases/sqldb-brpdm7iotbwjm
                                /subscriptions/./resourceGroups/rg-depositsApplication/././serverfarms/plan-deposits
                                /subscriptions/./resourceGroups/rg-depositsApplication/././sites/webapp-brpdm7iotbwjm

Let's validate our deployment stack in the Azure portal.

Go to the Azure portal.
On the left-side panel, select Resource groups.
Select rg-depositsApplication.
If necessary, expand the settings menu.
Select Deployment stacks.
Select stack-deposits.
Verify that you have four managed resources and two detached resources (Log Analytics and Application Insights).

Modify the Bicep file to detach and delete the Azure SQL server and database

The deposits team requested that we detach and delete the Azure SQL server and database from the deployment stack and Azure. We start by modifying the Bicep file.

Reopen the main.bicep file in Visual Studio Code.

Remove the highlighted code from the parameters section of your file:

// Parameters
@description('The location for all resources.')
param location string = 'eastus'

@description('The name of the SQL database.')
param sqlDatabaseName string = 'sqldb-${uniqueString(resourceGroup().id)}'

@description('The password of the admin user.')
param sqlServerAdminUserName string

@description('The name of the admin user.')
@secure()
param sqlServerAdminPassword string

@description('The name of the SQL server.')
param sqlServerName string = 'sql-${uniqueString(resourceGroup().id)}'

@description('The name of the web application.')
param webApplicationName string = 'webapp-${uniqueString(resourceGroup().id)}'

Remove the highlighted code from the resources section of the file:

// Resource - App Service Plan
resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: 'S1'
    capacity: 1
  }
}

// Resource - Web App
resource webApplication 'Microsoft.Web/sites@2023-12-01' = {
  name: webApplicationName
  location: location
  properties: {
    serverFarmId: appServicePlan.id
  }
}

// Resource - SQL Server
resource sqlServer 'Microsoft.Sql/servers@2021-11-01' ={
  name: sqlServerName
  location: location
  properties: {
    administratorLogin: sqlServerAdminUserName
    administratorLoginPassword: sqlServerAdminPassword
  }
}

// Resource - SQL Database
resource sqlServerDatabase 'Microsoft.Sql/servers/databases@2021-11-01' = {
  parent: sqlServer
  name: sqlDatabaseName
  location: location
  sku: {
    name: 'Standard'
    tier: 'Standard'
  }
}

Save the changes to the file.

Update the deployment stack to delete the managed resources

With the Bicep file modified, we want to update the deployment stack so that the Azure SQL server and database are detached from the stack and deleted from Azure. We use --action-on-unmanage deleteAll to accomplish this result. This action also deletes the Log Analytics workspace and Application Insights instance we detached in the last section.

To update the deployment stack, run the following command from the terminal in Visual Studio Code.

az stack group create \
    --name stack-deposits \
    --resource-group rg-depositsApplication \
    --template-file ./main.bicep \
    --action-on-unmanage deleteAll \
    --deny-settings-mode none

You receive a message stating that the stack already exists in the current subscription. If the value of the action on unmanage parameter changed, the warning alerts you of the new values. Press y, followed by 'Enter`.
Wait for the update operation to complete before moving on to the next task.

With the Bicep file modified, we want to update the deployment stack so that the Azure SQL server and database are detached from the stack and deleted from Azure. We use -ActionOnUnmanage DeleteAll to accomplish this. This action also deletes the Log Analytics workspace and Application Insights instance we detached in the last section.

To update the deployment stack, run the following command from the terminal in Visual Studio Code.

Set-AzResourceGroupDeploymentStack `
    -Name stack-deposits `
    -ResourceGroupName rg-depositsApplication `
    -TemplateFile ./main.bicep `
    -ActionOnUnmanage DeleteAll `
    -DenySettingsMode none

Wait for the update operation to complete before moving on to the next task.

Validate the deployment stack's managed resources

With the update complete, we want to validate that the deployment stack is no longer managing the Log Analytics workspace, Application Insights instance, and the Azure SQL server and database. We also want to verify that the resources are deleted from Azure.

To view the configuration of the deployment stack, run the following command from the terminal in Visual Studio Code.
```
az stack group show \
    --resource-group rg-depositsApplication \
    --name stack-deposits
```
Take notice of the actionOnUnmanage section of the output. The values are all set to delete. This result is because you performed the deployment stack update with the --action-on-unmanage deleteAll.
```
"actionOnUnmanage": {
  "managementGroups": "delete",
  "resourceGroups": "delete",
  "resources": "delete"
},
```

Now look at the resources section of the output. We no longer see the Azure SQL server and database as managed resources.

"resources": [
  {
    "denyStatus": "none",
    "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././serverfarms/plan-deposits",
    "resourceGroup": "rg-depositsApplication",
    "status": "managed"
  },
  {
    "denyStatus": "none",
    "id": "/subscriptions/./resourceGroups/rg-depositsApplication/././sites/webapp-brpdm7iotbwjm",
    "resourceGroup": "rg-depositsApplication",
    "status": "managed"
  }
],

To view the configuration of the deployment stack, run the following command from the terminal in Visual Studio Code.
```
Get-AzResourceGroupDeploymentStack `
    -ResourceGroupName rg-depositsApplication `
    -Name stack-deposits
```
Take notice of the values for resourcesCleanupAction, resourceGroupsCleanupAction, and managementGroupsCleanupAction. The values are all set to delete. This result is because you performed the deployment stack update with the -ActionOnUnmanage DeleteAll.
```
resourcesCleanupAction        : delete
resourceGroupsCleanupAction   : delete
managementGroupsCleanupAction : delete
```

Now look at the resources section of the output. We no longer see the Azure SQL server and database as managed resources.

Resources                     : /subscriptions/./resourceGroups/rg-depositsApplication/././serverfarms/plan-deposits
                                /subscriptions/./resourceGroups/rg-depositsApplication/././sites/webapp-brpdm7iotbwjm

Return to the Azure portal.
On the left-side panel, select Resource groups.
Select rg-depositsApplication.
If necessary, expand the settings menu.
Select Deployment stacks.
Select stack-deposits.
Verify that the app service plan and app service still exist as managed resources, and our other resources are deleted.

Delete the deployment stack

To delete the deployment stack and its managed resources, run the following command from the terminal in Visual Studio Code.

az stack group delete \
    --name stack-deposits \
    --resource-group rg-depositsApplication \
    --action-on-unmanage deleteAll

It prompts you to confirm if you would like to delete the stack and the specified resources.
After the delete operation completes, open the Azure portal and verify that the deployment stack and its resources are removed.
To delete the resource group used in these exercises, run the following command from the terminal in Visual Studio Code.
```
az group delete \
    -name rg-depositsApplication
```
It prompts you to confirm if you would like to remove the resource group. Press 'Y', followed by 'Enter.'

To delete the deployment stack and its managed resources, run the following command from the terminal in Visual Studio Code.

Remove-AzResourceGroupDeploymentStack `
    -Name stack-deposits `
    -ResourceGroupName rg-depositsApplication `
    -ActionOnUnmanage DeleteAll

It prompts you to confirm if you would like to delete the stack and the specified resources.
After the delete operation completes, open the Azure portal and verify that the deployment stack and its resources are removed.
To delete the resource group used in these exercises, run the following command from the terminal in Visual Studio Code.
```
Remove-AzResourceGroup `
    -Name rg-depositsApplication
```
It prompts you to confirm if you would like to remove the resource group. Press 'Y', followed by 'Enter.'

Return to the Azure portal.
On the left-side panel, select Resource groups.
Verify that the rg-depositsApplication no longer exists.

Exercise - Detach and delete managed resources from a deployment stack

Modify the Bicep file to detach the Log Analytics workspace and the Application Insights instance

Update the deployment stack to detach the managed resources

Validate the deployment stack's managed resources and the detached resources

Modify the Bicep file to detach and delete the Azure SQL server and database

Update the deployment stack to delete the managed resources

Validate the deployment stack's managed resources

Delete the deployment stack

Feedback