Insight Tech APAC Blog Logo

Anti-Patterns of Infrastructure as Code with Azure Bicep (Series)

trentsteenholdt
November 28, 2024

4 minutes to read

Tags: azureiacbicepanti-patterns

2024 Advent Calendar

Infrastructure as Code (IaC) has come a long way from the earliest days when I started writing giant monolithic Azure Resource Manager (ARM) templates. With Azure Bicep now well established as the powerful tool in this space when working with Microsoft Azure, it’s become easier for people to adopt IaC. However at the same time, it’s become so much easier to misuse Bicep and fall into common pitfalls.

In this nine-part blog series, we’ll explore the most prevalent anti-patterns in Azure Bicep development. These are mistakes that can lead to unmanageable codebases, poor security practices, and unnecessarily complex deployments. By identifying and avoiding these anti-patterns, you can make your IaC projects cleaner, more secure, and overall, much easier to maintain.

Why should we focus on Anti-Patterns?

Azure Bicep provides a lot of flexibility, but flexibility without guidance often leads to inconsistency. Many developers and teams unintentionally create long-term technical debt by misusing tools or skipping best practices. This series is designed to shine a light on these pitfalls and provide actionable advice for avoiding them.

What this series will try to guide you on

Over the course of the nine posts, we’ll dive into:

  1. Trying to make Bicep do everything end-to-end
    “Azure Bicep is powerful but has its limits. Understanding its non-goals and knowing when to integrate other tools is essential to avoid brittle, overcomplicated deployments.”

  2. Skipping modularisation and not using templates for reuse
    “Reusability is key to scalable IaC. Discover how modularising your Bicep code and leveraging templates can save time and reduce errors across deployments.”

  3. Making giant spaghetti messes of code or splitting code illogically
    “Messy or illogical code structures can turn your IaC into a maintenance nightmare. Learn how to design clear and logical code that balances complexity with readability.”

  4. Not using outputs for dependencies
    “Outputs are the glue between modules and systems. Ignoring them can create unnecessary bottlenecks and complexity in your infrastructure deployments.”

  5. Passing secrets from pipelines without first storing them in a Key Vault
    “Bypassing Key Vault for secret management exposes your infrastructure to unnecessary risk. Understand why Key Vault should be the default for storing and using secrets.”

  6. Being lazy with IaC and not doing things because it’s too hard or gets in the way of things like Azure Policy
    “Neglecting for example role-based access control and other security practices undermines your infrastructure’s integrity. We also explore the pitfalls of relying on deployIfNotExists in Azure Policy too much.”

  7. Overcomplicating networking configurations
    “Simpler is often better. Over-engineered networking setups can lead to confusion and errors—explore how to keep it straightforward and aligned with Azure best practices.”

  8. Relying on What-If as a testing and validation tool
    “What-If is a helpful feature, but it’s no replacement for rigorous testing. Understand its limitations and how to incorporate better validation techniques in your IaC pipeline.”

  9. Not doing software development lifecycle (SDLC) practices with IaC
    “IaC isn’t an exception to good software practices. Applying SDLC principles like version control, reviews, and automated testing ensures quality and reliability in your infrastructure.”

Who should read this series?

Whether you’re new to Bicep, an experienced IaC practitioner or an Engineering Manager struggling with mountains of techincal debt, this series will provide valuable insights. By understanding these anti-patterns, you’ll be better equipped to build reliable, secure, and maintainable cloud infrastructure.

What’s next?

In the first post of this series, we’ll tackle the tendency to over-rely on Bicep for end-to-end orchestration, despite it being a stated non-goal by Microsoft. Stay tuned as we explore how to strike the right balance between Bicep and other tools in your IaC toolkit.

Subscribe to stay updated, and let’s build better infrastructure together!