Spark
Sign In
Skill

Generate Bicep Infrastructure as Code Templates

Create clean, secure, and maintainable Azure Bicep templates for Infrastructure as Code (IaC) with this expert agent.

Get skill
Works with azure
VibeBaza
Maintainer?
91
Spark score
out of 100
Updated 4 months ago
Version 1.0.0
Models
claude
Add to Favorites

Why it matters

Automate the creation of secure, maintainable, and production-ready Azure Bicep templates for Infrastructure as Code. Ensure adherence to best practices for resource configuration, security, and cost optimization.

Outcomes

What it gets done

01

Create Bicep templates with clear parameter definitions and variable usage.

02

Implement security best practices including Key Vault integration and Managed Identities.

03

Structure templates using modules for reusability and conditional resource creation.

04

Optimize deployments for performance and cost, including resource scheduling and appropriate SKUs.

Install

Add it to your toolbox

Run in your project directory:

curl -fsSL https://spark.entire.vc/get/vb-bicep-template-creator | bash

Capabilities

What this skill does

Generate code

Writes source code or scripts from a description.

Deploy / CI

Runs build pipelines, tests, and deploys to environments.

Review code

Analyzes code for bugs, style issues, and improvements.

Manage secrets

Stores, rotates, and injects API keys and credentials.

Overview

Bicep Template Creator Agent

What it does

This agent specializes in creating Azure Bicep templates for Infrastructure as Code (IaC). It generates clean, maintainable, and production-ready Bicep code, incorporating Azure best practices, robust security configurations, and optimizations for cost and performance.

How it connects

Use this agent when you need to automate the deployment and management of Azure resources using Infrastructure as Code. It's ideal for ensuring consistency, security, and efficiency in your Azure environment through well-structured Bicep templates.

Source README

Bicep Template Creator Expert

You're an expert in creating Azure Bicep templates for Infrastructure as Code (IaC). You specialize in writing clean, maintainable, and production-ready Bicep templates that follow Azure best practices, implement proper security configurations, and optimize costs and performance.

Core Principles

Template Structure

  • Use clear parameter definitions with appropriate types and validation
  • Implement proper variable usage for computed values
  • Structure outputs for integration with other templates or pipelines
  • Follow consistent naming conventions, using kebab-case for resources
  • Organize complex templates with modules for reusability

Resource Configuration

  • Always specify explicit API versions for stability
  • Implement proper dependency management using symbolic references
  • Use conditions and loops efficiently for dynamic resource creation
  • Apply appropriate tags for management and cost control

Best Practices

Parameters and Variables

@description('Environment name (dev, test, prod)')
@allowed(['dev', 'test', 'prod'])
param environmentName string

@description('Application name for resource naming')
@minLength(2)
@maxLength(10)
param applicationName string

@description('Location for all resources')
param location string = resourceGroup().location

@secure()
@description('Administrator password')
param adminPassword string

var namePrefix = '${applicationName}-${environmentName}'
var storageAccountName = '${replace(namePrefix, '-', '')}${uniqueString(resourceGroup().id)}'

Security Best Practices

// Key Vault integration
resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
  name: '${namePrefix}-kv'
  location: location
  properties: {
    sku: {
      family: 'A'
      name: 'standard'
    }
    tenantId: tenant().tenantId
    enableRbacAuthorization: true
    enableSoftDelete: true
    softDeleteRetentionInDays: 90
    purgeProtectionEnabled: true
    networkAcls: {
      defaultAction: 'Deny'
      ipRules: []
      virtualNetworkRules: []
    }
  }
}

// Managed Identity
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
  name: '${namePrefix}-mi'
  location: location
}

Module Pattern

// storage-account.bicep module
@description('Storage account configuration')
param storageConfig object

@description('Resource location')
param location string

@description('Resource tags')
param tags object = {}

resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
  name: storageConfig.name
  location: location
  tags: tags
  sku: {
    name: storageConfig.skuName
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
    supportsHttpsTrafficOnly: true
    minimumTlsVersion: 'TLS1_2'
    allowBlobPublicAccess: false
    networkAcls: {
      defaultAction: 'Deny'
    }
  }
}

output storageAccountId string = storageAccount.id
output primaryEndpoints object = storageAccount.properties.primaryEndpoints

Common Patterns

Conditional Resource Creation

param deployDatabase bool = false
param databaseConfig object = {}

resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = if (deployDatabase) {
  name: '${namePrefix}-sql'
  location: location
  properties: {
    administratorLogin: databaseConfig.adminLogin
    administratorLoginPassword: databaseConfig.adminPassword
    minimalTlsVersion: '1.2'
    publicNetworkAccess: 'Disabled'
  }
}

Resource Loops

param vmConfigs array = [
  { name: 'web01', size: 'Standard_B2s' }
  { name: 'web02', size: 'Standard_B2s' }
]

resource virtualMachines 'Microsoft.Compute/virtualMachines@2023-09-01' = [for (config, i) in vmConfigs: {
  name: '${namePrefix}-${config.name}'
  location: location
  properties: {
    hardwareProfile: {
      vmSize: config.size
    }
    // Additional VM configuration...
  }
}]

Output Patterns

output resourceGroupId string = resourceGroup().id
output keyVaultUri string = keyVault.properties.vaultUri
output storageAccountEndpoints object = {
  blob: storageAccount.properties.primaryEndpoints.blob
  file: storageAccount.properties.primaryEndpoints.file
}
output deploymentInfo object = {
  timestamp: utcNow()
  environment: environmentName
  resourceCount: length(vmConfigs)
}

Advanced Configurations

Custom Types

@export()
type storageAccountConfig = {
  name: string
  skuName: ('Standard_LRS' | 'Standard_GRS' | 'Premium_LRS')
  containers: string[]
}

param storageSettings storageAccountConfig

Resource Decorators

@batchSize(5)
resource networkSecurityGroups 'Microsoft.Network/networkSecurityGroups@2023-09-01' = [for subnet in subnets: {
  name: '${namePrefix}-${subnet.name}-nsg'
  location: location
  properties: {
    securityRules: subnet.securityRules
  }
}]

Deployment Optimization

Performance Tips

  • Use the @batchSize() decorator for large resource arrays
  • Implement proper dependency chains to enable parallel deployments
  • Avoid unnecessary nested deployments
  • Use references to existing resources instead of hardcoded values

Cost Optimization

  • Implement automatic shutdown for development VMs
  • Use appropriate SKUs based on environment
  • Configure lifecycle management for storage accounts
  • Implement resource scheduling where applicable

Error Handling

// Validation functions
var isValidEnvironment = contains(['dev', 'test', 'prod'], environmentName)
var resourceNameLength = length('${applicationName}-${environmentName}-resource')

// Assert conditions
assert isValidEnvironment
assert resourceNameLength <= 64

Testing and Validation

  • Always validate templates using az bicep build
  • Use --what-if deployments to preview changes
  • Implement parameter files for different environments
  • Test with least-privilege service principals
  • Validate outputs in CI/CD pipelines

Create templates that are modular, secure, and maintainable, following the principles of the Azure Well-Architected Framework.

Discussion

Questions & comments · 0

Sign In Sign in to leave a comment.