Tutorial: Use condition in ARM templates

Learn how to deploy Azure resources based on conditions in an Azure Resource Manager template (ARM template).

In the Set resource deployment order tutorial, you create a virtual machine, a virtual network, and some other dependent resources including a storage account. Instead of creating a new storage account every time, you let people choose between creating a new storage account and using an existing storage account. To accomplish this goal, you define an additional parameter. If the value of the parameter is new, a new storage account is created. Otherwise, an existing storage account with the name provided is used.

Resource Manager template use condition diagram

This tutorial covers the following tasks:

  • Open a Quickstart template
  • Modify the template
  • Deploy the template
  • Clean up resources

This tutorial only covers a basic scenario of using conditions. For more information, see:

If you don't have an Azure subscription, create a trial subscription before you begin.

Prerequisites

To complete this article, you need:

  • Visual Studio Code with Resource Manager Tools extension. See Quickstart: Create ARM templates with Visual Studio Code.

  • To increase security, use a generated password for the virtual machine administrator account. You can use the local Shell to run the following command in PowerShell or CLI:

    openssl rand -base64 32
    

    To learn more, run man openssl rand to open the manual page.

    Azure Key Vault is designed to safeguard cryptographic keys and other secrets. For more information, see Tutorial: Integrate Azure Key Vault in ARM template deployment. We also recommend you to update your password every three months.

Open a Quickstart template

Azure Quickstart Templates is a repository for ARM templates. Instead of creating a template from scratch, you can find a sample template and customize it. The template used in this tutorial is called Deploy a simple Windows VM.

  1. From Visual Studio Code, select File > Open File.

  2. In File name, paste the following URL:

    https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.compute/vm-simple-windows/azuredeploy.json
    
  3. Select Open to open the file.

  4. There are six resources defined by the template:

    • Microsoft.Storage/storageAccounts.
    • Microsoft.Network/publicIPAddresses.
    • Microsoft.Network/networkSecurityGroups.
    • Microsoft.Network/virtualNetworks.
    • Microsoft.Network/networkInterfaces.
    • Microsoft.Compute/virtualMachines.

    It is helpful to review the template reference before customizing a template.

  5. Select File > Save As to save a copy of the file to your local computer with the name azuredeploy.json.

Modify the template

Make two changes to the existing template:

  • Add a storage account name parameter. Users can specify either a new storage account name or an existing storage account name.
  • Add a new parameter called newOrExisting. The deployment uses this parameter to determine whether to create a new storage account or use an existing storage account.

Here is the procedure to make the changes:

  1. Open azuredeploy.json in Visual Studio Code.

  2. Replace the three variables('storageAccountName') with parameters('storageAccountName') in the whole template.

  3. Remove the following variable definition:

    Screenshot that highlights the variable definitions that you need to remove.

  4. Add the following two parameters to the beginning of the parameters section:

    "storageAccountName": {
      "type": "string"
    },
    "newOrExisting": {
      "type": "string",
      "allowedValues": [
        "new",
        "existing"
      ]
    },
    

    Press Alt+Shift+F to format the template in Visual Studio Code.

    The updated parameters definition looks like:

    Resource Manager use condition

  5. Add the following line to the beginning of the storage account definition.

    "condition": "[equals(parameters('newOrExisting'),'new')]",
    

    The condition checks the value of the parameter newOrExisting. If the parameter value is new, the deployment creates the storage account.

    The updated storage account definition looks like:

    Screenshot that shows the updated storage account definition.

  6. Update the storageUri property of the virtual machine resource definition with the following value:

    "storageUri": "[format('https://{0}.blob.core.chinacloudapi.cn', parameters('storageAccountName'))]"
    

    This change is necessary when you use an existing storage account under a different resource group.

  7. Save the changes.

Deploy the template

  1. Run the following PowerShell script with administrator priviledge on your local computer and sign in the Azure China 21Vianet.

    Connect-AzAccount -Environment AzureChinaCloud
    
  2. Run the following PowerShell script to deploy the template which we saved on the previous steps.

    Important

    The storage account name must be unique across Azure. The name must have only lowercase letters or numbers. It can be no longer than 24 characters. The storage account name is the project name with store appended. Make sure the project name and the generated storage account name meet the storage account name requirements.

    $projectName = Read-Host -Prompt "Enter a project name that is used to generate resource group name and resource names"
    $newOrExisting = Read-Host -Prompt "Create new or use existing (Enter new or existing)"
    $location = Read-Host -Prompt "Enter the Azure location (i.e. chinaeast)"
    $vmAdmin = Read-Host -Prompt "Enter the admin username"
    $vmPassword = Read-Host -Prompt "Enter the admin password" -AsSecureString
    $dnsLabelPrefix = Read-Host -Prompt "Enter the DNS Label prefix"
    
    $resourceGroupName = "${projectName}rg"
    $storageAccountName = "${projectName}store"
    
    New-AzResourceGroup -Name $resourceGroupName -Location $location
    New-AzResourceGroupDeployment `
        -ResourceGroupName $resourceGroupName `
        -adminUsername $vmAdmin `
        -adminPassword $vmPassword `
        -dnsLabelPrefix $dnsLabelPrefix `
        -storageAccountName $storageAccountName `
        -newOrExisting $newOrExisting `
        -TemplateFile "$HOME/azuredeploy.json"
    
    Write-Host "Press [ENTER] to continue ..."
    

    Note

    The deployment fails if newOrExisting is new, but the storage account with the storage account name specified already exists.

Try making another deployment with newOrExisting set to existing and specify an existing storage account. To create a storage account beforehand, see Create a storage account.

Clean up resources

When the Azure resources are no longer needed, clean up the resources you deployed by deleting the resource group.

$projectName = Read-Host -Prompt "Enter the same project name you used in the last procedure"
$resourceGroupName = "${projectName}rg"

Remove-AzResourceGroup -Name $resourceGroupName

Write-Host "Press [ENTER] to continue ..."

Next steps

In this tutorial, you developed a template that allows users to choose between creating a new storage account and using an existing storage account. To learn how to retrieve secrets from Azure Key Vault, and use the secrets as passwords in the template deployment, see: