使用 ARM 模板进行资源组部署Resource group deployments with ARM templates

本文介绍如何将部署范围限定于资源组。This article describes how to scope your deployment to a resource group. 使用 Azure 资源管理器模板(ARM 模板)进行部署。You use an Azure Resource Manager template (ARM template) for the deployment. 本文还介绍了如何在部署操作中将范围扩展到资源组之外。The article also shows how to expand the scope beyond the resource group in the deployment operation.

支持的资源Supported resources

可以将大多数资源部署到资源组。Most resources can be deployed to a resource group.

架构Schema

对于模板,请使用以下架构:For templates, use the following schema:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    ...
}

对于参数文件,请使用:For parameter files, use:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
    ...
}

部署命令Deployment commands

若要部署到资源组,请使用资源组部署命令。To deploy to a resource group, use the resource group deployment commands.

备注

当我们使用以 https://raw.githubusercontent.com/ 开头的指定模板文件 URI 部署资源时,控制台有时将返回错误,如 Unable to download deployment contentWhen we deploy resource with specified template file URI that starts with https://raw.githubusercontent.com/, the console will return error like Unable to download deployment content sometime.

可以执行以下操作来解决相应问题。We can follow the actions below to resolve the corresponding issue.

  1. 下载指定 URI 的模板文件内容并以同一名称另存在本地计算机上。Download the template file content of specified URI and save as the same name on your local computer.

  2. TemplateUri 的参数替换为 TemplateFile,然后用下载的实际文件名更新指定的 URI,并再次运行该脚本。Replace the parameter of TemplateUri with TemplateFile, then update the specified URI with the download actual file name and run the script again.

    语言类别Language category 参考链接Reference link 操作Action
    PowerShellPowerShell New-AzResourceGroupDeploymentNew-AzResourceGroupDeployment -TemplateUri 替换为 '-TemplateFile`Replace -TemplateUri with '-TemplateFile`
    Azure CLIAzure CLI az 部署组创建az deployment group create --template-uri 替换为 '--template-file`Replace --template-uri with '--template-file`

对于 Azure CLI,请使用 az deployment group createFor Azure CLI, use az deployment group create. 以下示例会部署一个模板来创建资源组:The following example deploys a template to create a resource group:

az deployment group create \
  --name demoRGDeployment \
  --resource-group ExampleGroup \
  --template-uri "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-storage-account-create/azuredeploy.json" \
  --parameters storageAccountType=Standard_GRS

有关部署命令和部署 ARM 模板的选项的更多详细信息,请参阅:For more detailed information about deployment commands and options for deploying ARM templates, see:

部署范围Deployment scopes

部署到资源组时,可以将资源部署到:When deploying to a resource group, you can deploy resources to:

  • 操作中的目标资源组the target resource group from the operation
  • 同一订阅或其他订阅中的其他资源组other resource groups in the same subscription or other subscriptions
  • 租户中的任何订阅any subscription in the tenant
  • 资源组的租户the tenant for the resource group
  • 扩展资源可应用于资源extension resources can be applied to resources

部署模板的用户必须有权访问指定的作用域。The user deploying the template must have access to the specified scope.

本部分演示如何指定不同范围。This section shows how to specify different scopes. 可以在单个模板中组合这些不同范围。You can combine these different scopes in a single template.

目标资源组的范围Scope to target resource group

若要将资源部署到目标资源,请将这些资源添加到模板的资源部分。To deploy resources to the target resource, add those resources to the resources section of the template.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        resource-group-resources
    ],
    "outputs": {}
}

有关示例模板,请参阅部署到目标资源组For an example template, see Deploy to target resource group.

将范围限定于同一订阅中的资源组Scope to resource group in same subscription

若要将资源部署到同一订阅中的其他资源组,请添加嵌套部署并包括 resourceGroup 属性。To deploy resources to a different resource group in the same subscription, add a nested deployment and include the resourceGroup property. 如果未指定订阅 ID 或资源组,将使用父模板中的订阅和资源组。If you don't specify the subscription ID or resource group, the subscription and resource group from the parent template are used. 在运行部署之前,所有资源组都必须存在。All the resource groups must exist before running the deployment.

在以下示例中,嵌套部署以名为 demoResourceGroup 的资源组为目标。In the following example, the nested deployment targets a resource group named demoResourceGroup.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2020-06-01",
            "name": "nestedDeployment",
            "resourceGroup": "demoResourceGroup",
            "properties": {
                "mode": "Incremental",
                "template": {
                    resource-group-resources
                }
            }
        }
    ],
    "outputs": {}
}

有关示例模板,请参阅部署到多个资源组For an example template, see Deploy to multiple resource groups.

将范围限定于不同订阅中的资源组Scope to resource group in different subscription

若要将资源部署到不同订阅中的资源组,请添加嵌套部署并包括 subscriptionIdresourceGroup 属性。To deploy resources to a resource group in a different subscription, add a nested deployment and include the subscriptionId and resourceGroup properties. 在以下示例中,嵌套部署以名为 demoResourceGroup 的资源组为目标。In the following example, the nested deployment targets a resource group named demoResourceGroup.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2020-06-01",
            "name": "nestedDeployment",
            "subscriptionId": "00000000-0000-0000-0000-000000000000",
            "resourceGroup": "demoResourceGroup",
            "properties": {
                "mode": "Incremental",
                "template": {
                    resource-group-resources
                }
            }
        }
    ],
    "outputs": {}
}

有关示例模板,请参阅部署到多个资源组For an example template, see Deploy to multiple resource groups.

订阅的范围Scope to subscription

若要将资源部署到订阅,请添加嵌套部署并包含 subscriptionId 属性。To deploy resources to a subscription, add a nested deployment and include the subscriptionId property. 订阅可以针对目标资源组,也可针对租户中的任何其他订阅。The subscription can be the subscription for the target resource group, or any other subscription in the tenant. 此外,请为嵌套部署设置 location 属性。Also, set the location property for the nested deployment.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2020-06-01",
            "name": "nestedDeployment",
            "location": "chinaeast",
            "subscriptionId": "0000000-0000-0000-0000-000000000000",
            "properties": {
                "mode": "Incremental",
                "template": {
                    subscription-resources
                }
            }
        }
    ],
    "outputs": {}
}

有关示例模板,请参阅创建资源组For an example template, see Create resource group.

将范围设定为租户Scope to tenant

可通过将 scope 设置为 /,在租户中创建资源。You can create resources at the tenant by setting the scope set to /. 部署模板的用户必须具有在租户中进行部署所需的访问权限The user deploying the template must have the required access to deploy at the tenant.

可使用设置了 scopelocation 的嵌套部署。You can use a nested deployment with scope and location set.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2020-06-01",
            "name": "nestedDeployment",
            "location": "chinaeast",
            "scope": "/",
            "properties": {
                "mode": "Incremental",
                "template": {
                    tenant-resources
                }
            }
        }
    ],
    "outputs": {}
}

或者,可将某些资源类型(如管理组)的范围设置为 /Or, you can set the scope to / for some resource types, like management groups.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "mgName": {
            "type": "string",
            "defaultValue": "[concat('mg-', uniqueString(newGuid()))]"
        }
    },
    "resources": [
        {
            "type": "Microsoft.Management/managementGroups",
            "apiVersion": "2020-05-01",
            "name": "[parameters('mgName')]",
            "scope": "/",
            "location": "chinaeast",
            "properties": {}
        }
    ],
    "outputs": {
        "output": {
            "type": "string",
            "value": "[parameters('mgName')]"
        }
    }
}

部署到目标资源组Deploy to target resource group

若要在目标资源组部署资源,请在模板的“资源”部分定义这些资源。To deploy resources in the target resource group, define those resources in the resources section of the template. 以下模板会在部署操作中指定的资源组中创建一个存储帐户。The following template creates a storage account in the resource group that is specified in the deployment operation.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storagePrefix": {
      "type": "string",
      "minLength": 3,
      "maxLength": 11
    },
    "storageSKU": {
      "type": "string",
      "defaultValue": "Standard_LRS",
      "allowedValues": [
        "Standard_LRS",
        "Standard_GRS",
        "Standard_RAGRS",
        "Premium_LRS",
      ]
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]"
    }
  },
  "variables": {
    "uniqueStorageName": "[concat(parameters('storagePrefix'), uniqueString(resourceGroup().id))]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-04-01",
      "name": "[variables('uniqueStorageName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "[parameters('storageSKU')]"
      },
      "kind": "StorageV2",
      "properties": {
        "supportsHttpsTrafficOnly": true
      }
    }
  ],
  "outputs": {
    "storageEndpoint": {
      "type": "object",
      "value": "[reference(variables('uniqueStorageName')).primaryEndpoints]"
    }
  }
}

部署到多个资源组Deploy to multiple resource groups

可以在单个 ARM 模板中部署到多个资源组。You can deploy to more than one resource group in a single ARM template. 若要将与父模板不同的资源组作为目标,请使用嵌套或链接模板To target a resource group that is different than the one for parent template, use a nested or linked template. 在部署资源类型中,为要将嵌套模板部署到的订阅 ID 和资源组指定值。Within the deployment resource type, specify values for the subscription ID and resource group that you want the nested template to deploy to. 资源组可以存在于不同的订阅中。The resource groups can exist in different subscriptions.

备注

在单个部署中可以部署到 800 个资源组。You can deploy to 800 resource groups in a single deployment. 通常情况下,此限制意味着,在嵌套或链接的部署中可以部署到为父模板指定的一个资源组和最多 799 个资源组。Typically, this limitation means you can deploy to one resource group specified for the parent template, and up to 799 resource groups in nested or linked deployments. 但是,如果父模板仅包含嵌套或链接的模板,并且本身不部署任何资源,则在嵌套或链接的部署中最多可包含 800 个资源组。However, if your parent template contains only nested or linked templates and does not itself deploy any resources, then you can include up to 800 resource groups in nested or linked deployments.

以下示例部署两个存储帐户。The following example deploys two storage accounts. 第一个存储帐户部署到在部署操作中指定的资源组。The first storage account is deployed to the resource group specified in the deployment operation. 第二个存储帐户部署到在 secondResourceGroupsecondSubscriptionID 参数中指定的资源组:The second storage account is deployed to the resource group specified in the secondResourceGroup and secondSubscriptionID parameters:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storagePrefix": {
      "type": "string",
      "maxLength": 11
    },
    "secondResourceGroup": {
      "type": "string"
    },
    "secondSubscriptionID": {
      "type": "string",
      "defaultValue": ""
    },
    "secondStorageLocation": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]"
    }
  },
  "variables": {
    "firstStorageName": "[concat(parameters('storagePrefix'), uniqueString(resourceGroup().id))]",
    "secondStorageName": "[concat(parameters('storagePrefix'), uniqueString(parameters('secondSubscriptionID'), parameters('secondResourceGroup')))]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "[variables('firstStorageName')]",
      "location": "[resourceGroup().location]",
      "sku":{
        "name": "Standard_LRS"
      },
      "kind": "Storage",
      "properties": {
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2019-10-01",
      "name": "nestedTemplate",
      "resourceGroup": "[parameters('secondResourceGroup')]",
      "subscriptionId": "[parameters('secondSubscriptionID')]",
      "properties": {
      "mode": "Incremental",
      "template": {
          "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "parameters": {},
          "variables": {},
          "resources": [
          {
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2019-06-01",
            "name": "[variables('secondStorageName')]",
            "location": "[parameters('secondStorageLocation')]",
            "sku":{
              "name": "Standard_LRS"
            },
            "kind": "Storage",
            "properties": {
            }
          }
          ]
      },
      "parameters": {}
      }
    }
  ]
}

如果将 resourceGroup 设置为不存在的资源组的名称,则部署会失败。If you set resourceGroup to the name of a resource group that doesn't exist, the deployment fails.

若要测试上述模板并查看结果,请使用 PowerShell 或 Azure CLI。To test the preceding template and see the results, use PowerShell or Azure CLI.

若要将两个存储帐户部署到 同一订阅 中的两个资源组,请使用:To deploy two storage accounts to two resource groups in the same subscription, use:

firstRG="primarygroup"
secondRG="secondarygroup"

az group create --name $firstRG --location chinaeast
az group create --name $secondRG --location chinaeast
az deployment group create \
  --name ExampleDeployment \
  --resource-group $firstRG \
  --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/crosssubscription.json \
  --parameters storagePrefix=tfstorage secondResourceGroup=$secondRG secondStorageLocation=chinaeast

若要将两个存储帐户部署到 两个订阅,请使用:To deploy two storage accounts to two subscriptions, use:

firstRG="primarygroup"
secondRG="secondarygroup"

firstSub="<first-subscription-id>"
secondSub="<second-subscription-id>"

az account set --subscription $secondSub
az group create --name $secondRG --location chinaeast

az account set --subscription $firstSub
az group create --name $firstRG --location chinaeast

az deployment group create \
  --name ExampleDeployment \
  --resource-group $firstRG \
  --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/crosssubscription.json \
  --parameters storagePrefix=storage secondResourceGroup=$secondRG secondStorageLocation=chinaeast secondSubscriptionID=$secondSub

创建资源组Create resource group

可从资源组部署中切换到订阅级别并创建一个资源组。From a resource group deployment, you can switch to the level of a subscription and create a resource group. 以下模板会向目标资源组部署一个存储帐户,并在指定的订阅中创建一个新的资源组。The following template deploys a storage account to the target resource group, and creates a new resource group in the specified subscription.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "storagePrefix": {
            "type": "string",
            "maxLength": 11
        },
        "newResourceGroupName": {
            "type": "string"
        },
        "nestedSubscriptionID": {
            "type": "string"
        },
        "location": {
            "type": "string",
            "defaultValue": "[resourceGroup().location]"
        }
    },
    "variables": {
        "storageName": "[concat(parameters('storagePrefix'), uniqueString(resourceGroup().id))]"
    },
    "resources": [
        {
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2019-06-01",
            "name": "[variables('storageName')]",
            "location": "[parameters('location')]",
            "sku": {
                "name": "Standard_LRS"
            },
            "kind": "Storage",
            "properties": {
            }
        },
        {
            "type": "Microsoft.Resources/deployments",
            "apiVersion": "2020-06-01",
            "name": "demoSubDeployment",
            "location": "chinanorth",
            "subscriptionId": "[parameters('nestedSubscriptionID')]",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                        {
                            "type": "Microsoft.Resources/resourceGroups",
                            "apiVersion": "2020-06-01",
                            "name": "[parameters('newResourceGroupName')]",
                            "location": "[parameters('location')]",
                            "properties": {}
                        }
                    ],
                    "outputs": {}
                }
            }
        }
    ]
}

后续步骤Next steps