Source from repo

Azure Prepare

Prepare applications for Azure deployment by generating infrastructure code, Dockerfiles, and config files.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

164

Skill

n/a

Size

546.9 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/recipes/azd/iac-rules.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown156 linesFree

references/recipes/azd/iac-rules.md

1# AZD IAC Rules
2 
3IaC rules for AZD projects. **Additive** — for Bicep, apply `mcp_bicep_get_bicep_best_practices`, `mcp_bicep_list_avm_metadata`, and `mcp_bicep_get_az_resource_type_schema` first; for Terraform, apply `mcp_azure_mcp_azureterraformbestpractices` first; then apply these azd-specific rules.
4 
5## AVM Module Selection Order (MANDATORY)
6 
7Always prefer modules in provider-specific order:
8 
9For **Bicep**:
101. AVM Bicep Pattern Modules (AVM+AZD first when available)
112. AVM Bicep Resource Modules
123. AVM Bicep Utility Modules
13 
14For **Terraform**:
151. AVM Terraform Pattern Modules
162. AVM Terraform Resource Modules
173. AVM Terraform Utility Modules
18 
19If no pattern module exists for the active provider, default immediately to AVM modules in the same provider order (resource, then utility) instead of using non-AVM modules.
20 
21## Retrieval Strategy (azure-documentation MCP primary + optional Context7)
22 
23- **Primary (authoritative):** Use `mcp_azure_mcp_documentation` (`azure-documentation`) for current Azure guidance and AVM integration documentation.
24- **Primary (module catalog):** Use `mcp_bicep_list_avm_metadata` plus official AVM indexes to select concrete modules.
25- **Secondary (supplemental):** Use Context7 only for implementation examples when `mcp_azure_mcp_documentation` does not provide enough detail. If Context7 is not available, instruct the user to install it: `npx -y @upstash/context7-mcp@latest`.
26 
27## Validation Plan
28 
29Before finalizing generated guidance:
30 
311. Verify the selected module path uses the required AVM order above.
322. Verify AVM+AZD pattern modules were checked first, and fallback moved to AVM resource/utility modules when no pattern module exists.
333. Verify Terraform guidance follows pattern -> resource -> utility ordering.
344. Include selected module names and source links in the plan/output for traceability.
35 
36## File Structure
37 
38| Requirement | Details |
39|-------------|---------|
40| Location | `./infra/` folder |
41| Entry point | `main.bicep` with `targetScope = 'subscription'` |
42| Parameters | `main.parameters.json` (ARM JSON — see format below) |
43| Modules | `./infra/modules/*.bicep` with `targetScope = 'resourceGroup'` |
44 
45## Parameter File Format
46 
47`main.parameters.json` uses ARM JSON syntax. Do **not** use `.bicepparam` syntax (`using`, `param`, `readEnvironmentVariable()`) in this file — `azd` will fail with a JSON parse error.
48 
49```json
50{
51  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
52  "contentVersion": "1.0.0.0",
53  "parameters": {
54    "environmentName": { "value": "${AZURE_ENV_NAME}" },
55    "location": { "value": "${AZURE_LOCATION}" }
56  }
57}
58```
59 
60Use `azd env set` to supply values. During `azd provision`, azd substitutes `${VAR}` placeholders with values from the environment.
61 
62## Naming Convention
63 
64> ⚠️ **Before generating any resource name in Bicep, check [Resource naming rules](https://learn.microsoft.com/azure/azure-resource-manager/management/resource-name-rules) for that resource type's valid characters, length limits, and uniqueness scope.** Some resources forbid dashes or special characters, require globally unique names, or have short length limits. Adapt the pattern below accordingly.
65 
66**Default pattern:** `{resourceAbbreviation}-{name}-{uniqueHash}`
67 
68For resources that disallow dashes, omit separators: `{resourceAbbreviation}{name}{uniqueHash}`
69 
70- [Resource abbreviations](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations) — recommended prefixes per resource type
71 
72```bicep
73var resourceSuffix = take(uniqueString(subscription().id, environmentName, location), 6)
74// Adapt separator/format per resource naming rules
75var defaultName = '${name}-${resourceSuffix}'
76var alphanumericName = replace('${name}${resourceSuffix}', '-', '')
77```
78 
79**Forbidden:** Hard-coded tenant IDs, subscription IDs, resource group names
80 
81## Required Tags
82 
83| Tag | Apply To | Value |
84|-----|----------|-------|
85| `azd-env-name` | Resource group | `{environmentName}` |
86| `azd-service-name` | Hosting resources | Service name from azure.yaml |
87 
88## Module Parameters
89 
90All modules must accept: `name` (string), `location` (string), `tags` (object)
91 
92## Security
93 
94| Rule | Details |
95|------|---------|
96| No secrets | Use Key Vault references |
97| Managed Identity | Least privilege |
98| Diagnostics | Enable logging |
99| API versions | Use latest |
100 
101## Recommended Outputs
102 
103`azd` reads `output` values from `main.bicep` and stores UPPERCASE names as environment variables (accessible via `azd env get-values`).
104 
105| Output | When |
106|--------|------|
107| `AZURE_RESOURCE_GROUP` | Always (required) |
108| `AZURE_CONTAINER_REGISTRY_ENDPOINT` | If using containers |
109| `AZURE_KEY_VAULT_NAME` | If using secrets |
110| `AZURE_LOG_ANALYTICS_WORKSPACE_ID` | If using monitoring |
111| `API_URL`, `WEB_URL`, etc. | One per service endpoint |
112 
113## Templates
114 
115**main.bicep:**
116 
117```bicep
118targetScope = 'subscription'
119 
120param environmentName string
121param location string
122 
123var resourceSuffix = take(uniqueString(subscription().id, environmentName, location), 6)
124var tags = { 'azd-env-name': environmentName }
125 
126resource rg 'Microsoft.Resources/resourceGroups@2023-07-01' = {
127  name: 'rg-${environmentName}'
128  location: location
129  tags: tags
130}
131 
132module resources './modules/resources.bicep' = {
133  name: 'resources'
134  scope: rg
135  params: { location: location, tags: tags }
136}
137 
138// Outputs — UPPERCASE names become azd env vars
139output AZURE_RESOURCE_GROUP string = rg.name
140output API_URL string = resources.outputs.apiUrl
141```
142 
143**Child module:**
144 
145```bicep
146targetScope = 'resourceGroup'
147 
148param name string
149param location string = resourceGroup().location
150param tags object = {}
151 
152var resourceSuffix = take(uniqueString(subscription().id, resourceGroup().name, name), 6)
153```
154 
155> ⚠️ **Container resources:** CPU must use `json()` wrapper: `cpu: json('0.5')`, memory as string: `memory: '1Gi'`
156

Loading source

Preparing the source view

Pulling the file list, source metadata, and syntax-aware rendering for this listing.

Marketplace

Source from repo

Azure Prepare

Prepare applications for Azure deployment by generating infrastructure code, Dockerfiles, and config files.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

164

Skill

n/a

Size

546.9 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/recipes/azd/iac-rules.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown156 linesFree

references/recipes/azd/iac-rules.md

1# AZD IAC Rules
2 
3IaC rules for AZD projects. **Additive** — for Bicep, apply `mcp_bicep_get_bicep_best_practices`, `mcp_bicep_list_avm_metadata`, and `mcp_bicep_get_az_resource_type_schema` first; for Terraform, apply `mcp_azure_mcp_azureterraformbestpractices` first; then apply these azd-specific rules.
4 
5## AVM Module Selection Order (MANDATORY)
6 
7Always prefer modules in provider-specific order:
8 
9For **Bicep**:
101. AVM Bicep Pattern Modules (AVM+AZD first when available)
112. AVM Bicep Resource Modules
123. AVM Bicep Utility Modules
13 
14For **Terraform**:
151. AVM Terraform Pattern Modules
162. AVM Terraform Resource Modules
173. AVM Terraform Utility Modules
18 
19If no pattern module exists for the active provider, default immediately to AVM modules in the same provider order (resource, then utility) instead of using non-AVM modules.
20 
21## Retrieval Strategy (azure-documentation MCP primary + optional Context7)
22 
23- **Primary (authoritative):** Use `mcp_azure_mcp_documentation` (`azure-documentation`) for current Azure guidance and AVM integration documentation.
24- **Primary (module catalog):** Use `mcp_bicep_list_avm_metadata` plus official AVM indexes to select concrete modules.
25- **Secondary (supplemental):** Use Context7 only for implementation examples when `mcp_azure_mcp_documentation` does not provide enough detail. If Context7 is not available, instruct the user to install it: `npx -y @upstash/context7-mcp@latest`.
26 
27## Validation Plan
28 
29Before finalizing generated guidance:
30 
311. Verify the selected module path uses the required AVM order above.
322. Verify AVM+AZD pattern modules were checked first, and fallback moved to AVM resource/utility modules when no pattern module exists.
333. Verify Terraform guidance follows pattern -> resource -> utility ordering.
344. Include selected module names and source links in the plan/output for traceability.
35 
36## File Structure
37 
38| Requirement | Details |
39|-------------|---------|
40| Location | `./infra/` folder |
41| Entry point | `main.bicep` with `targetScope = 'subscription'` |
42| Parameters | `main.parameters.json` (ARM JSON — see format below) |
43| Modules | `./infra/modules/*.bicep` with `targetScope = 'resourceGroup'` |
44 
45## Parameter File Format
46 
47`main.parameters.json` uses ARM JSON syntax. Do **not** use `.bicepparam` syntax (`using`, `param`, `readEnvironmentVariable()`) in this file — `azd` will fail with a JSON parse error.
48 
49```json
50{
51  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
52  "contentVersion": "1.0.0.0",
53  "parameters": {
54    "environmentName": { "value": "${AZURE_ENV_NAME}" },
55    "location": { "value": "${AZURE_LOCATION}" }
56  }
57}
58```
59 
60Use `azd env set` to supply values. During `azd provision`, azd substitutes `${VAR}` placeholders with values from the environment.
61 
62## Naming Convention
63 
64> ⚠️ **Before generating any resource name in Bicep, check [Resource naming rules](https://learn.microsoft.com/azure/azure-resource-manager/management/resource-name-rules) for that resource type's valid characters, length limits, and uniqueness scope.** Some resources forbid dashes or special characters, require globally unique names, or have short length limits. Adapt the pattern below accordingly.
65 
66**Default pattern:** `{resourceAbbreviation}-{name}-{uniqueHash}`
67 
68For resources that disallow dashes, omit separators: `{resourceAbbreviation}{name}{uniqueHash}`
69 
70- [Resource abbreviations](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations) — recommended prefixes per resource type
71 
72```bicep
73var resourceSuffix = take(uniqueString(subscription().id, environmentName, location), 6)
74// Adapt separator/format per resource naming rules
75var defaultName = '${name}-${resourceSuffix}'
76var alphanumericName = replace('${name}${resourceSuffix}', '-', '')
77```
78 
79**Forbidden:** Hard-coded tenant IDs, subscription IDs, resource group names
80 
81## Required Tags
82 
83| Tag | Apply To | Value |
84|-----|----------|-------|
85| `azd-env-name` | Resource group | `{environmentName}` |
86| `azd-service-name` | Hosting resources | Service name from azure.yaml |
87 
88## Module Parameters
89 
90All modules must accept: `name` (string), `location` (string), `tags` (object)
91 
92## Security
93 
94| Rule | Details |
95|------|---------|
96| No secrets | Use Key Vault references |
97| Managed Identity | Least privilege |
98| Diagnostics | Enable logging |
99| API versions | Use latest |
100 
101## Recommended Outputs
102 
103`azd` reads `output` values from `main.bicep` and stores UPPERCASE names as environment variables (accessible via `azd env get-values`).
104 
105| Output | When |
106|--------|------|
107| `AZURE_RESOURCE_GROUP` | Always (required) |
108| `AZURE_CONTAINER_REGISTRY_ENDPOINT` | If using containers |
109| `AZURE_KEY_VAULT_NAME` | If using secrets |
110| `AZURE_LOG_ANALYTICS_WORKSPACE_ID` | If using monitoring |
111| `API_URL`, `WEB_URL`, etc. | One per service endpoint |
112 
113## Templates
114 
115**main.bicep:**
116 
117```bicep
118targetScope = 'subscription'
119 
120param environmentName string
121param location string
122 
123var resourceSuffix = take(uniqueString(subscription().id, environmentName, location), 6)
124var tags = { 'azd-env-name': environmentName }
125 
126resource rg 'Microsoft.Resources/resourceGroups@2023-07-01' = {
127  name: 'rg-${environmentName}'
128  location: location
129  tags: tags
130}
131 
132module resources './modules/resources.bicep' = {
133  name: 'resources'
134  scope: rg
135  params: { location: location, tags: tags }
136}
137 
138// Outputs — UPPERCASE names become azd env vars
139output AZURE_RESOURCE_GROUP string = rg.name
140output API_URL string = resources.outputs.apiUrl
141```
142 
143**Child module:**
144 
145```bicep
146targetScope = 'resourceGroup'
147 
148param name string
149param location string = resourceGroup().location
150param tags object = {}
151 
152var resourceSuffix = take(uniqueString(subscription().id, resourceGroup().name, name), 6)
153```
154 
155> ⚠️ **Container resources:** CPU must use `json()` wrapper: `cpu: json('0.5')`, memory as string: `memory: '1Gi'`
156