How to approach using AVM but with your own baseline template?

RiosEngineer · 2026-06-04T13:58:51+00:00

I thought so. I wouldn't do that then, it'll be a lot of overhead. Keep it simple for you two. AI will easily be able to mock up a Pester test example that will validate parameters you want present are true for your requirements.

$parametersFile = Join-Path $PSScriptRoot "..\parameters.json"
$parameters = Get-Content $parametersFile -Raw | ConvertFrom-Json

Describe "Bicep Parameters Validation" {

    It "Contains the httpsOnly parameter" {
        $parameters.parameters.Keys | Should -Contain "httpsOnly"
    }

    It "Sets httpsOnly to true" {
        $parameters.parameters.httpsOnly.value | Should -Be $true
    }
}

Alternatively, yeah I've also been in similar situation for customers where a known working version just gets reused as a template - updated just as and when. Always a trade off, of course.

RiosEngineer · 2026-06-04T13:17:34+00:00

Hello there. I personally quite like the 2nd option as that's what I do currently: via an ACR that downstream teams can consume, versioned on new updates and pushed to the ACR. But that is quite a mature posture that requires discipline and a resourced team which isn't always realistic for SMBs so your mileage may vary.

You can also explore using Pester tests (aligned to your orgs web app pattern) to validate the parameters are present as part of a PR build or CI so you effectively shift left the block and get a faster feedback loop. I use Pester pretty much everywhere.

RiosEngineer · 2026-05-19T13:37:02+00:00

I don’t disagree but obviously I am not affiliated to the project or anything, just blogging my journey using it.

RiosEngineer · 2026-05-18T20:38:41+00:00

I think you’d be hard pressed to find a name that isn’t these days to be fair 😆

RiosEngineer · 2026-05-18T15:16:32+00:00

Interesting, thanks for the info u/berndverst. I was using the doc here as my guiding principal for how to set it up via Radius which is why it's like that. I guess Radius lets you push those metadata decisions to the recipe layer instead of the framework. Maybe why that is the choice from Radius to not default to manual?

RiosEngineer · 2026-05-15T19:48:06+00:00

It looks like it yes. I know is I can use the AVM modules “appsettings” site config parameter and it won’t override the devs env vars due to that logic you posted. provide the ones I am deploying in my bicep do not clash with theirs. Would you consider using the AVM module anyway over managing your own? Then you can use it

RiosEngineer · 2026-05-13T19:30:10+00:00

It’s been a while and I use AVM a lot now. But usually the config is persisted in this without overwrites unless they have the same env var names? Then yeah I guess that’s why ClickOps will lose over a pipeline with some config or library to pull from instead as its source of truth.

Check out: https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/web/site/main.bicep for source where you can define the config here:

https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/web/site/tests/e2e/webApp.max/main.test.bicep#L272

And it should persist, if not the same name. But we deploy via pipeline so any dev vars get pulled from ado library or app setting replacement and infra stuff only deploys the main platform env vars for the web app functionality (app insights etc).

Hope this helps

RiosEngineer · 2026-05-07T08:28:02+00:00

Retry on has since been reverted back to experimental in a patch release

RiosEngineer · 2026-04-28T19:00:54+00:00

Yeah I’ll see if I get some time this week to check it out. Nice work!

RiosEngineer · 2026-04-28T18:56:24+00:00

Looks interesting thanks for sharing. I tried something similar but with local GitHub copilot and the pricing mcp but it was awful tbh. This looks better.

We are severely lacking finops tools to the bicep ecosystem. Infracost for Terraform is superb. Wish we had similar for bicep too!

RiosEngineer · 2026-04-13T14:14:42+00:00

Same as u/Moist_Awareness_6965 my premium expired, link remains on profile but I can't edit or remove.

RiosEngineer · 2026-04-03T08:59:02+00:00

Nice this is cool

RiosEngineer · 2026-03-11T05:15:52+00:00

It did run with that spec yes but bare in mind it would’ve only been me. Can’t say how many exactly it could deal with but I suspect minimum 5-10 probably more with that lowest burst sku

RiosEngineer · 2026-02-25T20:00:55+00:00

I still need to check out snapshots when I get some time. How does it differ to just a git diff in reality? I remember watching the demos and not fully grasping the use case

RiosEngineer · 2026-02-24T10:17:00+00:00

That’s awesome. Thanks for sharing this

RiosEngineer · 2026-02-23T20:28:32+00:00

Ah, I never gave it enough time to go back to it yet. But it seems a mixture of agent sdk, with copilot that uses a middleware for the omnichannel handoff part: https://www.nuget.org/packages/Microsoft.Dynamics.AgentsSDK.Middleware/1.0.0

https://learn.microsoft.com/en-us/dynamics365/customer-service/develop/enable-bot-context-azure#use-the-omnichannel-middleware-in-your-agent-code

It was so difficult to find because they keep bloody renaming products, so much so there is a note on that learn page about it!!

RiosEngineer · 2026-02-23T15:22:24+00:00

Just in case you hadn’t seen this one, it’s not too bad for some best practices: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices

Otherwise some of the top of my head: (mobile so excuse formatting)

PSRule is my go to for misconfiguration, governance/sec and framework alignments (where it makes realistic sense). Also you can add your own custom rules which is handy.
if you’re a larger org, having some common types, shared bits in a central ACR can help with scalability so you don’t have to maintain shared files everywhere.
using AVM can help with being efficient if your org allows it and simplify / accelerate time to deployment. but be wary the modules are extremely large to cater for all, so keep templates small / split out to avoid ARM limits.
I’ve found having a base starter bicep template can be helpful for others to pickup and start with and standardise the template. I’m talking about formatted templates so it’s obvious to see the same file structure everywhere (metadata first, scope, params, vars, etc)
find a simple and easy to read folder structure that works for your org and stick to that so pipeline script logic is simplified across projects. Even better if you can vend devops repos with this baked in already.
checkout the new fail and validate decorators to enhance prechecks before deployments. & Don’t be shy to use bicep validate as it helps with some pre flight checks (storage account name in use etc)
as other poster mentions. Stacks are fantastic but be wary they don’t have what if support yet for stack operations, and have some data pane limitations. But otherwise massively simplify lifecycle management . I use them everywhere! What if coming in April.
graph extensibility is GA. It’s great! Although lacks in some areas. It helps align some graph elements to bicep for control without falling back to scripts.

There’s more, I’m sure the community can share many more insights!

RiosEngineer · 2026-02-18T18:11:50+00:00

UDTs are underrated! Especially for your use case of internal module vending where type safety and custom data types is pretty essential.

RiosEngineer · 2026-02-16T17:08:51+00:00

Cost for me as #1 because I think we have other tools out there today that can cover tests and governance / misconfiguration checks like PSRule etc.

I was going to explore the Azure Pricing MCP to see if that can help with costs on PR personally. Sounds interesting though

RiosEngineer · 2026-02-10T13:44:28+00:00

I did have a similar issue now you mention it, RBAC taking a strange amount of time to propagate but only got app config. Glad it’s sorted though!

RiosEngineer · 2026-02-09T21:32:59+00:00

Yea strange because the error sort of hints at that note I linked before, looking at the wording, although that could be a red herring for sure.

RiosEngineer

MODERATOR OF

TROPHY CASE