What is Azure Bicep

Azure Bicep is a new Domain Specific Language (DSL) for deploying Azure resources. It has clearer syntax which makes it easier for reading and writing, than the current alternative JSON ARM templates. Bicep is a transparent abstraction over JSON ARM templates, treating ARM as a Intermediate Language (IL).

Why use Azure Bicep

  • Simpler syntax for easier reading and writing.
  • Doesn’t require any updates to the underlying platform when a new type or apiversion is introduced.
  • Increased template validation with the introduction of a compiler.
  • Better for copy and pasting as variables, resources and outputs can be declared anywhere.
  • Automatic dependency management, in some deployment scenarios dependsOn will be added to the ARM template.

Current Limitations

  • No support for the copy or condition property [#185#186]
  • No explicit support for deployments across scopes (though this can be done by using the Microsoft.Resources/deployments resource and using the templateLink or template property to insert the full ARM template) [#187]
    • Bicep assumes you are deploying to a resource group, though the generated template can be deployed to any scope
  • Single line object and arrays (i.e. ['a', 'b', 'c']) are not yet supported
  • You still need to deploy the compiled template yourself, though we plan to build native support for bicep into the powershell Az deployment cmdlets and az cli deployment commands
  • No IntelliSense whatsoever [#269]
  • Minimal resource schema validation. Other than basic validations like correct resource type structure and requiring a name, you will not get errors for missing or incorrect properties in a resource declaration
  • No support for string interpolation in property names [#267]
    • From what we know, this only affects using managed identities for resources. You can still include a hardcoded managed identity resource ID (i.e. '/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/...': {})
  • Bicep is currently not covered by Azure support plans as it is still in early development stages. Expect Bicep to be covered by all support plans starting on the 0.3 version.

Reference https://github.com/Azure/bicep Sept 2020

Installing Azure Bicep


# Create the install folder $installPath = “$env:USERPROFILE\.bicep” $installDir = New-Item -ItemType Directory -Path $installPath -Force $installDir.Attributes += ‘Hidden’

Fetch the latest Bicep CLI binary

(New-Object Net.WebClient).DownloadFile(“https://github.com/Azure/bicep/releases/latest/download/bicep-win-x64.exe”, “$installPath\bicep.exe”)

Add bicep to your PATH

$currentPath = (Get-Item -path “HKCU:\Environment” ).GetValue(‘Path’, ‘’, ‘DoNotExpandEnvironmentNames’) if (-not $currentPath.Contains(“%USERPROFILE%\.bicep”)) { setx PATH ($currentPath + “;%USERPROFILE%\.bicep”) } if (-not $env:path.Contains($installPath)) { $env:path += “;$installPath” }

Verify you can now access the ‘bicep’ command.

bicep –help



# Fetch the latest Bicep CLI binary curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-osx-x64

Mark it as executable

chmod +x ./bicep

Add Gatekeeper exception (requires admin)

sudo spctl –add ./bicep

Add bicep to your PATH (requires admin)

sudo mv ./bicep /usr/local/bin/bicep

Verify you can now access the ‘bicep’ command

bicep –help



# Fetch the latest Bicep CLI binary curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64

Mark it as executable

chmod +x ./bicep

Add bicep to your PATH (requires admin)

sudo mv ./bicep /usr/local/bin/bicep

Verify you can now access the ‘bicep’ command

bicep –help


Installing VSCode Extension

The Bicep extension isn’t currently in the Visual Studio Code Extension marketplace. Download the following file: https://github.com/Azure/bicep/releases/latest/download/vscode-bicep.vsix

Open VScode and select Extensions then .... . Select install from VSIX, then select the above downloaded file.

Azure Bicep Breakdown

  • param - is used to declare parameters within the template. Unlike ARM this can be declared anywhere throughout the template.
  • var - is used for declaring variables. Similar to parameters these can be declared anywhere throughout the template.
  • resource - a manageable item that is available through Azure. This declares the block of code which defines the resource and its deployment properties.
  • symbolic-name - a unique name that can be referenced throughout the rest of the template.
  • type - the type of resource you wish to deploy for example, Microsoft.Storage/storageAccounts
  • API Version - the version of the REST API for the deployment. 

Functions and Expressions

Azure Bicep supports the same functions and expressions as ARM templates.

Bicep Function Example

// Set parameter to Resource Id for existing Web App in Azure
param webAppResourceId string = resourceId('Microsoft.Web/sites', 'b59webapp')

// Set variable to default location for the Resource Group deployed to
var location = resourceGroup().location

// Set output variable to uppercase of 'storageAccountName' value
output upperName string = toUpper(storageAccountName)

String Interpolation

The below is the equivalent to the concat() function within ARM templates:

param namePrefix string = 'unique'

var storageAccountName = '${namePrefix}storage001'

Symbolic Name

Symbolic Name is separate to the Azure resource name and is used as a reference to a resource within Bicep, exampled below:

param location string = resourceGroup().location
param namePrefix string = 'stg'

param globalRedundancy bool = true // defaults to true, but can be overridden

var storageAccountName = '${namePrefix}${uniqueString(resourceGroup().id)}'

resource stg 'Microsoft.Storage/[email protected]' = {
    name: storageAccountName
    location: location
    kind: 'Storage'
    sku: {
        name: globalRedundancy ? 'Standard\_GRS' : 'Standard_LRS' // if true --> GRS, else --> LRS

output storageId string = stg.id
output computedStorageName string = stg.name


Example of Storage Account deployment using Azure Bicep:

resource mystorage 'Microsoft.Storage/[email protected]' = {
  name: 'bicepstorage2063'   // Globally unique storage account name
  location: 'northcentralus' // Azure Region
  kind: 'Storage'
  sku: {
    name: 'Standard_LRS'

bicep build .\main.bicep

New-AzResourceGroup -Name Bicep-RG -Location northcentralus

New-AzResourceGroupDeployment -Name bicep -ResourceGroupName Bicep-RG -TemplateFile .\main.json

Wrap Up

Currently Azure Bicep is in preview so its not recommended for production. However, even within early stages of its development Bicep is proving to be easier to read and write over current alternatives. Microsoft is looking for feedback to help shape this product as it develops.