Run any Skill in Manus with one click

$pwd:

azure-bicep-patterns

Name: Azure Bicep Patterns
Author: jonathan-vella

// Reusable Azure Bicep patterns: hub-spoke, private endpoints, diagnostics, AVM composition. USE FOR: Bicep template design, hub-spoke networking, private endpoint patterns, AVM modules. DO NOT USE FOR: Terraform code, architecture decisions, troubleshooting, diagram generation.

Run Skill in Manus

$ git log --oneline --stat

stars:3

forks:1

updated:April 15, 2026 at 13:57

File Explorer

9 files

SKILL.md

readonly

name	azure-bicep-patterns
description	Reusable Azure Bicep patterns: hub-spoke, private endpoints, diagnostics, AVM composition. USE FOR: Bicep template design, hub-spoke networking, private endpoint patterns, AVM modules. DO NOT USE FOR: Terraform code, architecture decisions, troubleshooting, diagram generation.
compatibility	Requires Azure CLI with Bicep extension

Azure Bicep Patterns Skill

Reusable infrastructure patterns for Azure Bicep templates. Complements iac-bicep-best-practices.instructions.md (style) and azure-defaults skill (naming, tags, regions).

Quick Reference

Pattern	When to Use	Reference
Hub-Spoke Networking	Multi-workload environments with shared services	hub-spoke-pattern
Private Endpoint Wiring	Any PaaS service requiring private connectivity	private-endpoint-pattern
Diagnostic Settings	Every deployed resource (mandatory)	common-patterns
Conditional Deployment	Optional resources controlled by parameters	common-patterns
Module Composition	Breaking main.bicep into reusable modules	common-patterns
Managed Identity Binding	Any service-to-service authentication	common-patterns
Budget & Cost Monitoring	Every deployment (mandatory)	budget-pattern
What-If / AVM Pitfalls	Pre-deployment validation & AVM gotchas	avm-pitfalls

Canonical Example — Module Interface

// modules/storage.bicep — every module follows this contract
@description('Storage account name')
param name string
param location string
param tags object
param logAnalyticsWorkspaceName string

output resourceId string = storageAccount.id
output resourceName string = storageAccount.name
output principalId string = storageAccount.identity.?principalId ?? ''

Accept name, location, tags, logAnalyticsWorkspaceName; output resourceId, resourceName, principalId.

Key Rules Summary

Hub-Spoke: Hub holds shared infra; spokes peer to hub only; NSGs per subnet
Private Endpoints: Always wire PE + DNS Zone Group + DNS Zone; see group ID table in reference
Diagnostics: categoryGroup: 'allLogs' + AllMetrics; pass workspace name not ID
Conditional: bool params with defaults; guard outputs with ternary
Identity: guid() for idempotent role names; principalType: 'ServicePrincipal'; scope narrowly
Budget: 3 forecast thresholds (80%/100%/120%); amount and emails MUST be parameters
What-If: Run before every deploy; watch for unexpected deletes and SKU downgrades
AVM: Always pin versions; wrap modules to override defaults; verify outputs in README
AVM Version Fallback: When AVM version helpers are incomplete, query public MCR tag listings (mcr.microsoft.com/v2/bicep/{module}/tags/list) to discover authoritative published versions

Reference Index

File	Content
hub-spoke-pattern.md	Hub-spoke VNet orchestration with peering
private-endpoint-pattern.md	PE wiring + DNS zone groups + group ID table
common-patterns.md	Diagnostics, conditional deploy, module composition, managed identity
budget-pattern.md	Consumption budget, forecast alerts, anomaly detection
avm-pitfalls.md	What-if interpretation, AVM gotchas, learn more links

Learn More

Topic	How to Find
AVM module catalog	`microsoft_docs_search(query="Azure Verified Modules registry Bicep")`
Resource type schema	`microsoft_docs_search(query="{resource-type} Bicep template reference")`

related-skills.json

same repository

azure-artifacts.md

from "jonathan-vella/bmit-2026"

Artifact template structures, H2 compliance rules, and documentation styling for agent outputs (Steps 1-7). USE FOR: generating any agent artifact, checking H2 structure compliance. DO NOT USE FOR: Azure resource configuration (use azure-defaults), Bicep/Terraform patterns (use bicep-patterns or terraform-patterns).

2026-04-153

azure-prepare.md

from "jonathan-vella/bmit-2026"

Prepare Azure apps for deployment (infra Bicep/Terraform, azure.yaml, Dockerfiles). Use for create/modernize or create+deploy; not cross-cloud migration (use azure-cloud-migrate). WHEN: "create app", "build web app", "create API", "create serverless HTTP API", "create frontend", "create back end", "build a service", "modernize application", "update application", "add authentication", "add caching", "host on Azure", "create and deploy", "deploy to Azure", "deploy to Azure using Terraform", "deploy to Azure App Service", "deploy to Azure App Service using Terraform", "deploy to Azure Container Apps", "deploy to Azure Container Apps using Terraform", "generate Terraform", "generate Bicep", "function app", "timer trigger", "service bus trigger", "event-driven function", "containerized Node.js app", "social media app", "static portfolio website", "todo list with frontend and API", "prepare my Azure application to use Key Vault", "managed identity".

2026-04-153

iac-common.md

from "jonathan-vella/bmit-2026"

Shared IaC deploy patterns for Bicep and Terraform deploy agents: deployment strategies, circuit breaker, known deploy issues. For preflight validation (auth, governance, stop rules), see azure-validate. USE FOR: Phased deployment, circuit breaker, deploy-specific known issues. DO NOT USE FOR: Preflight validation (use azure-validate), code generation (use azure-bicep-patterns or terraform-patterns).

2026-04-153

terraform-patterns.md

from "jonathan-vella/bmit-2026"

Reusable Azure Terraform patterns: hub-spoke, private endpoints, diagnostics, AVM-TF modules. USE FOR: Terraform template design, hub-spoke networking, AVM modules, plan interpretation. DO NOT USE FOR: Bicep code, architecture decisions, troubleshooting, diagram generation.

2026-04-153

package.json

"author": "jonathan-vella"

"repository": "jonathan-vella/bmit-2026"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Software DevelopersComputer and Mathematical Occupations15-1252L4

name	azure-bicep-patterns
description	Reusable Azure Bicep patterns: hub-spoke, private endpoints, diagnostics, AVM composition. USE FOR: Bicep template design, hub-spoke networking, private endpoint patterns, AVM modules. DO NOT USE FOR: Terraform code, architecture decisions, troubleshooting, diagram generation.
compatibility	Requires Azure CLI with Bicep extension

Azure Bicep Patterns Skill

Reusable infrastructure patterns for Azure Bicep templates. Complements iac-bicep-best-practices.instructions.md (style) and azure-defaults skill (naming, tags, regions).

Quick Reference

Pattern	When to Use	Reference
Hub-Spoke Networking	Multi-workload environments with shared services	hub-spoke-pattern
Private Endpoint Wiring	Any PaaS service requiring private connectivity	private-endpoint-pattern
Diagnostic Settings	Every deployed resource (mandatory)	common-patterns
Conditional Deployment	Optional resources controlled by parameters	common-patterns
Module Composition	Breaking main.bicep into reusable modules	common-patterns
Managed Identity Binding	Any service-to-service authentication	common-patterns
Budget & Cost Monitoring	Every deployment (mandatory)	budget-pattern
What-If / AVM Pitfalls	Pre-deployment validation & AVM gotchas	avm-pitfalls

Canonical Example — Module Interface

// modules/storage.bicep — every module follows this contract
@description('Storage account name')
param name string
param location string
param tags object
param logAnalyticsWorkspaceName string

output resourceId string = storageAccount.id
output resourceName string = storageAccount.name
output principalId string = storageAccount.identity.?principalId ?? ''

Accept name, location, tags, logAnalyticsWorkspaceName; output resourceId, resourceName, principalId.

Key Rules Summary

Hub-Spoke: Hub holds shared infra; spokes peer to hub only; NSGs per subnet
Private Endpoints: Always wire PE + DNS Zone Group + DNS Zone; see group ID table in reference
Diagnostics: categoryGroup: 'allLogs' + AllMetrics; pass workspace name not ID
Conditional: bool params with defaults; guard outputs with ternary
Identity: guid() for idempotent role names; principalType: 'ServicePrincipal'; scope narrowly
Budget: 3 forecast thresholds (80%/100%/120%); amount and emails MUST be parameters
What-If: Run before every deploy; watch for unexpected deletes and SKU downgrades
AVM: Always pin versions; wrap modules to override defaults; verify outputs in README
AVM Version Fallback: When AVM version helpers are incomplete, query public MCR tag listings (mcr.microsoft.com/v2/bicep/{module}/tags/list) to discover authoritative published versions

Reference Index

File	Content
hub-spoke-pattern.md	Hub-spoke VNet orchestration with peering
private-endpoint-pattern.md	PE wiring + DNS zone groups + group ID table
common-patterns.md	Diagnostics, conditional deploy, module composition, managed identity
budget-pattern.md	Consumption budget, forecast alerts, anomaly detection
avm-pitfalls.md	What-if interpretation, AVM gotchas, learn more links

Learn More

Topic	How to Find
AVM module catalog	`microsoft_docs_search(query="Azure Verified Modules registry Bicep")`
Resource type schema	`microsoft_docs_search(query="{resource-type} Bicep template reference")`

azure-bicep-patterns

Azure Bicep Patterns Skill

Quick Reference

Canonical Example — Module Interface

Key Rules Summary

Reference Index

Learn More

More from this repository

Azure Bicep Patterns Skill

Quick Reference

Canonical Example — Module Interface

Key Rules Summary

Reference Index

Learn More

More from this repository