技能檔案

Bicep Avm Mastery

Name: Bicep Avm Mastery
Author: fabioc-aloha

Azure Verified Modules (AVM), Bicep best practices, and MCP-powered infrastructure as code for Azure

fabioc-aloha0 星標2026年2月17日

職業
分類: 雲端

技能內容

Skill: Bicep AVM Mastery

Azure Verified Modules (AVM), Bicep best practices, and MCP-powered infrastructure as code for Azure.

Metadata

Field	Value
Skill ID	bicep-avm-mastery
Version	1.0.0
Category	Cloud/Infrastructure
Difficulty	Advanced
Prerequisites	Basic Azure, infrastructure-as-code
Related Skills	azure-architecture-patterns, infrastructure-as-code

Overview

相關技能

Bicep Avm Mastery | Skills Pool

Feature	Bicep	ARM JSON	Terraform
Syntax	Clean, readable	Verbose	HCL
Azure Integration	Native	Native	Provider
State Management	Azure-managed	Azure-managed	External
Learning Curve	Low	High	Medium
Tooling	VS Code, MCP	Limited	Extensive

// ✅ CORRECT: Use parent property
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2023-09-01' = {
  parent: vnet  // Reference parent symbolically
  name: 'default'
  properties: {
    addressPrefix: '10.0.0.0/24'
  }
}

// ❌ AVOID: Slash in name property
resource subnetBad 'Microsoft.Network/virtualNetworks/subnets@2023-09-01' = {
  name: '${vnetName}/default'  // Don't do this
}

// ✅ CORRECT: Typed user-defined type
@export()
type storageAccountConfig = {
  @description('Storage account name')
  name: string
  @description('SKU for the storage account')
  sku: 'Standard_LRS' | 'Standard_GRS' | 'Premium_LRS'
  @description('Enable public access')
  allowPublicAccess: bool
}

// ❌ AVOID: Open types
param config object  // Too broad

// ✅ CORRECT: Use symbolic references
output storageId string = storageAccount.id
output storageName string = storageAccount.name

// ❌ AVOID: resourceId() and reference()
output storageIdBad string = resourceId('Microsoft.Storage/storageAccounts', storageAccountName)

// ✅ ALWAYS use @secure() for sensitive data
@secure()
param adminPassword string

@secure()
param connectionString string

// ✅ CORRECT: Safe dereference with coalesce
var subnetId = vnet.properties.subnets[?0].?id ?? 'default'

// ❌ AVOID: Non-null assertion or verbose ternary
var subnetIdBad = vnet!.properties.subnets[0].id

Category	Count	Examples
Compute	50+	VMs, AKS, App Service, Functions
Networking	40+	VNets, NSGs, Load Balancers, Front Door
Storage	30+	Storage Accounts, Cosmos DB, SQL
Security	25+	Key Vault, Managed Identities, WAF
Integration	20+	Service Bus, Event Grid, Logic Apps
AI/ML	15+	Cognitive Services, OpenAI, ML Workspaces

// Module from Bicep Registry (AVM)
module storageAccount 'br/public:avm/res/storage/storage-account:0.14.3' = {
  name: 'storageAccountDeployment'
  params: {
    name: 'st${uniqueString(resourceGroup().id)}'
    location: location
    skuName: 'Standard_LRS'
    kind: 'StorageV2'
    managedIdentities: {
      systemAssigned: true
    }
    networkAcls: {
      defaultAction: 'Deny'
      bypass: 'AzureServices'
    }
  }
}

mcp_bicep_list_avm_metadata → 328 modules with:
  - Module name and description
  - Latest version
  - Required/optional parameters
  - Usage examples

Component	ID / Name	Purpose
VS Code Extension	`ms-azuretools.vscode-bicep`	Bicep language support, IntelliSense
VS Code Extension	`ms-azuretools.vscode-azure-github-copilot`	Azure Copilot integration
VS Code Extension	`ms-vscode.azure-account`	Azure authentication
MCP Server	`bicep-mcp`	AVM lookup, schema, validation, best practices

# VS Code Extensions (required for Bicep authoring)
code --install-extension ms-azuretools.vscode-bicep
code --install-extension ms-azuretools.vscode-azure-github-copilot
code --install-extension ms-vscode.azure-account

# MCP Server enabled via VS Code MCP gallery
# Settings: chat.mcp.gallery.enabled = true

MCP Tool	Fallback Approach
`list_avm_metadata`	Browse https://aka.ms/avm/modules
`get_az_resource_type_schema`	Use `bicep list-api-types` CLI or ARM reference docs
`get_bicep_best_practices`	Reference https://learn.microsoft.com/azure/azure-resource-manager/bicep/best-practices
`get_bicep_file_diagnostics`	VS Code Bicep extension shows diagnostics automatically
`format_bicep_file`	Run `bicep format <file>` CLI
`decompile_arm_template_file`	Run `az bicep decompile --file <file>` CLI

# Search Bicep Registry for modules
az bicep registry list --resource-group bicep-registry

# Or browse AVM directly
# https://github.com/Azure/bicep-registry-modules

Tool	Purpose
`mcp_bicep_list_avm_metadata`	Browse 328 Azure Verified Modules
`mcp_bicep_get_az_resource_type_schema`	Get resource type properties
`mcp_bicep_get_bicep_best_practices`	Current best practices
`mcp_bicep_get_bicep_file_diagnostics`	Validate Bicep files
`mcp_bicep_format_bicep_file`	Auto-format code
`mcp_bicep_decompile_arm_template_file`	Convert ARM JSON → Bicep
`mcp_bicep_get_file_references`	Find file dependencies
`mcp_bicep_get_deployment_snapshot`	Preview deployment changes

User: "I need to deploy a storage account with private endpoints"

Alex → mcp_bicep_list_avm_metadata 
  Filter: storage
  Returns: avm/res/storage/storage-account (v0.14.3)
    - Supports privateEndpoints parameter
    - Supports networkAcls
    - Includes diagnosticSettings

User: "What properties does App Service support?"

Alex → mcp_bicep_get_az_resource_type_schema
  provider: Microsoft.Web
  resourceType: sites
  Returns: Full property schema with descriptions

User: "Check my Bicep file for errors"

Alex → mcp_bicep_get_bicep_file_diagnostics
  filePath: main.bicep
  Returns: BCP036 errors, warnings, suggestions

User: "Convert this ARM template to Bicep"

Alex → mcp_bicep_decompile_arm_template_file
  filePath: azuredeploy.json
  Returns: Clean Bicep code

infrastructure/
├── main.bicep              # Entry point
├── main.bicepparam         # Parameters (env-specific)
├── modules/
│   ├── networking.bicep    # Custom modules
│   ├── compute.bicep
│   └── data.bicep
├── types/
│   └── shared.bicep        # Shared user-defined types
└── bicepconfig.json        # Bicep configuration

{
  "analyzers": {
    "core": {
      "rules": {
        "no-hardcoded-location": {
          "level": "error"
        },
        "secure-parameter-default": {
          "level": "error"
        },
        "prefer-interpolation": {
          "level": "warning"
        }
      }
    }
  },
  "moduleAliases": {
    "br": {
      "public": {
        "registry": "mcr.microsoft.com/bicep"
      }
    }
  }
}

// main.bicepparam (for dev)
using './main.bicep'

param environment = 'dev'
param skuName = 'Standard_LRS'
param instanceCount = 1

// main.bicepparam (for prod)  
using './main.bicep'

param environment = 'prod'
param skuName = 'Standard_GRS'
param instanceCount = 3

# What-if preview
az deployment group what-if \
  --resource-group myRG \
  --template-file main.bicep \
  --parameters main.bicepparam

# Deploy
az deployment group create \
  --resource-group myRG \
  --template-file main.bicep \
  --parameters main.bicepparam

- name: Deploy Bicep
  uses: azure/arm-deploy@v2
  with:
    resourceGroupName: ${{ env.RESOURCE_GROUP }}
    template: ./infrastructure/main.bicep
    parameters: ./infrastructure/main.bicepparam
    deploymentMode: Incremental

- task: AzureCLI@2
  inputs:
    azureSubscription: 'AzureConnection'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az deployment group create \
        --resource-group $(resourceGroup) \
        --template-file infrastructure/main.bicep \
        --parameters infrastructure/main.bicepparam

Code	Meaning	Fix
BCP036	Invalid property	Check resource schema
BCP037	Invalid property value	Verify allowed values
BCP081	Hallucinated resource/property	Use schema lookup
BCP035	Missing required property	Add required params
BCP334	Expected literal value	Use string/number directly

Trigger	Response
"Bicep", "infrastructure as code Azure"	Full skill activation
"AVM", "Azure Verified Modules"	Module 2
"Bicep MCP", "validate Bicep"	Module 3
"Bicep project structure"	Module 4
"deploy Bicep", "CI/CD Bicep"	Module 5
"BCP error", "Bicep diagnostic"	Common Diagnostic Codes

Bicep Avm Mastery

Skill: Bicep AVM Mastery

Metadata

Overview

Bicep Avm Mastery

Skill: Bicep AVM Mastery

Metadata

Overview

Why Bicep?

Module 1: Bicep Best Practices

General Rules

Resource Patterns

Type Safety

Symbolic References

Security

Null Handling

Module 2: Azure Verified Modules (AVM)

What is AVM?

AVM Categories

Using AVM in Bicep

Finding AVM Modules

Module 3: MCP Tool Integration

Required Extensions & MCP Servers

Fallback Patterns (When MCP Unavailable)

Available Bicep MCP Tools

Common Workflows

Find the Right AVM Module

Get Resource Schema

Validate Before Deploy

Convert Legacy ARM

Module 4: Project Patterns

Recommended Structure

bicepconfig.json

Environment-Specific Parameters

Module 5: Deployment Patterns

Azure CLI

GitHub Actions

Azure DevOps

Common Diagnostic Codes

Activation Patterns

Synapses

Feishu Drive

Nanoclaw Repl

Crosspost

Cloudflare

Mcp Integration

Setup Deploy