Template Specs

This guide shows how to create, manage, and deploy Template Specs with Bicep files for enterprise-scale infrastructure deployment.

Template Specs in Azure let you store, version, and share Bicep (and ARM) templates as first-class Azure resources. This enables DevOps and SRE teams to standardize deployments, enforce governance, and accelerate infrastructure delivery across environments.

Why Use Template Specs?

  • Versioned IaC: Store and manage Bicep templates with version control in Azure

  • Reusability: Share templates across teams and subscriptions

  • Governance: Enforce standards and best practices with approved templates

  • CI/CD Integration: Reference template specs in pipelines for consistent deployments

Create a Template Spec from a Bicep File

az bicep build --file main.bicep
az ts create \
  --name myTemplateSpec \
  --version 1.0.0 \
  --resource-group my-rg \
  --location eastus \
  --template-file main.json

Deploy from a Template Spec

az deployment group create \
  --resource-group my-rg \
  --template-spec '/subscriptions/<sub-id>/resourceGroups/my-rg/providers/Microsoft.Resources/templateSpecs/myTemplateSpec/versions/1.0.0' \
  --parameters @dev.parameters.json

Real-Life DevOps & SRE Example: Standardized Storage Account

  1. Create a reusable storage.bicep:

param storageName string
param location string = resourceGroup().location
param tags object

resource stg 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  name: storageName
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  tags: tags
  properties: {
    supportsHttpsTrafficOnly: true
  }
}

  1. Publish as a template spec:

az bicep build --file storage.bicep
az ts create \
  --name storageSpec \
  --version 1.0.0 \
  --resource-group infra-rg \
  --location eastus \
  --template-file storage.json

  1. Deploy from the template spec in CI/CD:

- name: Deploy Storage from Template Spec
  run: |
    az deployment group create \
      --resource-group dev-rg \
      --template-spec '/subscriptions/${{ secrets.AZURE_SUBSCRIPTION }}/resourceGroups/infra-rg/providers/Microsoft.Resources/templateSpecs/storageSpec/versions/1.0.0' \
      --parameters storageName=devstorage tags='{"env":"dev"}'

Best Practices (2025)

  • Use template specs for all shared, production-grade Bicep modules

  • Version template specs for traceability and rollback

  • Store template specs in a central infra resource group

  • Reference template specs by version in CI/CD pipelines

  • Document parameters and outputs for discoverability

Common Pitfalls

  • Not versioning template specs (makes rollbacks difficult)

  • Hardcoding values instead of using parameters

  • Not updating references in pipelines after publishing new versions

Azure & Bicep Jokes

Bicep Joke: Why did the engineer use template specs? To flex their standards across the org!

Azure Joke: Why did the template spec never get lost? It always had a resource group to call home!

References

Search Tip: Use keywords like bicep template spec, versioning, ci/cd, or governance to quickly find relevant examples and best practices.

PreviousGetting Started - First steps with Bicep [BEGINNER]NextBest Practices - Guidelines for effective Bicep implementations

Last updated