Advanced Features

Bicep supports running inline scripts (PowerShell, Bash, Azure CLI) as part of your deployment. This is useful for DevOps and SRE teams who need to bootstrap, configure, or validate resources during provisioning.

Why Use Inline Scripts?

Automation: Run custom logic during deployments (e.g., post-provisioning config)
Validation: Check resource state or compliance after deployment
Flexibility: Integrate with existing scripts and tools

Real-Life DevOps & SRE Examples

1. Run a Bash Script to Tag Resources

resource tagScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
  name: 'tag-script'
  location: resourceGroup().location
  kind: 'AzureCLI'
  properties: {
    azCliVersion: '2.53.0'
    scriptContent: '''
      az resource tag --tags environment=devops owner=sre \
        --ids ${resourceId('Microsoft.Storage/storageAccounts', 'mystorageaccount')}
    '''
    timeout: 'PT10M'
    cleanupPreference: 'OnSuccess'
    forceUpdateTag: uniqueString(newGuid())
  }
}

2. Run a PowerShell Script to Set Diagnostic Settings

resource diagScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
  name: 'diagnostic-script'
  location: resourceGroup().location
  kind: 'AzurePowerShell'
  properties: {
    azPowerShellVersion: '10.4'
    scriptContent: '''
      $resourceId = (Get-AzResource -Name "myvm").ResourceId
      Set-AzDiagnosticSetting -ResourceId $resourceId -WorkspaceId "/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.OperationalInsights/workspaces/xxx" -Enabled $true
    '''
    timeout: 'PT10M'
    cleanupPreference: 'OnSuccess'
    forceUpdateTag: uniqueString(newGuid())
  }
}

Best Practices (2025)

Use deployment scripts for tasks not natively supported by Bicep
Store scripts in source control and reference with scriptContent or scriptUri
Use forceUpdateTag to ensure script re-runs on changes
Clean up resources with cleanupPreference
Limit script permissions to least privilege

Common Pitfalls

Overusing scripts for tasks Bicep can do natively
Hardcoding secrets in scripts (use Key Vault references)
Not handling script errors (check exit codes)

Azure & Bicep Jokes

Bicep Joke: Why did the script love Bicep? Because it always had the right parameters!

Azure Joke: Why did the deployment script never get lonely? It always had a resource group to run with!

References

Search Tip: Use keywords like bicep deployment script, inline script, powershell, or bash to quickly find relevant examples and best practices.