I have an Azure Bicep template that deploys a storage account and a container. However, when I rename the container or comment out the container resource in the template, the delete operation does not get triggered. Instead, it creates a new container and does not delete the old one. Any ideas why this happens?
Note: I use Mode Complete to deploy
I have a main.bicep file containing
param location string = resourceGroup().location
param storageAccountName string = 'test${uniqueString('newstring')}'
param storageContainerName string = 'testcontainer'
module storagAccounts '../resources/storage/storageAccounts.bicep' = {
name: 'storageAccounts'
params: {
location: location
storageAccountName: storageAccountName
}
}
module blobServices '../resources/storage/blobServices.bicep' = {
name: 'blobServices'
params: {
storageAccountName: storagAccounts.outputs.storageAccountName
}
}
module blobContainer '../resources/storage/containers.bicep' = {
name: 'blobContainer'
params: {
containerName: storageContainerName
blobServicesName: blobServices.outputs.blobServicesName
storageAccountName: storagAccounts.outputs.storageAccountName
}
}
I have a storageAccounts.bicep containing
targetScope = 'resourceGroup'
@minLength(3)
@maxLength(24)
param storageAccountName string
param location string
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
name: storageAccountName
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
tags: {
environment: 'test'
}
}
output storageAccountId string = storageAccount.id
output storageAccountName string = storageAccountName
a blobServices.bicep
param storageAccountName string
param blobServicesName string = 'default'
resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
name: '${storageAccountName}/${blobServicesName}'
}
output blobServicesName string = blobServicesName
and a container.bicep containing
param storageAccountName string
param blobServicesName string
param containerName string
resource storageContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = {
name: '${storageAccountName}/${blobServicesName}/${containerName}'
properties: {
publicAccess: 'None'
}
}
output storageContainerName string = storageContainer.name
To deploy I use a PowerShell script
Get-AzResourceGroupDeploymentWhatIfResult -Mode Complete -Location westeurope -TemplateFile modules/main.bicep -ResourceGroup testResourceGroup
New-AzResourceGroupDeployment -Name deployment1 -Mode Complete -Location westeurope -TemplateFile modules/main.bicep -ResourceGroup testResourceGroup -Force
Thomas' answer is correct. However, to get the functionality of tracking managed resources in the bicep template, DeploymentStacks is the way to go not the Complete Mode.
using New-AzResourceGroupDeploymentStack -Name deploy -ResourceGroupName testResourceGroup -TemplateFile modules/main.bicep -DenySettingsMode none -DeleteResources -Force deletes the resources that are not defined in the template.
Note that the switch -DeleteResources must be added for this behavior to occur. And the name of the DeploymentStack must also be the same