Create Azure API management with Bicep

This document describes how to use Bicep templates to create an Azure API Management service instance.

Azure API Management (APIM) is used publish APIs to external, partner, and internal developers. APIM enables you to create and manage API gateways for existing backend services hosted anywhere. For more information, see the Overview.

Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy and configure Azure resources.

Review the template - service.bicep

This Bicep template creates Azure API management service. By default it uses Developer pricing tier if the sku parameter is not provided.

// Use Azure AD account details here. 
param publisherEmail string = 'your@email.com'
param publisherName string = 'Firstname Lastname'

// Disabled the Premium tier (commented out)  
@allowed([
  'Basic'
  'Consumption'
  'Developer'
  'Standard'
  // 'Premium'
])
param sku string = 'Developer' // Defaulting to Developer tier
param skuCount int = 1
param location string = resourceGroup().location
param serviceName string = replace(resourceGroup().name, 'rg-', 'apim-')
// Create APIM service instance resource
resource apiManagement 'Microsoft.ApiManagement/service@2020-12-01' = {
  name: serviceName
  location: location
  sku: {
    name: sku
    capacity: skuCount
  }
  properties: {
    publisherEmail: publisherEmail
    publisherName: publisherName
  }
  // Managed Identity is very useful to be enabled
  identity: {
    type: 'SystemAssigned' 
  }
}

output Id string = apiManagement.id
output Identity string = apiManagement.identity.principalId
output Name string = apiManagement.name

💡 TIP

Template also activates the system-assigned Managed Identity which is useful for:

Allow the API Management instance to obtain secrets from Azure Key Vault.

Obtain a custom TLS/SSL certificate for the API Management instance from Azure Key Vault.

Authenticate to the back end through the authentication-managed-identity policy.

Connect to Azure resources behind IP Firewall.

Deploy the template to Azure

To deploy Bicep template to Azure, you need to sign-in to your Azure account using Azure command line interface (AZ CLI).

🚩 NOTE

Remember to sign in with your Azure AD account that has Contributor access role to your Azure API management environment.

Open a Visual Studio Code terminal window by selecting Terminal > New Terminal. The window usually opens at the bottom of the screen.}
Switch your terminal to the directory where you saved service.bicep Bicep template.

In the Visual Studio Code terminal, sign in to Azure by running the following command:

az login

In the browser that opens, sign in to your Azure account.

The Visual Studio Code terminal displays a list of the subscriptions associated with this account.

Set the subscription context for all of the Azure CLI commands that you run in this session.

az account set --subscription "your-subscription-name"

Create resource group with Azure CLI

Create a new Azure resource group for your Azure development environment.

az group create --location westeurope --name "rg-yourgroup-we-dev"

Deploy service.bicep template to Azure

Run the following command from the terminal in Visual Studio Code to deploy the Bicep template to Azure.

az deployment group create --template-file .\service.bicep --resource-group "rg-yourgroup-we-dev" --name "apim-service-deploy"

In the example above we are deploying template that creates Azure API management service instance to development environment.

🚩 NOTE

It can take up to 40 minutes to create and activate an API Management service in the Developer tier.

Review deployed resources

Use the Azure portal to check the deployed resources or use Azure CLI to list the deployed APIM resources.

AZ-CLI

az apim list --resource-group "rg-yourgroup-we-dev"

Azure Portal

In the Azure portal, search for and select API Management services, and select the service instance you created.
Review the properties of your service on the Overview page.