Historically speaking one of the pitfalls when working with Azure ARM deployments has been a lack of a ‘plan’ or outline as to what the ARM template will actually deploy/change. In the past one would deploy and wait to see if a resource was created or updated.

This sticking in fact has driven some to adopt Terraform deployments over ARM. As it can be a vital component of a CI/CD pipeline to have the ability to see what your deployment will update/create/destroy. Terraform already has this via the plan command. Azure has now adapted this capability via the what-if operation.

This operation is available in PowerShell starting with version 4.2 or later. Alternatively, it is available via the Azure CLI with version 2.14 or later. For this article will show how to use the what-if operation with Azure CLI.

Here is a local ARM deployment utilizing VS Code with version 2.20.0 and the what-if command. In this sample it’s using a bicep file, but same thing can be done with a .json file.

az deployment group create -g rg-georeduntest-dev-wus -f infrastructure/main.bicep --confirm-with-what-if

The output for this given template was:

Can so in this example we are doing a deployment scoped at the Resource Group and under that deployment a creation of an Azure Front Door and an RBAC role assignment. Outside of that can see the Template has reference to a Microsoft.OperationalInsights and Microsoft.Web resources that were evaulated and determined no change was needed. Then a Microsoft.Insights component that was ignored for this deployment.

Now this example we used confirm-what-if which means our deployment will stop until the deployment until we provide an answer:

Now this can be taken a step further and be added as a task in the Azure Deployment so one could review what resources would be created/changed/deleted.