Skill: generate-azure-bicep

Version: 0.3.0-alpha Purpose: Generate Azure Bicep infrastructure modules using Azure Verified Modules (AVM) and bicepparams Author: The Forge Last Updated: 2025-11-18

Title

Generate Azure Bicep - Create production-ready Bicep infrastructure modules using Azure Verified Modules with environment-specific parameters

File Structure

forge-plugin/skills/generate-azure-bicep/
├── SKILL.md                  # This file - mandatory workflow
├── examples.md               # Usage scenarios and examples
├── scripts/
│   └── bicep_generator.py    # Helper script for Bicep generation
└── templates/
    ├── main-bicep-avm-template.bicep          # Main Bicep using AVM
    ├── bicepparams-template.bicep             # Parameters file template
    ├── wrapper-module-template.bicep          # Custom wrapper for AVM module
    └── README-template.md                     # Documentation template

Interface References

ContextProvider — getDomainIndex("azure"), getConditionalContext("azure", topic)
MemoryStore — getSkillMemory("generate-azure-bicep", project), update()

Context (via ContextProvider):

contextProvider.getDomainIndex("azure") — Azure context navigation
contextProvider.getConditionalContext("azure", "azure_verified_modules") — AVM concepts, usage patterns, best practices
contextProvider.getConditionalContext("azure", "azure_bicep_overview") — Bicep syntax and structure

Memory (via MemoryStore):

memoryStore.getSkillMemory("generate-azure-bicep", project) returns per-project files:
- bicep_config.md — Previous Bicep configurations
- avm_modules.md — AVM modules used and versions
- resource_naming.md — Naming conventions
- customizations.md — Custom wrapper modules

Design Requirements

Core Functionality

This skill must:

Use Azure Verified Modules as the foundation for all resource deployments
Generate main.bicep that composes AVM modules
Create bicepparams files for each environment (development, staging, production)
Generate custom wrapper modules when needed for project-specific requirements
Create .azure/bicep/ directory structure with modules subdirectory
Apply consistent naming and tagging across all resources
Store Bicep configuration in memory for future updates

Output Requirements

Generate a complete .azure/bicep/ directory with:

main.bicep using AVM module references
Environment-specific .bicepparams files
Custom wrapper modules (if needed)
Documentation explaining module usage
Consistent resource naming strategy

Quality Requirements

Generated Bicep must:

Use latest stable AVM versions from public registry
Follow Azure Well-Architected Framework principles
Pin module versions for reproducibility
Include diagnostic settings where applicable
Apply tags consistently across all resources
Be well-documented with parameter descriptions

Prompting Guidelines

User Questions Framework

Use Socratic method to gather requirements. Ask questions in this order:

1. Infrastructure Scope

Question: "What Azure resources does your application need?"

Options (can select multiple):

Storage Account (Blob, Queue, Table)
Function App / App Service
Key Vault (secrets management)
Application Insights (monitoring)
SQL Database / Cosmos DB
Virtual Network (VNet, subnets, NSG)
Container Registry
Service Bus / Event Hub
Other resources

Follow-up: "This determines which AVM modules to use."

2. Environments

Question: "Which environments do you need?"

Options:

Development only
Development + Production
Development + Staging + Production
Custom environments

Follow-up: "This creates environment-specific bicepparams files."

3. Resource Naming Convention

Question: "What naming convention should we use for resources?"

Options:

Standard Azure naming ({resource-abbr}-{environment}-{region})
Custom prefix (e.g., myapp-{resource}-{environment})
Project-specific pattern
Use Azure naming tool recommendations

Follow-up: "This ensures consistent resource names across environments."

4. Azure Region

Question: "Which Azure region(s) for deployments?"

Options:

Single region for all environments
Different regions per environment
Multi-region deployment

Follow-up: "This sets location parameters in bicepparams files."

5. Deployment Scope

Question: "What deployment scope do you need?"

Options:

Resource Group (most common)
Subscription (for creating resource groups)
Management Group
Tenant

Follow-up: "This sets the targetScope in main.bicep."

6. Custom Requirements

Question: "Do you have any custom requirements?"

Options:

Private endpoints for resources
Managed identities
VNet integration
Custom RBAC roles
Bring your own keys (BYOK)
Compliance requirements

Follow-up: "This determines which optional AVM parameters to configure."

Instructions

Mandatory Workflow

IMPORTANT: Follow these steps in order. Do not skip steps.

Step 1: Initial Analysis

Objective: Understand current project context

Actions:

Identify current working directory
Check if .azure/bicep/ directory already exists
Check for existing Bicep files or AVM module usage
Identify project type and deployment target

Verification: Project context understood before proceeding

Step 2: Load Index Files

Objective: Understand available context and memory structure

Actions:

Load Azure domain index via contextProvider.getDomainIndex("azure")
Identify which context topics will be needed based on requirements

Verification: Domain index loaded, know which context topics to load next

Step 3: Load Project Memory

Objective: Check for existing project-specific Bicep configurations

Actions:

Determine project name from current directory or user input
Load project memory via memoryStore.getSkillMemory("generate-azure-bicep", project)
If memory exists, review all memory files:
- bicep_config.md - Previous infrastructure setup
- avm_modules.md - AVM modules used and versions
- resource_naming.md - Naming conventions
- customizations.md - Custom wrapper modules

Verification: Memory loaded if exists; ready to use previous configurations

Step 4: Load Bicep Context

Objective: Load Azure Verified Modules and Bicep knowledge

Actions:

Load AVM context via contextProvider.getConditionalContext("azure", "azure_verified_modules")
Load Bicep overview via contextProvider.getConditionalContext("azure", "azure_bicep_overview")

Verification: Context loaded, understand AVM patterns and Bicep syntax

Step 5: Gather Requirements

Objective: Ask user Socratic questions to gather all requirements

Actions:

Ask about infrastructure scope (which Azure resources)
Ask about environments (dev, staging, prod)
Ask about resource naming convention
Ask about Azure region(s)
Ask about deployment scope (resource group, subscription, etc.)
Ask about custom requirements (private endpoints, managed identities, etc.)

Verification: All requirements gathered, user confirmed ready to proceed

Step 6: Design Module Structure

Objective: Plan which AVM modules to use and how to compose them

Actions:

Map requirements to AVM modules:
- Storage Account → avm/res/storage/storage-account
- Function App → avm/res/web/site
- Key Vault → avm/res/key-vault/vault
- (etc. for all required resources)
Determine module dependencies:
- Identify which modules depend on others
- Plan output sharing between modules
- Design proper ordering
Plan custom wrapper modules:
- Identify if any resources need custom wrappers
- Design wrapper module parameters
- Document wrapper purpose

Verification: Module structure designed, dependencies mapped

Step 7: Generate Bicep Structure

Objective: Create .azure/bicep/ directory with all files

Actions:

Create directory structure:

mkdir -p .azure/bicep/modules
mkdir -p .azure/docs

Generate main.bicep:
- Set targetScope (subscription, resourceGroup, etc.)
- Define parameters for environment-agnostic values
- Reference AVM modules with pinned versions
- Pass parameters to modules
- Define outputs for resource IDs and names
Generate bicepparams files for each environment:
- main.development.bicepparams
- main.staging.bicepparams
- main.production.bicepparams
- Set environment-specific SKUs, regions, names
Generate custom wrapper modules (if needed):
- Create modules in .azure/bicep/modules/
- Wrap AVM modules with project-specific defaults
- Document wrapper purpose and parameters
Generate documentation:
- .azure/docs/infrastructure.md - Explains infrastructure setup
- Parameter descriptions
- Deployment instructions

Verification: All files created, no errors during generation

Step 8: Customize Templates

Objective: Populate templates with project-specific values

Actions:

Replace placeholders in main.bicep:
- {{PROJECT_NAME}} - Project name
- {{RESOURCE_PREFIX}} - Resource naming prefix
- {{DEFAULT_LOCATION}} - Default Azure region
Replace placeholders in bicepparams:
- {{ENVIRONMENT}} - Environment name
- {{LOCATION}} - Azure region
- {{SKU}} - Resource SKU for environment
Configure AVM module versions:
- Use latest stable versions from registry
- Pin to specific versions for reproducibility
- Document version choices

Verification: Templates customized with correct values

Step 9: Validate Bicep Files

Objective: Ensure generated Bicep is syntactically correct

Actions:

Validate Bicep syntax:

az bicep build --file .azure/bicep/main.bicep

Validate deployment (if Azure CLI available):

az deployment sub validate \
  --location <location> \
  --template-file .azure/bicep/main.bicep \
  --parameters .azure/bicep/main.development.bicepparams

Check AVM module versions exist:

az bicep list-versions --module-path "br/public:avm/res/..."

Verification: No syntax errors, all modules accessible

Step 10: Present Results

Objective: Show user what was generated and next steps

Actions:

Display generated directory structure
List all created files with their purposes

Provide deployment instructions:

# Deploy to subscription
az deployment sub create \
  --location <location> \
  --template-file .azure/bicep/main.bicep \
  --parameters .azure/bicep/main.development.bicepparams

# Or deploy to resource group
az deployment group create \
  --resource-group <rg-name> \
  --template-file .azure/bicep/main.bicep \
  --parameters .azure/bicep/main.development.bicepparams

Explain how to update:
- Change parameters in .bicepparams files
- Update AVM module versions
- Add new resources to main.bicep

Verification: User understands what was generated and how to deploy

Step 11: Update Project Memory

Objective: Store configuration for future reference

Actions:

Use memoryStore.update("generate-azure-bicep", project, "bicep_config.md", content) with:
- Deployment scope (subscription, resource group)
- Resource naming convention
- Environments configured
- Azure regions used
Use memoryStore.update("generate-azure-bicep", project, "avm_modules.md", content) with:
- List all AVM modules used
- Module versions and purposes
- Module dependencies
Use memoryStore.update("generate-azure-bicep", project, "resource_naming.md", content) with:
- Naming patterns for each resource type
- Examples of generated names
Use memoryStore.update("generate-azure-bicep", project, "customizations.md", content) with:
- Custom wrapper modules created
- Deviations from standard AVM usage
- Special configurations

Verification: Memory files created/updated with all relevant information

Compliance Checklist

Before completing this skill, verify:

Best Practices

Azure Verified Modules

Always use AVM modules - Don't rewrite what Microsoft provides
Pin module versions - Use specific versions, not latest
Use public registry - br/public:avm/... for stable, tested modules
Check module documentation - Review parameters and examples before use
Leverage module outputs - Pass resource IDs between modules
Apply consistent tags - Use AVM's built-in tagging support

Bicep Structure

One main.bicep - Single entry point for all environments
Separate bicepparams - Environment-specific configurations
Use modules directory - For custom wrapper modules only
Document parameters - Clear descriptions for all params
Define outputs - Make resource IDs available to callers
Set deployment scope - Explicit targetScope declaration

Resource Naming

Follow Azure conventions - Use resource type abbreviations
Include environment - Clear distinction between dev/staging/prod
Use unique suffixes - uniqueString() for globally unique names
Be consistent - Same pattern across all resources
Document convention - Explain naming in README

Security

Use managed identities - Avoid storing credentials
Enable diagnostic logging - Configure in AVM modules
Apply least privilege - RBAC via AVM parameters
Use private endpoints - Where applicable
Enable encryption - Use AVM's security defaults

Additional Notes

AVM Module Registry

Modules are referenced using:

module resource 'br/public:avm/res/{provider}/{type}:{version}' = {
  // ...
}

Finding Modules

Browse: https://aka.ms/avm
Search: Use resource type (e.g., "storage account")
CLI: az bicep list-versions --module-path "br/public:avm/..."

Updating Modules

Check new versions: az bicep list-versions ...
Review changelog for breaking changes
Update version in main.bicep
Test deployment in dev environment
Promote to staging/production

Custom Wrappers

Create wrappers only when:

Need project-specific defaults
Combining multiple AVM modules
Adding custom logic on top of AVM

Otherwise, use AVM modules directly.

Version History

v1.1.0 (2025-07-15)

Phase 4 Migration: Replaced hardcoded ../../context/ and ../../memory/ paths with ContextProvider and MemoryStore interface calls
Added YAML frontmatter with context/memory declarations
Added Interface References section

v1.0.0 (2025-11-18)

Initial Release

Complete Bicep generation using Azure Verified Modules
Support for all common Azure resources
Multi-environment support with bicepparams
Custom wrapper module generation
Resource naming convention support
Memory system for configuration tracking
Comprehensive context for AVM usage