bicep
Expert assistance for Azure Bicep infrastructure-as-code. Provides best practices for authoring Bicep templates, Azure resource type discovery with API versions, resource schema retrieval, and Azure Verified Modules (AVM) guidance. Use when writing Bicep files, deploying Azure resources, looking up resource types/schemas, or working with AVM modules.
Best use case
bicep is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Expert assistance for Azure Bicep infrastructure-as-code. Provides best practices for authoring Bicep templates, Azure resource type discovery with API versions, resource schema retrieval, and Azure Verified Modules (AVM) guidance. Use when writing Bicep files, deploying Azure resources, looking up resource types/schemas, or working with AVM modules.
Teams using bicep should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/bicep/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How bicep Compares
| Feature / Agent | bicep | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Expert assistance for Azure Bicep infrastructure-as-code. Provides best practices for authoring Bicep templates, Azure resource type discovery with API versions, resource schema retrieval, and Azure Verified Modules (AVM) guidance. Use when writing Bicep files, deploying Azure resources, looking up resource types/schemas, or working with AVM modules.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Bicep Expert Assistant
Expert guidance for Azure Bicep infrastructure-as-code development, including best practices, resource type discovery, schema retrieval, and Azure Verified Modules.
## Core Capabilities
This skill provides four main functions equivalent to the Bicep MCP Server:
1. **Best Practices** - Comprehensive Bicep authoring guidelines
2. **Resource Type Discovery** - List Azure resource types with API versions
3. **Schema Retrieval** - Get detailed schemas for resource types
4. **AVM Metadata** - Azure Verified Modules information
## Instructions
### When User Asks About Bicep Best Practices
Provide guidance from the comprehensive best practices below. Focus on the specific area they're asking about (parameters, variables, resources, modules, naming, security, etc.).
### When User Needs Resource Types for a Provider
Run the helper script to list resource types:
```bash
# PowerShell
./scripts/get-resource-types.ps1 -Provider "Microsoft.Storage"
# Bash
./scripts/get-resource-types.sh "Microsoft.Storage"
```
Or use Azure CLI directly:
```bash
az provider show --namespace Microsoft.Storage --query "resourceTypes[].{Type:resourceType,ApiVersions:apiVersions[0]}" -o table
```
### When User Needs a Resource Schema
Use Bicep CLI to get the schema:
```bash
bicep build-params --stdout <<< "param resourceType string = 'Microsoft.Storage/storageAccounts@2023-05-01'"
```
Or reference the helper script in `scripts/get-resource-schema.ps1`
### When User Asks About Azure Verified Modules
Provide AVM guidance and help them find appropriate modules from the Bicep Public Registry.
---
## Bicep Best Practices Reference
### Parameters
1. **Use descriptive names**: Parameters should have clear, meaningful names that indicate their purpose
```bicep
// Good
param storageAccountName string
param enableHttpsTrafficOnly bool = true
// Avoid
param san string
param flag bool
```
2. **Provide descriptions**: Always add `@description()` decorator
```bicep
@description('The name of the storage account. Must be globally unique.')
param storageAccountName string
```
3. **Set safe defaults**: Default values should be secure and cost-effective
```bicep
@description('The SKU for the storage account')
@allowed(['Standard_LRS', 'Standard_GRS', 'Standard_ZRS', 'Premium_LRS'])
param storageAccountSku string = 'Standard_LRS'
```
4. **Use constraints wisely**: Apply `@minLength()`, `@maxLength()`, `@minValue()`, `@maxValue()`
```bicep
@minLength(3)
@maxLength(24)
param storageAccountName string
```
5. **Use `@allowed` sparingly**: Overly restrictive lists block valid deployments as Azure adds new SKUs
6. **Secure sensitive parameters**: Use `@secure()` for secrets
```bicep
@secure()
param adminPassword string
```
### Variables
1. **Use for computed values**: Variables simplify complex expressions
```bicep
var storageAccountName = '${prefix}${uniqueString(resourceGroup().id)}'
```
2. **Use for repeated values**: Define once, use multiple times
```bicep
var commonTags = {
environment: environment
project: projectName
deployedBy: 'Bicep'
}
```
3. **Typed variables** (Bicep 0.26+): Add types for clarity
```bicep
var instanceCount int = environment == 'prod' ? 5 : 2
```
### Resources
1. **Use symbolic names without 'name' suffix**:
```bicep
// Good
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
// Avoid
resource storageAccountName 'Microsoft.Storage/storageAccounts@2023-05-01' = {
```
2. **Use latest stable API versions**: Check for the most recent stable API version
3. **Leverage implicit dependencies**: Bicep automatically handles dependencies when you reference resources
```bicep
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
name: storageAccountName
// ...
}
resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-05-01' = {
parent: storageAccount // Implicit dependency
name: 'default'
}
```
4. **Use `existing` keyword for references**:
```bicep
resource existingVnet 'Microsoft.Network/virtualNetworks@2023-09-01' existing = {
name: vnetName
}
```
### Child Resources
1. **Use nested declaration** (preferred):
```bicep
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
name: storageAccountName
// ...
resource blobService 'blobServices' = {
name: 'default'
}
}
```
2. **Or use parent property**:
```bicep
resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-05-01' = {
parent: storageAccount
name: 'default'
}
```
### Modules
1. **Use modules for reusability**: Break large templates into focused modules
```bicep
module storageModule 'modules/storage.bicep' = {
name: 'storageDeployment'
params: {
storageAccountName: storageAccountName
location: location
}
}
```
2. **Use Azure Verified Modules**: Leverage pre-built, tested modules from the Bicep Registry
```bicep
module storage 'br/public:avm/res/storage/storage-account:0.9.0' = {
name: 'storageDeployment'
params: {
name: storageAccountName
location: location
}
}
```
3. **Version your modules**: Always pin to specific versions
### Naming Conventions
1. **Use camelCase** for parameters, variables, and symbolic names
2. **Use `uniqueString()` for unique names**:
```bicep
var storageAccountName = 'st${uniqueString(resourceGroup().id)}'
```
3. **Add prefixes for context**: Include environment, project, or region prefixes
4. **Follow Azure naming constraints**: Check character limits and allowed characters
### Outputs
1. **Expose essential values**: Output what consumers need
```bicep
output storageAccountId string = storageAccount.id
output primaryEndpoints object = storageAccount.properties.primaryEndpoints
```
2. **Never output secrets**: Use Key Vault references instead
```bicep
// WRONG - Never do this
output connectionString string = storageAccount.listKeys().keys[0].value
```
### Security Best Practices
1. **Use managed identities** instead of credentials where possible
2. **Enable HTTPS/TLS** for all services
3. **Use private endpoints** for sensitive resources
4. **Apply least privilege** with RBAC assignments
5. **Enable diagnostic logging** and monitoring
6. **Use Key Vault** for secrets management
7. **Enable encryption** at rest and in transit
### Code Organization
1. **File structure**:
```
project/
├── main.bicep # Entry point
├── main.bicepparam # Parameters file
├── modules/
│ ├── networking.bicep
│ ├── storage.bicep
│ └── compute.bicep
└── tests/
└── main.tests.bicep
```
2. **Order of elements in files**:
- Target scope (if not resourceGroup)
- Parameters
- Variables
- Resources
- Modules
- Outputs
3. **Comments**: Use `//` for single-line, `/* */` for multi-line
---
## Azure Verified Modules (AVM)
### What is AVM?
Azure Verified Modules are pre-built, tested Bicep modules maintained by Microsoft that follow best practices and the Well-Architected Framework.
### Using AVM Modules
```bicep
// Reference from Bicep Public Registry
module storage 'br/public:avm/res/storage/storage-account:0.9.0' = {
name: 'storageDeployment'
params: {
name: 'mystorageaccount'
location: location
}
}
```
### Finding AVM Modules
1. Browse: https://azure.github.io/Azure-Verified-Modules/indexes/bicep/
2. GitHub: https://github.com/Azure/bicep-registry-modules
3. Registry: `mcr.microsoft.com` for container images
### Module Types
- **Resource Modules (`avm/res/`)**: Single Azure resource with all configurations
- **Pattern Modules (`avm/ptn/`)**: Multi-resource patterns for common scenarios
- **Utility Modules (`avm/utl/`)**: Helper types and functions
---
## Common Resource Type Examples
### Storage Account
```bicep
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
supportsHttpsTrafficOnly: true
minimumTls }
}
```
### Virtual Network
```bicep
resource vnet 'Microsoft.Network/virtualNetworks@2023-09-01' = {
name: vnetName
location: location
properties: {
addressSpace: {
addressPrefixes: ['10.0.0.0/16']
}
subnets: [
{
name: 'default'
properties: {
addressPrefix: '10.0.1.0/24'
}
}
]
}
}
```
### Key Vault
```bicep
resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
name: keyVaultName
location: location
properties: {
tenantId: subscription().tenantId
sku: {
family: 'A'
name: 'standard'
}
enableRbacAuthorization: true
enableSoftDelete: true
softDeleteRetentionInDays: 90
}
}
```
---
## When to Use This Skill
- Writing or reviewing Bicep templates
- Looking up Azure resource types and API versions
- Finding the correct schema for a resource type
- Using Azure Verified Modules
- Applying Bicep best practices
- Deploying Azure infrastructure with IaC
## Keywords
bicep, azure, arm, infrastructure as code, iac, resource manager, deployment, template, module, avm, azure verified modules, resource type, schema, api version, storage account, virtual network, key vault, best practicesRelated Skills
bicep-diagrams
Generates architecture diagrams from Azure Bicep files. Use when user has .bicep files or asks to visualize Bicep infrastructure.
bgo
Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.
clawgym
Gym for your bot's brain. Simulates endorphin and flow states — triggers on exercise commands, intense task completion, or social highs. Makes your 🦞 think harder after a workout.
claude-scientific-skills
Scientific research and analysis skills
claude-code-cicd
Expert in integrating Claude Code with CI/CD pipelines. Covers headless mode for non-interactive execution, GitHub Actions and GitLab CI/CD integration, automated code review, issue triage, and PR workflows. Essential for teams wanting AI-powered automation in their development pipelines. Use when "claude code CI/CD, headless mode, GitHub Actions claude, GitLab CI claude, automated code review, PR automation, issue triage, claude-code, cicd, automation, github-actions, gitlab, headless, pipeline, devops" mentioned.
CitedResearch
Research output with proper source citations. USE WHEN conducting research, creating sector analyses, or generating investment notes that need verifiable sources.
citations
Automatically adds user-provided links and citations to docs/research/references.md. Use this skill whenever the user shares a URL, paper, blog post, or external reference that should be recorded.
citation-link-validator
Validates footnote links in articles to prevent broken 404 URLs. Use when Claude needs to generate content with reference citations (research reports, technical documentation, academic articles). Supports two modes - (1) Real-time validation mode - validates each URL during content generation, ensuring zero broken links; (2) Post-validation mode - checks all footnotes in existing documents. Suitable for high-quality citation scenarios including web search data compilation, literature citation, and fact-checking tasks.
circleci-automation
Automate CircleCI tasks via Rube MCP (Composio): trigger pipelines, monitor workflows/jobs, retrieve artifacts and test metadata. Always search tools first for current schemas.
cincopa-automation
Automate Cincopa tasks via Rube MCP (Composio). Always search tools first for current schemas.
cicd
CI/CD pipeline best practices including GitHub Actions, testing, and deployment strategies.
cicd-workflows
Helps understand and write EAS workflow YAML files for Expo projects. Use this skill when the user asks about CI/CD or workflows in an Expo or EAS context, mentions .eas/workflows/, or wants help with EAS build pipelines or deployment automation.