Welcome to Agustín Hernán Borrajo's cloud consulting microsite !

 The main purpose of this web is to share my 20+ years of experience on Hybrid Cloud Infrastructure & Cybersecurity.
 A detailed description of concrete work experiences and skills can be found in my 2025 resume.
 You can explore and read my online technical articles expanding the below menu:

 Programmatically create 'n' Azure VMs using Bicep templates and GitHub actions workflows.            🔽

 You can use Azure Bicep Templates to define your VM infrastructure and a GitHub Actions workflow to automate their deployment.
 The pipeline runs the IaC that programmatically provisions 'n' number of Azure Virtual Machines iteratively.
 This article is a step-by-step guide to implement such Infrastructure as Code automation ( IaC + .bicep + .yaml ).

 VMs-via-BICEP-programmatic-iterative 📑 < Public GitHub Repository that contains all the IaC files that we need.

🔸 FIRST: We create a GitHub Repo where the main.bicep, vm.bicep module, deploy.yml pipeline and .json parameters will be commited/pushed.
 Create an Azure Resource Group, a Managed Identity and a Federated Identity Credential to integrate with GitHub via VSCode PS console 
 --------------------------------------------------------------------------------------------------------------------------------------------- 
 $managedIdentityName = "bicep-demo-deploy-federation"
 $subscriptionID = "<YOUR-AZURE-SUBSCRIPTION-ID"> # az account show # portal.azure.com
 $resourceGroupName = "VMs-via-BICEP-programmatic-iterative"
 New-AzResourceGroup -Name "managed-identity" -Location "eastus"
 Register-AzResourceProvider -ProviderNamespace Microsoft.ManagedIdentity
 $managedIdentity = New-AzUserAssignedIdentity -Name $managedIdentityName -ResourceGroupName managed-identity -Location eastus
 New-AzResourceGroup -Name $resourceGroupName -Location eastus
 $roleAssignment = New-AzRoleAssignment -ObjectId $managedIdentity.PrincipalId -RoleDefinitionName "Contributor" -Scope "/subscriptions/${subscriptionID} 
 /resourceGroups/${resourceGroupName}"
 $githubOrganization = "agustinborrajo"
 $environmentName = "deploy"
 $repoName = "VMs-via-BICEP-programmatic-iterative"
 $subjectUri = "repo:${githubOrganization}/${repoName}:environment:${environmentName}"
 New-AzFederatedIdentityCredential -ResourceGroupName managed-identity -IdentityName $managedIdentity.name -Name bicep-demo-federation -Issuer "https://
 token.actions.githubusercontent.com" -Subject $subjectUri
 $managedIdentity.ClientID
 --------------------------------------------------------------------------------------------------------------------------------------------- 
 The last command $managedIdentity.ClientID gives you the GitHub Environment Secret needed to complete the integration with Azure  
 
🔸 VISUAL STUDIO CODE : The below orientative snapshot shows the above commands and their output.

 

        
🔸 GITHUB ENVIRONMENT SECRETS : We add the above CLIENT_ID (Federated Identity Credential) + Azure Subscription ID + Azure Tenant + VM USR/PSW.

 

        
🔸 VISUAL STUDIO CODE : We create/open deploy.yml (pipeline) + vm.bicep (module) + main.bicep (iteration) + dev.parameter.json (params).
 VMs-via-BICEP-programmatic-iterative  📑 can be forked to get the below IaC files:

 

        
🔸 GITHUB : deploy.yml (pipeline) + vm.bicep (module) + main.bicep (iteration) + dev.parameter.json (params) after the commit/push (below):

 

        
🔸 GITHUB + AZURE : All VMs, NICs, IPs & DSK resources are created Once the pipeline successfully Runs the Azure Bicep Deployment.

 

        
🔸 WRAPPING-UP : The above automation enables the creation of Azure Infrastructure Resources in less than 5 minutes once the pipeline starts to run.

 VMs-via-BICEP-programmatic-iterative  📑 


 Linkedin reference to this article 



  Programmatically create 'n' Azure VMs using Bicep templates and GitHub actions workflows.            🔽

 This article was originally published on 2025-AUG-21 and last reviewed on 2025-AUG-21.