Bicep continues to evolve as one of the most powerful tools for declarative infrastructure deployment tool in Azure.
With the release of Bicep v0.32, a feature has been introduced: the ability to retrieve the principal ID of the user or identity executing the Bicep deployment, using the az.deployer().objectId function.
This feature enhances visibility and traceability in deployment operations, making it easier to implement governance and compliance practices.
Let’s get started.
What is az.deployer().objectId?
The az.deployer().objectId function belongs to the az namespace in Bicep and retrieves the object ID (principal ID) of the identity performing the deployment. This identity could be.
- The user executing the deployment
- A service principal
- A managed identity, if used in the deployment process
This functionality ensures that deployment details, such as the executor's identity, can be captured programmatically within the resource declarations.
Why is This Important?
In modern DevOps and governance practices, it's crucial to know who initiated a deployment for reasons including.
- Audit trails and compliance
- Tagging and ownership assignment for deployed resources
- Debugging and tracing deployment issues
With az.deployer().objectId, automating the inclusion of this metadata in resource configurations becomes effortless.
Simple Use Case: Adding a created-by-tag Tag
One practical application of this feature is tagging resources with a created-by tag that records the principal ID of the user or identity responsible for creating the resource. Here's an example:
Example. Tagging a Storage Account with created-by.