Clearing Azure Deployments

Recently I had the challenge that we are doing a lot of releases and deployments to various environments and eventually we started hitting the threshold in Azure. I believe the default is that an Azure Resource Group can have 800 deployments in the deployment history. Once you hit the threshold your next deployment will fail and you will need to delete some records from the deployment history or get a support call raised to increase the threshold. This started becoming painful so we decided to implement the following approach.

Planned Approach

Below is the approach we plan to use for each environment.

Dev/Test

In the development and build/test environments we expect to perform multiple deployments per day in each resource group as developers make changes. We dont really care about the deployment history in this environment so we will clean it regularly. We just dont want to be blocked.
We want to delete the history of any deployments which are over 30 days old.

UAT

In the UAT environment we expect to do deployments on a semi regular basis. We want to keep a bit of a history of the deployments for governance/audit purposes and maybe troubleshooting.

Production

In production we do not want to delete the history of any deployments. We do not expect to have anywhere near the velocity of deployments to production that we do to dev/test.
What we will do is sometime in the future we will implement a check of how many deployments we have done and if we start to get near the threshold then we will raise an alert to get someone to raise a support call if needed.

Implementation

I decided that as we are using Azure Devops I would implement a build pipeline which would run on a nightly schedule and it would perform the actions needed.

Below is a picture of the pipeline we have so far.

As you can see it is mainly running a series of Azure Powershell steps which are pointed at the appropriate Azure Subscription and Resource Group. Lets look at it in a little more detail.

Install Powershell Modules

First off we need to install a few powershell modules onto the build agent. The below script will add them.

# This will check the list of installed powershell modules on the build agent and install modules we need on the build agent

Install-Module -Name Az -AllowClobber -Force
Install-Module -Name Az.Resources -AllowClobber -Force
Get-installedModule | select Name

Clean Deployments in Resource Group

Next we will use Get-AzResourceGroupDeployment to get the list of deployments which are over 30 days old. We will then iterate over them and use Remove-AzResourceGroupDeployment to delete the deployment.

We can use the same script as shown below to delete all of the deployments we need in Dev/Test.

$resourceGroupName='[Add RG Name Here]'

$deployments = Get-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName | Where-Object Timestamp -lt ((Get-Date).AddDays(-30))

foreach ($deployment in $deployments) {
  Remove-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -Name $deployment.DeploymentName
  Write-Host 'Removed Deployment: ' $deployment.DeploymentName 
}

Adding Support for UAT

I havent added this environment yet while but my plan is to add another Azure Powershell step and to do the same as above but only delete deployments which are over 6 months old.

I will update this article when I get around to adding this.

Adding Support for Prod

I havent added this environment yet but my plan is to use a modified version of the powershell which will do a count of the number of deployments and if we get close to the threshold I will do an HTTP post to a Logic App which I will use to create a support ticket in Service Now so that we can get someone to talk to Microsoft about increasing the threshold.

$resourceGroupName='[Add RG Name Here]'

$deployments = Get-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName 

foreach ($deployment in $deployments) {
 
 #In here I will count the number of deployments and do an http post to a Logic App if needed
 
}
``