Update AVM Modules In Bicep

An AI skill that updates Azure Verified Modules references in Bicep infrastructure code, scanning templates for outdated module versions and generating updated references with compatible parameter adjustments for safer Azure deployments.

What Is This?

Overview

This skill analyzes Bicep template files for Azure Verified Module (AVM) references and identifies which modules have newer versions available. It checks the AVM registry, compares current versions against latest releases, identifies breaking changes in parameter schemas, and generates updated module references with any necessary parameter adjustments. The output includes a detailed change report showing what was updated and any manual review needed.

Who Should Use This

Essential for Azure infrastructure teams using Bicep with AVM modules, platform engineers maintaining shared module libraries, and DevOps teams who need to keep infrastructure templates current with the latest verified module versions for security and feature updates.

Why Use It?

Problems It Solves

AVM modules receive regular updates with security patches, new features, and bug fixes. Manually tracking which modules have new versions across dozens of Bicep files is tedious and error prone. Updating module versions without checking for parameter changes can break deployments. This skill automates version discovery and highlights compatibility concerns.

Core Highlights

• Version Scanning identifies outdated AVM module references across Bicep files
• Registry Lookup checks the AVM registry for latest available versions
• Breaking Change Detection flags parameter schema differences between versions
• Automated Updates generates updated module references with adjusted parameters
• Change Reports documents every modification for team review before deployment

How to Use It?

Basic Usage

Run the skill against your Bicep files to identify and apply module updates.

// Before: outdated module references
module storageAccount 'br/public:avm/res/storage/storage-account:0.9.0' = {
  name: 'storageDeployment'
  params: {
    name: storageAccountName
    location: location
    skuName: 'Standard_LRS'
    kind: 'StorageV2'
  }
}

// After: updated to latest version with new required parameter
module storageAccount 'br/public:avm/res/storage/storage-account:0.14.0' = {
  name: 'storageDeployment'
  params: {
    name: storageAccountName
    location: location
    skuName: 'Standard_LRS'
    kind: 'StorageV2'
    minimumTlsVersion: 'TLS1_2'
  }
}

Real-World Examples

Enterprise Infrastructure Update Cycle

A platform team managing 40 Bicep templates with 120 AVM module references ran the skill during their quarterly update cycle. It identified 34 modules with available updates, flagged 5 with breaking parameter changes, and automatically updated the remaining 29. The team reviewed only the flagged modules manually.

scan_results:
  files_scanned: 40
  modules_found: 120
  updates_available: 34
  auto_updated: 29
  requires_review: 5

requires_review:
  - module: "avm/res/network/virtual-network:0.4.0"
    latest: "0.6.0"
    breaking: "subnets parameter changed from array to object"
  - module: "avm/res/compute/virtual-machine:0.5.0"
    latest: "0.8.0"
    breaking: "osDisk property restructured"

Advanced Tips

Schedule regular scans as part of your CI pipeline to get early notification of available updates. Pin module versions in production templates and update in staging first. Use the breaking change report to plan migration sprints for major version bumps.

When to Use It?

Use Cases

• Quarterly Updates systematically update all AVM modules across templates
• Security Patches quickly identify and apply security related module updates
• New Feature Adoption discover new module capabilities available in latest versions
• Compliance Requirements ensure infrastructure uses approved module versions
• Migration Planning assess effort needed to move to latest module versions

Related Topics

When updating Bicep modules, these prompts activate the skill:

• "Update AVM modules in my Bicep files"
• "Check for outdated Azure module versions"
• "Scan Bicep templates for module updates"
• "Upgrade Azure Verified Modules to latest"

Important Notes

Requirements

• Azure CLI with Bicep extension installed for template validation
• Access to the AVM public registry for version lookups
• Bicep files must use standard AVM module reference format
• Works with both individual files and entire infrastructure repositories

Usage Recommendations

Do:

• Test updated templates in staging before applying to production
• Review breaking change flags carefully as they may require code changes
• Update modules incrementally rather than jumping multiple major versions
• Keep a changelog of module version updates for audit purposes

Don't:

• Auto-apply updates to production without testing in a lower environment
• Ignore breaking change warnings as they indicate parameter incompatibilities
• Skip validation after updating since bicep build should pass cleanly
• Update all modules simultaneously as this makes it harder to isolate failures

Limitations

• Cannot predict runtime behavior changes from module updates without deployment testing
• Breaking change detection relies on published schema diffs which may be incomplete
• Private or custom module registries need additional configuration for scanning
• Some parameter changes may be semantically breaking without schema level changes