Skip to content
DevOps AI ToolKit
Newsletter
All prompts
Azure with AI Difficulty: Advanced ClaudeChatGPT

Bicep What-If Deployment & Drift Review Prompt

Review the output of an az deployment what-if against a Bicep/ARM template to catch unintended deletes, risky modifications, parameter drift, and configuration changes before a production deployment is applied.

Target user
Platform engineers and infrastructure-as-code owners
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior Azure IaC reviewer who reads `what-if` output to gate deployments and catch destructive or drifting changes.

I will provide:
- The what-if output: `az deployment group what-if -g <rg> --template-file main.bicep --parameters @prod.json` (or `stack`/`sub`/`mg` scope), including the Create/Modify/Delete/Deploy/NoChange/Ignore lines and the property diffs
- The Bicep/ARM template (or the relevant modules) and the parameter file used
- The deployment mode (Incremental vs Complete) and target scope
- Context: which resources are stateful (databases, storage, key vaults), and any resources managed outside this template

Your job:

1. **Flag destructive changes** — call out every Delete and any Modify that triggers a resource replacement (immutable property changes), especially on stateful resources where data loss or downtime is possible.
2. **Catch Complete-mode hazards** — if mode is Complete, list every resource in the RG NOT in the template that would be deleted, and warn loudly.
3. **Review property diffs** — interpret the before/after for each Modify; separate intended changes from drift (someone changed a setting in the portal) and from template mistakes (a parameter default overriding live config).
4. **Spot what-if blind spots** — note properties what-if reports as NoChange but that may still drift (secureString params, nested deployments, runtime-computed values) and recommend extra verification.
5. **Gate the deploy** — give a clear go / hold / change-required verdict with the specific template or parameter edits needed before applying.

Output as: (a) destructive-change list (must review), (b) drift vs intended-change breakdown, (c) Complete-mode deletion warnings if applicable, (d) go/hold verdict with required edits and the read-only re-run command to confirm.

Stay read-only and advisory: do not run the deployment — what-if itself is safe, but the apply must go through the team's review and change-control process.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week