diff --git a/bicepconfig.json b/bicepconfig.json
index 6f7008fa9f..3fd4240a72 100644
--- a/bicepconfig.json
+++ b/bicepconfig.json
@@ -7,6 +7,9 @@
"rules": {
"explicit-values-for-loc-params": {
"level": "off" // Reason: Our modules default to e.g. the location of their parent resource group which is sufficient if deploying a self-contained solution
+ },
+ "prefer-unquoted-property-names": {
+ "level": "off" // Reason: This complains primarily about RBAC roles which are all in quotes to be consistent within the list of roles with and without spaces in their name
}
}
}
diff --git a/modules/Microsoft.AAD/DomainServices/deploy.bicep b/modules/Microsoft.AAD/DomainServices/deploy.bicep
index 4ebf3faacb..6dd0d3441b 100644
--- a/modules/Microsoft.AAD/DomainServices/deploy.bicep
+++ b/modules/Microsoft.AAD/DomainServices/deploy.bicep
@@ -35,7 +35,7 @@ param additionalRecipients array = []
])
param domainConfigurationType string = 'FullySynced'
-@description('Optional. The value is to synchronise scoped users and groups.')
+@description('Optional. The value is to synchronize scoped users and groups.')
param filteredSync string = 'Enabled'
@description('Optional. The value is to enable clients making request using TLSv1.')
diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md
index 3983b63fe0..54da13d95d 100644
--- a/modules/Microsoft.AAD/DomainServices/readme.md
+++ b/modules/Microsoft.AAD/DomainServices/readme.md
@@ -44,7 +44,7 @@ This template deploys Azure Active Directory Domain Services (AADDS).
| `domainConfigurationType` | string | `'FullySynced'` | `[FullySynced, ResourceTrusting]` | The value is to provide domain configuration type. |
| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). |
| `externalAccess` | string | `'Enabled'` | `[Enabled, Disabled]` | The value is to enable the Secure LDAP for external services of Azure ADDS Services. |
-| `filteredSync` | string | `'Enabled'` | | The value is to synchronise scoped users and groups. |
+| `filteredSync` | string | `'Enabled'` | | The value is to synchronize scoped users and groups. |
| `kerberosArmoring` | string | `'Enabled'` | `[Enabled, Disabled]` | The value is to enable to provide a protected channel between the Kerberos client and the KDC. |
| `kerberosRc4Encryption` | string | `'Enabled'` | `[Enabled, Disabled]` | The value is to enable Kerberos requests that use RC4 encryption. |
| `ldaps` | string | `'Enabled'` | `[Enabled, Disabled]` | A flag to determine whether or not Secure LDAP is enabled or disabled. |
@@ -207,72 +207,11 @@ $pfxCertificate = [System.Convert]::ToBase64String($rawCertByteStream)
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "domainName": {
- "value": "<>.onmicrosoft.com"
- },
- "sku": {
- "value": "Standard"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "replicaSets": {
- "value": [
- {
- "location": "WestEurope",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-aadds-001/subnets/AADDSSubnet"
- }
- ]
- },
- "pfxCertificate": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "pfxBase64Certificate"
- }
- },
- "pfxCertificatePassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "pfxCertificatePassword"
- }
- },
- "additionalRecipients": {
- "value": [
- "<>@noreply.github.com"
- ]
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -287,24 +226,94 @@ resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
module DomainServices './Microsoft.AAD/DomainServices/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-DomainServices'
params: {
+ // Required parameters
domainName: '<>.onmicrosoft.com'
- sku: 'Standard'
+ // Non-required parameters
+ additionalRecipients: [
+ '<>@noreply.github.com'
+ ]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
lock: 'CanNotDelete'
+ pfxCertificate: kv1.getSecret('pfxBase64Certificate')
+ pfxCertificatePassword: kv1.getSecret('pfxCertificatePassword')
replicaSets: [
{
location: 'WestEurope'
subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-aadds-001/subnets/AADDSSubnet'
}
]
- pfxCertificate: kv1.getSecret('pfxBase64Certificate')
- pfxCertificatePassword: kv1.getSecret('pfxCertificatePassword')
- additionalRecipients: [
- '<>@noreply.github.com'
- ]
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ sku: 'Standard'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "domainName": {
+ "value": "<>.onmicrosoft.com"
+ },
+ // Non-required parameters
+ "additionalRecipients": {
+ "value": [
+ "<>@noreply.github.com"
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "pfxCertificate": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "pfxBase64Certificate"
+ }
+ },
+ "pfxCertificatePassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "pfxCertificatePassword"
+ }
+ },
+ "replicaSets": {
+ "value": [
+ {
+ "location": "WestEurope",
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-aadds-001/subnets/AADDSSubnet"
+ }
+ ]
+ },
+ "sku": {
+ "value": "Standard"
+ }
}
}
```
diff --git a/modules/Microsoft.AnalysisServices/servers/readme.md b/modules/Microsoft.AnalysisServices/servers/readme.md
index a5e08d351a..3b1fe5c97a 100644
--- a/modules/Microsoft.AnalysisServices/servers/readme.md
+++ b/modules/Microsoft.AnalysisServices/servers/readme.md
@@ -157,82 +157,11 @@ roleAssignments: [
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azasweumax001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "skuName": {
- "value": "S0"
- },
- "skuCapacity": {
- "value": 1
- },
- "firewallSettings": {
- "value": {
- "firewallRules": [
- {
- "firewallRuleName": "AllowFromAll",
- "rangeStart": "0.0.0.0",
- "rangeEnd": "255.255.255.255"
- }
- ],
- "enablePowerBIService": true
- }
- },
- "diagnosticLogsRetentionInDays": {
- "value": 365
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogCategoriesToEnable": {
- "value": [
- "Engine",
- "Service"
- ]
- },
- "diagnosticMetricsToEnable": {
- "value": [
- "AllMetrics"
- ]
- }
- }
-}
-```
-
-
+Example 1: Max
@@ -242,40 +171,42 @@ roleAssignments: [
module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-servers'
params: {
+ // Required parameters
name: '<>azasweumax001'
- lock: 'CanNotDelete'
- skuName: 'S0'
- skuCapacity: 1
+ // Non-required parameters
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogCategoriesToEnable: [
+ 'Engine'
+ 'Service'
+ ]
+ diagnosticLogsRetentionInDays: 365
+ diagnosticMetricsToEnable: [
+ 'AllMetrics'
+ ]
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
firewallSettings: {
+ enablePowerBIService: true
firewallRules: [
{
firewallRuleName: 'AllowFromAll'
- rangeStart: '0.0.0.0'
rangeEnd: '255.255.255.255'
+ rangeStart: '0.0.0.0'
}
]
- enablePowerBIService: true
}
- diagnosticLogsRetentionInDays: 365
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ lock: 'CanNotDelete'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogCategoriesToEnable: [
- 'Engine'
- 'Service'
- ]
- diagnosticMetricsToEnable: [
- 'AllMetrics'
- ]
+ skuCapacity: 1
+ skuName: 'S0'
}
}
```
@@ -283,25 +214,85 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azasweumin001"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azasweumax001"
+ },
+ // Non-required parameters
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogCategoriesToEnable": {
+ "value": [
+ "Engine",
+ "Service"
+ ]
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 365
+ },
+ "diagnosticMetricsToEnable": {
+ "value": [
+ "AllMetrics"
+ ]
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "firewallSettings": {
+ "value": {
+ "enablePowerBIService": true,
+ "firewallRules": [
+ {
+ "firewallRuleName": "AllowFromAll",
+ "rangeEnd": "255.255.255.255",
+ "rangeStart": "0.0.0.0"
+ }
+ ]
+ }
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
+ },
+ "skuCapacity": {
+ "value": 1
+ },
+ "skuName": {
+ "value": "S0"
}
+ }
}
```
+
+
+
Example 2: Min
@@ -319,56 +310,26 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azasweux001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "skuName": {
- "value": "S0"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>azasweumin001"
}
+ }
}
```
+
+
+
Example 3: Parameters
@@ -378,22 +339,76 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-servers'
params: {
+ // Required parameters
name: '<>azasweux001'
+ // Non-required parameters
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
lock: 'CanNotDelete'
- skuName: 'S0'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ skuName: 'S0'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azasweux001"
+ },
+ // Non-required parameters
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "skuName": {
+ "value": "S0"
+ }
}
}
```
diff --git a/modules/Microsoft.ApiManagement/service/readme.md b/modules/Microsoft.ApiManagement/service/readme.md
index c6734912af..f77ca283df 100644
--- a/modules/Microsoft.ApiManagement/service/readme.md
+++ b/modules/Microsoft.ApiManagement/service/readme.md
@@ -268,193 +268,11 @@ userAssignedIdentities: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-apim-max-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "publisherEmail": {
- "value": "apimgmt-noreply@mail.windowsazure.com"
- },
- "publisherName": {
- "value": "<>-az-amorg-x-001"
- },
- "apis": {
- "value": [
- {
- "name": "echo-api",
- "displayName": "Echo API",
- "path": "echo",
- "serviceUrl": "http://echoapi.cloudapp.net/api",
- "apiVersionSet": {
- "name": "echo-version-set",
- "properties": {
- "description": "echo-version-set",
- "displayName": "echo-version-set",
- "versioningScheme": "Segment"
- }
- }
- }
- ]
- },
- "authorizationServers": {
- "value": [
- {
- "name": "AuthServer1",
- "authorizationEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize",
- "grantTypes": [
- "authorizationCode"
- ],
- "clientCredentialsKeyVaultId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "clientIdSecretName": "apimclientid",
- "clientSecretSecretName": "apimclientsecret",
- "clientRegistrationEndpoint": "http://localhost",
- "tokenEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token"
- }
- ]
- },
- "backends": {
- "value": [
- {
- "name": "backend",
- "url": "http://echoapi.cloudapp.net/api",
- "tls": {
- "validateCertificateChain": false,
- "validateCertificateName": false
- }
- }
- ]
- },
- "caches": {
- "value": [
- {
- "name": "westeurope",
- "connectionString": "connectionstringtest",
- "useFromLocation": "westeurope"
- }
- ]
- },
- "identityProviders": {
- "value": [
- {
- "name": "aadProvider"
- }
- ]
- },
- "namedValues": {
- "value": [
- {
- "name": "apimkey",
- "displayName": "apimkey",
- "secret": true
- }
- ]
- },
- "policies": {
- "value": [
- {
- "value": " ",
- "format": "xml"
- }
- ]
- },
- "portalSettings": {
- "value": [
- {
- "name": "signin",
- "properties": {
- "enabled": false
- }
- },
- {
- "name": "signup",
- "properties": {
- "enabled": false,
- "termsOfService": {
- "enabled": false,
- "consentRequired": false
- }
- }
- }
- ]
- },
- "products": {
- "value": [
- {
- "name": "Starter",
- "subscriptionRequired": false,
- "approvalRequired": false,
- "apis": [
- {
- "name": "echo-api"
- }
- ],
- "groups": [
- {
- "name": "developers"
- }
- ]
- }
- ]
- },
- "subscriptions": {
- "value": [
- {
- "scope": "/apis",
- "name": "testArmSubscriptionAllApis"
- }
- ]
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
- }
-}
-```
-
-
+Example 1: Max
@@ -464,16 +282,13 @@ userAssignedIdentities: {
module service './Microsoft.ApiManagement/service/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-service'
params: {
+ // Required parameters
name: '<>-az-apim-max-001'
- lock: 'CanNotDelete'
publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
publisherName: '<>-az-amorg-x-001'
+ // Non-required parameters
apis: [
{
- name: 'echo-api'
- displayName: 'Echo API'
- path: 'echo'
- serviceUrl: 'http://echoapi.cloudapp.net/api'
apiVersionSet: {
name: 'echo-version-set'
properties: {
@@ -482,55 +297,65 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
versioningScheme: 'Segment'
}
}
+ displayName: 'Echo API'
+ name: 'echo-api'
+ path: 'echo'
+ serviceUrl: 'http://echoapi.cloudapp.net/api'
}
]
authorizationServers: [
{
- name: 'AuthServer1'
authorizationEndpoint: 'https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize'
- grantTypes: [
- 'authorizationCode'
- ]
clientCredentialsKeyVaultId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
clientIdSecretName: 'apimclientid'
- clientSecretSecretName: 'apimclientsecret'
clientRegistrationEndpoint: 'http://localhost'
+ clientSecretSecretName: 'apimclientsecret'
+ grantTypes: [
+ 'authorizationCode'
+ ]
+ name: 'AuthServer1'
tokenEndpoint: 'https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token'
}
]
backends: [
{
name: 'backend'
- url: 'http://echoapi.cloudapp.net/api'
tls: {
validateCertificateChain: false
validateCertificateName: false
}
+ url: 'http://echoapi.cloudapp.net/api'
}
]
caches: [
{
- name: 'westeurope'
connectionString: 'connectionstringtest'
+ name: 'westeurope'
useFromLocation: 'westeurope'
}
]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
identityProviders: [
{
name: 'aadProvider'
}
]
+ lock: 'CanNotDelete'
namedValues: [
{
- name: 'apimkey'
displayName: 'apimkey'
+ name: 'apimkey'
secret: true
}
]
policies: [
{
- value: ' '
format: 'xml'
+ value: ' '
}
]
portalSettings: [
@@ -545,52 +370,47 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
properties: {
enabled: false
termsOfService: {
- enabled: false
consentRequired: false
+ enabled: false
}
}
}
]
products: [
{
- name: 'Starter'
- subscriptionRequired: false
- approvalRequired: false
apis: [
{
name: 'echo-api'
}
]
+ approvalRequired: false
groups: [
{
name: 'developers'
}
]
+ name: 'Starter'
+ subscriptionRequired: false
+ }
+ ]
+ roleAssignments: [
+ {
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
}
]
subscriptions: [
{
- scope: '/apis'
name: 'testArmSubscriptionAllApis'
+ scope: '/apis'
}
]
systemAssignedIdentity: true
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
- }
- ]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
}
}
```
@@ -598,31 +418,196 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-apim-min-001"
- },
- "publisherEmail": {
- "value": "apimgmt-noreply@mail.windowsazure.com"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-apim-max-001"
+ },
+ "publisherEmail": {
+ "value": "apimgmt-noreply@mail.windowsazure.com"
+ },
+ "publisherName": {
+ "value": "<>-az-amorg-x-001"
+ },
+ // Non-required parameters
+ "apis": {
+ "value": [
+ {
+ "apiVersionSet": {
+ "name": "echo-version-set",
+ "properties": {
+ "description": "echo-version-set",
+ "displayName": "echo-version-set",
+ "versioningScheme": "Segment"
+ }
+ },
+ "displayName": "Echo API",
+ "name": "echo-api",
+ "path": "echo",
+ "serviceUrl": "http://echoapi.cloudapp.net/api"
+ }
+ ]
+ },
+ "authorizationServers": {
+ "value": [
+ {
+ "authorizationEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize",
+ "clientCredentialsKeyVaultId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "clientIdSecretName": "apimclientid",
+ "clientRegistrationEndpoint": "http://localhost",
+ "clientSecretSecretName": "apimclientsecret",
+ "grantTypes": [
+ "authorizationCode"
+ ],
+ "name": "AuthServer1",
+ "tokenEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token"
+ }
+ ]
+ },
+ "backends": {
+ "value": [
+ {
+ "name": "backend",
+ "tls": {
+ "validateCertificateChain": false,
+ "validateCertificateName": false
+ },
+ "url": "http://echoapi.cloudapp.net/api"
+ }
+ ]
+ },
+ "caches": {
+ "value": [
+ {
+ "connectionString": "connectionstringtest",
+ "name": "westeurope",
+ "useFromLocation": "westeurope"
+ }
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "identityProviders": {
+ "value": [
+ {
+ "name": "aadProvider"
+ }
+ ]
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "namedValues": {
+ "value": [
+ {
+ "displayName": "apimkey",
+ "name": "apimkey",
+ "secret": true
+ }
+ ]
+ },
+ "policies": {
+ "value": [
+ {
+ "format": "xml",
+ "value": " "
+ }
+ ]
+ },
+ "portalSettings": {
+ "value": [
+ {
+ "name": "signin",
+ "properties": {
+ "enabled": false
+ }
},
- "publisherName": {
- "value": "<>-az-amorg-x-001"
+ {
+ "name": "signup",
+ "properties": {
+ "enabled": false,
+ "termsOfService": {
+ "consentRequired": false,
+ "enabled": false
+ }
+ }
}
+ ]
+ },
+ "products": {
+ "value": [
+ {
+ "apis": [
+ {
+ "name": "echo-api"
+ }
+ ],
+ "approvalRequired": false,
+ "groups": [
+ {
+ "name": "developers"
+ }
+ ],
+ "name": "Starter",
+ "subscriptionRequired": false
+ }
+ ]
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "subscriptions": {
+ "value": [
+ {
+ "name": "testArmSubscriptionAllApis",
+ "scope": "/apis"
+ }
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 2: Min
@@ -632,6 +617,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
module service './Microsoft.ApiManagement/service/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-service'
params: {
+ // Required parameters
name: '<>-az-apim-min-001'
publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
publisherName: '<>-az-amorg-x-001'
@@ -642,72 +628,33 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-apim-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "publisherEmail": {
- "value": "apimgmt-noreply@mail.windowsazure.com"
- },
- "publisherName": {
- "value": "<>-az-amorg-x-001"
- },
- "portalSettings": {
- "value": [
- {
- "name": "signin",
- "properties": {
- "enabled": false
- }
- },
- {
- "name": "signup",
- "properties": {
- "enabled": false,
- "termsOfService": {
- "enabled": false,
- "consentRequired": false
- }
- }
- }
- ]
- },
- "policies": {
- "value": [
- {
- "value": " ",
- "format": "xml"
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-apim-min-001"
+ },
+ "publisherEmail": {
+ "value": "apimgmt-noreply@mail.windowsazure.com"
+ },
+ "publisherName": {
+ "value": "<>-az-amorg-x-001"
}
+ }
}
```
+
+
+
Example 3: Parameters
@@ -717,10 +664,18 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
module service './Microsoft.ApiManagement/service/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-service'
params: {
+ // Required parameters
name: '<>-az-apim-x-001'
- lock: 'CanNotDelete'
publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
publisherName: '<>-az-amorg-x-001'
+ // Non-required parameters
+ lock: 'CanNotDelete'
+ policies: [
+ {
+ format: 'xml'
+ value: ' '
+ }
+ ]
portalSettings: [
{
name: 'signin'
@@ -733,24 +688,18 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
properties: {
enabled: false
termsOfService: {
- enabled: false
consentRequired: false
+ enabled: false
}
}
}
]
- policies: [
- {
- value: ' '
- format: 'xml'
- }
- ]
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -759,3 +708,71 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-apim-x-001"
+ },
+ "publisherEmail": {
+ "value": "apimgmt-noreply@mail.windowsazure.com"
+ },
+ "publisherName": {
+ "value": "<>-az-amorg-x-001"
+ },
+ // Non-required parameters
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "policies": {
+ "value": [
+ {
+ "format": "xml",
+ "value": " "
+ }
+ ]
+ },
+ "portalSettings": {
+ "value": [
+ {
+ "name": "signin",
+ "properties": {
+ "enabled": false
+ }
+ },
+ {
+ "name": "signup",
+ "properties": {
+ "enabled": false,
+ "termsOfService": {
+ "consentRequired": false,
+ "enabled": false
+ }
+ }
+ }
+ ]
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md
index f70de3d865..e1b3cade81 100644
--- a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md
+++ b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md
@@ -7,7 +7,6 @@ This module deploys an App Configuration Store.
- [Resource types](#Resource-types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
-- [Deployment examples](#Deployment-examples)
## Resource types
@@ -169,85 +168,6 @@ roleAssignments: [
-=======
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "<>", // e.g. vault, registry, file, blob, queue, table etc.
- "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified
- "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
- ],
- "customDnsConfigs": [ // Optional
- {
- "fqdn": "customname.test.local",
- "ipAddresses": [
- "10.10.10.10"
- ]
- }
- ]
- },
- // Example showing only mandatory fields
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "<>" // e.g. vault, registry, file, blob, queue, table etc.
- }
- ]
-}
-```
-
-
-
-
-
-Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: '<>' // e.g. vault registry file blob queue table etc.
- privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified
- '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net'
- ]
- // Optional
- customDnsConfigs: [
- {
- fqdn: 'customname.test.local'
- ipAddresses: [
- '10.10.10.10'
- ]
- }
- ]
- }
- // Example showing only mandatory fields
- {
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: '<>' // e.g. vault registry file blob queue table etc.
- }
-]
-```
-
-
-
-
->>>>>>> 3c13c7e234f0efcae26a25417453c58843d2002d
## Outputs
| Output Name | Type | Description |
@@ -255,153 +175,3 @@ privateEndpoints: [
| `name` | string | The name of the key values. |
| `resourceGroupName` | string | The resource group the batch account was deployed into. |
| `resourceId` | string | The resource ID of the key values. |
-
-## Deployment examples
-
-
Example 1
-
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-appcs-min-001"
- }
- }
-}
-
-```
-
-
-
-
-
-via Bicep module
-
-```bicep
-module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
- name: '${uniqueString(deployment().name)}-configurationStores'
- params: {
- name: '<>-az-appcs-min-001'
- }
-```
-
-
-
-
-
Example 2
-
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-appcs-x-001"
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "createMode": {
- "value": "Default"
- },
- "disableLocalAuth": {
- "value": false
- },
- "enablePurgeProtection": {
- "value": false
- },
- "publicNetworkAccess": {
- "value": "Enabled"
- },
- "softDeleteRetentionInDays": {
- "value": 1
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "configurationStores"
- }
- ]
- }
- }
-}
-
-```
-
-
-
-
-
-via Bicep module
-
-```bicep
-module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
- name: '${uniqueString(deployment().name)}-configurationStores'
- params: {
- name: '<>-az-appcs-x-001'
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
- systemAssignedIdentity: true
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
- }
- ]
- createMode: 'Default'
- disableLocalAuth: false
- enablePurgeProtection: false
- publicNetworkAccess: 'Enabled'
- softDeleteRetentionInDays: 1
- privateEndpoints: [
- {
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
- service: 'configurationStores'
- }
- ]
- }
-```
-
-
-
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md
index 42e1502cd5..7651115a55 100644
--- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md
+++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md
@@ -189,7 +189,6 @@ roleAssignments: [
-=======
### Parameter Usage: `privateEndpoints`
To use Private Endpoint the following dependencies must be deployed:
@@ -267,7 +266,6 @@ privateEndpoints: [
->>>>>>> 3c13c7e234f0efcae26a25417453c58843d2002d
## Outputs
| Output Name | Type | Description |
@@ -280,25 +278,11 @@ privateEndpoints: [
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-appcs-min-001"
- }
- }
-}
-```
-
-
+Example 1: Min
@@ -316,96 +300,26 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-appcs-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "keyValues": {
- "value": [
- {
- "name": "keyName",
- "value": "valueName",
- "contentType": "contentType",
- "roleAssignments": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "createMode": {
- "value": "Default"
- },
- "disableLocalAuth": {
- "value": false
- },
- "enablePurgeProtection": {
- "value": false
- },
- "publicNetworkAccess": {
- "value": "Enabled"
- },
- "softDeleteRetentionInDays": {
- "value": 1
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "configurationStores"
- }
- ]
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>-az-appcs-min-001"
}
+ }
}
```
+
+
+
Example 2: Parameters
@@ -415,48 +329,142 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-configurationStores'
params: {
+ // Required parameters
name: '<>-az-appcs-x-001'
- lock: 'CanNotDelete'
+ // Non-required parameters
+ createMode: 'Default'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
diagnosticLogsRetentionInDays: 7
diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
- systemAssignedIdentity: true
+ disableLocalAuth: false
+ enablePurgeProtection: false
keyValues: [
{
- name: 'keyName'
- value: 'valueName'
contentType: 'contentType'
+ name: 'keyName'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
+ value: 'valueName'
}
]
+ lock: 'CanNotDelete'
+ privateEndpoints: [
+ {
+ service: 'configurationStores'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
+ }
+ ]
+ publicNetworkAccess: 'Enabled'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- createMode: 'Default'
- disableLocalAuth: false
- enablePurgeProtection: false
- publicNetworkAccess: 'Enabled'
softDeleteRetentionInDays: 1
- privateEndpoints: [
- {
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
- service: 'configurationStores'
- }
- ]
+ systemAssignedIdentity: true
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-appcs-x-001"
+ },
+ // Non-required parameters
+ "createMode": {
+ "value": "Default"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "disableLocalAuth": {
+ "value": false
+ },
+ "enablePurgeProtection": {
+ "value": false
+ },
+ "keyValues": {
+ "value": [
+ {
+ "contentType": "contentType",
+ "name": "keyName",
+ "roleAssignments": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ],
+ "value": "valueName"
+ }
+ ]
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "configurationStores",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ }
+ ]
+ },
+ "publicNetworkAccess": {
+ "value": "Enabled"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "softDeleteRetentionInDays": {
+ "value": 1
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ }
}
}
```
diff --git a/modules/Microsoft.Authorization/locks/readme.md b/modules/Microsoft.Authorization/locks/readme.md
index 67a3ece4a7..c0581c16a7 100644
--- a/modules/Microsoft.Authorization/locks/readme.md
+++ b/modules/Microsoft.Authorization/locks/readme.md
@@ -42,31 +42,11 @@ This module deploys Authorization Locks.
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "level": {
- "value": "CanNotDelete"
- },
- "resourceGroupName": {
- "value": "adp-<>-az-locks-rg-001"
- },
- "subscriptionId": {
- "value": "<>"
- }
- }
-}
-```
-
-
+Example 1: Rg
@@ -76,7 +56,9 @@ This module deploys Authorization Locks.
module locks './Microsoft.Authorization/locks/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-locks'
params: {
+ // Required parameters
level: 'CanNotDelete'
+ // Non-required parameters
resourceGroupName: 'adp-<>-az-locks-rg-001'
subscriptionId: '<>'
}
@@ -85,3 +67,30 @@ module locks './Microsoft.Authorization/locks/deploy.bicep' = {
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "level": {
+ "value": "CanNotDelete"
+ },
+ // Non-required parameters
+ "resourceGroupName": {
+ "value": "adp-<>-az-locks-rg-001"
+ },
+ "subscriptionId": {
+ "value": "<>"
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Authorization/policyAssignments/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/deploy.bicep
index 6aa7fbf82a..bfd3872675 100644
--- a/modules/Microsoft.Authorization/policyAssignments/deploy.bicep
+++ b/modules/Microsoft.Authorization/policyAssignments/deploy.bicep
@@ -27,7 +27,7 @@ param identity string = 'SystemAssigned'
@sys.description('Optional. The Resource ID for the user assigned identity to assign to the policy assignment.')
param userAssignedIdentityId string = ''
-@sys.description('Required. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
+@sys.description('Optional. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
param roleDefinitionIds array = []
@sys.description('Optional. The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.')
diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep
index 4d8b181860..9c491f4ac8 100644
--- a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep
+++ b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep
@@ -28,7 +28,7 @@ param identity string = 'SystemAssigned'
@sys.description('Optional. The Resource ID for the user assigned identity to assign to the policy assignment.')
param userAssignedIdentityId string = ''
-@sys.description('Required. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
+@sys.description('Optional. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
param roleDefinitionIds array = []
@sys.description('Optional. The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.')
diff --git a/modules/Microsoft.Authorization/policyAssignments/readme.md b/modules/Microsoft.Authorization/policyAssignments/readme.md
index c7ce95ebe3..1107c0467e 100644
--- a/modules/Microsoft.Authorization/policyAssignments/readme.md
+++ b/modules/Microsoft.Authorization/policyAssignments/readme.md
@@ -24,7 +24,6 @@ With this module you can perform policy assignments across the management group,
| :-- | :-- | :-- |
| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. |
| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. |
-| `roleDefinitionIds` | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
**Optional parameters**
| Parameter Name | Type | Default Value | Allowed Values | Description |
@@ -41,6 +40,7 @@ With this module you can perform policy assignments across the management group,
| `notScopes` | array | `[]` | | The policy excluded scopes. |
| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
| `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. |
+| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
| `subscriptionId` | string | `''` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. |
| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. |
@@ -168,28 +168,11 @@ module policyassignment 'yourpath/modules/Microsoft.Authorization.policyAssignme
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-min-mg-polAss"
- },
- "policyDefinitionID": {
- "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
- }
- }
-}
-```
-
-
+Example 1: Mg Min
@@ -199,6 +182,7 @@ module policyassignment 'yourpath/modules/Microsoft.Authorization.policyAssignme
module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyAssignments'
params: {
+ // Required parameters
name: '<>-min-mg-polAss'
policyDefinitionID: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
}
@@ -208,79 +192,30 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-mg-polAss"
- },
- "displayName": {
- "value": "[Display Name] Policy Assignment at the management group scope"
- },
- "description": {
- "value": "[Description] Policy Assignment at the management group scope"
- },
- "policyDefinitionId": {
- "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
- },
- "parameters": {
- "value": {
- "tagName": {
- "value": "env"
- },
- "tagValue": {
- "value": "prod"
- }
- }
- },
- "nonComplianceMessages": {
- "value": [
- {
- "message": "Violated Policy Assignment - This is a Non Compliance Message"
- }
- ]
- },
- "enforcementMode": {
- "value": "DoNotEnforce"
- },
- "metadata": {
- "value": {
- "category": "Security",
- "version": "1.0"
- }
- },
- "location": {
- "value": "australiaeast"
- },
- "notScopes": {
- "value": [
- "/subscriptions/<>/resourceGroups/validation-rg"
- ]
- },
- "identity": {
- "value": "SystemAssigned"
- },
- "roleDefinitionIds": {
- "value": [
- "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
- ]
- },
- "managementGroupId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-min-mg-polAss"
+ },
+ "policyDefinitionID": {
+ "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
}
+ }
}
```
+
+
+
Example 2: Mg
@@ -290,37 +225,39 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyAssignments'
params: {
+ // Required parameters
name: '<>-mg-polAss'
- displayName: '[Display Name] Policy Assignment at the management group scope'
- description: '[Description] Policy Assignment at the management group scope'
policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
- parameters: {
- tagName: {
- value: 'env'
- }
- tagValue: {
- value: 'prod'
- }
+ // Non-required parameters
+ description: '[Description] Policy Assignment at the management group scope'
+ displayName: '[Display Name] Policy Assignment at the management group scope'
+ enforcementMode: 'DoNotEnforce'
+ identity: 'SystemAssigned'
+ location: 'australiaeast'
+ managementGroupId: '<>'
+ metadata: {
+ category: 'Security'
+ version: '1.0'
}
nonComplianceMessages: [
{
message: 'Violated Policy Assignment - This is a Non Compliance Message'
}
]
- enforcementMode: 'DoNotEnforce'
- metadata: {
- category: 'Security'
- version: '1.0'
- }
- location: 'australiaeast'
notScopes: [
'/subscriptions/<>/resourceGroups/validation-rg'
]
- identity: 'SystemAssigned'
+ parameters: {
+ tagName: {
+ value: 'env'
+ }
+ tagValue: {
+ value: 'prod'
+ }
+ }
roleDefinitionIds: [
'/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
]
- managementGroupId: '<>'
}
}
```
@@ -328,34 +265,82 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-mg-polAss"
+ },
+ "policyDefinitionId": {
+ "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] Policy Assignment at the management group scope"
+ },
+ "displayName": {
+ "value": "[Display Name] Policy Assignment at the management group scope"
+ },
+ "enforcementMode": {
+ "value": "DoNotEnforce"
+ },
+ "identity": {
+ "value": "SystemAssigned"
+ },
+ "location": {
+ "value": "australiaeast"
+ },
+ "managementGroupId": {
+ "value": "<>"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security",
+ "version": "1.0"
+ }
+ },
+ "nonComplianceMessages": {
+ "value": [
+ {
+ "message": "Violated Policy Assignment - This is a Non Compliance Message"
+ }
+ ]
+ },
+ "notScopes": {
+ "value": [
+ "/subscriptions/<>/resourceGroups/validation-rg"
+ ]
+ },
"parameters": {
- "name": {
- "value": "<>-min-rg-polAss"
- },
- "policyDefinitionID": {
- "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
+ "value": {
+ "tagName": {
+ "value": "env"
},
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "validation-rg"
+ "tagValue": {
+ "value": "prod"
}
+ }
+ },
+ "roleDefinitionIds": {
+ "value": [
+ "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ]
}
+ }
}
```
+
+
+
Example 3: Rg Min
@@ -365,10 +350,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyAssignments'
params: {
+ // Required parameters
name: '<>-min-rg-polAss'
policyDefinitionID: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
- subscriptionId: '<>'
+ // Non-required parameters
resourceGroupName: 'validation-rg'
+ subscriptionId: '<>'
}
}
```
@@ -376,85 +363,37 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-rg-polAss"
- },
- "displayName": {
- "value": "[Display Name] Policy Assignment at the resource group scope"
- },
- "description": {
- "value": "[Description] Policy Assignment at the resource group scope"
- },
- "policyDefinitionId": {
- "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
- },
- "parameters": {
- "value": {
- "tagName": {
- "value": "env"
- },
- "tagValue": {
- "value": "prod"
- }
- }
- },
- "nonComplianceMessages": {
- "value": [
- {
- "message": "Violated Policy Assignment - This is a Non Compliance Message"
- }
- ]
- },
- "enforcementMode": {
- "value": "DoNotEnforce"
- },
- "metadata": {
- "value": {
- "category": "Security",
- "version": "1.0"
- }
- },
- "location": {
- "value": "australiaeast"
- },
- "notScopes": {
- "value": [
- "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- ]
- },
- "identity": {
- "value": "UserAssigned"
- },
- "userAssignedIdentityId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- },
- "roleDefinitionIds": {
- "value": [
- "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
- ]
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "validation-rg"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-min-rg-polAss"
+ },
+ "policyDefinitionID": {
+ "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
+ },
+ // Non-required parameters
+ "resourceGroupName": {
+ "value": "validation-rg"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 4: Rg
@@ -464,39 +403,41 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyAssignments'
params: {
+ // Required parameters
name: '<>-rg-polAss'
- displayName: '[Display Name] Policy Assignment at the resource group scope'
- description: '[Description] Policy Assignment at the resource group scope'
policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
- parameters: {
- tagName: {
- value: 'env'
- }
- tagValue: {
- value: 'prod'
- }
+ // Non-required parameters
+ description: '[Description] Policy Assignment at the resource group scope'
+ displayName: '[Display Name] Policy Assignment at the resource group scope'
+ enforcementMode: 'DoNotEnforce'
+ identity: 'UserAssigned'
+ location: 'australiaeast'
+ metadata: {
+ category: 'Security'
+ version: '1.0'
}
nonComplianceMessages: [
{
message: 'Violated Policy Assignment - This is a Non Compliance Message'
}
]
- enforcementMode: 'DoNotEnforce'
- metadata: {
- category: 'Security'
- version: '1.0'
- }
- location: 'australiaeast'
notScopes: [
'/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
]
- identity: 'UserAssigned'
- userAssignedIdentityId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ parameters: {
+ tagName: {
+ value: 'env'
+ }
+ tagValue: {
+ value: 'prod'
+ }
+ }
+ resourceGroupName: 'validation-rg'
roleDefinitionIds: [
'/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
]
subscriptionId: '<>'
- resourceGroupName: 'validation-rg'
+ userAssignedIdentityId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
}
}
```
@@ -504,31 +445,88 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
-
Example 5
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-rg-polAss"
+ },
+ "policyDefinitionId": {
+ "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] Policy Assignment at the resource group scope"
+ },
+ "displayName": {
+ "value": "[Display Name] Policy Assignment at the resource group scope"
+ },
+ "enforcementMode": {
+ "value": "DoNotEnforce"
+ },
+ "identity": {
+ "value": "UserAssigned"
+ },
+ "location": {
+ "value": "australiaeast"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security",
+ "version": "1.0"
+ }
+ },
+ "nonComplianceMessages": {
+ "value": [
+ {
+ "message": "Violated Policy Assignment - This is a Non Compliance Message"
+ }
+ ]
+ },
+ "notScopes": {
+ "value": [
+ "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ ]
+ },
"parameters": {
- "name": {
- "value": "<>-min-sub-polAss"
+ "value": {
+ "tagName": {
+ "value": "env"
},
- "policyDefinitionID": {
- "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
- },
- "subscriptionId": {
- "value": "<>"
+ "tagValue": {
+ "value": "prod"
}
+ }
+ },
+ "resourceGroupName": {
+ "value": "validation-rg"
+ },
+ "roleDefinitionIds": {
+ "value": [
+ "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ]
+ },
+ "subscriptionId": {
+ "value": "<>"
+ },
+ "userAssignedIdentityId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
}
+ }
}
```
+
+
+
Example 5: Sub Min
@@ -538,8 +536,10 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyAssignments'
params: {
+ // Required parameters
name: '<>-min-sub-polAss'
policyDefinitionID: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+ // Non-required parameters
subscriptionId: '<>'
}
}
@@ -548,82 +548,34 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
-
Example 6
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-sub-polAss"
- },
- "displayName": {
- "value": "[Display Name] Policy Assignment at the subscription scope"
- },
- "description": {
- "value": "[Description] Policy Assignment at the subscription scope"
- },
- "policyDefinitionId": {
- "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
- },
- "parameters": {
- "value": {
- "tagName": {
- "value": "env"
- },
- "tagValue": {
- "value": "prod"
- }
- }
- },
- "nonComplianceMessages": {
- "value": [
- {
- "message": "Violated Policy Assignment - This is a Non Compliance Message"
- }
- ]
- },
- "enforcementMode": {
- "value": "DoNotEnforce"
- },
- "metadata": {
- "value": {
- "category": "Security",
- "version": "1.0"
- }
- },
- "location": {
- "value": "australiaeast"
- },
- "notScopes": {
- "value": [
- "/subscriptions/<>/resourceGroups/validation-rg"
- ]
- },
- "identity": {
- "value": "UserAssigned"
- },
- "userAssignedIdentityId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- },
- "roleDefinitionIds": {
- "value": [
- "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
- ]
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-min-sub-polAss"
+ },
+ "policyDefinitionID": {
+ "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
+ },
+ // Non-required parameters
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 6: Sub
@@ -633,38 +585,118 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyAssignments'
params: {
+ // Required parameters
name: '<>-sub-polAss'
- displayName: '[Display Name] Policy Assignment at the subscription scope'
- description: '[Description] Policy Assignment at the subscription scope'
policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
- parameters: {
- tagName: {
- value: 'env'
- }
- tagValue: {
- value: 'prod'
- }
+ // Non-required parameters
+ description: '[Description] Policy Assignment at the subscription scope'
+ displayName: '[Display Name] Policy Assignment at the subscription scope'
+ enforcementMode: 'DoNotEnforce'
+ identity: 'UserAssigned'
+ location: 'australiaeast'
+ metadata: {
+ category: 'Security'
+ version: '1.0'
}
nonComplianceMessages: [
{
message: 'Violated Policy Assignment - This is a Non Compliance Message'
}
]
- enforcementMode: 'DoNotEnforce'
- metadata: {
- category: 'Security'
- version: '1.0'
- }
- location: 'australiaeast'
notScopes: [
'/subscriptions/<>/resourceGroups/validation-rg'
]
- identity: 'UserAssigned'
- userAssignedIdentityId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ parameters: {
+ tagName: {
+ value: 'env'
+ }
+ tagValue: {
+ value: 'prod'
+ }
+ }
roleDefinitionIds: [
'/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
]
subscriptionId: '<>'
+ userAssignedIdentityId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-sub-polAss"
+ },
+ "policyDefinitionId": {
+ "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] Policy Assignment at the subscription scope"
+ },
+ "displayName": {
+ "value": "[Display Name] Policy Assignment at the subscription scope"
+ },
+ "enforcementMode": {
+ "value": "DoNotEnforce"
+ },
+ "identity": {
+ "value": "UserAssigned"
+ },
+ "location": {
+ "value": "australiaeast"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security",
+ "version": "1.0"
+ }
+ },
+ "nonComplianceMessages": {
+ "value": [
+ {
+ "message": "Violated Policy Assignment - This is a Non Compliance Message"
+ }
+ ]
+ },
+ "notScopes": {
+ "value": [
+ "/subscriptions/<>/resourceGroups/validation-rg"
+ ]
+ },
+ "parameters": {
+ "value": {
+ "tagName": {
+ "value": "env"
+ },
+ "tagValue": {
+ "value": "prod"
+ }
+ }
+ },
+ "roleDefinitionIds": {
+ "value": [
+ "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+ ]
+ },
+ "subscriptionId": {
+ "value": "<>"
+ },
+ "userAssignedIdentityId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
+ }
}
}
```
diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep
index f6da6c336e..2cd0edbf87 100644
--- a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep
+++ b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep
@@ -28,7 +28,7 @@ param identity string = 'SystemAssigned'
@sys.description('Optional. The Resource ID for the user assigned identity to assign to the policy assignment.')
param userAssignedIdentityId string = ''
-@sys.description('Required. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
+@sys.description('Optional. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
param roleDefinitionIds array = []
@sys.description('Optional. The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.')
diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep
index 53406f3f2b..3da57a2b4c 100644
--- a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep
+++ b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep
@@ -28,7 +28,7 @@ param identity string = 'SystemAssigned'
@sys.description('Optional. The Resource ID for the user assigned identity to assign to the policy assignment.')
param userAssignedIdentityId string = ''
-@sys.description('Required. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
+@sys.description('Optional. The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.')
param roleDefinitionIds array = []
@sys.description('Optional. The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.')
diff --git a/modules/Microsoft.Authorization/policyDefinitions/readme.md b/modules/Microsoft.Authorization/policyDefinitions/readme.md
index 8f340ddb14..45146c1451 100644
--- a/modules/Microsoft.Authorization/policyDefinitions/readme.md
+++ b/modules/Microsoft.Authorization/policyDefinitions/readme.md
@@ -126,51 +126,11 @@ module policydefinition 'yourpath/modules/Microsoft.Authorization.policyDefiniti
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-mg-min-policyDef"
- },
- "policyRule": {
- "value": {
- "if": {
- "allOf": [
- {
- "equals": "Microsoft.KeyVault/vaults",
- "field": "type"
- }
- ]
- },
- "then": {
- "effect": "[parameters('effect')]"
- }
- }
- },
- "parameters": {
- "value": {
- "effect": {
- "allowedValues": [
- "Audit"
- ],
- "defaultValue": "Audit",
- "type": "String"
- }
- }
- }
- }
-}
-```
-
-
+Example 1: Mg Min
@@ -180,6 +140,7 @@ module policydefinition 'yourpath/modules/Microsoft.Authorization.policyDefiniti
module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyDefinitions'
params: {
+ // Required parameters
name: '<>-mg-min-policyDef'
policyRule: {
if: {
@@ -194,6 +155,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
effect: '[parameters('effect')]'
}
}
+ // Non-required parameters
parameters: {
effect: {
allowedValues: [
@@ -210,88 +172,54 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-mg-policyDef"
- },
- "displayName": {
- "value": "[DisplayName] This policy definition is deployed at the management group scope"
- },
- "description": {
- "value": "[Description] This policy definition is deployed at the management group scope"
- },
- "policyRule": {
- "value": {
- "if": {
- "allOf": [
- {
- "field": "type",
- "equals": "Microsoft.Resources/subscriptions"
- },
- {
- "field": "[concat('tags[', parameters('tagName'), ']')]",
- "exists": "false"
- }
- ]
- },
- "then": {
- "effect": "modify",
- "details": {
- "roleDefinitionIds": [
- "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
- ],
- "operations": [
- {
- "operation": "add",
- "field": "[concat('tags[', parameters('tagName'), ']')]",
- "value": "[parameters('tagValue')]"
- }
- ]
- }
- }
- }
- },
- "parameters": {
- "value": {
- "tagName": {
- "type": "String",
- "metadata": {
- "displayName": "Tag Name",
- "description": "Name of the tag, such as 'environment'"
- }
- },
- "tagValue": {
- "type": "String",
- "metadata": {
- "displayName": "Tag Value",
- "description": "Value of the tag, such as 'production'"
- }
- }
- }
- },
- "metadata": {
- "value": {
- "category": "Security"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-mg-min-policyDef"
+ },
+ "policyRule": {
+ "value": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.KeyVault/vaults",
+ "field": "type"
}
+ ]
},
- "managementGroupId": {
- "value": "<>"
+ "then": {
+ "effect": "[parameters('effect')]"
+ }
+ }
+ },
+ // Non-required parameters
+ "parameters": {
+ "value": {
+ "effect": {
+ "allowedValues": [
+ "Audit"
+ ],
+ "defaultValue": "Audit",
+ "type": "String"
}
+ }
}
+ }
}
```
+
+
+
Example 2: Mg
@@ -301,58 +229,60 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyDefinitions'
params: {
+ // Required parameters
name: '<>-mg-policyDef'
- displayName: '[DisplayName] This policy definition is deployed at the management group scope'
- description: '[Description] This policy definition is deployed at the management group scope'
policyRule: {
if: {
allOf: [
{
- field: 'type'
equals: 'Microsoft.Resources/subscriptions'
+ field: 'type'
}
{
- field: '[concat('tags[' parameters('tagName') ']')]'
exists: 'false'
+ field: '[concat('tags[' parameters('tagName') ']')]'
}
]
}
then: {
- effect: 'modify'
details: {
- roleDefinitionIds: [
- '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f'
- ]
operations: [
{
- operation: 'add'
field: '[concat('tags[' parameters('tagName') ']')]'
+ operation: 'add'
value: '[parameters('tagValue')]'
}
]
+ roleDefinitionIds: [
+ '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f'
+ ]
}
+ effect: 'modify'
}
}
+ // Non-required parameters
+ description: '[Description] This policy definition is deployed at the management group scope'
+ displayName: '[DisplayName] This policy definition is deployed at the management group scope'
+ managementGroupId: '<>'
+ metadata: {
+ category: 'Security'
+ }
parameters: {
tagName: {
- type: 'String'
metadata: {
- displayName: 'Tag Name'
description: 'Name of the tag such as 'environment''
+ displayName: 'Tag Name'
}
+ type: 'String'
}
tagValue: {
- type: 'String'
metadata: {
- displayName: 'Tag Value'
description: 'Value of the tag such as 'production''
+ displayName: 'Tag Value'
}
+ type: 'String'
}
}
- metadata: {
- category: 'Security'
- }
- managementGroupId: '<>'
}
}
```
@@ -360,54 +290,91 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-sub-min-policyDef"
- },
- "policyRule": {
- "value": {
- "if": {
- "allOf": [
- {
- "equals": "Microsoft.KeyVault/vaults",
- "field": "type"
- }
- ]
- },
- "then": {
- "effect": "[parameters('effect')]"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-mg-policyDef"
+ },
+ "policyRule": {
+ "value": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "exists": "false",
+ "field": "[concat('tags[', parameters('tagName'), ']')]"
}
+ ]
},
- "parameters": {
- "value": {
- "effect": {
- "allowedValues": [
- "Audit"
- ],
- "defaultValue": "Audit",
- "type": "String"
- }
- }
+ "then": {
+ "details": {
+ "operations": [
+ {
+ "field": "[concat('tags[', parameters('tagName'), ']')]",
+ "operation": "add",
+ "value": "[parameters('tagValue')]"
+ }
+ ],
+ "roleDefinitionIds": [
+ "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
+ ]
+ },
+ "effect": "modify"
+ }
+ }
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] This policy definition is deployed at the management group scope"
+ },
+ "displayName": {
+ "value": "[DisplayName] This policy definition is deployed at the management group scope"
+ },
+ "managementGroupId": {
+ "value": "<>"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security"
+ }
+ },
+ "parameters": {
+ "value": {
+ "tagName": {
+ "metadata": {
+ "description": "Name of the tag, such as 'environment'",
+ "displayName": "Tag Name"
+ },
+ "type": "String"
},
- "subscriptionId": {
- "value": "<>"
+ "tagValue": {
+ "metadata": {
+ "description": "Value of the tag, such as 'production'",
+ "displayName": "Tag Value"
+ },
+ "type": "String"
}
+ }
}
+ }
}
```
+
+
+
Example 3: Sub Min
@@ -417,6 +384,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyDefinitions'
params: {
+ // Required parameters
name: '<>-sub-min-policyDef'
policyRule: {
if: {
@@ -431,6 +399,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
effect: '[parameters('effect')]'
}
}
+ // Non-required parameters
parameters: {
effect: {
allowedValues: [
@@ -448,88 +417,57 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-sub-policyDef"
- },
- "displayName": {
- "value": "[DisplayName] This policy definition is deployed at subscription scope"
- },
- "description": {
- "value": "[Description] This policy definition is deployed at subscription scope"
- },
- "policyRule": {
- "value": {
- "if": {
- "allOf": [
- {
- "field": "type",
- "equals": "Microsoft.Resources/subscriptions"
- },
- {
- "field": "[concat('tags[', parameters('tagName'), ']')]",
- "exists": "false"
- }
- ]
- },
- "then": {
- "effect": "modify",
- "details": {
- "roleDefinitionIds": [
- "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
- ],
- "operations": [
- {
- "operation": "add",
- "field": "[concat('tags[', parameters('tagName'), ']')]",
- "value": "[parameters('tagValue')]"
- }
- ]
- }
- }
- }
- },
- "parameters": {
- "value": {
- "tagName": {
- "type": "String",
- "metadata": {
- "displayName": "Tag Name",
- "description": "Name of the tag, such as 'environment'"
- }
- },
- "tagValue": {
- "type": "String",
- "metadata": {
- "displayName": "Tag Value",
- "description": "Value of the tag, such as 'production'"
- }
- }
- }
- },
- "metadata": {
- "value": {
- "category": "Security"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-sub-min-policyDef"
+ },
+ "policyRule": {
+ "value": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.KeyVault/vaults",
+ "field": "type"
}
+ ]
},
- "subscriptionId": {
- "value": "<>"
+ "then": {
+ "effect": "[parameters('effect')]"
}
+ }
+ },
+ // Non-required parameters
+ "parameters": {
+ "value": {
+ "effect": {
+ "allowedValues": [
+ "Audit"
+ ],
+ "defaultValue": "Audit",
+ "type": "String"
+ }
+ }
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 4: Sub
@@ -539,57 +477,59 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyDefinitions'
params: {
+ // Required parameters
name: '<>-sub-policyDef'
- displayName: '[DisplayName] This policy definition is deployed at subscription scope'
- description: '[Description] This policy definition is deployed at subscription scope'
policyRule: {
if: {
allOf: [
{
- field: 'type'
equals: 'Microsoft.Resources/subscriptions'
+ field: 'type'
}
{
- field: '[concat('tags[' parameters('tagName') ']')]'
exists: 'false'
+ field: '[concat('tags[' parameters('tagName') ']')]'
}
]
}
then: {
- effect: 'modify'
details: {
- roleDefinitionIds: [
- '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f'
- ]
operations: [
{
- operation: 'add'
field: '[concat('tags[' parameters('tagName') ']')]'
+ operation: 'add'
value: '[parameters('tagValue')]'
}
]
+ roleDefinitionIds: [
+ '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f'
+ ]
}
+ effect: 'modify'
}
}
+ // Non-required parameters
+ description: '[Description] This policy definition is deployed at subscription scope'
+ displayName: '[DisplayName] This policy definition is deployed at subscription scope'
+ metadata: {
+ category: 'Security'
+ }
parameters: {
tagName: {
- type: 'String'
metadata: {
- displayName: 'Tag Name'
description: 'Name of the tag such as 'environment''
+ displayName: 'Tag Name'
}
+ type: 'String'
}
tagValue: {
- type: 'String'
metadata: {
- displayName: 'Tag Value'
description: 'Value of the tag such as 'production''
+ displayName: 'Tag Value'
}
+ type: 'String'
}
}
- metadata: {
- category: 'Security'
- }
subscriptionId: '<>'
}
}
@@ -597,3 +537,87 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-sub-policyDef"
+ },
+ "policyRule": {
+ "value": {
+ "if": {
+ "allOf": [
+ {
+ "equals": "Microsoft.Resources/subscriptions",
+ "field": "type"
+ },
+ {
+ "exists": "false",
+ "field": "[concat('tags[', parameters('tagName'), ']')]"
+ }
+ ]
+ },
+ "then": {
+ "details": {
+ "operations": [
+ {
+ "field": "[concat('tags[', parameters('tagName'), ']')]",
+ "operation": "add",
+ "value": "[parameters('tagValue')]"
+ }
+ ],
+ "roleDefinitionIds": [
+ "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
+ ]
+ },
+ "effect": "modify"
+ }
+ }
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] This policy definition is deployed at subscription scope"
+ },
+ "displayName": {
+ "value": "[DisplayName] This policy definition is deployed at subscription scope"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security"
+ }
+ },
+ "parameters": {
+ "value": {
+ "tagName": {
+ "metadata": {
+ "description": "Name of the tag, such as 'environment'",
+ "displayName": "Tag Name"
+ },
+ "type": "String"
+ },
+ "tagValue": {
+ "metadata": {
+ "description": "Value of the tag, such as 'production'",
+ "displayName": "Tag Value"
+ },
+ "type": "String"
+ }
+ }
+ },
+ "subscriptionId": {
+ "value": "<>"
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Authorization/policyExemptions/readme.md b/modules/Microsoft.Authorization/policyExemptions/readme.md
index d2cb79de7e..9855b7dfb2 100644
--- a/modules/Microsoft.Authorization/policyExemptions/readme.md
+++ b/modules/Microsoft.Authorization/policyExemptions/readme.md
@@ -149,28 +149,11 @@ module policyexemption 'yourpath/modules/Microsoft.Authorization.policyExemption
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-min-mg-polexem"
- },
- "policyAssignmentId": {
- "value": "/providers/Microsoft.Management/managementGroups/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-mg-pass-loc-rg"
- }
- }
-}
-```
-
-
+Example 1: Mg Min
@@ -180,6 +163,7 @@ module policyexemption 'yourpath/modules/Microsoft.Authorization.policyExemption
module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyExemptions'
params: {
+ // Required parameters
name: '<>-min-mg-polexem'
policyAssignmentId: '/providers/Microsoft.Management/managementGroups/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-mg-pass-loc-rg'
}
@@ -189,45 +173,30 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-mg-polexem"
- },
- "displayName": {
- "value": "[Display Name] policy exempt (management group scope)"
- },
- "policyAssignmentId": {
- "value": "/providers/Microsoft.Management/managementGroups/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-mg-pass-loc-rg"
- },
- "exemptionCategory": {
- "value": "Waiver"
- },
- "metadata": {
- "value": {
- "category": "Security"
- }
- },
- "expiresOn": {
- "value": "2025-10-02T03:57:00.000Z"
- },
- "managementGroupId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-min-mg-polexem"
+ },
+ "policyAssignmentId": {
+ "value": "/providers/Microsoft.Management/managementGroups/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-mg-pass-loc-rg"
}
+ }
}
```
+
+
+
Example 2: Mg
@@ -237,15 +206,17 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyExemptions'
params: {
+ // Required parameters
name: '<>-mg-polexem'
- displayName: '[Display Name] policy exempt (management group scope)'
policyAssignmentId: '/providers/Microsoft.Management/managementGroups/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-mg-pass-loc-rg'
+ // Non-required parameters
+ displayName: '[Display Name] policy exempt (management group scope)'
exemptionCategory: 'Waiver'
+ expiresOn: '2025-10-02T03:57:00Z'
+ managementGroupId: '<>'
metadata: {
category: 'Security'
}
- expiresOn: '2025-10-02T03:57:00Z'
- managementGroupId: '<>'
}
}
```
@@ -253,34 +224,48 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-min-rg-polexem"
- },
- "policyAssignmentId": {
- "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-mg-polexem"
+ },
+ "policyAssignmentId": {
+ "value": "/providers/Microsoft.Management/managementGroups/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-mg-pass-loc-rg"
+ },
+ // Non-required parameters
+ "displayName": {
+ "value": "[Display Name] policy exempt (management group scope)"
+ },
+ "exemptionCategory": {
+ "value": "Waiver"
+ },
+ "expiresOn": {
+ "value": "2025-10-02T03:57:00Z"
+ },
+ "managementGroupId": {
+ "value": "<>"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security"
+ }
}
+ }
}
```
+
+
+
Example 3: Rg Min
@@ -290,10 +275,12 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyExemptions'
params: {
+ // Required parameters
name: '<>-min-rg-polexem'
policyAssignmentId: '/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg'
- subscriptionId: '<>'
+ // Non-required parameters
resourceGroupName: '<>'
+ subscriptionId: '<>'
}
}
```
@@ -301,48 +288,37 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-rg-polexem"
- },
- "displayName": {
- "value": "[Display Name] policy exempt (resource group scope)"
- },
- "policyAssignmentId": {
- "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
- },
- "exemptionCategory": {
- "value": "Waiver"
- },
- "metadata": {
- "value": {
- "category": "Security"
- }
- },
- "expiresOn": {
- "value": "2025-10-02T03:57:00.000Z"
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-min-rg-polexem"
+ },
+ "policyAssignmentId": {
+ "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
+ },
+ // Non-required parameters
+ "resourceGroupName": {
+ "value": "<>"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 4: Rg
@@ -352,16 +328,18 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyExemptions'
params: {
+ // Required parameters
name: '<>-rg-polexem'
- displayName: '[Display Name] policy exempt (resource group scope)'
policyAssignmentId: '/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg'
+ // Non-required parameters
+ displayName: '[Display Name] policy exempt (resource group scope)'
exemptionCategory: 'Waiver'
+ expiresOn: '2025-10-02T03:57:00Z'
metadata: {
category: 'Security'
}
- expiresOn: '2025-10-02T03:57:00Z'
- subscriptionId: '<>'
resourceGroupName: '<>'
+ subscriptionId: '<>'
}
}
```
@@ -369,31 +347,51 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
-
Example 5
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-min-sub-polexem"
- },
- "policyAssignmentId": {
- "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-rg-polexem"
+ },
+ "policyAssignmentId": {
+ "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
+ },
+ // Non-required parameters
+ "displayName": {
+ "value": "[Display Name] policy exempt (resource group scope)"
+ },
+ "exemptionCategory": {
+ "value": "Waiver"
+ },
+ "expiresOn": {
+ "value": "2025-10-02T03:57:00Z"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security"
+ }
+ },
+ "resourceGroupName": {
+ "value": "<>"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 5: Sub Min
@@ -403,8 +401,10 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyExemptions'
params: {
+ // Required parameters
name: '<>-min-sub-polexem'
policyAssignmentId: '/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg'
+ // Non-required parameters
subscriptionId: '<>'
}
}
@@ -413,45 +413,34 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
-
Example 6
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-sub-polexem"
- },
- "displayName": {
- "value": "[Display Name] policy exempt (subscription scope)"
- },
- "policyAssignmentId": {
- "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
- },
- "exemptionCategory": {
- "value": "Waiver"
- },
- "metadata": {
- "value": {
- "category": "Security"
- }
- },
- "expiresOn": {
- "value": "2025-10-02T03:57:00.000Z"
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-min-sub-polexem"
+ },
+ "policyAssignmentId": {
+ "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
+ },
+ // Non-required parameters
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 6: Sub
@@ -461,14 +450,16 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policyExemptions'
params: {
+ // Required parameters
name: '<>-sub-polexem'
- displayName: '[Display Name] policy exempt (subscription scope)'
policyAssignmentId: '/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg'
+ // Non-required parameters
+ displayName: '[Display Name] policy exempt (subscription scope)'
exemptionCategory: 'Waiver'
+ expiresOn: '2025-10-02T03:57:00Z'
metadata: {
category: 'Security'
}
- expiresOn: '2025-10-02T03:57:00Z'
subscriptionId: '<>'
}
}
@@ -476,3 +467,44 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-sub-polexem"
+ },
+ "policyAssignmentId": {
+ "value": "/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg"
+ },
+ // Non-required parameters
+ "displayName": {
+ "value": "[Display Name] policy exempt (subscription scope)"
+ },
+ "exemptionCategory": {
+ "value": "Waiver"
+ },
+ "expiresOn": {
+ "value": "2025-10-02T03:57:00Z"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security"
+ }
+ },
+ "subscriptionId": {
+ "value": "<>"
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/readme.md b/modules/Microsoft.Authorization/policySetDefinitions/readme.md
index 8479158522..1c08e7c8a4 100644
--- a/modules/Microsoft.Authorization/policySetDefinitions/readme.md
+++ b/modules/Microsoft.Authorization/policySetDefinitions/readme.md
@@ -132,39 +132,11 @@ module policysetdefinition 'yourpath/modules/Microsoft.Authorization.policySetDe
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-mg-min-policySet"
- },
- "policyDefinitions": {
- "value": [
- {
- "parameters": {
- "listOfAllowedLocations": {
- "value": [
- "australiaeast"
- ]
- }
- },
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Mg Min
@@ -174,6 +146,7 @@ module policysetdefinition 'yourpath/modules/Microsoft.Authorization.policySetDe
module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policySetDefinitions'
params: {
+ // Required parameters
name: '<>-mg-min-policySet'
policyDefinitions: [
{
@@ -194,82 +167,41 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-mg-policySet"
- },
- "displayName": {
- "value": "[DisplayName] This policy set definition is deployed at management group scope"
- },
- "description": {
- "value": "[Description] This policy set definition is deployed at management group scope"
- },
- "policyDefinitionGroups": {
- "value": [
- {
- "name": "Network"
- },
- {
- "name": "ARM"
- }
- ]
- },
- "policyDefinitions": {
- "value": [
- {
- "groupNames": [
- "ARM"
- ],
- "parameters": {
- "listOfAllowedLocations": {
- "value": [
- "australiaeast"
- ]
- }
- },
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "policyDefinitionReferenceId": "Allowed locations_1"
- },
- {
- "groupNames": [
- "ARM"
- ],
- "parameters": {
- "listOfAllowedLocations": {
- "value": [
- "australiaeast"
- ]
- }
- },
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "policyDefinitionReferenceId": "Allowed locations for resource groups_1"
- }
- ]
- },
- "metadata": {
- "value": {
- "category": "Security",
- "version": "1"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-mg-min-policySet"
+ },
+ "policyDefinitions": {
+ "value": [
+ {
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": [
+ "australiaeast"
+ ]
}
- },
- "managementGroupId": {
- "value": "<>"
+ },
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
}
+ ]
}
+ }
}
```
+
+
+
Example 2: Mg
@@ -279,17 +211,8 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policySetDefinitions'
params: {
+ // Required parameters
name: '<>-mg-policySet'
- displayName: '[DisplayName] This policy set definition is deployed at management group scope'
- description: '[Description] This policy set definition is deployed at management group scope'
- policyDefinitionGroups: [
- {
- name: 'Network'
- }
- {
- name: 'ARM'
- }
- ]
policyDefinitions: [
{
groupNames: [
@@ -320,11 +243,22 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
policyDefinitionReferenceId: 'Allowed locations for resource groups_1'
}
]
+ // Non-required parameters
+ description: '[Description] This policy set definition is deployed at management group scope'
+ displayName: '[DisplayName] This policy set definition is deployed at management group scope'
+ managementGroupId: '<>'
metadata: {
category: 'Security'
version: '1'
}
- managementGroupId: '<>'
+ policyDefinitionGroups: [
+ {
+ name: 'Network'
+ }
+ {
+ name: 'ARM'
+ }
+ ]
}
}
```
@@ -332,42 +266,85 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-sub-min-policySet"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-mg-policySet"
+ },
+ "policyDefinitions": {
+ "value": [
+ {
+ "groupNames": [
+ "ARM"
+ ],
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": [
+ "australiaeast"
+ ]
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
+ "policyDefinitionReferenceId": "Allowed locations_1"
},
- "policyDefinitions": {
- "value": [
- {
- "parameters": {
- "listOfAllowedLocations": {
- "value": [
- "australiaeast"
- ]
- }
- },
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
- }
- ]
+ {
+ "groupNames": [
+ "ARM"
+ ],
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": [
+ "australiaeast"
+ ]
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
+ "policyDefinitionReferenceId": "Allowed locations for resource groups_1"
+ }
+ ]
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] This policy set definition is deployed at management group scope"
+ },
+ "displayName": {
+ "value": "[DisplayName] This policy set definition is deployed at management group scope"
+ },
+ "managementGroupId": {
+ "value": "<>"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security",
+ "version": "1"
+ }
+ },
+ "policyDefinitionGroups": {
+ "value": [
+ {
+ "name": "Network"
},
- "subscriptionId": {
- "value": "<>"
+ {
+ "name": "ARM"
}
+ ]
}
+ }
}
```
+
+
+
Example 3: Sub Min
@@ -377,6 +354,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policySetDefinitions'
params: {
+ // Required parameters
name: '<>-sub-min-policySet'
policyDefinitions: [
{
@@ -390,6 +368,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
}
]
+ // Non-required parameters
subscriptionId: '<>'
}
}
@@ -398,82 +377,45 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-sub-policySet"
- },
- "displayName": {
- "value": "[DisplayName] This policy set definition is deployed at subscription scope"
- },
- "description": {
- "value": "[Description] This policy set definition is deployed at subscription scope"
- },
- "policyDefinitionGroups": {
- "value": [
- {
- "name": "Network"
- },
- {
- "name": "ARM"
- }
- ]
- },
- "policyDefinitions": {
- "value": [
- {
- "groupNames": [
- "ARM"
- ],
- "parameters": {
- "listOfAllowedLocations": {
- "value": [
- "australiaeast"
- ]
- }
- },
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "policyDefinitionReferenceId": "Allowed locations_1"
- },
- {
- "groupNames": [
- "ARM"
- ],
- "parameters": {
- "listOfAllowedLocations": {
- "value": [
- "australiaeast"
- ]
- }
- },
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "policyDefinitionReferenceId": "Allowed locations for resource groups_1"
- }
- ]
- },
- "metadata": {
- "value": {
- "category": "Security",
- "version": "1"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-sub-min-policySet"
+ },
+ "policyDefinitions": {
+ "value": [
+ {
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": [
+ "australiaeast"
+ ]
}
- },
- "subscriptionId": {
- "value": "<>"
+ },
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
}
+ ]
+ },
+ // Non-required parameters
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 4: Sub
@@ -483,17 +425,8 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-policySetDefinitions'
params: {
+ // Required parameters
name: '<>-sub-policySet'
- displayName: '[DisplayName] This policy set definition is deployed at subscription scope'
- description: '[Description] This policy set definition is deployed at subscription scope'
- policyDefinitionGroups: [
- {
- name: 'Network'
- }
- {
- name: 'ARM'
- }
- ]
policyDefinitions: [
{
groupNames: [
@@ -524,10 +457,21 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
policyDefinitionReferenceId: 'Allowed locations for resource groups_1'
}
]
+ // Non-required parameters
+ description: '[Description] This policy set definition is deployed at subscription scope'
+ displayName: '[DisplayName] This policy set definition is deployed at subscription scope'
metadata: {
category: 'Security'
version: '1'
}
+ policyDefinitionGroups: [
+ {
+ name: 'Network'
+ }
+ {
+ name: 'ARM'
+ }
+ ]
subscriptionId: '<>'
}
}
@@ -535,3 +479,81 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-sub-policySet"
+ },
+ "policyDefinitions": {
+ "value": [
+ {
+ "groupNames": [
+ "ARM"
+ ],
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": [
+ "australiaeast"
+ ]
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
+ "policyDefinitionReferenceId": "Allowed locations_1"
+ },
+ {
+ "groupNames": [
+ "ARM"
+ ],
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": [
+ "australiaeast"
+ ]
+ }
+ },
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
+ "policyDefinitionReferenceId": "Allowed locations for resource groups_1"
+ }
+ ]
+ },
+ // Non-required parameters
+ "description": {
+ "value": "[Description] This policy set definition is deployed at subscription scope"
+ },
+ "displayName": {
+ "value": "[DisplayName] This policy set definition is deployed at subscription scope"
+ },
+ "metadata": {
+ "value": {
+ "category": "Security",
+ "version": "1"
+ }
+ },
+ "policyDefinitionGroups": {
+ "value": [
+ {
+ "name": "Network"
+ },
+ {
+ "name": "ARM"
+ }
+ ]
+ },
+ "subscriptionId": {
+ "value": "<>"
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Authorization/roleAssignments/readme.md b/modules/Microsoft.Authorization/roleAssignments/readme.md
index 0c05aa9723..acf37691d9 100644
--- a/modules/Microsoft.Authorization/roleAssignments/readme.md
+++ b/modules/Microsoft.Authorization/roleAssignments/readme.md
@@ -167,28 +167,11 @@ This module can be deployed at the management group, subscription or resource gr
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleDefinitionIdOrName": {
- "value": "Storage Queue Data Reader"
- },
- "principalId": {
- "value": "<>"
- }
- }
-}
-```
-
-
+Example 1: Mg Min
@@ -198,8 +181,9 @@ This module can be deployed at the management group, subscription or resource gr
module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleAssignments'
params: {
- roleDefinitionIdOrName: 'Storage Queue Data Reader'
+ // Required parameters
principalId: '<>'
+ roleDefinitionIdOrName: 'Storage Queue Data Reader'
}
}
```
@@ -207,37 +191,30 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleDefinitionIdOrName": {
- "value": "Backup Reader"
- },
- "description": {
- "value": "Role Assignment (management group scope)"
- },
- "principalId": {
- "value": "<>"
- },
- "principalType": {
- "value": "ServicePrincipal"
- },
- "managementGroupId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "principalId": {
+ "value": "<>"
+ },
+ "roleDefinitionIdOrName": {
+ "value": "Storage Queue Data Reader"
}
+ }
}
```
+
+
+
Example 2: Mg
@@ -247,11 +224,13 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleAssignments'
params: {
+ // Required parameters
+ principalId: '<>'
roleDefinitionIdOrName: 'Backup Reader'
+ // Non-required parameters
description: 'Role Assignment (management group scope)'
- principalId: '<>'
- principalType: 'ServicePrincipal'
managementGroupId: '<>'
+ principalType: 'ServicePrincipal'
}
}
```
@@ -259,34 +238,40 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleDefinitionIdOrName": {
- "value": "Storage Queue Data Reader"
- },
- "principalId": {
- "value": "<>"
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "principalId": {
+ "value": "<>"
+ },
+ "roleDefinitionIdOrName": {
+ "value": "Backup Reader"
+ },
+ // Non-required parameters
+ "description": {
+ "value": "Role Assignment (management group scope)"
+ },
+ "managementGroupId": {
+ "value": "<>"
+ },
+ "principalType": {
+ "value": "ServicePrincipal"
}
+ }
}
```
+
+
+
Example 3: Rg Min
@@ -296,10 +281,12 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleAssignments'
params: {
- roleDefinitionIdOrName: 'Storage Queue Data Reader'
+ // Required parameters
principalId: '<>'
- subscriptionId: '<>'
+ roleDefinitionIdOrName: 'Storage Queue Data Reader'
+ // Non-required parameters
resourceGroupName: '<>'
+ subscriptionId: '<>'
}
}
```
@@ -307,40 +294,37 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleDefinitionIdOrName": {
- "value": "Backup Reader"
- },
- "description": {
- "value": "Role Assignment (resource group scope)"
- },
- "principalId": {
- "value": "<>"
- },
- "principalType": {
- "value": "ServicePrincipal"
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "principalId": {
+ "value": "<>"
+ },
+ "roleDefinitionIdOrName": {
+ "value": "Storage Queue Data Reader"
+ },
+ // Non-required parameters
+ "resourceGroupName": {
+ "value": "<>"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 4: Rg
@@ -350,12 +334,14 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleAssignments'
params: {
+ // Required parameters
+ principalId: '<>'
roleDefinitionIdOrName: 'Backup Reader'
+ // Non-required parameters
description: 'Role Assignment (resource group scope)'
- principalId: '<>'
principalType: 'ServicePrincipal'
- subscriptionId: '<>'
resourceGroupName: '<>'
+ subscriptionId: '<>'
}
}
```
@@ -363,31 +349,43 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
-
Example 5
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleDefinitionIdOrName": {
- "value": "Storage Queue Data Reader"
- },
- "principalId": {
- "value": "<>"
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "principalId": {
+ "value": "<>"
+ },
+ "roleDefinitionIdOrName": {
+ "value": "Backup Reader"
+ },
+ // Non-required parameters
+ "description": {
+ "value": "Role Assignment (resource group scope)"
+ },
+ "principalType": {
+ "value": "ServicePrincipal"
+ },
+ "resourceGroupName": {
+ "value": "<>"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 5: Sub Min
@@ -397,8 +395,10 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleAssignments'
params: {
- roleDefinitionIdOrName: 'Storage Queue Data Reader'
+ // Required parameters
principalId: '<>'
+ roleDefinitionIdOrName: 'Storage Queue Data Reader'
+ // Non-required parameters
subscriptionId: '<>'
}
}
@@ -407,37 +407,34 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
-
Example 6
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleDefinitionIdOrName": {
- "value": "Backup Reader"
- },
- "description": {
- "value": "Role Assignment (subscription scope)"
- },
- "principalId": {
- "value": "<>"
- },
- "principalType": {
- "value": "ServicePrincipal"
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "principalId": {
+ "value": "<>"
+ },
+ "roleDefinitionIdOrName": {
+ "value": "Storage Queue Data Reader"
+ },
+ // Non-required parameters
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 6: Sub
@@ -447,9 +444,11 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleAssignments'
params: {
+ // Required parameters
+ principalId: '<>'
roleDefinitionIdOrName: 'Backup Reader'
+ // Non-required parameters
description: 'Role Assignment (subscription scope)'
- principalId: '<>'
principalType: 'ServicePrincipal'
subscriptionId: '<>'
}
@@ -458,3 +457,36 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "principalId": {
+ "value": "<>"
+ },
+ "roleDefinitionIdOrName": {
+ "value": "Backup Reader"
+ },
+ // Non-required parameters
+ "description": {
+ "value": "Role Assignment (subscription scope)"
+ },
+ "principalType": {
+ "value": "ServicePrincipal"
+ },
+ "subscriptionId": {
+ "value": "<>"
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Authorization/roleDefinitions/readme.md b/modules/Microsoft.Authorization/roleDefinitions/readme.md
index 1af3c4a999..0cc1742f21 100644
--- a/modules/Microsoft.Authorization/roleDefinitions/readme.md
+++ b/modules/Microsoft.Authorization/roleDefinitions/readme.md
@@ -171,31 +171,11 @@ This module can be deployed both at subscription or resource group level:
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleName": {
- "value": "<>-az-testRole-mg-min"
- },
- "actions": {
- "value": [
- "Microsoft.Compute/galleries/read",
- "Microsoft.Compute/galleries/images/read"
- ]
- }
- }
-}
-```
-
-
+Example 1: Mg Min
@@ -205,10 +185,12 @@ This module can be deployed both at subscription or resource group level:
module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleDefinitions'
params: {
+ // Required parameters
roleName: '<>-az-testRole-mg-min'
+ // Non-required parameters
actions: [
- 'Microsoft.Compute/galleries/read'
'Microsoft.Compute/galleries/images/read'
+ 'Microsoft.Compute/galleries/read'
]
}
}
@@ -217,59 +199,34 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleName": {
- "value": "<>-az-testRole-mg"
- },
- "description": {
- "value": "Test Custom Role Definition Standard (management group scope)"
- },
- "actions": {
- "value": [
- "Microsoft.Compute/galleries/*",
- "Microsoft.Network/virtualNetworks/read"
- ]
- },
- "notActions": {
- "value": [
- "Microsoft.Compute/images/write",
- "Microsoft.Compute/images/delete",
- "Microsoft.Network/virtualNetworks/subnets/join/action"
- ]
- },
- "dataActions": {
- "value": [
- "Microsoft.Storage/storageAccounts/blobServices/*/read"
- ]
- },
- "notDataActions": {
- "value": [
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
- ]
- },
- "assignableScopes": {
- "value": [
- "/providers/Microsoft.Management/managementGroups/<>"
- ]
- },
- "managementGroupId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "roleName": {
+ "value": "<>-az-testRole-mg-min"
+ },
+ // Non-required parameters
+ "actions": {
+ "value": [
+ "Microsoft.Compute/galleries/images/read",
+ "Microsoft.Compute/galleries/read"
+ ]
}
+ }
}
```
+
+
+
Example 2: Mg
@@ -279,27 +236,29 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleDefinitions'
params: {
+ // Required parameters
roleName: '<>-az-testRole-mg'
- description: 'Test Custom Role Definition Standard (management group scope)'
+ // Non-required parameters
actions: [
'Microsoft.Compute/galleries/*'
'Microsoft.Network/virtualNetworks/read'
]
- notActions: [
- 'Microsoft.Compute/images/write'
- 'Microsoft.Compute/images/delete'
- 'Microsoft.Network/virtualNetworks/subnets/join/action'
+ assignableScopes: [
+ '/providers/Microsoft.Management/managementGroups/<>'
]
dataActions: [
'Microsoft.Storage/storageAccounts/blobServices/*/read'
]
+ description: 'Test Custom Role Definition Standard (management group scope)'
+ managementGroupId: '<>'
+ notActions: [
+ 'Microsoft.Compute/images/delete'
+ 'Microsoft.Compute/images/write'
+ 'Microsoft.Network/virtualNetworks/subnets/join/action'
+ ]
notDataActions: [
'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
]
- assignableScopes: [
- '/providers/Microsoft.Management/managementGroups/<>'
- ]
- managementGroupId: '<>'
}
}
```
@@ -307,37 +266,62 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleName": {
- "value": "<>-az-testRole-rg-min"
- },
- "actions": {
- "value": [
- "Microsoft.Compute/galleries/read",
- "Microsoft.Compute/galleries/images/read"
- ]
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "roleName": {
+ "value": "<>-az-testRole-mg"
+ },
+ // Non-required parameters
+ "actions": {
+ "value": [
+ "Microsoft.Compute/galleries/*",
+ "Microsoft.Network/virtualNetworks/read"
+ ]
+ },
+ "assignableScopes": {
+ "value": [
+ "/providers/Microsoft.Management/managementGroups/<>"
+ ]
+ },
+ "dataActions": {
+ "value": [
+ "Microsoft.Storage/storageAccounts/blobServices/*/read"
+ ]
+ },
+ "description": {
+ "value": "Test Custom Role Definition Standard (management group scope)"
+ },
+ "managementGroupId": {
+ "value": "<>"
+ },
+ "notActions": {
+ "value": [
+ "Microsoft.Compute/images/delete",
+ "Microsoft.Compute/images/write",
+ "Microsoft.Network/virtualNetworks/subnets/join/action"
+ ]
+ },
+ "notDataActions": {
+ "value": [
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+ ]
}
+ }
}
```
+
+
+
Example 3: Rg Min
@@ -347,13 +331,15 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleDefinitions'
params: {
+ // Required parameters
roleName: '<>-az-testRole-rg-min'
+ // Non-required parameters
actions: [
- 'Microsoft.Compute/galleries/read'
'Microsoft.Compute/galleries/images/read'
+ 'Microsoft.Compute/galleries/read'
]
- subscriptionId: '<>'
resourceGroupName: '<>'
+ subscriptionId: '<>'
}
}
```
@@ -361,62 +347,40 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleName": {
- "value": "<>-az-testRole-rg"
- },
- "description": {
- "value": "Test Custom Role Definition Standard (resource group scope)"
- },
- "actions": {
- "value": [
- "Microsoft.Compute/galleries/*",
- "Microsoft.Network/virtualNetworks/read"
- ]
- },
- "notActions": {
- "value": [
- "Microsoft.Compute/images/write",
- "Microsoft.Compute/images/delete",
- "Microsoft.Network/virtualNetworks/subnets/join/action"
- ]
- },
- "dataActions": {
- "value": [
- "Microsoft.Storage/storageAccounts/blobServices/*/read"
- ]
- },
- "notDataActions": {
- "value": [
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
- ]
- },
- "assignableScopes": {
- "value": [
- "/subscriptions/<>/resourceGroups/<>"
- ]
- },
- "subscriptionId": {
- "value": "<>"
- },
- "resourceGroupName": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "roleName": {
+ "value": "<>-az-testRole-rg-min"
+ },
+ // Non-required parameters
+ "actions": {
+ "value": [
+ "Microsoft.Compute/galleries/images/read",
+ "Microsoft.Compute/galleries/read"
+ ]
+ },
+ "resourceGroupName": {
+ "value": "<>"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 4: Rg
@@ -426,28 +390,30 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleDefinitions'
params: {
+ // Required parameters
roleName: '<>-az-testRole-rg'
- description: 'Test Custom Role Definition Standard (resource group scope)'
+ // Non-required parameters
actions: [
'Microsoft.Compute/galleries/*'
'Microsoft.Network/virtualNetworks/read'
]
- notActions: [
- 'Microsoft.Compute/images/write'
- 'Microsoft.Compute/images/delete'
- 'Microsoft.Network/virtualNetworks/subnets/join/action'
+ assignableScopes: [
+ '/subscriptions/<>/resourceGroups/<>'
]
dataActions: [
'Microsoft.Storage/storageAccounts/blobServices/*/read'
]
+ description: 'Test Custom Role Definition Standard (resource group scope)'
+ notActions: [
+ 'Microsoft.Compute/images/delete'
+ 'Microsoft.Compute/images/write'
+ 'Microsoft.Network/virtualNetworks/subnets/join/action'
+ ]
notDataActions: [
'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
]
- assignableScopes: [
- '/subscriptions/<>/resourceGroups/<>'
- ]
- subscriptionId: '<>'
resourceGroupName: '<>'
+ subscriptionId: '<>'
}
}
```
@@ -455,34 +421,65 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
-
Example 5
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleName": {
- "value": "<>-az-testRole-sub-min"
- },
- "actions": {
- "value": [
- "Microsoft.Compute/galleries/read",
- "Microsoft.Compute/galleries/images/read"
- ]
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "roleName": {
+ "value": "<>-az-testRole-rg"
+ },
+ // Non-required parameters
+ "actions": {
+ "value": [
+ "Microsoft.Compute/galleries/*",
+ "Microsoft.Network/virtualNetworks/read"
+ ]
+ },
+ "assignableScopes": {
+ "value": [
+ "/subscriptions/<>/resourceGroups/<>"
+ ]
+ },
+ "dataActions": {
+ "value": [
+ "Microsoft.Storage/storageAccounts/blobServices/*/read"
+ ]
+ },
+ "description": {
+ "value": "Test Custom Role Definition Standard (resource group scope)"
+ },
+ "notActions": {
+ "value": [
+ "Microsoft.Compute/images/delete",
+ "Microsoft.Compute/images/write",
+ "Microsoft.Network/virtualNetworks/subnets/join/action"
+ ]
+ },
+ "notDataActions": {
+ "value": [
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+ ]
+ },
+ "resourceGroupName": {
+ "value": "<>"
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 5: Sub Min
@@ -492,10 +489,12 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleDefinitions'
params: {
+ // Required parameters
roleName: '<>-az-testRole-sub-min'
+ // Non-required parameters
actions: [
- 'Microsoft.Compute/galleries/read'
'Microsoft.Compute/galleries/images/read'
+ 'Microsoft.Compute/galleries/read'
]
subscriptionId: '<>'
}
@@ -505,59 +504,37 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
-
Example 6
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "roleName": {
- "value": "<>-az-testRole-sub"
- },
- "description": {
- "value": "Test Custom Role Definition Standard (subscription scope)"
- },
- "actions": {
- "value": [
- "Microsoft.Compute/galleries/*",
- "Microsoft.Network/virtualNetworks/read"
- ]
- },
- "notActions": {
- "value": [
- "Microsoft.Compute/images/write",
- "Microsoft.Compute/images/delete",
- "Microsoft.Network/virtualNetworks/subnets/join/action"
- ]
- },
- "dataActions": {
- "value": [
- "Microsoft.Storage/storageAccounts/blobServices/*/read"
- ]
- },
- "notDataActions": {
- "value": [
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
- ]
- },
- "assignableScopes": {
- "value": [
- "/subscriptions/<>"
- ]
- },
- "subscriptionId": {
- "value": "<>"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "roleName": {
+ "value": "<>-az-testRole-sub-min"
+ },
+ // Non-required parameters
+ "actions": {
+ "value": [
+ "Microsoft.Compute/galleries/images/read",
+ "Microsoft.Compute/galleries/read"
+ ]
+ },
+ "subscriptionId": {
+ "value": "<>"
}
+ }
}
```
+
+
+
Example 6: Sub
@@ -567,26 +544,28 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-roleDefinitions'
params: {
+ // Required parameters
roleName: '<>-az-testRole-sub'
- description: 'Test Custom Role Definition Standard (subscription scope)'
+ // Non-required parameters
actions: [
'Microsoft.Compute/galleries/*'
'Microsoft.Network/virtualNetworks/read'
]
- notActions: [
- 'Microsoft.Compute/images/write'
- 'Microsoft.Compute/images/delete'
- 'Microsoft.Network/virtualNetworks/subnets/join/action'
+ assignableScopes: [
+ '/subscriptions/<>'
]
dataActions: [
'Microsoft.Storage/storageAccounts/blobServices/*/read'
]
+ description: 'Test Custom Role Definition Standard (subscription scope)'
+ notActions: [
+ 'Microsoft.Compute/images/delete'
+ 'Microsoft.Compute/images/write'
+ 'Microsoft.Network/virtualNetworks/subnets/join/action'
+ ]
notDataActions: [
'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
]
- assignableScopes: [
- '/subscriptions/<>'
- ]
subscriptionId: '<>'
}
}
@@ -594,3 +573,58 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "roleName": {
+ "value": "<>-az-testRole-sub"
+ },
+ // Non-required parameters
+ "actions": {
+ "value": [
+ "Microsoft.Compute/galleries/*",
+ "Microsoft.Network/virtualNetworks/read"
+ ]
+ },
+ "assignableScopes": {
+ "value": [
+ "/subscriptions/<>"
+ ]
+ },
+ "dataActions": {
+ "value": [
+ "Microsoft.Storage/storageAccounts/blobServices/*/read"
+ ]
+ },
+ "description": {
+ "value": "Test Custom Role Definition Standard (subscription scope)"
+ },
+ "notActions": {
+ "value": [
+ "Microsoft.Compute/images/delete",
+ "Microsoft.Compute/images/write",
+ "Microsoft.Network/virtualNetworks/subnets/join/action"
+ ]
+ },
+ "notDataActions": {
+ "value": [
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+ ]
+ },
+ "subscriptionId": {
+ "value": "<>"
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Automation/automationAccounts/readme.md b/modules/Microsoft.Automation/automationAccounts/readme.md
index 0e9d3de8ee..ec1b90645a 100644
--- a/modules/Microsoft.Automation/automationAccounts/readme.md
+++ b/modules/Microsoft.Automation/automationAccounts/readme.md
@@ -344,39 +344,11 @@ userAssignedIdentities: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-aut-encr-001"
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "cMKUserAssignedIdentityResourceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- },
- "cMKKeyName": {
- "value": "keyEncryptionKey"
- },
- "cMKKeyVaultResourceId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
- }
- }
-}
-```
-
-
+Example 1: Encr
@@ -386,13 +358,15 @@ userAssignedIdentities: {
module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-automationAccounts'
params: {
+ // Required parameters
name: '<>-az-aut-encr-001'
+ // Non-required parameters
+ cMKKeyName: 'keyEncryptionKey'
+ cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
+ cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
- cMKKeyName: 'keyEncryptionKey'
- cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
}
}
```
@@ -400,25 +374,42 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-aut-min-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-aut-encr-001"
+ },
+ // Non-required parameters
+ "cMKKeyName": {
+ "value": "keyEncryptionKey"
+ },
+ "cMKKeyVaultResourceId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
+ },
+ "cMKUserAssignedIdentityResourceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 2: Min
@@ -436,215 +427,26 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-aut-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "schedules": {
- "value": [
- {
- "name": "TestSchedule",
- "startTime": "",
- "expiryTime": "9999-12-31T13:00",
- "interval": 15,
- "frequency": "Minute",
- "timeZone": "Europe/Berlin",
- "advancedSchedule": {}
- }
- ]
- },
- "modules": {
- "value": [
- {
- "name": "PSWindowsUpdate",
- "version": "latest",
- "uri": "https://www.powershellgallery.com/api/v2/package"
- }
- ]
- },
- "runbooks": {
- "value": [
- {
- "name": "TestRunbook",
- "runbookType": "PowerShell",
- "description": "Test runbook",
- "uri": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/scripts/AzureAutomationTutorial.ps1",
- "version": "1.0.0.0"
- }
- ]
- },
- "jobSchedules": {
- "value": [
- {
- "scheduleName": "TestSchedule",
- "runbookName": "TestRunbook"
- }
- ]
- },
- "variables": {
- "value": [
- {
- "name": "TestString",
- "value": "\"TestString\"",
- "description": "TestStringDescription"
- },
- {
- "name": "TestInteger",
- "value": "500",
- "description": "TestIntegerDescription"
- },
- {
- "name": "TestBoolean",
- "value": "false",
- "description": "TestBooleanDescription"
- },
- {
- "name": "TestDateTime",
- "value": "\"\\/Date(1637934042656)\\/\"",
- "description": "TestDateTimeDescription",
- "isEncrypted": false
- },
- {
- "name": "TestEncryptedVariable",
- "value": "\"TestEncryptedValue\"",
- "description": "TestEncryptedDescription"
- }
- ]
- },
- "linkedWorkspaceResourceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-aut-001"
- },
- "gallerySolutions": {
- "value": [
- {
- "name": "Updates",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- }
- ]
- },
- "softwareUpdateConfigurations": {
- "value": [
- {
- "name": "Windows_ZeroDay",
- "frequency": "Month",
- "operatingSystem": "Windows",
- "rebootSetting": "IfRequired",
- "scopeByTags": {
- "Update": [
- "Automatic-Wave1"
- ]
- },
- "maintenanceWindow": "PT4H",
- "updateClassifications": [
- "Critical",
- "Security",
- "UpdateRollup",
- "FeaturePack",
- "ServicePack",
- "Definition",
- "Tools",
- "Updates"
- ],
- "includeUpdates": [
- "654321"
- ],
- "excludeUpdates": [
- "123456"
- ],
- "interval": 1,
- "monthlyOccurrences": [
- {
- "occurrence": 3,
- "day": "Friday"
- }
- ],
- "startTime": "22:00"
- },
- {
- "name": "Linux_ZeroDay",
- "frequency": "OneTime",
- "operatingSystem": "Linux",
- "rebootSetting": "IfRequired",
- "maintenanceWindow": "PT4H",
- "updateClassifications": [
- "Critical",
- "Security",
- "Other"
- ],
- "includeUpdates": [
- "kernel"
- ],
- "excludeUpdates": [
- "icacls"
- ],
- "startTime": "22:00"
- }
- ]
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "Webhook"
- },
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "DSCAndHybridWorker"
- }
- ]
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>-az-aut-min-001"
}
+ }
}
```
+
+
+
Example 3: Parameters
@@ -654,81 +456,92 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-automationAccounts'
params: {
+ // Required parameters
name: '<>-az-aut-x-001'
- lock: 'CanNotDelete'
- schedules: [
- {
- name: 'TestSchedule'
- startTime: ''
- expiryTime: '9999-12-31T13:00'
- interval: 15
- frequency: 'Minute'
- timeZone: 'Europe/Berlin'
- advancedSchedule: {}
- }
- ]
- modules: [
- {
- name: 'PSWindowsUpdate'
- version: 'latest'
- uri: 'https://www.powershellgallery.com/api/v2/package'
- }
- ]
- runbooks: [
+ // Non-required parameters
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ gallerySolutions: [
{
- name: 'TestRunbook'
- runbookType: 'PowerShell'
- description: 'Test runbook'
- uri: 'https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/scripts/AzureAutomationTutorial.ps1'
- version: '1.0.0.0'
+ name: 'Updates'
+ product: 'OMSGallery'
+ publisher: 'Microsoft'
}
]
jobSchedules: [
{
- scheduleName: 'TestSchedule'
runbookName: 'TestRunbook'
+ scheduleName: 'TestSchedule'
}
]
- variables: [
+ linkedWorkspaceResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-aut-001'
+ lock: 'CanNotDelete'
+ modules: [
{
- name: 'TestString'
- value: '\'TestString\''
- description: 'TestStringDescription'
+ name: 'PSWindowsUpdate'
+ uri: 'https://www.powershellgallery.com/api/v2/package'
+ version: 'latest'
}
+ ]
+ privateEndpoints: [
{
- name: 'TestInteger'
- value: '500'
- description: 'TestIntegerDescription'
+ service: 'Webhook'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
}
{
- name: 'TestBoolean'
- value: 'false'
- description: 'TestBooleanDescription'
+ service: 'DSCAndHybridWorker'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
}
+ ]
+ roleAssignments: [
{
- name: 'TestDateTime'
- value: '\'\\/Date(1637934042656)\\/\''
- description: 'TestDateTimeDescription'
- isEncrypted: false
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
}
+ ]
+ runbooks: [
{
- name: 'TestEncryptedVariable'
- value: '\'TestEncryptedValue\''
- description: 'TestEncryptedDescription'
+ description: 'Test runbook'
+ name: 'TestRunbook'
+ runbookType: 'PowerShell'
+ uri: 'https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/scripts/AzureAutomationTutorial.ps1'
+ version: '1.0.0.0'
}
]
- linkedWorkspaceResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-aut-001'
- gallerySolutions: [
+ schedules: [
{
- name: 'Updates'
- product: 'OMSGallery'
- publisher: 'Microsoft'
+ advancedSchedule: {}
+ expiryTime: '9999-12-31T13:00'
+ frequency: 'Minute'
+ interval: 15
+ name: 'TestSchedule'
+ startTime: ''
+ timeZone: 'Europe/Berlin'
}
]
softwareUpdateConfigurations: [
{
- name: 'Windows_ZeroDay'
+ excludeUpdates: [
+ '123456'
+ ]
frequency: 'Month'
+ includeUpdates: [
+ '654321'
+ ]
+ interval: 1
+ maintenanceWindow: 'PT4H'
+ monthlyOccurrences: [
+ {
+ day: 'Friday'
+ occurrence: 3
+ }
+ ]
+ name: 'Windows_ZeroDay'
operatingSystem: 'Windows'
rebootSetting: 'IfRequired'
scopeByTags: {
@@ -736,79 +549,281 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
'Automatic-Wave1'
]
}
- maintenanceWindow: 'PT4H'
+ startTime: '22:00'
updateClassifications: [
'Critical'
- 'Security'
- 'UpdateRollup'
+ 'Definition'
'FeaturePack'
+ 'Security'
'ServicePack'
- 'Definition'
'Tools'
+ 'UpdateRollup'
'Updates'
]
- includeUpdates: [
- '654321'
- ]
+ }
+ {
excludeUpdates: [
- '123456'
+ 'icacls'
]
- interval: 1
- monthlyOccurrences: [
- {
- occurrence: 3
- day: 'Friday'
- }
+ frequency: 'OneTime'
+ includeUpdates: [
+ 'kernel'
]
- startTime: '22:00'
- }
- {
+ maintenanceWindow: 'PT4H'
name: 'Linux_ZeroDay'
- frequency: 'OneTime'
operatingSystem: 'Linux'
rebootSetting: 'IfRequired'
- maintenanceWindow: 'PT4H'
+ startTime: '22:00'
updateClassifications: [
'Critical'
- 'Security'
'Other'
+ 'Security'
]
- includeUpdates: [
- 'kernel'
- ]
- excludeUpdates: [
- 'icacls'
- ]
- startTime: '22:00'
- }
- ]
- privateEndpoints: [
- {
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
- service: 'Webhook'
- }
- {
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
- service: 'DSCAndHybridWorker'
}
]
systemAssignedIdentity: true
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- roleAssignments: [
+ variables: [
{
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
+ description: 'TestStringDescription'
+ name: 'TestString'
+ value: '\'TestString\''
+ }
+ {
+ description: 'TestIntegerDescription'
+ name: 'TestInteger'
+ value: '500'
+ }
+ {
+ description: 'TestBooleanDescription'
+ name: 'TestBoolean'
+ value: 'false'
+ }
+ {
+ description: 'TestDateTimeDescription'
+ isEncrypted: false
+ name: 'TestDateTime'
+ value: '\'\\/Date(1637934042656)\\/\''
+ }
+ {
+ description: 'TestEncryptedDescription'
+ name: 'TestEncryptedVariable'
+ value: '\'TestEncryptedValue\''
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-aut-x-001"
+ },
+ // Non-required parameters
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "gallerySolutions": {
+ "value": [
+ {
+ "name": "Updates",
+ "product": "OMSGallery",
+ "publisher": "Microsoft"
+ }
+ ]
+ },
+ "jobSchedules": {
+ "value": [
+ {
+ "runbookName": "TestRunbook",
+ "scheduleName": "TestSchedule"
+ }
+ ]
+ },
+ "linkedWorkspaceResourceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-aut-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "modules": {
+ "value": [
+ {
+ "name": "PSWindowsUpdate",
+ "uri": "https://www.powershellgallery.com/api/v2/package",
+ "version": "latest"
+ }
+ ]
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "Webhook",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ },
+ {
+ "service": "DSCAndHybridWorker",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ }
+ ]
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "runbooks": {
+ "value": [
+ {
+ "description": "Test runbook",
+ "name": "TestRunbook",
+ "runbookType": "PowerShell",
+ "uri": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/scripts/AzureAutomationTutorial.ps1",
+ "version": "1.0.0.0"
+ }
+ ]
+ },
+ "schedules": {
+ "value": [
+ {
+ "advancedSchedule": {},
+ "expiryTime": "9999-12-31T13:00",
+ "frequency": "Minute",
+ "interval": 15,
+ "name": "TestSchedule",
+ "startTime": "",
+ "timeZone": "Europe/Berlin"
+ }
+ ]
+ },
+ "softwareUpdateConfigurations": {
+ "value": [
+ {
+ "excludeUpdates": [
+ "123456"
+ ],
+ "frequency": "Month",
+ "includeUpdates": [
+ "654321"
+ ],
+ "interval": 1,
+ "maintenanceWindow": "PT4H",
+ "monthlyOccurrences": [
+ {
+ "day": "Friday",
+ "occurrence": 3
+ }
+ ],
+ "name": "Windows_ZeroDay",
+ "operatingSystem": "Windows",
+ "rebootSetting": "IfRequired",
+ "scopeByTags": {
+ "Update": [
+ "Automatic-Wave1"
+ ]
+ },
+ "startTime": "22:00",
+ "updateClassifications": [
+ "Critical",
+ "Definition",
+ "FeaturePack",
+ "Security",
+ "ServicePack",
+ "Tools",
+ "UpdateRollup",
+ "Updates"
+ ]
+ },
+ {
+ "excludeUpdates": [
+ "icacls"
+ ],
+ "frequency": "OneTime",
+ "includeUpdates": [
+ "kernel"
+ ],
+ "maintenanceWindow": "PT4H",
+ "name": "Linux_ZeroDay",
+ "operatingSystem": "Linux",
+ "rebootSetting": "IfRequired",
+ "startTime": "22:00",
+ "updateClassifications": [
+ "Critical",
+ "Other",
+ "Security"
+ ]
+ }
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ },
+ "variables": {
+ "value": [
+ {
+ "description": "TestStringDescription",
+ "name": "TestString",
+ "value": "\"TestString\""
+ },
+ {
+ "description": "TestIntegerDescription",
+ "name": "TestInteger",
+ "value": "500"
+ },
+ {
+ "description": "TestBooleanDescription",
+ "name": "TestBoolean",
+ "value": "false"
+ },
+ {
+ "description": "TestDateTimeDescription",
+ "isEncrypted": false,
+ "name": "TestDateTime",
+ "value": "\"\\/Date(1637934042656)\\/\""
+ },
+ {
+ "description": "TestEncryptedDescription",
+ "name": "TestEncryptedVariable",
+ "value": "\"TestEncryptedValue\""
+ }
+ ]
+ }
}
}
```
diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md
index e83ea9b824..4af4aac994 100644
--- a/modules/Microsoft.Batch/batchAccounts/readme.md
+++ b/modules/Microsoft.Batch/batchAccounts/readme.md
@@ -221,56 +221,11 @@ privateEndpoints: [
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azbaweuencr001"
- },
- "poolAllocationMode": {
- "value": "BatchService"
- },
- "storageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "storageAuthenticationMode": {
- "value": "BatchAccountManagedIdentity"
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "storageAccessIdentity": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- },
- "cMKKeyName": {
- "value": "keyEncryptionKey"
- },
- "cMKKeyVaultResourceId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "batchAccount"
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Encr
@@ -280,22 +235,24 @@ privateEndpoints: [
module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-batchAccounts'
params: {
+ // Required parameters
name: '<>azbaweuencr001'
- poolAllocationMode: 'BatchService'
storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- storageAuthenticationMode: 'BatchAccountManagedIdentity'
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
- }
- storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ // Non-required parameters
cMKKeyName: 'keyEncryptionKey'
cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
+ poolAllocationMode: 'BatchService'
privateEndpoints: [
{
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
service: 'batchAccount'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
}
]
+ storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ storageAuthenticationMode: 'BatchAccountManagedIdentity'
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
+ }
}
}
```
@@ -303,28 +260,59 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azbaweumin001"
- },
- "storageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azbaweuencr001"
+ },
+ "storageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ // Non-required parameters
+ "cMKKeyName": {
+ "value": "keyEncryptionKey"
+ },
+ "cMKKeyVaultResourceId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
+ },
+ "poolAllocationMode": {
+ "value": "BatchService"
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "batchAccount",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
}
+ ]
+ },
+ "storageAccessIdentity": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
+ },
+ "storageAuthenticationMode": {
+ "value": "BatchAccountManagedIdentity"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 2: Min
@@ -334,6 +322,7 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-batchAccounts'
params: {
+ // Required parameters
name: '<>azbaweumin001'
storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
}
@@ -343,66 +332,30 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azbaweux001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "batchAccount"
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "poolAllocationMode": {
- "value": "BatchService"
- },
- "storageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "storageAuthenticationMode": {
- "value": "BatchAccountManagedIdentity"
- },
- "storageAccessIdentity": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azbaweumin001"
+ },
+ "storageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
}
+ }
}
```
+
+
+
Example 3: Parameters
@@ -412,24 +365,88 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-batchAccounts'
params: {
+ // Required parameters
name: '<>azbaweux001'
+ storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ // Non-required parameters
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
lock: 'CanNotDelete'
+ poolAllocationMode: 'BatchService'
privateEndpoints: [
{
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
service: 'batchAccount'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
- poolAllocationMode: 'BatchService'
- storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- systemAssignedIdentity: true
- storageAuthenticationMode: 'BatchAccountManagedIdentity'
storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ storageAuthenticationMode: 'BatchAccountManagedIdentity'
+ systemAssignedIdentity: true
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azbaweux001"
+ },
+ "storageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ // Non-required parameters
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "poolAllocationMode": {
+ "value": "BatchService"
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "batchAccount",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ }
+ ]
+ },
+ "storageAccessIdentity": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
+ },
+ "storageAuthenticationMode": {
+ "value": "BatchAccountManagedIdentity"
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ }
}
}
```
diff --git a/modules/Microsoft.CognitiveServices/accounts/readme.md b/modules/Microsoft.CognitiveServices/accounts/readme.md
index a469252ba0..3fb7e9b5c1 100644
--- a/modules/Microsoft.CognitiveServices/accounts/readme.md
+++ b/modules/Microsoft.CognitiveServices/accounts/readme.md
@@ -404,50 +404,11 @@ userAssignedIdentities: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-cgs-encr-001"
- },
- "kind": {
- "value": "SpeechServices"
- },
- "sku": {
- "value": "S0"
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "publicNetworkAccess": {
- "value": "Enabled"
- },
- "encryption": {
- "value": {
- "keySource": "Microsoft.KeyVault",
- "keyVaultProperties": {
- "identityClientId": "c907a696-36f4-49fe-b926-39e3aabba814", // ID must be updated for new identity
- "keyVaultUri": "https://adp-<>-az-kv-nopr-002.vault.azure.net/",
- "keyName": "keyEncryptionKey",
- "keyversion": "4570a207ec394a0bbbe4fc9adc663a51" // Version must be updated for new keys
- }
- }
- }
- }
-}
-```
-
-
+Example 1: Encr
@@ -457,22 +418,24 @@ userAssignedIdentities: {
module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-accounts'
params: {
- name: '<>-az-cgs-encr-001'
+ // Required parameters
kind: 'SpeechServices'
- sku: 'S0'
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
- }
- publicNetworkAccess: 'Enabled'
+ name: '<>-az-cgs-encr-001'
+ // Non-required parameters
encryption: {
keySource: 'Microsoft.KeyVault'
keyVaultProperties: {
identityClientId: 'c907a696-36f4-49fe-b926-39e3aabba814'
- keyVaultUri: 'https://adp-<>-az-kv-nopr-002.vault.azure.net/'
keyName: 'keyEncryptionKey'
+ keyVaultUri: 'https://adp-<>-az-kv-nopr-002.vault.azure.net/'
keyversion: '4570a207ec394a0bbbe4fc9adc663a51'
}
}
+ publicNetworkAccess: 'Enabled'
+ sku: 'S0'
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
+ }
}
}
```
@@ -480,28 +443,53 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-cgs-min-001"
- },
- "kind": {
- "value": "SpeechServices"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "SpeechServices"
+ },
+ "name": {
+ "value": "<>-az-cgs-encr-001"
+ },
+ // Non-required parameters
+ "encryption": {
+ "value": {
+ "keySource": "Microsoft.KeyVault",
+ "keyVaultProperties": {
+ "identityClientId": "c907a696-36f4-49fe-b926-39e3aabba814",
+ "keyName": "keyEncryptionKey",
+ "keyVaultUri": "https://adp-<>-az-kv-nopr-002.vault.azure.net/",
+ "keyversion": "4570a207ec394a0bbbe4fc9adc663a51"
}
+ }
+ },
+ "publicNetworkAccess": {
+ "value": "Enabled"
+ },
+ "sku": {
+ "value": "S0"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 2: Min
@@ -511,8 +499,9 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-accounts'
params: {
- name: '<>-az-cgs-min-001'
+ // Required parameters
kind: 'SpeechServices'
+ name: '<>-az-cgs-min-001'
}
}
```
@@ -520,81 +509,30 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-cgs-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "kind": {
- "value": "Face"
- },
- "sku": {
- "value": "S0"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "networkAcls": {
- "value": {
- "defaultAction": "deny",
- "virtualNetworkRules": [
- {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001",
- "action": "Allow"
- }
- ]
- }
- },
- "customSubDomainName": {
- "value": "<>xdomain"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "SpeechServices"
+ },
+ "name": {
+ "value": "<>-az-cgs-min-001"
}
+ }
}
```
+
+
+
Example 3: Parameters
@@ -604,37 +542,39 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-accounts'
params: {
+ // Required parameters
+ kind: 'Face'
name: '<>-az-cgs-x-001'
+ // Non-required parameters
+ customSubDomainName: '<>xdomain'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
lock: 'CanNotDelete'
- kind: 'Face'
- sku: 'S0'
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
- }
- ]
networkAcls: {
defaultAction: 'deny'
virtualNetworkRules: [
{
- id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
action: 'Allow'
+ id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
}
]
}
- customSubDomainName: '<>xdomain'
+ roleAssignments: [
+ {
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
+ }
+ ]
+ sku: 'S0'
systemAssignedIdentity: true
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
}
}
```
@@ -642,50 +582,84 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-cgs-speech-001"
- },
- "kind": {
- "value": "SpeechServices"
- },
- "sku": {
- "value": "S0"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "customSubDomainName": {
- "value": "<>speechdomain"
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "account"
- }
- ]
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "Face"
+ },
+ "name": {
+ "value": "<>-az-cgs-x-001"
+ },
+ // Non-required parameters
+ "customSubDomainName": {
+ "value": "<>xdomain"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "networkAcls": {
+ "value": {
+ "defaultAction": "deny",
+ "virtualNetworkRules": [
+ {
+ "action": "Allow",
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
+ }
+ ]
+ }
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
+ },
+ "sku": {
+ "value": "S0"
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 4: Speech
@@ -695,20 +669,68 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-accounts'
params: {
- name: '<>-az-cgs-speech-001'
+ // Required parameters
kind: 'SpeechServices'
- sku: 'S0'
- systemAssignedIdentity: true
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
- }
+ name: '<>-az-cgs-speech-001'
+ // Non-required parameters
customSubDomainName: '<>speechdomain'
privateEndpoints: [
{
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
service: 'account'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
}
]
+ sku: 'S0'
+ systemAssignedIdentity: true
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
+ }
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "SpeechServices"
+ },
+ "name": {
+ "value": "<>-az-cgs-speech-001"
+ },
+ // Non-required parameters
+ "customSubDomainName": {
+ "value": "<>speechdomain"
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "account",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ }
+ ]
+ },
+ "sku": {
+ "value": "S0"
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ }
}
}
```
diff --git a/modules/Microsoft.Compute/availabilitySets/readme.md b/modules/Microsoft.Compute/availabilitySets/readme.md
index 69d0451b6a..c2fe02a3f3 100644
--- a/modules/Microsoft.Compute/availabilitySets/readme.md
+++ b/modules/Microsoft.Compute/availabilitySets/readme.md
@@ -149,25 +149,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avs-min-001"
- }
- }
-}
-```
-
-
+Example 1: Min
@@ -185,41 +171,26 @@ module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avs-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "proximityPlacementGroupId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<>-az-ppg-x-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>-az-avs-min-001"
}
+ }
}
```
+
+
+
Example 2: Parameters
@@ -229,17 +200,56 @@ module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-availabilitySets'
params: {
+ // Required parameters
name: '<>-az-avs-x-001'
+ // Non-required parameters
lock: 'CanNotDelete'
+ proximityPlacementGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<>-az-ppg-x-001'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- proximityPlacementGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<>-az-ppg-x-001'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-avs-x-001"
+ },
+ // Non-required parameters
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "proximityPlacementGroupId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<>-az-ppg-x-001"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
}
}
```
diff --git a/modules/Microsoft.Compute/diskEncryptionSets/readme.md b/modules/Microsoft.Compute/diskEncryptionSets/readme.md
index 7e22cabc31..d3099a7366 100644
--- a/modules/Microsoft.Compute/diskEncryptionSets/readme.md
+++ b/modules/Microsoft.Compute/diskEncryptionSets/readme.md
@@ -151,41 +151,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-des-x-001"
- },
- "keyVaultResourceId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "keyName": {
- "value": "keyEncryptionKey"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -195,15 +165,17 @@ tags: {
module diskEncryptionSets './Microsoft.Compute/diskEncryptionSets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-diskEncryptionSets'
params: {
- name: '<>-az-des-x-001'
- keyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ // Required parameters
keyName: 'keyEncryptionKey'
+ keyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ name: '<>-az-des-x-001'
+ // Non-required parameters
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -212,3 +184,40 @@ module diskEncryptionSets './Microsoft.Compute/diskEncryptionSets/deploy.bicep'
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "keyName": {
+ "value": "keyEncryptionKey"
+ },
+ "keyVaultResourceId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "name": {
+ "value": "<>-az-des-x-001"
+ },
+ // Non-required parameters
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Compute/disks/readme.md b/modules/Microsoft.Compute/disks/readme.md
index 06951fb6aa..9245f46da8 100644
--- a/modules/Microsoft.Compute/disks/readme.md
+++ b/modules/Microsoft.Compute/disks/readme.md
@@ -165,44 +165,11 @@ tags: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-disk-image-001"
- },
- "sku": {
- "value": "Standard_LRS"
- },
- "createOption": {
- "value": "FromImage"
- },
- "imageReferenceId": {
- "value": "/Subscriptions/<>/Providers/Microsoft.Compute/Locations/westeurope/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.4906.2112080838"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Image
@@ -212,16 +179,18 @@ tags: {
module disks './Microsoft.Compute/disks/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-disks'
params: {
+ // Required parameters
name: '<>-az-disk-image-001'
sku: 'Standard_LRS'
+ // Non-required parameters
createOption: 'FromImage'
imageReferenceId: '/Subscriptions/<>/Providers/Microsoft.Compute/Locations/westeurope/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.4906.2112080838'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -231,47 +200,47 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-disk-import-001"
- },
- "sku": {
- "value": "Standard_LRS"
- },
- "createOption": {
- "value": "Import"
- },
- "sourceUri": {
- "value": "https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd"
- },
- "storageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-disk-image-001"
+ },
+ "sku": {
+ "value": "Standard_LRS"
+ },
+ // Non-required parameters
+ "createOption": {
+ "value": "FromImage"
+ },
+ "imageReferenceId": {
+ "value": "/Subscriptions/<>/Providers/Microsoft.Compute/Locations/westeurope/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.4906.2112080838"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
}
+ }
}
```
+
+
+
Example 2: Import
@@ -281,19 +250,21 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
module disks './Microsoft.Compute/disks/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-disks'
params: {
+ // Required parameters
name: '<>-az-disk-import-001'
sku: 'Standard_LRS'
+ // Non-required parameters
createOption: 'Import'
- sourceUri: 'https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd'
- storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
+ sourceUri: 'https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd'
+ storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
}
}
```
@@ -301,41 +272,50 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-disk-min-001"
- },
- "sku": {
- "value": "Standard_LRS"
- },
- "diskSizeGB": {
- "value": 1
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-disk-import-001"
+ },
+ "sku": {
+ "value": "Standard_LRS"
+ },
+ // Non-required parameters
+ "createOption": {
+ "value": "Import"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
+ },
+ "sourceUri": {
+ "value": "https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd"
+ },
+ "storageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
}
+ }
}
```
+
+
+
Example 3: Min
@@ -345,15 +325,17 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
module disks './Microsoft.Compute/disks/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-disks'
params: {
+ // Required parameters
name: '<>-az-disk-min-001'
sku: 'Standard_LRS'
+ // Non-required parameters
diskSizeGB: 1
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -363,59 +345,44 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-disk-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "sku": {
- "value": "UltraSSD_LRS"
- },
- "diskSizeGB": {
- "value": 128
- },
- "logicalSectorSize": {
- "value": 512
- },
- "diskIOPSReadWrite": {
- "value": 500
- },
- "diskMBpsReadWrite": {
- "value": 60
- },
- "osType": {
- "value": "Windows"
- },
- "publicNetworkAccess": {
- "value": "Enabled"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-disk-min-001"
+ },
+ "sku": {
+ "value": "Standard_LRS"
+ },
+ // Non-required parameters
+ "diskSizeGB": {
+ "value": 1
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
}
+ }
}
```
+
+
+
Example 4: Parameters
@@ -425,21 +392,23 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
module disks './Microsoft.Compute/disks/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-disks'
params: {
+ // Required parameters
name: '<>-az-disk-x-001'
- lock: 'CanNotDelete'
sku: 'UltraSSD_LRS'
- diskSizeGB: 128
- logicalSectorSize: 512
+ // Non-required parameters
diskIOPSReadWrite: 500
diskMBpsReadWrite: 60
+ diskSizeGB: 128
+ lock: 'CanNotDelete'
+ logicalSectorSize: 512
osType: 'Windows'
publicNetworkAccess: 'Enabled'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -448,3 +417,58 @@ module disks './Microsoft.Compute/disks/deploy.bicep' = {
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-disk-x-001"
+ },
+ "sku": {
+ "value": "UltraSSD_LRS"
+ },
+ // Non-required parameters
+ "diskIOPSReadWrite": {
+ "value": 500
+ },
+ "diskMBpsReadWrite": {
+ "value": 60
+ },
+ "diskSizeGB": {
+ "value": 128
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "logicalSectorSize": {
+ "value": 512
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "publicNetworkAccess": {
+ "value": "Enabled"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Compute/galleries/readme.md b/modules/Microsoft.Compute/galleries/readme.md
index 7ac821f3aa..e9967a2994 100644
--- a/modules/Microsoft.Compute/galleries/readme.md
+++ b/modules/Microsoft.Compute/galleries/readme.md
@@ -148,66 +148,11 @@ tags: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azsigweuimages001"
- },
- "images": {
- "value": [
- {
- "name": "<>-az-imgd-x-003"
- },
- {
- "name": "<>-az-imgd-x-001",
- "osType": "Windows",
- "osState": "Generalized",
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "minRecommendedvCPUs": 2,
- "maxRecommendedvCPUs": 8,
- "minRecommendedMemory": 4,
- "maxRecommendedMemory": 16,
- "hyperVGeneration": "V1",
- "roleAssignments": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- {
- "name": "<>-az-imgd-x-002",
- "osType": "Linux",
- "osState": "Generalized",
- "publisher": "canonical",
- "offer": "0001-com-ubuntu-server-focal",
- "sku": "20_04-lts-gen2",
- "minRecommendedvCPUs": 1,
- "maxRecommendedvCPUs": 4,
- "minRecommendedMemory": 4,
- "maxRecommendedMemory": 32,
- "hyperVGeneration": "V2"
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Images
@@ -217,44 +162,46 @@ tags: {
module galleries './Microsoft.Compute/galleries/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-galleries'
params: {
+ // Required parameters
name: '<>azsigweuimages001'
+ // Non-required parameters
images: [
{
name: '<>-az-imgd-x-003'
}
{
+ hyperVGeneration: 'V1'
+ maxRecommendedMemory: 16
+ maxRecommendedvCPUs: 8
+ minRecommendedMemory: 4
+ minRecommendedvCPUs: 2
name: '<>-az-imgd-x-001'
- osType: 'Windows'
+ offer: 'WindowsServer'
osState: 'Generalized'
+ osType: 'Windows'
publisher: 'MicrosoftWindowsServer'
- offer: 'WindowsServer'
- sku: '2022-datacenter-azure-edition'
- minRecommendedvCPUs: 2
- maxRecommendedvCPUs: 8
- minRecommendedMemory: 4
- maxRecommendedMemory: 16
- hyperVGeneration: 'V1'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
+ sku: '2022-datacenter-azure-edition'
}
{
+ hyperVGeneration: 'V2'
+ maxRecommendedMemory: 32
+ maxRecommendedvCPUs: 4
+ minRecommendedMemory: 4
+ minRecommendedvCPUs: 1
name: '<>-az-imgd-x-002'
- osType: 'Linux'
+ offer: '0001-com-ubuntu-server-focal'
osState: 'Generalized'
+ osType: 'Linux'
publisher: 'canonical'
- offer: '0001-com-ubuntu-server-focal'
sku: '20_04-lts-gen2'
- minRecommendedvCPUs: 1
- maxRecommendedvCPUs: 4
- minRecommendedMemory: 4
- maxRecommendedMemory: 32
- hyperVGeneration: 'V2'
}
]
}
@@ -264,38 +211,69 @@ module galleries './Microsoft.Compute/galleries/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azsigweux001"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azsigweuimages001"
+ },
+ // Non-required parameters
+ "images": {
+ "value": [
+ {
+ "name": "<>-az-imgd-x-003"
},
- "lock": {
- "value": "CanNotDelete"
+ {
+ "hyperVGeneration": "V1",
+ "maxRecommendedMemory": 16,
+ "maxRecommendedvCPUs": 8,
+ "minRecommendedMemory": 4,
+ "minRecommendedvCPUs": 2,
+ "name": "<>-az-imgd-x-001",
+ "offer": "WindowsServer",
+ "osState": "Generalized",
+ "osType": "Windows",
+ "publisher": "MicrosoftWindowsServer",
+ "roleAssignments": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ],
+ "sku": "2022-datacenter-azure-edition"
},
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
+ {
+ "hyperVGeneration": "V2",
+ "maxRecommendedMemory": 32,
+ "maxRecommendedvCPUs": 4,
+ "minRecommendedMemory": 4,
+ "minRecommendedvCPUs": 1,
+ "name": "<>-az-imgd-x-002",
+ "offer": "0001-com-ubuntu-server-focal",
+ "osState": "Generalized",
+ "osType": "Linux",
+ "publisher": "canonical",
+ "sku": "20_04-lts-gen2"
}
+ ]
}
+ }
}
```
+
+
+
Example 2: Parameters
@@ -305,14 +283,16 @@ module galleries './Microsoft.Compute/galleries/deploy.bicep' = {
module galleries './Microsoft.Compute/galleries/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-galleries'
params: {
+ // Required parameters
name: '<>azsigweux001'
+ // Non-required parameters
lock: 'CanNotDelete'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -321,3 +301,37 @@ module galleries './Microsoft.Compute/galleries/deploy.bicep' = {
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azsigweux001"
+ },
+ // Non-required parameters
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Compute/images/readme.md b/modules/Microsoft.Compute/images/readme.md
index de9985b177..74b5fb2747 100644
--- a/modules/Microsoft.Compute/images/readme.md
+++ b/modules/Microsoft.Compute/images/readme.md
@@ -149,53 +149,11 @@ tags: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-img-x-001"
- },
- "osAccountType": {
- "value": "Premium_LRS"
- },
- "osType": {
- "value": "Windows"
- },
- "osDiskBlobUri": {
- "value": "https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd"
- },
- "osDiskCaching": {
- "value": "ReadWrite"
- },
- "zoneResilient": {
- "value": true
- },
- "hyperVGeneration": {
- "value": "V1"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -205,21 +163,72 @@ tags: {
module images './Microsoft.Compute/images/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-images'
params: {
+ // Required parameters
name: '<>-az-img-x-001'
osAccountType: 'Premium_LRS'
- osType: 'Windows'
osDiskBlobUri: 'https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd'
osDiskCaching: 'ReadWrite'
- zoneResilient: true
+ osType: 'Windows'
+ // Non-required parameters
hyperVGeneration: 'V1'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
+ zoneResilient: true
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-img-x-001"
+ },
+ "osAccountType": {
+ "value": "Premium_LRS"
+ },
+ "osDiskBlobUri": {
+ "value": "https://adp<>azsax001.blob.core.windows.net/vhds/adp-<>-az-imgt-x-001.vhd"
+ },
+ "osDiskCaching": {
+ "value": "ReadWrite"
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ // Non-required parameters
+ "hyperVGeneration": {
+ "value": "V1"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "zoneResilient": {
+ "value": true
+ }
}
}
```
diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/readme.md b/modules/Microsoft.Compute/proximityPlacementGroups/readme.md
index d9244bbe7b..3fc16f4c27 100644
--- a/modules/Microsoft.Compute/proximityPlacementGroups/readme.md
+++ b/modules/Microsoft.Compute/proximityPlacementGroups/readme.md
@@ -146,38 +146,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-ppg-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -187,14 +160,14 @@ tags: {
module proximityPlacementGroups './Microsoft.Compute/proximityPlacementGroups/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-proximityPlacementGroups'
params: {
- name: '<>-az-ppg-x-001'
lock: 'CanNotDelete'
+ name: '<>-az-ppg-x-001'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
@@ -203,3 +176,35 @@ module proximityPlacementGroups './Microsoft.Compute/proximityPlacementGroups/de
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "name": {
+ "value": "<>-az-ppg-x-001"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md
index 9499c2b043..61e2d9d935 100644
--- a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md
+++ b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md
@@ -873,79 +873,11 @@ userAssignedIdentities: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-scaleset-linux-min-001"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "osType": {
- "value": "Linux"
- },
- "skuName": {
- "value": "Standard_B2s"
- },
- "imageReference": {
- "value": {
- "publisher": "Canonical",
- "offer": "UbuntuServer",
- "sku": "18.04-LTS",
- "version": "latest"
- }
- },
- "adminUsername": {
- "value": "scaleSetAdmin"
- },
- "disablePasswordAuthentication": {
- "value": true
- },
- "publicKeys": {
- "value": [
- {
- "path": "/home/scaleSetAdmin/.ssh/authorized_keys",
- "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
- }
- ]
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic01",
- "ipConfigurations": [
- {
- "name": "ipconfig1",
- "properties": {
- "subnet": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
- }
- }
- }
- ]
- }
- ]
- }
- }
-}
-```
-
-
+Example 1: Linux Min
@@ -955,6 +887,14 @@ userAssignedIdentities: {
module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachineScaleSets'
params: {
+ // Required parameters
+ adminUsername: 'scaleSetAdmin'
+ imageReference: {
+ offer: 'UbuntuServer'
+ publisher: 'Canonical'
+ sku: '18.04-LTS'
+ version: 'latest'
+ }
name: '<>-scaleset-linux-min-001'
osDisk: {
createOption: 'fromImage'
@@ -965,23 +905,10 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
osType: 'Linux'
skuName: 'Standard_B2s'
- imageReference: {
- publisher: 'Canonical'
- offer: 'UbuntuServer'
- sku: '18.04-LTS'
- version: 'latest'
- }
- adminUsername: 'scaleSetAdmin'
+ // Non-required parameters
disablePasswordAuthentication: true
- publicKeys: [
- {
- path: '/home/scaleSetAdmin/.ssh/authorized_keys'
- keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
- }
- ]
nicConfigurations: [
{
- nicSuffix: '-nic01'
ipConfigurations: [
{
name: 'ipconfig1'
@@ -992,6 +919,13 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
}
]
+ nicSuffix: '-nic01'
+ }
+ ]
+ publicKeys: [
+ {
+ keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
+ path: '/home/scaleSetAdmin/.ssh/authorized_keys'
}
]
}
@@ -1001,205 +935,82 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-scaleset-linux-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "vmNamePrefix": {
- "value": "vmsslinvm"
- },
- "skuName": {
- "value": "Standard_B2s"
- },
- "skuCapacity": {
- "value": 1
- },
- "upgradePolicyMode": {
- "value": "Manual"
- },
- "vmPriority": {
- "value": "Regular"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "availabilityZones": {
- "value": [
- "2"
- ]
- },
- "scaleSetFaultDomain": {
- "value": 1
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "bootDiagnosticStorageAccountName": {
- "value": "adp<>azsax001"
- },
- "osType": {
- "value": "Linux"
- },
- "encryptionAtHost": {
- "value": false
- },
- "imageReference": {
- "value": {
- "publisher": "Canonical",
- "offer": "UbuntuServer",
- "sku": "18.04-LTS",
- "version": "latest"
- }
- },
- "adminUsername": {
- "value": "scaleSetAdmin"
- },
- "disablePasswordAuthentication": {
- "value": true
- },
- "publicKeys": {
- "value": [
- {
- "path": "/home/scaleSetAdmin/.ssh/authorized_keys",
- "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
- }
- ]
- },
- "dataDisks": {
- "value": [
- {
- "caching": "ReadOnly",
- "createOption": "Empty",
- "diskSizeGB": "256",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- },
- {
- "caching": "ReadOnly",
- "createOption": "Empty",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- ]
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic01",
- "ipConfigurations": [
- {
- "name": "ipconfig1",
- "properties": {
- "subnet": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
- }
- }
- }
- ]
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "extensionMonitoringAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionDependencyAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionNetworkWatcherAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionDiskEncryptionConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "EncryptionOperation": "EnableEncryption",
- "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
- "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
- "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionAlgorithm": "RSA-OAEP",
- "VolumeType": "All",
- "ResizeOSDisk": "false"
- }
- }
- },
- "extensionCustomScriptConfig": {
- "value": {
- "enabled": true,
- "fileData": [
- {
- "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1",
- "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- }
- ],
- "protectedSettings": {
- "commandToExecute": "sudo apt-get update"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "scaleSetAdmin"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "UbuntuServer",
+ "publisher": "Canonical",
+ "sku": "18.04-LTS",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "<>-scaleset-linux-min-001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "skuName": {
+ "value": "Standard_B2s"
+ },
+ // Non-required parameters
+ "disablePasswordAuthentication": {
+ "value": true
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
}
+ }
}
+ ],
+ "nicSuffix": "-nic01"
+ }
+ ]
+ },
+ "publicKeys": {
+ "value": [
+ {
+ "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
+ "path": "/home/scaleSetAdmin/.ssh/authorized_keys"
}
+ ]
}
+ }
}
```
+
+
+
Example 2: Linux
@@ -1209,13 +1020,15 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachineScaleSets'
params: {
+ // Required parameters
+ adminUsername: 'scaleSetAdmin'
+ imageReference: {
+ offer: 'UbuntuServer'
+ publisher: 'Canonical'
+ sku: '18.04-LTS'
+ version: 'latest'
+ }
name: '<>-scaleset-linux-001'
- lock: 'CanNotDelete'
- vmNamePrefix: 'vmsslinvm'
- skuName: 'Standard_B2s'
- skuCapacity: 1
- upgradePolicyMode: 'Manual'
- vmPriority: 'Regular'
osDisk: {
createOption: 'fromImage'
diskSizeGB: '128'
@@ -1223,31 +1036,13 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
storageAccountType: 'Premium_LRS'
}
}
+ osType: 'Linux'
+ skuName: 'Standard_B2s'
+ // Non-required parameters
availabilityZones: [
'2'
]
- scaleSetFaultDomain: 1
- systemAssignedIdentity: true
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
- }
bootDiagnosticStorageAccountName: 'adp<>azsax001'
- osType: 'Linux'
- encryptionAtHost: false
- imageReference: {
- publisher: 'Canonical'
- offer: 'UbuntuServer'
- sku: '18.04-LTS'
- version: 'latest'
- }
- adminUsername: 'scaleSetAdmin'
- disablePasswordAuthentication: true
- publicKeys: [
- {
- path: '/home/scaleSetAdmin/.ssh/authorized_keys'
- keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
- }
- ]
dataDisks: [
{
caching: 'ReadOnly'
@@ -1266,9 +1061,50 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
}
]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ disablePasswordAuthentication: true
+ encryptionAtHost: false
+ extensionCustomScriptConfig: {
+ enabled: true
+ fileData: [
+ {
+ storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
+ }
+ ]
+ protectedSettings: {
+ commandToExecute: 'sudo apt-get update'
+ }
+ }
+ extensionDependencyAgentConfig: {
+ enabled: true
+ }
+ extensionDiskEncryptionConfig: {
+ enabled: true
+ settings: {
+ EncryptionOperation: 'EnableEncryption'
+ KekVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ KeyEncryptionAlgorithm: 'RSA-OAEP'
+ KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
+ KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
+ ResizeOSDisk: 'false'
+ VolumeType: 'All'
+ }
+ }
+ extensionMonitoringAgentConfig: {
+ enabled: true
+ }
+ extensionNetworkWatcherAgentConfig: {
+ enabled: true
+ }
+ lock: 'CanNotDelete'
nicConfigurations: [
{
- nicSuffix: '-nic01'
ipConfigurations: [
{
name: 'ipconfig1'
@@ -1279,55 +1115,32 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
}
]
+ nicSuffix: '-nic01'
+ }
+ ]
+ publicKeys: [
+ {
+ keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
+ path: '/home/scaleSetAdmin/.ssh/authorized_keys'
}
]
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
- extensionMonitoringAgentConfig: {
- enabled: true
- }
- extensionDependencyAgentConfig: {
- enabled: true
- }
- extensionNetworkWatcherAgentConfig: {
- enabled: true
- }
- extensionDiskEncryptionConfig: {
- enabled: true
- settings: {
- EncryptionOperation: 'EnableEncryption'
- KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
- KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
- KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
- KekVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
- KeyEncryptionAlgorithm: 'RSA-OAEP'
- VolumeType: 'All'
- ResizeOSDisk: 'false'
- }
- }
- extensionCustomScriptConfig: {
- enabled: true
- fileData: [
- {
- uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
- storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- }
- ]
- protectedSettings: {
- commandToExecute: 'sudo apt-get update'
- }
+ scaleSetFaultDomain: 1
+ skuCapacity: 1
+ systemAssignedIdentity: true
+ upgradePolicyMode: 'Manual'
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
+ vmNamePrefix: 'vmsslinvm'
+ vmPriority: 'Regular'
}
}
```
@@ -1335,81 +1148,208 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-scaleset-win-min-001"
- },
- "skuName": {
- "value": "Standard_B2s"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "scaleSetAdmin"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "UbuntuServer",
+ "publisher": "Canonical",
+ "sku": "18.04-LTS",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "<>-scaleset-linux-001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "skuName": {
+ "value": "Standard_B2s"
+ },
+ // Non-required parameters
+ "availabilityZones": {
+ "value": [
+ "2"
+ ]
+ },
+ "bootDiagnosticStorageAccountName": {
+ "value": "adp<>azsax001"
+ },
+ "dataDisks": {
+ "value": [
+ {
+ "caching": "ReadOnly",
+ "createOption": "Empty",
+ "diskSizeGB": "256",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
},
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
+ {
+ "caching": "ReadOnly",
+ "createOption": "Empty",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "disablePasswordAuthentication": {
+ "value": true
+ },
+ "encryptionAtHost": {
+ "value": false
+ },
+ "extensionCustomScriptConfig": {
+ "value": {
+ "enabled": true,
+ "fileData": [
+ {
+ "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001",
+ "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1"
+ }
+ ],
+ "protectedSettings": {
+ "commandToExecute": "sudo apt-get update"
+ }
+ }
+ },
+ "extensionDependencyAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionDiskEncryptionConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "EncryptionOperation": "EnableEncryption",
+ "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyEncryptionAlgorithm": "RSA-OAEP",
+ "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5",
+ "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
+ "ResizeOSDisk": "false",
+ "VolumeType": "All"
+ }
+ }
+ },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionNetworkWatcherAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
}
+ }
}
- },
- "osType": {
- "value": "Windows"
- },
- "imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2016-Datacenter",
- "version": "latest"
- }
- },
- "adminUsername": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminUsername"
- }
- },
- "adminPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminPassword"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic01",
- "ipConfigurations": [
- {
- "name": "ipconfig1",
- "properties": {
- "subnet": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
- }
- }
- }
- ]
- }
- ]
+ ],
+ "nicSuffix": "-nic01"
+ }
+ ]
+ },
+ "publicKeys": {
+ "value": [
+ {
+ "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
+ "path": "/home/scaleSetAdmin/.ssh/authorized_keys"
+ }
+ ]
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
+ },
+ "scaleSetFaultDomain": {
+ "value": 1
+ },
+ "skuCapacity": {
+ "value": 1
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "upgradePolicyMode": {
+ "value": "Manual"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ },
+ "vmNamePrefix": {
+ "value": "vmsslinvm"
+ },
+ "vmPriority": {
+ "value": "Regular"
}
+ }
}
```
+
+
+
Example 3: Windows Min
@@ -1424,8 +1364,15 @@ resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachineScaleSets'
params: {
+ // Required parameters
+ adminUsername: kv1.getSecret('adminUsername')
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2016-Datacenter'
+ version: 'latest'
+ }
name: '<>-scaleset-win-min-001'
- skuName: 'Standard_B2s'
osDisk: {
createOption: 'fromImage'
diskSizeGB: '128'
@@ -1434,17 +1381,11 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
}
osType: 'Windows'
- imageReference: {
- publisher: 'MicrosoftWindowsServer'
- offer: 'WindowsServer'
- sku: '2016-Datacenter'
- version: 'latest'
- }
- adminUsername: kv1.getSecret('adminUsername')
+ skuName: 'Standard_B2s'
+ // Non-required parameters
adminPassword: kv1.getSecret('adminPassword')
nicConfigurations: [
{
- nicSuffix: '-nic01'
ipConfigurations: [
{
name: 'ipconfig1'
@@ -1455,6 +1396,7 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
}
]
+ nicSuffix: '-nic01'
}
]
}
@@ -1464,201 +1406,84 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-scaleset-win-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "vmNamePrefix": {
- "value": "vmsswinvm"
- },
- "skuName": {
- "value": "Standard_B2s"
- },
- "skuCapacity": {
- "value": 1
- },
- "upgradePolicyMode": {
- "value": "Manual"
- },
- "vmPriority": {
- "value": "Regular"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "osType": {
- "value": "Windows"
- },
- "encryptionAtHost": {
- "value": false
- },
- "imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2016-Datacenter",
- "version": "latest"
- }
- },
- "adminUsername": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminUsername"
- }
- },
- "adminPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminPassword"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic01",
- "ipConfigurations": [
- {
- "name": "ipconfig1",
- "properties": {
- "subnet": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
- }
- }
- }
- ]
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "extensionAntiMalwareConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "AntimalwareEnabled": true,
- "Exclusions": {
- "Extensions": ".log;.ldf",
- "Paths": "D:\\IISlogs;D:\\DatabaseLogs",
- "Processes": "mssence.svc"
- },
- "RealtimeProtectionEnabled": true,
- "ScheduledScanSettings": {
- "isEnabled": "true",
- "scanType": "Quick",
- "day": "7",
- "time": "120"
- }
- }
- }
- },
- "extensionMonitoringAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionDependencyAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionNetworkWatcherAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionDiskEncryptionConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "EncryptionOperation": "EnableEncryption",
- "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
- "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
- "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionAlgorithm": "RSA-OAEP",
- "VolumeType": "All",
- "ResizeOSDisk": "false"
- }
- }
- },
- "extensionDSCConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionCustomScriptConfig": {
- "value": {
- "enabled": true,
- "fileData": [
- {
- "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1",
- "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- }
- ],
- "protectedSettings": {
- "commandToExecute": "powershell -ExecutionPolicy Unrestricted -Command \"& .\\scriptExtensionMasterInstaller.ps1\""
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminUsername"
+ }
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2016-Datacenter",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "<>-scaleset-win-min-001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "skuName": {
+ "value": "Standard_B2s"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminPassword"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
}
+ }
}
+ ],
+ "nicSuffix": "-nic01"
}
+ ]
}
+ }
}
```
+
+
+
Example 4: Windows
@@ -1673,17 +1498,15 @@ resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachineScaleSets'
params: {
- name: '<>-scaleset-win-001'
- lock: 'CanNotDelete'
- vmNamePrefix: 'vmsswinvm'
- skuName: 'Standard_B2s'
- skuCapacity: 1
- upgradePolicyMode: 'Manual'
- vmPriority: 'Regular'
- systemAssignedIdentity: true
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
+ // Required parameters
+ adminUsername: kv1.getSecret('adminUsername')
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2016-Datacenter'
+ version: 'latest'
}
+ name: '<>-scaleset-win-001'
osDisk: {
createOption: 'fromImage'
diskSizeGB: '128'
@@ -1692,43 +1515,15 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
}
osType: 'Windows'
- encryptionAtHost: false
- imageReference: {
- publisher: 'MicrosoftWindowsServer'
- offer: 'WindowsServer'
- sku: '2016-Datacenter'
- version: 'latest'
- }
- adminUsername: kv1.getSecret('adminUsername')
+ skuName: 'Standard_B2s'
+ // Non-required parameters
adminPassword: kv1.getSecret('adminPassword')
- nicConfigurations: [
- {
- nicSuffix: '-nic01'
- ipConfigurations: [
- {
- name: 'ipconfig1'
- properties: {
- subnet: {
- id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002'
- }
- }
- }
- ]
- }
- ]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
- }
- ]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
diagnosticLogsRetentionInDays: 7
diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ encryptionAtHost: false
extensionAntiMalwareConfig: {
enabled: true
settings: {
@@ -1740,49 +1535,278 @@ module virtualMachineScaleSets './Microsoft.Compute/virtualMachineScaleSets/depl
}
RealtimeProtectionEnabled: true
ScheduledScanSettings: {
+ day: '7'
isEnabled: 'true'
scanType: 'Quick'
- day: '7'
time: '120'
}
}
}
- extensionMonitoringAgentConfig: {
+ extensionCustomScriptConfig: {
enabled: true
+ fileData: [
+ {
+ storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
+ }
+ ]
+ protectedSettings: {
+ commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command \'& .\\scriptExtensionMasterInstaller.ps1\''
+ }
}
extensionDependencyAgentConfig: {
enabled: true
}
- extensionNetworkWatcherAgentConfig: {
- enabled: true
- }
extensionDiskEncryptionConfig: {
enabled: true
settings: {
EncryptionOperation: 'EnableEncryption'
- KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
- KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
- KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
KekVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
KeyEncryptionAlgorithm: 'RSA-OAEP'
- VolumeType: 'All'
+ KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
+ KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
ResizeOSDisk: 'false'
+ VolumeType: 'All'
}
}
extensionDSCConfig: {
enabled: true
}
- extensionCustomScriptConfig: {
+ extensionMonitoringAgentConfig: {
enabled: true
- fileData: [
+ }
+ extensionNetworkWatcherAgentConfig: {
+ enabled: true
+ }
+ lock: 'CanNotDelete'
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig1'
+ properties: {
+ subnet: {
+ id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002'
+ }
+ }
+ }
+ ]
+ nicSuffix: '-nic01'
+ }
+ ]
+ roleAssignments: [
+ {
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
+ }
+ ]
+ skuCapacity: 1
+ systemAssignedIdentity: true
+ upgradePolicyMode: 'Manual'
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
+ }
+ vmNamePrefix: 'vmsswinvm'
+ vmPriority: 'Regular'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminUsername"
+ }
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2016-Datacenter",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "<>-scaleset-win-001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "skuName": {
+ "value": "Standard_B2s"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminPassword"
+ }
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "encryptionAtHost": {
+ "value": false
+ },
+ "extensionAntiMalwareConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "AntimalwareEnabled": true,
+ "Exclusions": {
+ "Extensions": ".log;.ldf",
+ "Paths": "D:\\IISlogs;D:\\DatabaseLogs",
+ "Processes": "mssence.svc"
+ },
+ "RealtimeProtectionEnabled": true,
+ "ScheduledScanSettings": {
+ "day": "7",
+ "isEnabled": "true",
+ "scanType": "Quick",
+ "time": "120"
+ }
+ }
+ }
+ },
+ "extensionCustomScriptConfig": {
+ "value": {
+ "enabled": true,
+ "fileData": [
+ {
+ "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001",
+ "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1"
+ }
+ ],
+ "protectedSettings": {
+ "commandToExecute": "powershell -ExecutionPolicy Unrestricted -Command \"& .\\scriptExtensionMasterInstaller.ps1\""
+ }
+ }
+ },
+ "extensionDependencyAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionDiskEncryptionConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "EncryptionOperation": "EnableEncryption",
+ "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyEncryptionAlgorithm": "RSA-OAEP",
+ "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5",
+ "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
+ "ResizeOSDisk": "false",
+ "VolumeType": "All"
+ }
+ }
+ },
+ "extensionDSCConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionNetworkWatcherAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "nicConfigurations": {
+ "value": [
{
- uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
- storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-002"
+ }
+ }
+ }
+ ],
+ "nicSuffix": "-nic01"
}
]
- protectedSettings: {
- commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command \'& .\\scriptExtensionMasterInstaller.ps1\''
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "skuCapacity": {
+ "value": 1
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "upgradePolicyMode": {
+ "value": "Manual"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
}
+ },
+ "vmNamePrefix": {
+ "value": "vmsswinvm"
+ },
+ "vmPriority": {
+ "value": "Regular"
}
}
}
diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md
index 9439d45942..2577539230 100644
--- a/modules/Microsoft.Compute/virtualMachines/readme.md
+++ b/modules/Microsoft.Compute/virtualMachines/readme.md
@@ -1000,80 +1000,11 @@ For further details on automanage please refer to [Automanage virtual machines](
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-vm-linux-autmg-01"
- },
- "osType": {
- "value": "Linux"
- },
- "imageReference": {
- "value": {
- "publisher": "Canonical",
- "offer": "UbuntuServer",
- "sku": "18.04-LTS",
- "version": "latest"
- }
- },
- "osDisk": {
- "value": {
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "vmSize": {
- "value": "Standard_B12ms"
- },
- "adminUsername": {
- "value": "localAdminUser"
- },
- "disablePasswordAuthentication": {
- "value": true
- },
- "publicKeys": {
- "value": [
- {
- "path": "/home/localAdminUser/.ssh/authorized_keys",
- "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
- }
- ]
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic-01",
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001",
- "pipConfiguration": {
- "publicIpNameSuffix": "-pip-01"
- }
- }
- ]
- }
- ]
- },
- "configurationProfile": {
- "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
- }
- }
-}
-```
-
-
+Example 1: Linux Autmg
@@ -1083,44 +1014,46 @@ For further details on automanage please refer to [Automanage virtual machines](
module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachines'
params: {
- name: '<>-vm-linux-autmg-01'
- osType: 'Linux'
+ // Required parameters
+ adminUsername: 'localAdminUser'
imageReference: {
- publisher: 'Canonical'
offer: 'UbuntuServer'
+ publisher: 'Canonical'
sku: '18.04-LTS'
version: 'latest'
}
- osDisk: {
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- vmSize: 'Standard_B12ms'
- adminUsername: 'localAdminUser'
- disablePasswordAuthentication: true
- publicKeys: [
- {
- path: '/home/localAdminUser/.ssh/authorized_keys'
- keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
- }
- ]
nicConfigurations: [
{
- nicSuffix: '-nic-01'
ipConfigurations: [
{
name: 'ipconfig01'
- subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
pipConfiguration: {
publicIpNameSuffix: '-pip-01'
}
+ subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
}
]
+ nicSuffix: '-nic-01'
}
]
+ osDisk: {
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Linux'
+ vmSize: 'Standard_B12ms'
+ // Non-required parameters
configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ disablePasswordAuthentication: true
+ name: '<>-vm-linux-autmg-01'
+ publicKeys: [
+ {
+ keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
+ path: '/home/localAdminUser/.ssh/authorized_keys'
+ }
+ ]
}
}
```
@@ -1128,77 +1061,83 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-vm-linux-min-01"
- },
- "osType": {
- "value": "Linux"
- },
- "imageReference": {
- "value": {
- "publisher": "Canonical",
- "offer": "UbuntuServer",
- "sku": "18.04-LTS",
- "version": "latest"
- }
- },
- "osDisk": {
- "value": {
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "UbuntuServer",
+ "publisher": "Canonical",
+ "sku": "18.04-LTS",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "pipConfiguration": {
+ "publicIpNameSuffix": "-pip-01"
+ },
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
}
- },
- "vmSize": {
- "value": "Standard_B12ms"
- },
- "adminUsername": {
- "value": "localAdminUser"
- },
- "disablePasswordAuthentication": {
- "value": true
- },
- "publicKeys": {
- "value": [
- {
- "path": "/home/localAdminUser/.ssh/authorized_keys",
- "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
- }
- ]
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic-01",
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001",
- "pipConfiguration": {
- "publicIpNameSuffix": "-pip-01"
- }
- }
- ]
- }
- ]
+ ],
+ "nicSuffix": "-nic-01"
+ }
+ ]
+ },
+ "osDisk": {
+ "value": {
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "vmSize": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "configurationProfile": {
+ "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
+ },
+ "disablePasswordAuthentication": {
+ "value": true
+ },
+ "name": {
+ "value": "<>-vm-linux-autmg-01"
+ },
+ "publicKeys": {
+ "value": [
+ {
+ "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
+ "path": "/home/localAdminUser/.ssh/authorized_keys"
}
+ ]
}
+ }
}
```
+
+
+
Example 2: Linux Min
@@ -1208,41 +1147,43 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachines'
params: {
- name: '<>-vm-linux-min-01'
- osType: 'Linux'
+ // Required parameters
+ adminUsername: 'localAdminUser'
imageReference: {
- publisher: 'Canonical'
offer: 'UbuntuServer'
+ publisher: 'Canonical'
sku: '18.04-LTS'
version: 'latest'
}
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig01'
+ pipConfiguration: {
+ publicIpNameSuffix: '-pip-01'
+ }
+ subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
+ }
+ ]
+ nicSuffix: '-nic-01'
+ }
+ ]
osDisk: {
diskSizeGB: '128'
managedDisk: {
storageAccountType: 'Premium_LRS'
}
}
+ osType: 'Linux'
vmSize: 'Standard_B12ms'
- adminUsername: 'localAdminUser'
+ // Non-required parameters
disablePasswordAuthentication: true
+ name: '<>-vm-linux-min-01'
publicKeys: [
{
- path: '/home/localAdminUser/.ssh/authorized_keys'
keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
- }
- ]
- nicConfigurations: [
- {
- nicSuffix: '-nic-01'
- ipConfigurations: [
- {
- name: 'ipconfig01'
- subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
- pipConfiguration: {
- publicIpNameSuffix: '-pip-01'
- }
- }
- ]
+ path: '/home/localAdminUser/.ssh/authorized_keys'
}
]
}
@@ -1252,234 +1193,80 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-vm-linux-01"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "osType": {
- "value": "Linux"
- },
- "encryptionAtHost": {
- "value": false
- },
- "availabilityZone": {
- "value": 1
- },
- "vmSize": {
- "value": "Standard_B12ms"
- },
- "imageReference": {
- "value": {
- "publisher": "Canonical",
- "offer": "UbuntuServer",
- "sku": "18.04-LTS",
- "version": "latest"
- }
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "deleteOption": "Delete",
- "caching": "ReadOnly",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "dataDisks": {
- "value": [
- {
- "createOption": "Empty",
- "deleteOption": "Delete",
- "caching": "ReadWrite",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- },
- {
- "createOption": "Empty",
- "deleteOption": "Delete",
- "caching": "ReadWrite",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- ]
- },
- "adminUsername": {
- "value": "localAdminUser"
- },
- "disablePasswordAuthentication": {
- "value": true
- },
- "publicKeys": {
- "value": [
- {
- "path": "/home/localAdminUser/.ssh/authorized_keys",
- "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
- }
- ]
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic-01",
- "deleteOption": "Delete",
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001",
- "pipConfiguration": {
- "publicIpNameSuffix": "-pip-01",
- "roleAssignments": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "loadBalancerBackendAddressPools": [
- {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers"
- }
- ],
- "applicationSecurityGroups": [
- {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001"
- }
- ]
- }
- ],
- "roleAssignments": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- ]
- },
- "backupVaultName": {
- "value": "adp-<>-az-rsv-x-001"
- },
- "backupVaultResourceGroup": {
- "value": "validation-rg"
- },
- "backupPolicyName": {
- "value": "VMpolicy"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "extensionMonitoringAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "monitoringWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "extensionDependencyAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionNetworkWatcherAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionDiskEncryptionConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "EncryptionOperation": "EnableEncryption",
- "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
- "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
- "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionAlgorithm": "RSA-OAEP",
- "VolumeType": "All",
- "ResizeOSDisk": "false"
- }
- }
- },
- "extensionDSCConfig": {
- "value": {
- "enabled": false
- }
- },
- "extensionCustomScriptConfig": {
- "value": {
- "enabled": true,
- "fileData": [
- {
- "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1",
- "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- }
- ]
- }
- },
- "extensionCustomScriptProtectedSetting": {
- "value": {
- "commandToExecute": "sudo apt-get update"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "UbuntuServer",
+ "publisher": "Canonical",
+ "sku": "18.04-LTS",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "pipConfiguration": {
+ "publicIpNameSuffix": "-pip-01"
+ },
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
}
+ ],
+ "nicSuffix": "-nic-01"
+ }
+ ]
+ },
+ "osDisk": {
+ "value": {
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "vmSize": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "disablePasswordAuthentication": {
+ "value": true
+ },
+ "name": {
+ "value": "<>-vm-linux-min-01"
+ },
+ "publicKeys": {
+ "value": [
+ {
+ "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
+ "path": "/home/localAdminUser/.ssh/authorized_keys"
}
+ ]
}
+ }
}
```
+
+
+
Example 3: Linux
@@ -1489,153 +1276,155 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachines'
params: {
- name: '<>-vm-linux-01'
- lock: 'CanNotDelete'
- systemAssignedIdentity: true
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
- }
- osType: 'Linux'
- encryptionAtHost: false
- availabilityZone: 1
- vmSize: 'Standard_B12ms'
+ // Required parameters
+ adminUsername: 'localAdminUser'
imageReference: {
- publisher: 'Canonical'
offer: 'UbuntuServer'
+ publisher: 'Canonical'
sku: '18.04-LTS'
version: 'latest'
}
- osDisk: {
- createOption: 'fromImage'
- deleteOption: 'Delete'
- caching: 'ReadOnly'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- dataDisks: [
+ nicConfigurations: [
{
- createOption: 'Empty'
- deleteOption: 'Delete'
- caching: 'ReadWrite'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- {
- createOption: 'Empty'
- deleteOption: 'Delete'
- caching: 'ReadWrite'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- ]
- adminUsername: 'localAdminUser'
- disablePasswordAuthentication: true
- publicKeys: [
- {
- path: '/home/localAdminUser/.ssh/authorized_keys'
- keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
- }
- ]
- nicConfigurations: [
- {
- nicSuffix: '-nic-01'
deleteOption: 'Delete'
ipConfigurations: [
{
+ applicationSecurityGroups: [
+ {
+ id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001'
+ }
+ ]
+ loadBalancerBackendAddressPools: [
+ {
+ id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers'
+ }
+ ]
name: 'ipconfig01'
- subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
pipConfiguration: {
publicIpNameSuffix: '-pip-01'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
- loadBalancerBackendAddressPools: [
- {
- id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers'
- }
- ]
- applicationSecurityGroups: [
- {
- id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001'
- }
- ]
+ subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
}
]
+ nicSuffix: '-nic-01'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
]
+ osDisk: {
+ caching: 'ReadOnly'
+ createOption: 'fromImage'
+ deleteOption: 'Delete'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Linux'
+ vmSize: 'Standard_B12ms'
+ // Non-required parameters
+ availabilityZone: 1
+ backupPolicyName: 'VMpolicy'
backupVaultName: 'adp-<>-az-rsv-x-001'
backupVaultResourceGroup: 'validation-rg'
- backupPolicyName: 'VMpolicy'
- roleAssignments: [
+ dataDisks: [
{
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
+ caching: 'ReadWrite'
+ createOption: 'Empty'
+ deleteOption: 'Delete'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ {
+ caching: 'ReadWrite'
+ createOption: 'Empty'
+ deleteOption: 'Delete'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
}
]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
diagnosticLogsRetentionInDays: 7
diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
- extensionMonitoringAgentConfig: {
+ disablePasswordAuthentication: true
+ encryptionAtHost: false
+ extensionCustomScriptConfig: {
enabled: true
+ fileData: [
+ {
+ storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
+ }
+ ]
}
- monitoringWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- extensionDependencyAgentConfig: {
- enabled: true
+ extensionCustomScriptProtectedSetting: {
+ commandToExecute: 'sudo apt-get update'
}
- extensionNetworkWatcherAgentConfig: {
+ extensionDependencyAgentConfig: {
enabled: true
}
extensionDiskEncryptionConfig: {
enabled: true
settings: {
EncryptionOperation: 'EnableEncryption'
- KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
- KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
- KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
KekVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
KeyEncryptionAlgorithm: 'RSA-OAEP'
- VolumeType: 'All'
+ KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
+ KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
ResizeOSDisk: 'false'
+ VolumeType: 'All'
}
}
extensionDSCConfig: {
enabled: false
}
- extensionCustomScriptConfig: {
+ extensionMonitoringAgentConfig: {
enabled: true
- fileData: [
- {
- uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
- storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- }
- ]
}
- extensionCustomScriptProtectedSetting: {
- commandToExecute: 'sudo apt-get update'
+ extensionNetworkWatcherAgentConfig: {
+ enabled: true
+ }
+ lock: 'CanNotDelete'
+ monitoringWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ name: '<>-vm-linux-01'
+ publicKeys: [
+ {
+ keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
+ path: '/home/localAdminUser/.ssh/authorized_keys'
+ }
+ ]
+ roleAssignments: [
+ {
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
+ }
+ ]
+ systemAssignedIdentity: true
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
}
}
@@ -1644,74 +1433,237 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-
Example 4
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-vm-win-03"
- },
- "imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2019-Datacenter",
- "version": "latest"
- }
- },
- "osType": {
- "value": "Windows"
- },
- "vmSize": {
- "value": "Standard_B12ms"
- },
- "osDisk": {
- "value": {
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "UbuntuServer",
+ "publisher": "Canonical",
+ "sku": "18.04-LTS",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "deleteOption": "Delete",
+ "ipConfigurations": [
+ {
+ "applicationSecurityGroups": [
+ {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001"
}
- }
- },
- "adminUsername": {
- "value": "localAdminUser"
- },
- "adminPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminPassword"
- }
- },
- "nicConfigurations": {
- "value": [
+ ],
+ "loadBalancerBackendAddressPools": [
{
- "nicSuffix": "-nic-01",
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
- }
- ]
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers"
}
- ]
+ ],
+ "name": "ipconfig01",
+ "pipConfiguration": {
+ "publicIpNameSuffix": "-pip-01",
+ "roleAssignments": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
+ }
+ ],
+ "nicSuffix": "-nic-01",
+ "roleAssignments": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
+ ]
+ },
+ "osDisk": {
+ "value": {
+ "caching": "ReadOnly",
+ "createOption": "fromImage",
+ "deleteOption": "Delete",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "vmSize": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "availabilityZone": {
+ "value": 1
+ },
+ "backupPolicyName": {
+ "value": "VMpolicy"
+ },
+ "backupVaultName": {
+ "value": "adp-<>-az-rsv-x-001"
+ },
+ "backupVaultResourceGroup": {
+ "value": "validation-rg"
+ },
+ "dataDisks": {
+ "value": [
+ {
+ "caching": "ReadWrite",
+ "createOption": "Empty",
+ "deleteOption": "Delete",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
},
- "configurationProfile": {
- "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
+ {
+ "caching": "ReadWrite",
+ "createOption": "Empty",
+ "deleteOption": "Delete",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "disablePasswordAuthentication": {
+ "value": true
+ },
+ "encryptionAtHost": {
+ "value": false
+ },
+ "extensionCustomScriptConfig": {
+ "value": {
+ "enabled": true,
+ "fileData": [
+ {
+ "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001",
+ "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1"
+ }
+ ]
+ }
+ },
+ "extensionCustomScriptProtectedSetting": {
+ "value": {
+ "commandToExecute": "sudo apt-get update"
+ }
+ },
+ "extensionDependencyAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionDiskEncryptionConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "EncryptionOperation": "EnableEncryption",
+ "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyEncryptionAlgorithm": "RSA-OAEP",
+ "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5",
+ "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
+ "ResizeOSDisk": "false",
+ "VolumeType": "All"
+ }
+ }
+ },
+ "extensionDSCConfig": {
+ "value": {
+ "enabled": false
+ }
+ },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionNetworkWatcherAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "monitoringWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "name": {
+ "value": "<>-vm-linux-01"
+ },
+ "publicKeys": {
+ "value": [
+ {
+ "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
+ "path": "/home/localAdminUser/.ssh/authorized_keys"
+ }
+ ]
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 4: Windows Autmg
@@ -1726,107 +1678,115 @@ resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachines'
params: {
- name: '<>-vm-win-03'
+ // Required parameters
+ adminUsername: 'localAdminUser'
imageReference: {
- publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
- osType: 'Windows'
- vmSize: 'Standard_B12ms'
- osDisk: {
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- adminUsername: 'localAdminUser'
- adminPassword: kv1.getSecret('adminPassword')
nicConfigurations: [
{
- nicSuffix: '-nic-01'
ipConfigurations: [
{
name: 'ipconfig01'
subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
}
]
+ nicSuffix: '-nic-01'
}
]
- configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
- }
+ osDisk: {
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Windows'
+ vmSize: 'Standard_B12ms'
+ // Non-required parameters
+ adminPassword: kv1.getSecret('adminPassword')
+ configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ name: '<>-vm-win-03'
+ }
}
```
-
Example 5
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-vm-win-02"
- },
- "imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
- },
- "osType": {
- "value": "Windows"
- },
- "vmSize": {
- "value": "Standard_B12ms"
- },
- "osDisk": {
- "value": {
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "adminUsername": {
- "value": "localAdminUser"
- },
- "adminPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminPassword"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2019-Datacenter",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
}
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic-01",
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
- }
- ]
- }
- ]
+ ],
+ "nicSuffix": "-nic-01"
}
+ ]
+ },
+ "osDisk": {
+ "value": {
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "vmSize": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminPassword"
+ }
+ },
+ "configurationProfile": {
+ "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
+ },
+ "name": {
+ "value": "<>-vm-win-03"
}
+ }
}
```
+
+
+
Example 5: Windows Min
@@ -1841,34 +1801,36 @@ resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachines'
params: {
- name: '<>-vm-win-02'
+ // Required parameters
+ adminUsername: 'localAdminUser'
imageReference: {
- publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
sku: '2022-datacenter-azure-edition'
version: 'latest'
}
- osType: 'Windows'
- vmSize: 'Standard_B12ms'
- osDisk: {
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- adminUsername: 'localAdminUser'
- adminPassword: kv1.getSecret('adminPassword')
nicConfigurations: [
{
- nicSuffix: '-nic-01'
ipConfigurations: [
{
name: 'ipconfig01'
subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
}
]
+ nicSuffix: '-nic-01'
}
]
+ osDisk: {
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Windows'
+ vmSize: 'Standard_B12ms'
+ // Non-required parameters
+ adminPassword: kv1.getSecret('adminPassword')
+ name: '<>-vm-win-02'
}
}
```
@@ -1876,251 +1838,74 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-
Example 6
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-vm-win-01"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "encryptionAtHost": {
- "value": false
- },
- "imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2019-Datacenter",
- "version": "latest"
- }
- },
- "osType": {
- "value": "Windows"
- },
- "vmSize": {
- "value": "Standard_B12ms"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "deleteOption": "Delete",
- "caching": "None",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "dataDisks": {
- "value": [
- {
- "createOption": "Empty",
- "deleteOption": "Delete",
- "caching": "None",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- },
- {
- "createOption": "Empty",
- "deleteOption": "Delete",
- "caching": "None",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- ]
- },
- "availabilityZone": {
- "value": 2
- },
- "adminUsername": {
- "value": "localAdminUser"
- },
- "adminPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
- },
- "secretName": "adminPassword"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic-01",
- "deleteOption": "Delete",
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001",
- "pipConfiguration": {
- "publicIpNameSuffix": "-pip-01",
- "roleAssignments": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "loadBalancerBackendAddressPools": [
- {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers"
- }
- ],
- "applicationSecurityGroups": [
- {
- "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001"
- }
- ]
- }
- ],
- "roleAssignments": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- }
- ]
- },
- "backupVaultName": {
- "value": "adp-<>-az-rsv-x-001"
- },
- "backupVaultResourceGroup": {
- "value": "validation-rg"
- },
- "backupPolicyName": {
- "value": "VMpolicy"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "extensionAntiMalwareConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "AntimalwareEnabled": "true",
- "Exclusions": {
- "Extensions": ".ext1;.ext2",
- "Paths": "c:\\excluded-path-1;c:\\excluded-path-2",
- "Processes": "excludedproc1.exe;excludedproc2.exe"
- },
- "RealtimeProtectionEnabled": "true",
- "ScheduledScanSettings": {
- "isEnabled": "true",
- "scanType": "Quick",
- "day": "7",
- "time": "120"
- }
- }
- }
- },
- "extensionMonitoringAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "monitoringWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "extensionDependencyAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionNetworkWatcherAgentConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionDiskEncryptionConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "EncryptionOperation": "EnableEncryption",
- "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
- "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
- "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
- "KeyEncryptionAlgorithm": "RSA-OAEP",
- "VolumeType": "All",
- "ResizeOSDisk": "false"
- }
- }
- },
- "extensionDSCConfig": {
- "value": {
- "enabled": true
- }
- },
- "extensionCustomScriptConfig": {
- "value": {
- "enabled": true,
- "fileData": [
- {
- "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1",
- "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- }
- ]
- }
- },
- "extensionCustomScriptProtectedSetting": {
- "value": {
- "commandToExecute": "powershell -ExecutionPolicy Unrestricted -Command \"& .\\scriptExtensionMasterInstaller.ps1\""
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
}
+ ],
+ "nicSuffix": "-nic-01"
+ }
+ ]
+ },
+ "osDisk": {
+ "value": {
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
}
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "vmSize": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminPassword"
+ }
+ },
+ "name": {
+ "value": "<>-vm-win-02"
}
+ }
}
```
+
+
+
Example 6: Windows
@@ -2135,110 +1920,98 @@ resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-virtualMachines'
params: {
- name: '<>-vm-win-01'
- lock: 'CanNotDelete'
- encryptionAtHost: false
+ // Required parameters
+ adminUsername: 'localAdminUser'
imageReference: {
- publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
- osType: 'Windows'
- vmSize: 'Standard_B12ms'
- osDisk: {
- createOption: 'fromImage'
- deleteOption: 'Delete'
- caching: 'None'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- dataDisks: [
- {
- createOption: 'Empty'
- deleteOption: 'Delete'
- caching: 'None'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- {
- createOption: 'Empty'
- deleteOption: 'Delete'
- caching: 'None'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- ]
- availabilityZone: 2
- adminUsername: 'localAdminUser'
- adminPassword: kv1.getSecret('adminPassword')
nicConfigurations: [
{
- nicSuffix: '-nic-01'
deleteOption: 'Delete'
ipConfigurations: [
{
+ applicationSecurityGroups: [
+ {
+ id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001'
+ }
+ ]
+ loadBalancerBackendAddressPools: [
+ {
+ id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers'
+ }
+ ]
name: 'ipconfig01'
- subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
pipConfiguration: {
publicIpNameSuffix: '-pip-01'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
- loadBalancerBackendAddressPools: [
- {
- id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers'
- }
- ]
- applicationSecurityGroups: [
- {
- id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001'
- }
- ]
+ subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001'
}
]
+ nicSuffix: '-nic-01'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
}
]
+ osDisk: {
+ caching: 'None'
+ createOption: 'fromImage'
+ deleteOption: 'Delete'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Windows'
+ vmSize: 'Standard_B12ms'
+ // Non-required parameters
+ adminPassword: kv1.getSecret('adminPassword')
+ availabilityZone: 2
+ backupPolicyName: 'VMpolicy'
backupVaultName: 'adp-<>-az-rsv-x-001'
backupVaultResourceGroup: 'validation-rg'
- backupPolicyName: 'VMpolicy'
- roleAssignments: [
+ dataDisks: [
{
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
+ caching: 'None'
+ createOption: 'Empty'
+ deleteOption: 'Delete'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ {
+ caching: 'None'
+ createOption: 'Empty'
+ deleteOption: 'Delete'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
}
]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
diagnosticLogsRetentionInDays: 7
diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
- systemAssignedIdentity: true
- userAssignedIdentities: {
- '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
- }
+ encryptionAtHost: false
extensionAntiMalwareConfig: {
enabled: true
settings: {
@@ -2250,50 +2023,311 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
}
RealtimeProtectionEnabled: 'true'
ScheduledScanSettings: {
+ day: '7'
isEnabled: 'true'
scanType: 'Quick'
- day: '7'
time: '120'
}
}
}
- extensionMonitoringAgentConfig: {
+ extensionCustomScriptConfig: {
enabled: true
+ fileData: [
+ {
+ storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
+ }
+ ]
}
- monitoringWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- extensionDependencyAgentConfig: {
- enabled: true
+ extensionCustomScriptProtectedSetting: {
+ commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command \'& .\\scriptExtensionMasterInstaller.ps1\''
}
- extensionNetworkWatcherAgentConfig: {
+ extensionDependencyAgentConfig: {
enabled: true
}
extensionDiskEncryptionConfig: {
enabled: true
settings: {
EncryptionOperation: 'EnableEncryption'
- KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
- KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
- KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
KekVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
KeyEncryptionAlgorithm: 'RSA-OAEP'
- VolumeType: 'All'
+ KeyEncryptionKeyURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
+ KeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001'
+ KeyVaultURL: 'https://adp-<>-az-kv-x-001.vault.azure.net/'
ResizeOSDisk: 'false'
+ VolumeType: 'All'
}
}
extensionDSCConfig: {
enabled: true
}
- extensionCustomScriptConfig: {
+ extensionMonitoringAgentConfig: {
enabled: true
- fileData: [
+ }
+ extensionNetworkWatcherAgentConfig: {
+ enabled: true
+ }
+ lock: 'CanNotDelete'
+ monitoringWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ name: '<>-vm-win-01'
+ roleAssignments: [
+ {
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
+ }
+ ]
+ systemAssignedIdentity: true
+ userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
+ }
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2019-Datacenter",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
{
- uri: 'https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
- storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ "deleteOption": "Delete",
+ "ipConfigurations": [
+ {
+ "applicationSecurityGroups": [
+ {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001"
+ }
+ ],
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers"
+ }
+ ],
+ "name": "ipconfig01",
+ "pipConfiguration": {
+ "publicIpNameSuffix": "-pip-01",
+ "roleAssignments": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001"
+ }
+ ],
+ "nicSuffix": "-nic-01",
+ "roleAssignments": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
}
]
- }
- extensionCustomScriptProtectedSetting: {
- commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command \'& .\\scriptExtensionMasterInstaller.ps1\''
+ },
+ "osDisk": {
+ "value": {
+ "caching": "None",
+ "createOption": "fromImage",
+ "deleteOption": "Delete",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "vmSize": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001"
+ },
+ "secretName": "adminPassword"
+ }
+ },
+ "availabilityZone": {
+ "value": 2
+ },
+ "backupPolicyName": {
+ "value": "VMpolicy"
+ },
+ "backupVaultName": {
+ "value": "adp-<>-az-rsv-x-001"
+ },
+ "backupVaultResourceGroup": {
+ "value": "validation-rg"
+ },
+ "dataDisks": {
+ "value": [
+ {
+ "caching": "None",
+ "createOption": "Empty",
+ "deleteOption": "Delete",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ },
+ {
+ "caching": "None",
+ "createOption": "Empty",
+ "deleteOption": "Delete",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "encryptionAtHost": {
+ "value": false
+ },
+ "extensionAntiMalwareConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "AntimalwareEnabled": "true",
+ "Exclusions": {
+ "Extensions": ".ext1;.ext2",
+ "Paths": "c:\\excluded-path-1;c:\\excluded-path-2",
+ "Processes": "excludedproc1.exe;excludedproc2.exe"
+ },
+ "RealtimeProtectionEnabled": "true",
+ "ScheduledScanSettings": {
+ "day": "7",
+ "isEnabled": "true",
+ "scanType": "Quick",
+ "time": "120"
+ }
+ }
+ }
+ },
+ "extensionCustomScriptConfig": {
+ "value": {
+ "enabled": true,
+ "fileData": [
+ {
+ "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001",
+ "uri": "https://adp<>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1"
+ }
+ ]
+ }
+ },
+ "extensionCustomScriptProtectedSetting": {
+ "value": {
+ "commandToExecute": "powershell -ExecutionPolicy Unrestricted -Command \"& .\\scriptExtensionMasterInstaller.ps1\""
+ }
+ },
+ "extensionDependencyAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionDiskEncryptionConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "EncryptionOperation": "EnableEncryption",
+ "KekVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyEncryptionAlgorithm": "RSA-OAEP",
+ "KeyEncryptionKeyURL": "https://adp-<>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5",
+ "KeyVaultResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001",
+ "KeyVaultURL": "https://adp-<>-az-kv-x-001.vault.azure.net/",
+ "ResizeOSDisk": "false",
+ "VolumeType": "All"
+ }
+ }
+ },
+ "extensionDSCConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionMonitoringAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "extensionNetworkWatcherAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "monitoringWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "name": {
+ "value": "<>-vm-win-01"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
}
}
diff --git a/modules/Microsoft.Consumption/budgets/readme.md b/modules/Microsoft.Consumption/budgets/readme.md
index 006419b774..5b38bd9e32 100644
--- a/modules/Microsoft.Consumption/budgets/readme.md
+++ b/modules/Microsoft.Consumption/budgets/readme.md
@@ -48,39 +48,11 @@ This module deploys budgets for subscriptions.
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "amount": {
- "value": 500
- },
- "thresholds": {
- "value": [
- 50,
- 75,
- 90,
- 100,
- 110
- ]
- },
- "contactEmails": {
- "value": [
- "dummy@contoso.com"
- ]
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -90,7 +62,12 @@ This module deploys budgets for subscriptions.
module budgets './Microsoft.Consumption/budgets/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-budgets'
params: {
+ // Required parameters
amount: 500
+ // Non-required parameters
+ contactEmails: [
+ 'dummy@contoso.com'
+ ]
thresholds: [
50
75
@@ -98,9 +75,41 @@ module budgets './Microsoft.Consumption/budgets/deploy.bicep' = {
100
110
]
- contactEmails: [
- 'dummy@contoso.com'
- ]
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "amount": {
+ "value": 500
+ },
+ // Non-required parameters
+ "contactEmails": {
+ "value": [
+ "dummy@contoso.com"
+ ]
+ },
+ "thresholds": {
+ "value": [
+ 50,
+ 75,
+ 90,
+ 100,
+ 110
+ ]
+ }
}
}
```
diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md
index aa5719fbd0..68eca6e97f 100644
--- a/modules/Microsoft.ContainerInstance/containerGroups/readme.md
+++ b/modules/Microsoft.ContainerInstance/containerGroups/readme.md
@@ -170,54 +170,11 @@ userAssignedIdentities: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-acg-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "containerName": {
- "value": "<>-az-aci-x-001"
- },
- "image": {
- "value": "mcr.microsoft.com/azuredocs/aci-helloworld"
- },
- "ports": {
- "value": [
- {
- "protocol": "Tcp",
- "port": "80"
- },
- {
- "protocol": "Tcp",
- "port": "443"
- }
- ]
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -227,18 +184,20 @@ userAssignedIdentities: {
module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-containerGroups'
params: {
- name: '<>-az-acg-x-001'
- lock: 'CanNotDelete'
+ // Required parameters
containerName: '<>-az-aci-x-001'
image: 'mcr.microsoft.com/azuredocs/aci-helloworld'
+ name: '<>-az-acg-x-001'
+ // Non-required parameters
+ lock: 'CanNotDelete'
ports: [
{
- protocol: 'Tcp'
port: '80'
+ protocol: 'Tcp'
}
{
- protocol: 'Tcp'
port: '443'
+ protocol: 'Tcp'
}
]
systemAssignedIdentity: true
@@ -251,3 +210,53 @@ module containerGroups './Microsoft.ContainerInstance/containerGroups/deploy.bic
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "containerName": {
+ "value": "<>-az-aci-x-001"
+ },
+ "image": {
+ "value": "mcr.microsoft.com/azuredocs/aci-helloworld"
+ },
+ "name": {
+ "value": "<>-az-acg-x-001"
+ },
+ // Non-required parameters
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "ports": {
+ "value": [
+ {
+ "port": "80",
+ "protocol": "Tcp"
+ },
+ {
+ "port": "443",
+ "protocol": "Tcp"
+ }
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md
index 4c0037875c..93caccb677 100644
--- a/modules/Microsoft.ContainerRegistry/registries/readme.md
+++ b/modules/Microsoft.ContainerRegistry/registries/readme.md
@@ -331,45 +331,11 @@ userAssignedIdentities: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azacrencr001"
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "publicNetworkAccess": {
- "value": "Disabled"
- },
- "acrSku": {
- "value": "Premium"
- },
- "cMKUserAssignedIdentityResourceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- },
- "cMKKeyVaultResourceId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
- },
- "cMKKeyName": {
- "value": "keyEncryptionKey"
- }
- }
-}
-```
-
-
+Example 1: Encr
@@ -379,15 +345,17 @@ userAssignedIdentities: {
module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-registries'
params: {
+ // Required parameters
name: '<>azacrencr001'
+ // Non-required parameters
+ acrSku: 'Premium'
+ cMKKeyName: 'keyEncryptionKey'
+ cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
+ cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ publicNetworkAccess: 'Disabled'
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- publicNetworkAccess: 'Disabled'
- acrSku: 'Premium'
- cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
- cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
- cMKKeyName: 'keyEncryptionKey'
}
}
```
@@ -395,25 +363,48 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azacrmin001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azacrencr001"
+ },
+ // Non-required parameters
+ "acrSku": {
+ "value": "Premium"
+ },
+ "cMKKeyName": {
+ "value": "keyEncryptionKey"
+ },
+ "cMKKeyVaultResourceId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
+ },
+ "cMKUserAssignedIdentityResourceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
+ },
+ "publicNetworkAccess": {
+ "value": "Disabled"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
}
+ }
}
```
+
+
+
Example 2: Min
@@ -431,103 +422,26 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
-
Example 3
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>azacrx001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "acrAdminUserEnabled": {
- "value": false
- },
- "acrSku": {
- "value": "Premium"
- },
- "exportPolicyStatus": {
- "value": "enabled"
- },
- "quarantinePolicyStatus": {
- "value": "enabled"
- },
- "trustPolicyStatus": {
- "value": "enabled"
- },
- "replications": {
- "value": [
- {
- "name": "northeurope",
- "location": "northeurope"
- }
- ]
- },
- "webhooks": {
- "value": [
- {
- "name": "<>azacrx001webhook",
- "serviceUri": "https://www.contoso.com/webhook"
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "publicNetworkAccess": {
- "value": "Disabled"
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "registry"
- }
- ]
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>azacrmin001"
}
+ }
}
```
+
+
+
Example 3: Parameters
@@ -537,47 +451,49 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-registries'
params: {
+ // Required parameters
name: '<>azacrx001'
- lock: 'CanNotDelete'
+ // Non-required parameters
acrAdminUserEnabled: false
acrSku: 'Premium'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
exportPolicyStatus: 'enabled'
- quarantinePolicyStatus: 'enabled'
- trustPolicyStatus: 'enabled'
- replications: [
+ lock: 'CanNotDelete'
+ privateEndpoints: [
{
- name: 'northeurope'
- location: 'northeurope'
+ service: 'registry'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
}
]
- webhooks: [
+ publicNetworkAccess: 'Disabled'
+ quarantinePolicyStatus: 'enabled'
+ replications: [
{
- name: '<>azacrx001webhook'
- serviceUri: 'https://www.contoso.com/webhook'
+ location: 'northeurope'
+ name: 'northeurope'
}
]
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
systemAssignedIdentity: true
+ trustPolicyStatus: 'enabled'
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- publicNetworkAccess: 'Disabled'
- privateEndpoints: [
+ webhooks: [
{
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
- service: 'registry'
+ name: '<>azacrx001webhook'
+ serviceUri: 'https://www.contoso.com/webhook'
}
]
}
@@ -586,3 +502,102 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>azacrx001"
+ },
+ // Non-required parameters
+ "acrAdminUserEnabled": {
+ "value": false
+ },
+ "acrSku": {
+ "value": "Premium"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "exportPolicyStatus": {
+ "value": "enabled"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "registry",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ }
+ ]
+ },
+ "publicNetworkAccess": {
+ "value": "Disabled"
+ },
+ "quarantinePolicyStatus": {
+ "value": "enabled"
+ },
+ "replications": {
+ "value": [
+ {
+ "location": "northeurope",
+ "name": "northeurope"
+ }
+ ]
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "trustPolicyStatus": {
+ "value": "enabled"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ },
+ "webhooks": {
+ "value": [
+ {
+ "name": "<>azacrx001webhook",
+ "serviceUri": "https://www.contoso.com/webhook"
+ }
+ ]
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md
index 8b924369b1..4ae098bb0d 100644
--- a/modules/Microsoft.ContainerService/managedClusters/readme.md
+++ b/modules/Microsoft.ContainerService/managedClusters/readme.md
@@ -359,139 +359,11 @@ userAssignedIdentities: {
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-aks-azure-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "diskEncryptionSetID": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<>-az-des-x-001"
- },
- "primaryAgentPoolProfile": {
- "value": [
- {
- "name": "systempool",
- "osDiskSizeGB": 0,
- "count": 1,
- "enableAutoScaling": true,
- "minCount": 1,
- "maxCount": 3,
- "vmSize": "Standard_DS2_v2",
- "osType": "Linux",
- "storageProfile": "ManagedDisks",
- "type": "VirtualMachineScaleSets",
- "mode": "System",
- "vnetSubnetID": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Primary",
- "serviceCidr": "",
- "maxPods": 30,
- "availabilityZones": [
- "1"
- ]
- }
- ]
- },
- "aksClusterNetworkPlugin": {
- "value": "azure"
- },
- "agentPools": {
- "value": [
- {
- "name": "userpool1",
- "vmSize": "Standard_DS2_v2",
- "osDiskSizeGB": 128,
- "count": 2,
- "osType": "Linux",
- "maxCount": 3,
- "minCount": 1,
- "enableAutoScaling": true,
- "scaleSetPriority": "Regular",
- "scaleSetEvictionPolicy": "Delete",
- "nodeLabels": {},
- "nodeTaints": [
- "CriticalAddonsOnly=true:NoSchedule"
- ],
- "type": "VirtualMachineScaleSets",
- "availabilityZones": [
- "1"
- ],
- "minPods": 2,
- "maxPods": 30,
- "storageProfile": "ManagedDisks",
- "mode": "User",
- "vnetSubnetID": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Secondary"
- },
- {
- "name": "userpool2",
- "vmSize": "Standard_DS2_v2",
- "osDiskSizeGB": 128,
- "count": 2,
- "osType": "Linux",
- "maxCount": 3,
- "minCount": 1,
- "enableAutoScaling": true,
- "scaleSetPriority": "Regular",
- "scaleSetEvictionPolicy": "Delete",
- "nodeLabels": {},
- "nodeTaints": [
- "CriticalAddonsOnly=true:NoSchedule"
- ],
- "type": "VirtualMachineScaleSets",
- "availabilityZones": [
- "1"
- ],
- "minPods": 2,
- "maxPods": 30,
- "storageProfile": "ManagedDisks",
- "mode": "User",
- "vnetSubnetID": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Tertiary"
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- }
- }
-}
-```
-
-
+Example 1: Azure
@@ -501,96 +373,98 @@ userAssignedIdentities: {
module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-managedClusters'
params: {
+ // Required parameters
name: '<>-az-aks-azure-001'
- lock: 'CanNotDelete'
- diskEncryptionSetID: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<>-az-des-x-001'
primaryAgentPoolProfile: [
{
- name: 'systempool'
- osDiskSizeGB: 0
+ availabilityZones: [
+ '1'
+ ]
count: 1
enableAutoScaling: true
- minCount: 1
maxCount: 3
- vmSize: 'Standard_DS2_v2'
+ maxPods: 30
+ minCount: 1
+ mode: 'System'
+ name: 'systempool'
+ osDiskSizeGB: 0
osType: 'Linux'
+ serviceCidr: ''
storageProfile: 'ManagedDisks'
type: 'VirtualMachineScaleSets'
- mode: 'System'
+ vmSize: 'Standard_DS2_v2'
vnetSubnetID: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Primary'
- serviceCidr: ''
- maxPods: 30
- availabilityZones: [
- '1'
- ]
}
]
- aksClusterNetworkPlugin: 'azure'
+ // Non-required parameters
agentPools: [
{
- name: 'userpool1'
- vmSize: 'Standard_DS2_v2'
- osDiskSizeGB: 128
+ availabilityZones: [
+ '1'
+ ]
count: 2
- osType: 'Linux'
+ enableAutoScaling: true
maxCount: 3
+ maxPods: 30
minCount: 1
- enableAutoScaling: true
- scaleSetPriority: 'Regular'
- scaleSetEvictionPolicy: 'Delete'
+ minPods: 2
+ mode: 'User'
+ name: 'userpool1'
nodeLabels: {}
nodeTaints: [
'CriticalAddonsOnly=true:NoSchedule'
]
- type: 'VirtualMachineScaleSets'
- availabilityZones: [
- '1'
- ]
- minPods: 2
- maxPods: 30
+ osDiskSizeGB: 128
+ osType: 'Linux'
+ scaleSetEvictionPolicy: 'Delete'
+ scaleSetPriority: 'Regular'
storageProfile: 'ManagedDisks'
- mode: 'User'
+ type: 'VirtualMachineScaleSets'
+ vmSize: 'Standard_DS2_v2'
vnetSubnetID: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Secondary'
}
{
- name: 'userpool2'
- vmSize: 'Standard_DS2_v2'
- osDiskSizeGB: 128
+ availabilityZones: [
+ '1'
+ ]
count: 2
- osType: 'Linux'
+ enableAutoScaling: true
maxCount: 3
+ maxPods: 30
minCount: 1
- enableAutoScaling: true
- scaleSetPriority: 'Regular'
- scaleSetEvictionPolicy: 'Delete'
+ minPods: 2
+ mode: 'User'
+ name: 'userpool2'
nodeLabels: {}
nodeTaints: [
'CriticalAddonsOnly=true:NoSchedule'
]
- type: 'VirtualMachineScaleSets'
- availabilityZones: [
- '1'
- ]
- minPods: 2
- maxPods: 30
+ osDiskSizeGB: 128
+ osType: 'Linux'
+ scaleSetEvictionPolicy: 'Delete'
+ scaleSetPriority: 'Regular'
storageProfile: 'ManagedDisks'
- mode: 'User'
+ type: 'VirtualMachineScaleSets'
+ vmSize: 'Standard_DS2_v2'
vnetSubnetID: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Tertiary'
}
]
+ aksClusterNetworkPlugin: 'azure'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ diskEncryptionSetID: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<>-az-des-x-001'
+ lock: 'CanNotDelete'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
systemAssignedIdentity: true
}
}
@@ -599,132 +473,142 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-aks-kubenet-001"
- },
- "primaryAgentPoolProfile": {
- "value": [
- {
- "name": "systempool",
- "osDiskSizeGB": 0,
- "count": 1,
- "enableAutoScaling": true,
- "minCount": 1,
- "maxCount": 3,
- "vmSize": "Standard_DS2_v2",
- "osType": "Linux",
- "storageProfile": "ManagedDisks",
- "type": "VirtualMachineScaleSets",
- "mode": "System",
- "serviceCidr": "",
- "maxPods": 30,
- "availabilityZones": [
- "1"
- ]
- }
- ]
- },
- "aksClusterNetworkPlugin": {
- "value": "kubenet"
- },
- "agentPools": {
- "value": [
- {
- "name": "userpool1",
- "vmSize": "Standard_DS2_v2",
- "osDiskSizeGB": 128,
- "count": 2,
- "osType": "Linux",
- "maxCount": 3,
- "minCount": 1,
- "enableAutoScaling": true,
- "scaleSetPriority": "Regular",
- "scaleSetEvictionPolicy": "Delete",
- "nodeLabels": {},
- "nodeTaints": [
- "CriticalAddonsOnly=true:NoSchedule"
- ],
- "type": "VirtualMachineScaleSets",
- "availabilityZones": [
- "1"
- ],
- "minPods": 2,
- "maxPods": 30,
- "storageProfile": "ManagedDisks",
- "mode": "User"
- },
- {
- "name": "userpool2",
- "vmSize": "Standard_DS2_v2",
- "osDiskSizeGB": 128,
- "count": 2,
- "osType": "Linux",
- "maxCount": 3,
- "minCount": 1,
- "enableAutoScaling": true,
- "scaleSetPriority": "Regular",
- "scaleSetEvictionPolicy": "Delete",
- "nodeLabels": {},
- "nodeTaints": [
- "CriticalAddonsOnly=true:NoSchedule"
- ],
- "type": "VirtualMachineScaleSets",
- "availabilityZones": [
- "1"
- ],
- "minPods": 2,
- "maxPods": 30,
- "storageProfile": "ManagedDisks",
- "mode": "User"
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-aks-azure-001"
+ },
+ "primaryAgentPoolProfile": {
+ "value": [
+ {
+ "availabilityZones": [
+ "1"
+ ],
+ "count": 1,
+ "enableAutoScaling": true,
+ "maxCount": 3,
+ "maxPods": 30,
+ "minCount": 1,
+ "mode": "System",
+ "name": "systempool",
+ "osDiskSizeGB": 0,
+ "osType": "Linux",
+ "serviceCidr": "",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "vmSize": "Standard_DS2_v2",
+ "vnetSubnetID": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Primary"
+ }
+ ]
+ },
+ // Non-required parameters
+ "agentPools": {
+ "value": [
+ {
+ "availabilityZones": [
+ "1"
+ ],
+ "count": 2,
+ "enableAutoScaling": true,
+ "maxCount": 3,
+ "maxPods": 30,
+ "minCount": 1,
+ "minPods": 2,
+ "mode": "User",
+ "name": "userpool1",
+ "nodeLabels": {},
+ "nodeTaints": [
+ "CriticalAddonsOnly=true:NoSchedule"
+ ],
+ "osDiskSizeGB": 128,
+ "osType": "Linux",
+ "scaleSetEvictionPolicy": "Delete",
+ "scaleSetPriority": "Regular",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "vmSize": "Standard_DS2_v2",
+ "vnetSubnetID": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Secondary"
},
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
+ {
+ "availabilityZones": [
+ "1"
+ ],
+ "count": 2,
+ "enableAutoScaling": true,
+ "maxCount": 3,
+ "maxPods": 30,
+ "minCount": 1,
+ "minPods": 2,
+ "mode": "User",
+ "name": "userpool2",
+ "nodeLabels": {},
+ "nodeTaints": [
+ "CriticalAddonsOnly=true:NoSchedule"
+ ],
+ "osDiskSizeGB": 128,
+ "osType": "Linux",
+ "scaleSetEvictionPolicy": "Delete",
+ "scaleSetPriority": "Regular",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "vmSize": "Standard_DS2_v2",
+ "vnetSubnetID": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-aks/subnets/Tertiary"
+ }
+ ]
+ },
+ "aksClusterNetworkPlugin": {
+ "value": "azure"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "diskEncryptionSetID": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<>-az-des-x-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
}
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
}
+ }
}
```
+
+
+
Example 2: Kubenet
@@ -734,91 +618,93 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-managedClusters'
params: {
+ // Required parameters
name: '<>-az-aks-kubenet-001'
primaryAgentPoolProfile: [
{
- name: 'systempool'
- osDiskSizeGB: 0
+ availabilityZones: [
+ '1'
+ ]
count: 1
enableAutoScaling: true
- minCount: 1
maxCount: 3
- vmSize: 'Standard_DS2_v2'
+ maxPods: 30
+ minCount: 1
+ mode: 'System'
+ name: 'systempool'
+ osDiskSizeGB: 0
osType: 'Linux'
+ serviceCidr: ''
storageProfile: 'ManagedDisks'
type: 'VirtualMachineScaleSets'
- mode: 'System'
- serviceCidr: ''
- maxPods: 30
- availabilityZones: [
- '1'
- ]
+ vmSize: 'Standard_DS2_v2'
}
]
- aksClusterNetworkPlugin: 'kubenet'
+ // Non-required parameters
agentPools: [
{
- name: 'userpool1'
- vmSize: 'Standard_DS2_v2'
- osDiskSizeGB: 128
+ availabilityZones: [
+ '1'
+ ]
count: 2
- osType: 'Linux'
+ enableAutoScaling: true
maxCount: 3
+ maxPods: 30
minCount: 1
- enableAutoScaling: true
- scaleSetPriority: 'Regular'
- scaleSetEvictionPolicy: 'Delete'
+ minPods: 2
+ mode: 'User'
+ name: 'userpool1'
nodeLabels: {}
nodeTaints: [
'CriticalAddonsOnly=true:NoSchedule'
]
+ osDiskSizeGB: 128
+ osType: 'Linux'
+ scaleSetEvictionPolicy: 'Delete'
+ scaleSetPriority: 'Regular'
+ storageProfile: 'ManagedDisks'
type: 'VirtualMachineScaleSets'
+ vmSize: 'Standard_DS2_v2'
+ }
+ {
availabilityZones: [
'1'
]
- minPods: 2
- maxPods: 30
- storageProfile: 'ManagedDisks'
- mode: 'User'
- }
- {
- name: 'userpool2'
- vmSize: 'Standard_DS2_v2'
- osDiskSizeGB: 128
count: 2
- osType: 'Linux'
+ enableAutoScaling: true
maxCount: 3
+ maxPods: 30
minCount: 1
- enableAutoScaling: true
- scaleSetPriority: 'Regular'
- scaleSetEvictionPolicy: 'Delete'
+ minPods: 2
+ mode: 'User'
+ name: 'userpool2'
nodeLabels: {}
nodeTaints: [
'CriticalAddonsOnly=true:NoSchedule'
]
- type: 'VirtualMachineScaleSets'
- availabilityZones: [
- '1'
- ]
- minPods: 2
- maxPods: 30
+ osDiskSizeGB: 128
+ osType: 'Linux'
+ scaleSetEvictionPolicy: 'Delete'
+ scaleSetPriority: 'Regular'
storageProfile: 'ManagedDisks'
- mode: 'User'
+ type: 'VirtualMachineScaleSets'
+ vmSize: 'Standard_DS2_v2'
}
]
+ aksClusterNetworkPlugin: 'kubenet'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
@@ -828,3 +714,131 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-aks-kubenet-001"
+ },
+ "primaryAgentPoolProfile": {
+ "value": [
+ {
+ "availabilityZones": [
+ "1"
+ ],
+ "count": 1,
+ "enableAutoScaling": true,
+ "maxCount": 3,
+ "maxPods": 30,
+ "minCount": 1,
+ "mode": "System",
+ "name": "systempool",
+ "osDiskSizeGB": 0,
+ "osType": "Linux",
+ "serviceCidr": "",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "vmSize": "Standard_DS2_v2"
+ }
+ ]
+ },
+ // Non-required parameters
+ "agentPools": {
+ "value": [
+ {
+ "availabilityZones": [
+ "1"
+ ],
+ "count": 2,
+ "enableAutoScaling": true,
+ "maxCount": 3,
+ "maxPods": 30,
+ "minCount": 1,
+ "minPods": 2,
+ "mode": "User",
+ "name": "userpool1",
+ "nodeLabels": {},
+ "nodeTaints": [
+ "CriticalAddonsOnly=true:NoSchedule"
+ ],
+ "osDiskSizeGB": 128,
+ "osType": "Linux",
+ "scaleSetEvictionPolicy": "Delete",
+ "scaleSetPriority": "Regular",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "vmSize": "Standard_DS2_v2"
+ },
+ {
+ "availabilityZones": [
+ "1"
+ ],
+ "count": 2,
+ "enableAutoScaling": true,
+ "maxCount": 3,
+ "maxPods": 30,
+ "minCount": 1,
+ "minPods": 2,
+ "mode": "User",
+ "name": "userpool2",
+ "nodeLabels": {},
+ "nodeTaints": [
+ "CriticalAddonsOnly=true:NoSchedule"
+ ],
+ "osDiskSizeGB": 128,
+ "osType": "Linux",
+ "scaleSetEvictionPolicy": "Delete",
+ "scaleSetPriority": "Regular",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "vmSize": "Standard_DS2_v2"
+ }
+ ]
+ },
+ "aksClusterNetworkPlugin": {
+ "value": "kubenet"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ }
+ }
+}
+```
+
+
+
diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md
index f66b2ccab7..9e0d58b7ca 100644
--- a/modules/Microsoft.DataFactory/factories/readme.md
+++ b/modules/Microsoft.DataFactory/factories/readme.md
@@ -282,99 +282,11 @@ privateEndpoints: [
## Deployment examples
-
Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-adf-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "managedVirtualNetworkName": {
- "value": "default"
- },
- "integrationRuntime": {
- "value": {
- "name": "AutoResolveIntegrationRuntime",
- "type": "Managed",
- "managedVirtualNetworkName": "default",
- "typeProperties": {
- "computeProperties": {
- "location": "AutoResolve"
- }
- }
- }
- },
- "publicNetworkAccess": {
- "value": "Disabled"
- },
- "gitConfigureLater": {
- "value": true
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
- }
- },
- "privateEndpoints": {
- "value": [
- {
- "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints",
- "service": "dataFactory"
- }
- ]
- },
- "cMKUserAssignedIdentityResourceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
- },
- "cMKKeyName": {
- "value": "keyEncryptionKey"
- },
- "cMKKeyVaultResourceId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -384,47 +296,144 @@ privateEndpoints: [
module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-factories'
params: {
+ // Required parameters
name: '<>-adf-001'
- lock: 'CanNotDelete'
- managedVirtualNetworkName: 'default'
+ // Non-required parameters
+ cMKKeyName: 'keyEncryptionKey'
+ cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
+ cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ gitConfigureLater: true
integrationRuntime: {
+ managedVirtualNetworkName: 'default'
name: 'AutoResolveIntegrationRuntime'
type: 'Managed'
- managedVirtualNetworkName: 'default'
typeProperties: {
computeProperties: {
location: 'AutoResolve'
}
}
}
+ lock: 'CanNotDelete'
+ managedVirtualNetworkName: 'default'
+ privateEndpoints: [
+ {
+ service: 'dataFactory'
+ subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
+ }
+ ]
publicNetworkAccess: 'Disabled'
- gitConfigureLater: true
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
systemAssignedIdentity: true
userAssignedIdentities: {
'/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {}
}
- privateEndpoints: [
- {
- subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints'
- service: 'dataFactory'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-adf-001"
+ },
+ // Non-required parameters
+ "cMKKeyName": {
+ "value": "keyEncryptionKey"
+ },
+ "cMKKeyVaultResourceId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002"
+ },
+ "cMKUserAssignedIdentityResourceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "gitConfigureLater": {
+ "value": true
+ },
+ "integrationRuntime": {
+ "value": {
+ "managedVirtualNetworkName": "default",
+ "name": "AutoResolveIntegrationRuntime",
+ "type": "Managed",
+ "typeProperties": {
+ "computeProperties": {
+ "location": "AutoResolve"
+ }
+ }
}
- ]
- cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001'
- cMKKeyName: 'keyEncryptionKey'
- cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002'
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "managedVirtualNetworkName": {
+ "value": "default"
+ },
+ "privateEndpoints": {
+ "value": [
+ {
+ "service": "dataFactory",
+ "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints"
+ }
+ ]
+ },
+ "publicNetworkAccess": {
+ "value": "Disabled"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {}
+ }
+ }
}
}
```
diff --git a/modules/Microsoft.DataProtection/backupVaults/readme.md b/modules/Microsoft.DataProtection/backupVaults/readme.md
index edf22bb233..28e1a43376 100644
--- a/modules/Microsoft.DataProtection/backupVaults/readme.md
+++ b/modules/Microsoft.DataProtection/backupVaults/readme.md
@@ -332,25 +332,11 @@ userAssignedIdentities: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-bv-min-001"
- }
- }
-}
-```
-
-
+Example 1: Min
@@ -368,92 +354,26 @@ module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = {
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-bv-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "backupPolicies": {
- "value": [
- {
- "name": "DefaultPolicy",
- "properties": {
- "policyRules": [
- {
- "backupParameters": {
- "backupType": "Incremental",
- "objectType": "AzureBackupParams"
- },
- "trigger": {
- "schedule": {
- "repeatingTimeIntervals": [
- "R/2022-05-31T23:30:00+01:00/P1D"
- ],
- "timeZone": "W. Europe Standard Time"
- },
- "taggingCriteria": [
- {
- "tagInfo": {
- "tagName": "Default",
- "id": "Default_"
- },
- "taggingPriority": 99,
- "isDefault": true
- }
- ],
- "objectType": "ScheduleBasedTriggerContext"
- },
- "dataStore": {
- "dataStoreType": "OperationalStore",
- "objectType": "DataStoreInfoBase"
- },
- "name": "BackupDaily",
- "objectType": "AzureBackupRule"
- },
- {
- "lifecycles": [
- {
- "deleteAfter": {
- "objectType": "AbsoluteDeleteOption",
- "duration": "P7D"
- },
- "targetDataStoreCopySettings": [],
- "sourceDataStore": {
- "dataStoreType": "OperationalStore",
- "objectType": "DataStoreInfoBase"
- }
- }
- ],
- "isDefault": true,
- "name": "Default",
- "objectType": "AzureRetentionRule"
- }
- ],
- "datasourceTypes": [
- "Microsoft.Compute/disks"
- ],
- "objectType": "BackupPolicy"
- }
- }
- ]
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>-az-bv-min-001"
}
+ }
}
```
+
+
+
Example 2: Parameters
@@ -463,19 +383,31 @@ module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = {
module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-backupVaults'
params: {
+ // Required parameters
name: '<>-az-bv-x-001'
- lock: 'CanNotDelete'
+ // Non-required parameters
backupPolicies: [
{
name: 'DefaultPolicy'
properties: {
+ datasourceTypes: [
+ 'Microsoft.Compute/disks'
+ ]
+ objectType: 'BackupPolicy'
policyRules: [
{
backupParameters: {
backupType: 'Incremental'
objectType: 'AzureBackupParams'
}
+ dataStore: {
+ dataStoreType: 'OperationalStore'
+ objectType: 'DataStoreInfoBase'
+ }
+ name: 'BackupDaily'
+ objectType: 'AzureBackupRule'
trigger: {
+ objectType: 'ScheduleBasedTriggerContext'
schedule: {
repeatingTimeIntervals: [
'R/2022-05-31T23:30:00+01:00/P1D'
@@ -484,49 +416,127 @@ module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = {
}
taggingCriteria: [
{
+ isDefault: true
+ taggingPriority: 99
tagInfo: {
- tagName: 'Default'
id: 'Default_'
+ tagName: 'Default'
}
- taggingPriority: 99
- isDefault: true
}
]
- objectType: 'ScheduleBasedTriggerContext'
}
- dataStore: {
- dataStoreType: 'OperationalStore'
- objectType: 'DataStoreInfoBase'
- }
- name: 'BackupDaily'
- objectType: 'AzureBackupRule'
}
{
+ isDefault: true
lifecycles: [
{
deleteAfter: {
- objectType: 'AbsoluteDeleteOption'
duration: 'P7D'
+ objectType: 'AbsoluteDeleteOption'
}
- targetDataStoreCopySettings: []
sourceDataStore: {
dataStoreType: 'OperationalStore'
objectType: 'DataStoreInfoBase'
}
+ targetDataStoreCopySettings: []
}
]
- isDefault: true
name: 'Default'
objectType: 'AzureRetentionRule'
}
]
- datasourceTypes: [
- 'Microsoft.Compute/disks'
- ]
- objectType: 'BackupPolicy'
}
}
]
+ lock: 'CanNotDelete'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-bv-x-001"
+ },
+ // Non-required parameters
+ "backupPolicies": {
+ "value": [
+ {
+ "name": "DefaultPolicy",
+ "properties": {
+ "datasourceTypes": [
+ "Microsoft.Compute/disks"
+ ],
+ "objectType": "BackupPolicy",
+ "policyRules": [
+ {
+ "backupParameters": {
+ "backupType": "Incremental",
+ "objectType": "AzureBackupParams"
+ },
+ "dataStore": {
+ "dataStoreType": "OperationalStore",
+ "objectType": "DataStoreInfoBase"
+ },
+ "name": "BackupDaily",
+ "objectType": "AzureBackupRule",
+ "trigger": {
+ "objectType": "ScheduleBasedTriggerContext",
+ "schedule": {
+ "repeatingTimeIntervals": [
+ "R/2022-05-31T23:30:00+01:00/P1D"
+ ],
+ "timeZone": "W. Europe Standard Time"
+ },
+ "taggingCriteria": [
+ {
+ "isDefault": true,
+ "taggingPriority": 99,
+ "tagInfo": {
+ "id": "Default_",
+ "tagName": "Default"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "isDefault": true,
+ "lifecycles": [
+ {
+ "deleteAfter": {
+ "duration": "P7D",
+ "objectType": "AbsoluteDeleteOption"
+ },
+ "sourceDataStore": {
+ "dataStoreType": "OperationalStore",
+ "objectType": "DataStoreInfoBase"
+ },
+ "targetDataStoreCopySettings": []
+ }
+ ],
+ "name": "Default",
+ "objectType": "AzureRetentionRule"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ }
}
}
```
diff --git a/modules/Microsoft.Databricks/workspaces/readme.md b/modules/Microsoft.Databricks/workspaces/readme.md
index 62d8ce9f44..5996e80911 100644
--- a/modules/Microsoft.Databricks/workspaces/readme.md
+++ b/modules/Microsoft.Databricks/workspaces/readme.md
@@ -219,53 +219,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-adb-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -275,21 +233,72 @@ tags: {
module workspaces './Microsoft.Databricks/workspaces/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-workspaces'
params: {
+ // Required parameters
name: '<>-az-adb-x-001'
+ // Non-required parameters
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
lock: 'CanNotDelete'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-adb-x-001"
+ },
+ // Non-required parameters
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
}
}
```
diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md
index 9a6d1250f1..28f232f079 100644
--- a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md
+++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md
@@ -159,31 +159,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avdag-min-001"
- },
- "applicationGroupType": {
- "value": "RemoteApp"
- },
- "hostpoolName": {
- "value": "adp-<>-az-avdhp-x-001"
- }
- }
-}
-```
-
-
+Example 1: Min
@@ -193,9 +173,10 @@ tags: {
module applicationgroups './Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-applicationgroups'
params: {
- name: '<>-az-avdag-min-001'
+ // Required parameters
applicationGroupType: 'RemoteApp'
hostpoolName: 'adp-<>-az-avdhp-x-001'
+ name: '<>-az-avdag-min-001'
}
}
```
@@ -203,88 +184,33 @@ module applicationgroups './Microsoft.DesktopVirtualization/applicationgroups/de
-
Example 2
-
via JSON Parameter file
```json
{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avdag-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "location": {
- "value": "westeurope"
- },
- "applicationGroupType": {
- "value": "RemoteApp"
- },
- "hostpoolName": {
- "value": "adp-<>-az-avdhp-x-001"
- },
- "friendlyName": {
- "value": "Remote Applications 1"
- },
- "description": {
- "value": "This is my first Remote Applications bundle"
- },
- "applications": {
- "value": [
- {
- "name": "notepad",
- "description": "Notepad by ARM template",
- "friendlyName": "Notepad",
- "filePath": "C:\\Windows\\System32\\notepad.exe",
- "commandLineSetting": "DoNotAllow",
- "commandLineArguments": "",
- "showInPortal": true,
- "iconPath": "C:\\Windows\\System32\\notepad.exe",
- "iconIndex": 0
- },
- {
- "name": "wordpad",
- "filePath": "C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe",
- "friendlyName": "Wordpad"
- }
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "applicationGroupType": {
+ "value": "RemoteApp"
+ },
+ "hostpoolName": {
+ "value": "adp-<>-az-avdhp-x-001"
+ },
+ "name": {
+ "value": "<>-az-avdag-min-001"
}
+ }
}
```
+
+
+
Example 2: Parameters
@@ -294,44 +220,130 @@ module applicationgroups './Microsoft.DesktopVirtualization/applicationgroups/de
module applicationgroups './Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-applicationgroups'
params: {
- name: '<>-az-avdag-x-001'
- lock: 'CanNotDelete'
- location: 'westeurope'
+ // Required parameters
applicationGroupType: 'RemoteApp'
hostpoolName: 'adp-<>-az-avdhp-x-001'
- friendlyName: 'Remote Applications 1'
- description: 'This is my first Remote Applications bundle'
+ name: '<>-az-avdag-x-001'
+ // Non-required parameters
applications: [
{
- name: 'notepad'
+ commandLineArguments: ''
+ commandLineSetting: 'DoNotAllow'
description: 'Notepad by ARM template'
- friendlyName: 'Notepad'
filePath: 'C:\\Windows\\System32\\notepad.exe'
- commandLineSetting: 'DoNotAllow'
- commandLineArguments: ''
- showInPortal: true
- iconPath: 'C:\\Windows\\System32\\notepad.exe'
+ friendlyName: 'Notepad'
iconIndex: 0
+ iconPath: 'C:\\Windows\\System32\\notepad.exe'
+ name: 'notepad'
+ showInPortal: true
}
{
- name: 'wordpad'
filePath: 'C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe'
friendlyName: 'Wordpad'
+ name: 'wordpad'
}
]
+ description: 'This is my first Remote Applications bundle'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ friendlyName: 'Remote Applications 1'
+ location: 'westeurope'
+ lock: 'CanNotDelete'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "applicationGroupType": {
+ "value": "RemoteApp"
+ },
+ "hostpoolName": {
+ "value": "adp-<>-az-avdhp-x-001"
+ },
+ "name": {
+ "value": "<>-az-avdag-x-001"
+ },
+ // Non-required parameters
+ "applications": {
+ "value": [
+ {
+ "commandLineArguments": "",
+ "commandLineSetting": "DoNotAllow",
+ "description": "Notepad by ARM template",
+ "filePath": "C:\\Windows\\System32\\notepad.exe",
+ "friendlyName": "Notepad",
+ "iconIndex": 0,
+ "iconPath": "C:\\Windows\\System32\\notepad.exe",
+ "name": "notepad",
+ "showInPortal": true
+ },
+ {
+ "filePath": "C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe",
+ "friendlyName": "Wordpad",
+ "name": "wordpad"
+ }
+ ]
+ },
+ "description": {
+ "value": "This is my first Remote Applications bundle"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "friendlyName": {
+ "value": "Remote Applications 1"
+ },
+ "location": {
+ "value": "westeurope"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ }
}
}
```
diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md
index bf7c03291f..c4ae64beaa 100644
--- a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md
+++ b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md
@@ -255,96 +255,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avdhp-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "location": {
- "value": "westeurope"
- },
- "hostpoolFriendlyName": {
- "value": "AVDv2"
- },
- "hostpoolDescription": {
- "value": "My first AVD Host Pool"
- },
- "hostpoolType": {
- "value": "Pooled"
- },
- "personalDesktopAssignmentType": {
- "value": "Automatic"
- },
- "maxSessionLimit": {
- "value": 99999
- },
- "loadBalancerType": {
- "value": "BreadthFirst"
- },
- "customRdpProperty": {
- "value": "audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;"
- },
- "vmTemplate": {
- "value": {
- "domain": "domainname.onmicrosoft.com",
- "galleryImageOffer": "office-365",
- "galleryImagePublisher": "microsoftwindowsdesktop",
- "galleryImageSKU": "20h1-evd-o365pp",
- "imageType": "Gallery",
- "imageUri": null,
- "customImageId": null,
- "namePrefix": "avdv2",
- "osDiskType": "StandardSSD_LRS",
- "useManagedDisks": true,
- "vmSize": {
- "id": "Standard_D2s_v3",
- "cores": 2,
- "ram": 8
- }
- }
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -354,46 +269,140 @@ tags: {
module hostpools './Microsoft.DesktopVirtualization/hostpools/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-hostpools'
params: {
+ // Required parameters
name: '<>-az-avdhp-x-001'
- lock: 'CanNotDelete'
- location: 'westeurope'
- hostpoolFriendlyName: 'AVDv2'
+ // Non-required parameters
+ customRdpProperty: 'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
hostpoolDescription: 'My first AVD Host Pool'
+ hostpoolFriendlyName: 'AVDv2'
hostpoolType: 'Pooled'
- personalDesktopAssignmentType: 'Automatic'
- maxSessionLimit: 99999
loadBalancerType: 'BreadthFirst'
- customRdpProperty: 'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'
+ location: 'westeurope'
+ lock: 'CanNotDelete'
+ maxSessionLimit: 99999
+ personalDesktopAssignmentType: 'Automatic'
+ roleAssignments: [
+ {
+ principalIds: [
+ '<>'
+ ]
+ roleDefinitionIdOrName: 'Reader'
+ }
+ ]
vmTemplate: {
+ customImageId: null
domain: 'domainname.onmicrosoft.com'
galleryImageOffer: 'office-365'
galleryImagePublisher: 'microsoftwindowsdesktop'
galleryImageSKU: '20h1-evd-o365pp'
imageType: 'Gallery'
imageUri: null
- customImageId: null
namePrefix: 'avdv2'
osDiskType: 'StandardSSD_LRS'
useManagedDisks: true
vmSize: {
- id: 'Standard_D2s_v3'
cores: 2
+ id: 'Standard_D2s_v3'
ram: 8
}
}
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-avdhp-x-001"
+ },
+ // Non-required parameters
+ "customRdpProperty": {
+ "value": "audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;"
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "hostpoolDescription": {
+ "value": "My first AVD Host Pool"
+ },
+ "hostpoolFriendlyName": {
+ "value": "AVDv2"
+ },
+ "hostpoolType": {
+ "value": "Pooled"
+ },
+ "loadBalancerType": {
+ "value": "BreadthFirst"
+ },
+ "location": {
+ "value": "westeurope"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "maxSessionLimit": {
+ "value": 99999
+ },
+ "personalDesktopAssignmentType": {
+ "value": "Automatic"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "vmTemplate": {
+ "value": {
+ "customImageId": null,
+ "domain": "domainname.onmicrosoft.com",
+ "galleryImageOffer": "office-365",
+ "galleryImagePublisher": "microsoftwindowsdesktop",
+ "galleryImageSKU": "20h1-evd-o365pp",
+ "imageType": "Gallery",
+ "imageUri": null,
+ "namePrefix": "avdv2",
+ "osDiskType": "StandardSSD_LRS",
+ "useManagedDisks": true,
+ "vmSize": {
+ "cores": 2,
+ "id": "Standard_D2s_v3",
+ "ram": 8
+ }
}
- ]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ }
}
}
```
diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md
index 9fe79b0076..67dde7adff 100644
--- a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md
+++ b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md
@@ -257,35 +257,40 @@ roleAssignments: [
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+Example 1: Min
-via JSON Parameter file
+via Bicep module
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avdsp-x-001"
- }
- }
+```bicep
+module scalingplans './Microsoft.DesktopVirtualization/scalingplans/deploy.bicep' = {
+ name: '${uniqueString(deployment().name)}-scalingplans'
+ params: {
+ name: '<>-az-avdsp-x-001'
+ }
}
```
+
-via Bicep module
+via JSON Parameter file
-```bicep
-module scalingplans './Microsoft.DesktopVirtualization/scalingplans/deploy.bicep' = {
- name: '${uniqueString(deployment().name)}-scalingplans'
- params: {
- name: '<>-az-avdsp-x-001'
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "name": {
+ "value": "<>-az-avdsp-x-001"
+ }
}
}
```
diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md
index 120180accc..e199764c2d 100644
--- a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md
+++ b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md
@@ -156,67 +156,11 @@ tags: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-avdws-x-001"
- },
- "lock": {
- "value": "CanNotDelete"
- },
- "location": {
- "value": "westeurope"
- },
- "appGroupResourceIds": {
- "value": [
- "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.DesktopVirtualization/applicationgroups/adp-<>-az-avdag-x-001"
- ]
- },
- "workspaceFriendlyName": {
- "value": "My first AVD Workspace"
- },
- "workspaceDescription": {
- "value": "This is my first AVD Workspace"
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- }
- }
-}
-```
-
-
+Example 1: Parameters
@@ -226,27 +170,92 @@ tags: {
module workspaces './Microsoft.DesktopVirtualization/workspaces/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-workspaces'
params: {
+ // Required parameters
name: '<>-az-avdws-x-001'
- lock: 'CanNotDelete'
- location: 'westeurope'
+ // Non-required parameters
appGroupResourceIds: [
'/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.DesktopVirtualization/applicationgroups/adp-<>-az-avdag-x-001'
]
- workspaceFriendlyName: 'My first AVD Workspace'
- workspaceDescription: 'This is my first AVD Workspace'
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
+ location: 'westeurope'
+ lock: 'CanNotDelete'
roleAssignments: [
{
- roleDefinitionIdOrName: 'Reader'
principalIds: [
'<>'
]
+ roleDefinitionIdOrName: 'Reader'
}
]
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
- diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
- diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
- diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ workspaceDescription: 'This is my first AVD Workspace'
+ workspaceFriendlyName: 'My first AVD Workspace'
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "<>-az-avdws-x-001"
+ },
+ // Non-required parameters
+ "appGroupResourceIds": {
+ "value": [
+ "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.DesktopVirtualization/applicationgroups/adp-<>-az-avdag-x-001"
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+ },
+ "diagnosticEventHubName": {
+ "value": "adp-<>-az-evh-x-001"
+ },
+ "diagnosticLogsRetentionInDays": {
+ "value": 7
+ },
+ "diagnosticStorageAccountId": {
+ "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
+ },
+ "diagnosticWorkspaceId": {
+ "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
+ },
+ "location": {
+ "value": "westeurope"
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
+ "roleAssignments": {
+ "value": [
+ {
+ "principalIds": [
+ "<>"
+ ],
+ "roleDefinitionIdOrName": "Reader"
+ }
+ ]
+ },
+ "workspaceDescription": {
+ "value": "This is my first AVD Workspace"
+ },
+ "workspaceFriendlyName": {
+ "value": "My first AVD Workspace"
+ }
}
}
```
diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md
index 86f864d646..cea8d3fd7c 100644
--- a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md
+++ b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md
@@ -532,117 +532,11 @@ userAssignedIdentities: {
## Deployment examples
-Example 1
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "name": {
- "value": "<>-az-cdb-gremlindb-001"
- },
- "location": {
- "value": "West Europe"
- },
- "locations": {
- "value": [
- {
- "locationName": "West Europe",
- "failoverPriority": 0,
- "isZoneRedundant": false
- },
- {
- "locationName": "North Europe",
- "failoverPriority": 1,
- "isZoneRedundant": false
- }
- ]
- },
- "capabilitiesToAdd": {
- "value": [
- "EnableGremlin"
- ]
- },
- "roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "principalIds": [
- "<>"
- ]
- }
- ]
- },
- "gremlinDatabases": {
- "value": [
- {
- "name": "<>-az-gdb-x-001",
- "graphs": [
- {
- "name": "car_collection",
- "automaticIndexing": true,
- "partitionKeyPaths": [
- "/car_id"
- ]
- },
- {
- "name": "truck_collection",
- "automaticIndexing": true,
- "partitionKeyPaths": [
- "/truck_id"
- ]
- }
- ]
- },
- {
- "name": "<>-az-gdb-x-002",
- "collections": [
- {
- "name": "bike_collection",
- "automaticIndexing": true,
- "partitionKeyPaths": [
- "/bike_id"
- ]
- },
- {
- "name": "bicycle_collection",
- "automaticIndexing": true,
- "partitionKeyPaths": [
- "/bicycle_id"
- ]
- }
- ]
- }
- ]
- },
- "diagnosticLogsRetentionInDays": {
- "value": 7
- },
- "diagnosticStorageAccountId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001"
- },
- "diagnosticWorkspaceId": {
- "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001"
- },
- "diagnosticEventHubAuthorizationRuleId": {
- "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
- },
- "diagnosticEventHubName": {
- "value": "adp-<>-az-evh-x-001"
- },
- "systemAssignedIdentity": {
- "value": true
- }
- }
-}
-```
-
-
+Example 1: Gremlindb
@@ -652,76 +546,78 @@ userAssignedIdentities: {
module databaseAccounts './Microsoft.DocumentDB/databaseAccounts/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-databaseAccounts'
params: {
- name: '<>-az-cdb-gremlindb-001'
- location: 'West Europe'
+ // Required parameters
locations: [
{
- locationName: 'West Europe'
failoverPriority: 0
isZoneRedundant: false
+ locationName: 'West Europe'
}
{
- locationName: 'North Europe'
failoverPriority: 1
isZoneRedundant: false
+ locationName: 'North Europe'
}
]
+ name: '<>-az-cdb-gremlindb-001'
+ // Non-required parameters
capabilitiesToAdd: [
'EnableGremlin'
]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- '<>'
- ]
- }
- ]
+ diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+ diagnosticEventHubName: 'adp-<>-az-evh-x-001'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001'
+ diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001'
gremlinDatabases: [
{
- name: '<>-az-gdb-x-001'
graphs: [
{
- name: 'car_collection'
automaticIndexing: true
+ name: 'car_collection'
partitionKeyPaths: [
'/car_id'
]
}
{
- name: 'truck_collection'
automaticIndexing: true
+ name: 'truck_collection'
partitionKeyPaths: [
'/truck_id'
]
}
]
+ name: '<>-az-gdb-x-001'
}
{
- name: '<