diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index 45310e5723..6df70643ed 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index fca50dcd19..8803a840aa 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Active Directory Domain Services (AADDS). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,81 +20,28 @@ This module deploys an Azure Active Directory Domain Services (AADDS). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `domainName` | string | The domain name specific to the Azure ADDS service. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalRecipients` | array | `[]` | | The email recipient value to receive alerts. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainConfigurationType` | string | `'FullySynced'` | `[FullySynced, ResourceTrusting]` | The value is to provide domain configuration type. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `externalAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | -| `filteredSync` | string | `'Enabled'` | | The value is to synchronize scoped users and groups. | -| `kerberosArmoring` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | -| `kerberosRc4Encryption` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable Kerberos requests that use RC4 encryption. | -| `ldaps` | string | `'Enabled'` | `[Disabled, Enabled]` | A flag to determine whether or not Secure LDAP is enabled or disabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Azure ADDS Services. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[parameters('domainName')]` | | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | -| `notifyDcAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the DC Admins. | -| `notifyGlobalAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the Global Admins. | -| `ntlmV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using NTLM v1. | -| `replicaSets` | array | `[]` | | Additional replica set for the managed domain. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Enterprise, Premium, Standard]` | The name of the SKU specific to Azure ADDS Services. | -| `syncNtlmPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable synchronized users to use NTLM authentication. | -| `syncOnPremPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable on-premises users to authenticate against managed domain. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tlsV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using TLSv1. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | -| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | -| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/aad.domain-service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`domainName`](#parameter-domainname) | string | The domain name specific to the Azure ADDS service. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`pfxCertificate`](#parameter-pfxcertificate) | securestring | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. |
+| [`pfxCertificatePassword`](#parameter-pfxcertificatepassword) | securestring | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`additionalRecipients`](#parameter-additionalrecipients) | array | The email recipient value to receive alerts. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`domainConfigurationType`](#parameter-domainconfigurationtype) | string | The value is to provide domain configuration type. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`externalAccess`](#parameter-externalaccess) | string | The value is to enable the Secure LDAP for external services of Azure ADDS Services. |
+| [`filteredSync`](#parameter-filteredsync) | string | The value is to synchronize scoped users and groups. |
+| [`kerberosArmoring`](#parameter-kerberosarmoring) | string | The value is to enable to provide a protected channel between the Kerberos client and the KDC. |
+| [`kerberosRc4Encryption`](#parameter-kerberosrc4encryption) | string | The value is to enable Kerberos requests that use RC4 encryption. |
+| [`ldaps`](#parameter-ldaps) | string | A flag to determine whether or not Secure LDAP is enabled or disabled. |
+| [`location`](#parameter-location) | string | The location to deploy the Azure ADDS Services. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`name`](#parameter-name) | string | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. |
+| [`notifyDcAdmins`](#parameter-notifydcadmins) | string | The value is to notify the DC Admins. |
+| [`notifyGlobalAdmins`](#parameter-notifyglobaladmins) | string | The value is to notify the Global Admins. |
+| [`ntlmV1`](#parameter-ntlmv1) | string | The value is to enable clients making request using NTLM v1. |
+| [`replicaSets`](#parameter-replicasets) | array | Additional replica set for the managed domain. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`sku`](#parameter-sku) | string | The name of the SKU specific to Azure ADDS Services. |
+| [`syncNtlmPasswords`](#parameter-syncntlmpasswords) | string | The value is to enable synchronized users to use NTLM authentication. |
+| [`syncOnPremPasswords`](#parameter-synconprempasswords) | string | The value is to enable on-premises users to authenticate against managed domain. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`tlsV1`](#parameter-tlsv1) | string | The value is to enable clients making request using TLSv1. |
+
+### Parameter: `additionalRecipients`
+
+The email recipient value to receive alerts.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `domainConfigurationType`
+
+The value is to provide domain configuration type.
+- Required: No
+- Type: string
+- Default: `'FullySynced'`
+- Allowed: `[FullySynced, ResourceTrusting]`
+
+### Parameter: `domainName`
+
+The domain name specific to the Azure ADDS service.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `externalAccess`
+
+The value is to enable the Secure LDAP for external services of Azure ADDS Services.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `filteredSync`
+
+The value is to synchronize scoped users and groups.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+
+### Parameter: `kerberosArmoring`
+
+The value is to enable to provide a protected channel between the Kerberos client and the KDC.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `kerberosRc4Encryption`
+
+The value is to enable Kerberos requests that use RC4 encryption.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `ldaps`
+
+A flag to determine whether or not Secure LDAP is enabled or disabled.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `location`
+
+The location to deploy the Azure ADDS Services.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service.
+- Required: No
+- Type: string
+- Default: `[parameters('domainName')]`
+
+### Parameter: `notifyDcAdmins`
+
+The value is to notify the DC Admins.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `notifyGlobalAdmins`
+
+The value is to notify the Global Admins.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `ntlmV1`
+
+The value is to enable clients making request using NTLM v1.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `pfxCertificate`
+
+The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `pfxCertificatePassword`
+
+The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `replicaSets`
+
+Additional replica set for the managed domain.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sku`
+
+The name of the SKU specific to Azure ADDS Services.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[Enterprise, Premium, Standard]`
+
+### Parameter: `syncNtlmPasswords`
+
+The value is to enable synchronized users to use NTLM authentication.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `syncOnPremPasswords`
+
+The value is to enable on-premises users to authenticate against managed domain.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `tlsV1`
+
+The value is to enable clients making request using TLSv1.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). |
+| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. |
+| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Network Security Group (NSG) requirements for AADDS
diff --git a/modules/aad/domain-service/main.json b/modules/aad/domain-service/main.json
index 3070f9df0a..0f206dd1ce 100644
--- a/modules/aad/domain-service/main.json
+++ b/modules/aad/domain-service/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5043907679276521852"
+ "version": "0.22.6.54827",
+ "templateHash": "10694057578652449276"
},
"name": "Azure Active Directory Domain Services",
"description": "This module deploys an Azure Active Directory Domain Services (AADDS).",
@@ -410,8 +410,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "4015790044658504688"
+ "version": "0.22.6.54827",
+ "templateHash": "4984019978971427023"
}
},
"parameters": {
diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep
index 0dcc74191b..527c3c1c71 100644
--- a/modules/analysis-services/server/.test/common/main.test.bicep
+++ b/modules/analysis-services/server/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/analysis-services/server/.test/min/main.test.bicep b/modules/analysis-services/server/.test/min/main.test.bicep
index 3c210ec288..e89ac48c07 100644
--- a/modules/analysis-services/server/.test/min/main.test.bicep
+++ b/modules/analysis-services/server/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md
index 02f71b089c..e51e44040a 100644
--- a/modules/analysis-services/server/README.md
+++ b/modules/analysis-services/server/README.md
@@ -5,10 +5,10 @@ This module deploys an Analysis Services Server.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -19,63 +19,30 @@ This module deploys an Analysis Services Server.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Azure Analysis Services server to create. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Engine, Service]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Azure Analysis Services server to create. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the API Management service. |
+| [`publisherEmail`](#parameter-publisheremail) | string | The email address of the owner of the service. |
+| [`publisherName`](#parameter-publishername) | string | The name of the owner of the service. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`additionalLocations`](#parameter-additionallocations) | array | Additional datacenter locations of the API Management service. |
+| [`apis`](#parameter-apis) | array | APIs. |
+| [`apiVersionSets`](#parameter-apiversionsets) | array | API Version Sets. |
+| [`authorizationServers`](#parameter-authorizationservers) | secureObject | Authorization servers. |
+| [`backends`](#parameter-backends) | array | Backends. |
+| [`caches`](#parameter-caches) | array | Caches. |
+| [`certificates`](#parameter-certificates) | array | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. |
+| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Azure App Configuration. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`createMode`](#parameter-createmode) | string | Indicates whether the configuration store need to be recovered. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. |
+| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. |
+| [`name`](#parameter-name) | string | Name of the Container App. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`activeRevisionsMode`](#parameter-activerevisionsmode) | string | ActiveRevisionsMode controls how active revisions are handled for the Container app. |
+| [`customDomains`](#parameter-customdomains) | array | Custom domain bindings for Container App hostnames. |
+| [`dapr`](#parameter-dapr) | object | Dapr configuration for the Container App. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exposedPort`](#parameter-exposedport) | int | Exposed Port in containers for TCP traffic from ingress. |
+| [`ingressAllowInsecure`](#parameter-ingressallowinsecure) | bool | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. |
+| [`ingressExternal`](#parameter-ingressexternal) | bool | Bool indicating if app exposes an external http endpoint. |
+| [`ingressTargetPort`](#parameter-ingresstargetport) | int | Target Port in containers for traffic from ingress. |
+| [`ingressTransport`](#parameter-ingresstransport) | string | Ingress transport protocol. |
+| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. |
+| [`ipSecurityRestrictions`](#parameter-ipsecurityrestrictions) | array | Rules to restrict incoming IP address. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maxInactiveRevisions`](#parameter-maxinactiverevisions) | int | Max inactive revisions a Container App can have. |
+| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. |
+| [`revisionSuffix`](#parameter-revisionsuffix) | string | User friendly suffix that is appended to the revision name. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. |
+| [`scaleMaxReplicas`](#parameter-scalemaxreplicas) | int | Maximum number of container replicas. Defaults to 10 if not set. |
+| [`scaleMinReplicas`](#parameter-scaleminreplicas) | int | Minimum number of container replicas. |
+| [`scaleRules`](#parameter-scalerules) | array | Scaling rules. |
+| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`trafficLabel`](#parameter-trafficlabel) | string | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. |
+| [`trafficLatestRevision`](#parameter-trafficlatestrevision) | bool | Indicates that the traffic weight belongs to a latest stable revision. |
+| [`trafficRevisionName`](#parameter-trafficrevisionname) | string | Name of a revision. |
+| [`trafficWeight`](#parameter-trafficweight) | int | Traffic weight assigned to a revision. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. |
+| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. |
+| [`workloadProfileType`](#parameter-workloadprofiletype) | string | Workload profile type to pin for container app execution. |
+
+### Parameter: `activeRevisionsMode`
+
+ActiveRevisionsMode controls how active revisions are handled for the Container app.
+- Required: No
+- Type: string
+- Default: `'Single'`
+- Allowed: `[Multiple, Single]`
+
+### Parameter: `containers`
+
+List of container definitions for the Container App.
+- Required: Yes
+- Type: array
+
+### Parameter: `customDomains`
+
+Custom domain bindings for Container App hostnames.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dapr`
+
+Dapr configuration for the Container App.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentId`
+
+Resource ID of environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `exposedPort`
+
+Exposed Port in containers for TCP traffic from ingress.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `ingressAllowInsecure`
+
+Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ingressExternal`
+
+Bool indicating if app exposes an external http endpoint.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ingressTargetPort`
+
+Target Port in containers for traffic from ingress.
+- Required: No
+- Type: int
+- Default: `80`
+
+### Parameter: `ingressTransport`
+
+Ingress transport protocol.
+- Required: No
+- Type: string
+- Default: `'auto'`
+- Allowed: `[auto, http, http2, tcp]`
+
+### Parameter: `initContainersTemplate`
+
+List of specialized containers that run before app containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ipSecurityRestrictions`
+
+Rules to restrict incoming IP address.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maxInactiveRevisions`
+
+Max inactive revisions a Container App can have.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `name`
+
+Name of the Container App.
+- Required: Yes
+- Type: string
+
+### Parameter: `registries`
+
+Collection of private container registry credentials for containers used by the Container app.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `revisionSuffix`
+
+User friendly suffix that is appended to the revision name.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `scaleMaxReplicas`
+
+Maximum number of container replicas. Defaults to 10 if not set.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `scaleMinReplicas`
+
+Minimum number of container replicas.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `scaleRules`
+
+Scaling rules.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `secrets`
+
+The secrets of the Container App.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `trafficLabel`
+
+Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes.
+- Required: No
+- Type: string
+- Default: `'label-1'`
+
+### Parameter: `trafficLatestRevision`
+
+Indicates that the traffic weight belongs to a latest stable revision.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `trafficRevisionName`
+
+Name of a revision.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `trafficWeight`
+
+Traffic weight assigned to a revision.
+- Required: No
+- Type: int
+- Default: `100`
+
+### Parameter: `userAssignedIdentities`
+
+The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `volumes`
+
+List of volume definitions for the Container App.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workloadProfileType`
+
+Workload profile type to pin for container app execution.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Container App. |
+| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. |
+| `resourceId` | string | The resource ID of the Container App. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/app/container-app/main.json b/modules/app/container-app/main.json
index e2de42de12..1d501046a4 100644
--- a/modules/app/container-app/main.json
+++ b/modules/app/container-app/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "16754480041180669063"
+ "version": "0.22.6.54827",
+ "templateHash": "2221038631504030167"
},
"name": "Container Apps",
"description": "This module deploys a Container App.",
@@ -371,8 +371,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9188415638960634445"
+ "version": "0.22.6.54827",
+ "templateHash": "6133741258710054291"
}
},
"parameters": {
diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep
index 076aa920a4..6a3a769e96 100644
--- a/modules/app/managed-environment/.test/common/main.test.bicep
+++ b/modules/app/managed-environment/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/app/managed-environment/.test/min/main.test.bicep b/modules/app/managed-environment/.test/min/main.test.bicep
index 6692258b4d..ceab992425 100644
--- a/modules/app/managed-environment/.test/min/main.test.bicep
+++ b/modules/app/managed-environment/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md
index e432404e3a..980eb7a04c 100644
--- a/modules/app/managed-environment/README.md
+++ b/modules/app/managed-environment/README.md
@@ -5,10 +5,10 @@ This module deploys an App Managed Environment (also known as a Container App En
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -18,73 +18,29 @@ This module deploys an App Managed Environment (also known as a Container App En
| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceResourceId` | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). |
-| `name` | string | Name of the Container Apps Managed Environment. |
-
-**Conditional parameters**
+## Usage examples
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `infrastructureSubnetId` | string | `''` | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `certificatePassword` | securestring | `''` | | Password of the certificate used by the custom domain. |
-| `certificateValue` | securestring | `''` | | Certificate to use for the custom domain. PFX or PEM. |
-| `daprAIConnectionString` | securestring | `''` | | Application Insights connection string used by Dapr to export Service to Service communication telemetry. |
-| `daprAIInstrumentationKey` | securestring | `''` | | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. |
-| `dnsSuffix` | string | `''` | | DNS suffix for the environment domain. |
-| `dockerBridgeCidr` | string | `''` | | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
-| `enableDefaultTelemetry` | bool | | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `internal` | bool | `False` | | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. |
-| `location` | string | `[resourceGroup().location]` | | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `logsDestination` | string | `'log-analytics'` | | Logs destination. |
-| `platformReservedCidr` | string | `''` | | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
-| `platformReservedDnsIP` | string | `''` | | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `skuName` | string | `'Consumption'` | `[Consumption, Premium]` | Managed environment SKU. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `workloadProfiles` | array | `[]` | | Workload profiles configured for the Managed Environment. |
-| `zoneRedundant` | bool | `False` | | Whether or not this Managed Environment is zone-redundant. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Managed Environment. |
-| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. |
-| `resourceId` | string | The resource ID of the Managed Environment. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.managed-environment:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`logAnalyticsWorkspaceResourceId`](#parameter-loganalyticsworkspaceresourceid) | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). |
+| [`name`](#parameter-name) | string | Name of the Container Apps Managed Environment. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`infrastructureSubnetId`](#parameter-infrastructuresubnetid) | string | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`certificatePassword`](#parameter-certificatepassword) | securestring | Password of the certificate used by the custom domain. |
+| [`certificateValue`](#parameter-certificatevalue) | securestring | Certificate to use for the custom domain. PFX or PEM. |
+| [`daprAIConnectionString`](#parameter-dapraiconnectionstring) | securestring | Application Insights connection string used by Dapr to export Service to Service communication telemetry. |
+| [`daprAIInstrumentationKey`](#parameter-dapraiinstrumentationkey) | securestring | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. |
+| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix for the environment domain. |
+| [`dockerBridgeCidr`](#parameter-dockerbridgecidr) | string | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`logsDestination`](#parameter-logsdestination) | string | Logs destination. |
+| [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
+| [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`skuName`](#parameter-skuname) | string | Managed environment SKU. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. |
+| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. |
+
+### Parameter: `certificatePassword`
+
+Password of the certificate used by the custom domain.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `certificateValue`
+
+Certificate to use for the custom domain. PFX or PEM.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `daprAIConnectionString`
+
+Application Insights connection string used by Dapr to export Service to Service communication telemetry.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `daprAIInstrumentationKey`
+
+Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `dnsSuffix`
+
+DNS suffix for the environment domain.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dockerBridgeCidr`
+
+CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: Yes
+- Type: bool
+
+### Parameter: `infrastructureSubnetId`
+
+Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `internal`
+
+Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `logAnalyticsWorkspaceResourceId`
+
+Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990).
+- Required: Yes
+- Type: string
+
+### Parameter: `logsDestination`
+
+Logs destination.
+- Required: No
+- Type: string
+- Default: `'log-analytics'`
+
+### Parameter: `name`
+
+Name of the Container Apps Managed Environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `platformReservedCidr`
+
+IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `platformReservedDnsIP`
+
+An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+Managed environment SKU.
+- Required: No
+- Type: string
+- Default: `'Consumption'`
+- Allowed: `[Consumption, Premium]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `workloadProfiles`
+
+Workload profiles configured for the Managed Environment.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `zoneRedundant`
+
+Whether or not this Managed Environment is zone-redundant.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Managed Environment. |
+| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. |
+| `resourceId` | string | The resource ID of the Managed Environment. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/app/managed-environment/main.json b/modules/app/managed-environment/main.json
index a958ca3a6e..71407f0d6d 100644
--- a/modules/app/managed-environment/main.json
+++ b/modules/app/managed-environment/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14963884189492658840"
+ "version": "0.22.6.54827",
+ "templateHash": "3480452524372003572"
},
"name": "App ManagedEnvironments",
"description": "This module deploys an App Managed Environment (also known as a Container App Environment).",
@@ -264,8 +264,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10028072894056989627"
+ "version": "0.22.6.54827",
+ "templateHash": "18101859194273235473"
}
},
"parameters": {
diff --git a/modules/authorization/lock/.test/common/main.test.bicep b/modules/authorization/lock/.test/common/main.test.bicep
index 197c3e06aa..aa9099f4a9 100644
--- a/modules/authorization/lock/.test/common/main.test.bicep
+++ b/modules/authorization/lock/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md
index 1555dae44e..abc4f9706c 100644
--- a/modules/authorization/lock/README.md
+++ b/modules/authorization/lock/README.md
@@ -5,10 +5,10 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -16,52 +16,28 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc
| :-- | :-- |
| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location for all resources. |
-| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. |
-| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. |
-| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. |
+## Usage examples
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the lock. |
-| `resourceId` | string | The resource ID of the lock. |
-| `scope` | string | The scope this lock applies to. |
-
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.lock:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`level`](#parameter-level) | string | Set lock level. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`notes`](#parameter-notes) | string | The decription attached to the lock. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `level`
+
+Set lock level.
+- Required: Yes
+- Type: string
+- Allowed: `[CanNotDelete, ReadOnly]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `notes`
+
+The decription attached to the lock.
+- Required: No
+- Type: string
+- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]`
+
+### Parameter: `resourceGroupName`
+
+Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `subscriptionId`
+
+Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription.
+- Required: No
+- Type: string
+- Default: `[subscription().id]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the lock. |
+| `resourceId` | string | The resource ID of the lock. |
+| `scope` | string | The scope this lock applies to. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/authorization/lock/main.json b/modules/authorization/lock/main.json
index a6018e68bc..927dc1ae2c 100644
--- a/modules/authorization/lock/main.json
+++ b/modules/authorization/lock/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15010949072500473441"
+ "version": "0.22.6.54827",
+ "templateHash": "15385346851879884120"
},
"name": "Authorization Locks (All scopes)",
"description": "This module deploys an Authorization Lock at a Subscription or Resource Group scope.",
@@ -109,8 +109,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15362884032350876286"
+ "version": "0.22.6.54827",
+ "templateHash": "876321567657394219"
},
"name": "Authorization Locks (Subscription scope)",
"description": "This module deploys an Authorization Lock at a Subscription scope.",
@@ -239,8 +239,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10420976827552614779"
+ "version": "0.22.6.54827",
+ "templateHash": "8961143332409950444"
},
"name": "Authorization Locks (Resource Group scope)",
"description": "This module deploys an Authorization Lock at a Resource Group scope.",
diff --git a/modules/authorization/lock/resource-group/README.md b/modules/authorization/lock/resource-group/README.md
index 146e48ed25..9fff1df214 100644
--- a/modules/authorization/lock/resource-group/README.md
+++ b/modules/authorization/lock/resource-group/README.md
@@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Resource Group scope.
**Required parameters**
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`level`](#parameter-level) | string | Set lock level. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. |
-| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the lock. |
+| [`notes`](#parameter-notes) | string | The decription attached to the lock. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `level`
+
+Set lock level.
+- Required: Yes
+- Type: string
+- Allowed: `[CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the lock.
+- Required: No
+- Type: string
+- Default: `[format('{0}-lock', parameters('level'))]`
+
+### Parameter: `notes`
+
+The decription attached to the lock.
+- Required: No
+- Type: string
+- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the lock. |
| `resourceGroupName` | string | The name of the resource group name the lock was applied to. |
diff --git a/modules/authorization/lock/resource-group/main.json b/modules/authorization/lock/resource-group/main.json
index 25b2ec1b99..903530da93 100644
--- a/modules/authorization/lock/resource-group/main.json
+++ b/modules/authorization/lock/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "7885747985110001606"
+ "version": "0.22.6.54827",
+ "templateHash": "8961143332409950444"
},
"name": "Authorization Locks (Resource Group scope)",
"description": "This module deploys an Authorization Lock at a Resource Group scope.",
diff --git a/modules/authorization/lock/subscription/README.md b/modules/authorization/lock/subscription/README.md
index 35fe0fd8ca..56454213bb 100644
--- a/modules/authorization/lock/subscription/README.md
+++ b/modules/authorization/lock/subscription/README.md
@@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`level`](#parameter-level) | string | Set lock level. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. |
-| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the lock. |
+| [`notes`](#parameter-notes) | string | The decription attached to the lock. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `level`
+
+Set lock level.
+- Required: Yes
+- Type: string
+- Allowed: `[CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the lock.
+- Required: No
+- Type: string
+- Default: `[format('{0}-lock', parameters('level'))]`
+
+### Parameter: `notes`
+
+The decription attached to the lock.
+- Required: No
+- Type: string
+- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the lock. |
| `resourceId` | string | The resource ID of the lock. |
diff --git a/modules/authorization/lock/subscription/main.json b/modules/authorization/lock/subscription/main.json
index 5664616784..19ec31903c 100644
--- a/modules/authorization/lock/subscription/main.json
+++ b/modules/authorization/lock/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "10927394621764774821"
+ "version": "0.22.6.54827",
+ "templateHash": "876321567657394219"
},
"name": "Authorization Locks (Subscription scope)",
"description": "This module deploys an Authorization Lock at a Subscription scope.",
diff --git a/modules/authorization/policy-assignment/README.md b/modules/authorization/policy-assignment/README.md
index ff0ddb908a..a74ad84ead 100644
--- a/modules/authorization/policy-assignment/README.md
+++ b/modules/authorization/policy-assignment/README.md
@@ -4,80 +4,44 @@ This module deploys a Policy Assignment at a Management Group, Subscription or R
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/policyAssignments` | [2022-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-06-01/policyAssignments) |
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. |
-| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | This message will be part of response in case of policy violation. |
-| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
-| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
-| `location` | string | `[deployment().location]` | | Location for all resources. |
-| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
-| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
-| `notScopes` | array | `[]` | | The policy excluded scopes. |
-| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
-| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
-| `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
-| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
-| `subscriptionId` | string | `''` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. |
-| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | Policy Assignment Name. |
-| `principalId` | string | Policy Assignment principal ID. |
-| `resourceId` | string | Policy Assignment resource ID. |
-
-## Cross-referenced modules
-
-_None_
-
-## Deployment examples
+## Usage examples
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. |
+| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
+| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
+| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. |
+| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. |
+| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
+| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
+| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. |
+| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. |
+
+### Parameter: `description`
+
+This message will be part of response in case of policy violation.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy assignment. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enforcementMode`
+
+The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Default, DoNotEnforce]`
+
+### Parameter: `identity`
+
+The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions.
+- Required: No
+- Type: string
+- Default: `'SystemAssigned'`
+- Allowed: `[None, SystemAssigned, UserAssigned]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `metadata`
+
+The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes.
+- Required: Yes
+- Type: string
+
+### Parameter: `nonComplianceMessages`
+
+The messages that describe why a resource is non-compliant with the policy.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notScopes`
+
+The policy excluded scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `overrides`
+
+The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `parameters`
+
+Parameters for the policy assignment if needed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionId`
+
+Specifies the ID of the policy definition or policy set definition being assigned.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceGroupName`
+
+The Target Scope for the Policy. The name of the resource group for the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleDefinitionIds`
+
+The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `subscriptionId`
+
+The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `userAssignedIdentityId`
+
+The Resource ID for the user assigned identity to assign to the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | Policy Assignment Name. |
+| `principalId` | string | Policy Assignment principal ID. |
+| `resourceId` | string | Policy Assignment resource ID. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Module Usage Guidance
diff --git a/modules/authorization/policy-assignment/main.json b/modules/authorization/policy-assignment/main.json
index 66bced0521..4b15a7c3ee 100644
--- a/modules/authorization/policy-assignment/main.json
+++ b/modules/authorization/policy-assignment/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13477192333915886863"
+ "version": "0.22.6.54827",
+ "templateHash": "10579624444479342334"
},
"name": "Policy Assignments (All scopes)",
"description": "This module deploys a Policy Assignment at a Management Group, Subscription or Resource Group scope.",
@@ -226,8 +226,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15108071880274736880"
+ "version": "0.22.6.54827",
+ "templateHash": "14811948404877688716"
},
"name": "Policy Assignments (Management Group scope)",
"description": "This module deploys a Policy Assignment at a Management Group scope.",
@@ -506,8 +506,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15303635224407962753"
+ "version": "0.22.6.54827",
+ "templateHash": "1296030047986147440"
},
"name": "Policy Assignments (Subscription scope)",
"description": "This module deploys a Policy Assignment at a Subscription scope.",
@@ -786,8 +786,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "17736185251366823136"
+ "version": "0.22.6.54827",
+ "templateHash": "15032410491892224041"
},
"name": "Policy Assignments (Resource Group scope)",
"description": "This module deploys a Policy Assignment at a Resource Group scope.",
diff --git a/modules/authorization/policy-assignment/management-group/README.md b/modules/authorization/policy-assignment/management-group/README.md
index 086b1d38ea..5bdeb7fe3c 100644
--- a/modules/authorization/policy-assignment/management-group/README.md
+++ b/modules/authorization/policy-assignment/management-group/README.md
@@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Management Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. |
-| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. |
+| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | This message will be part of response in case of policy violation. |
-| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
-| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
-| `location` | string | `[deployment().location]` | | Location for all resources. |
-| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
-| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
-| `notScopes` | array | `[]` | | The policy excluded scopes. |
-| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
-| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
-| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
-| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
+| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
+| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. |
+| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. |
+| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
+| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
+| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
+| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. |
+
+### Parameter: `description`
+
+This message will be part of response in case of policy violation.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy assignment. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enforcementMode`
+
+The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Default, DoNotEnforce]`
+
+### Parameter: `identity`
+
+The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions.
+- Required: No
+- Type: string
+- Default: `'SystemAssigned'`
+- Allowed: `[None, SystemAssigned, UserAssigned]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `metadata`
+
+The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `nonComplianceMessages`
+
+The messages that describe why a resource is non-compliant with the policy.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notScopes`
+
+The policy excluded scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `overrides`
+
+The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `parameters`
+
+Parameters for the policy assignment if needed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionId`
+
+Specifies the ID of the policy definition or policy set definition being assigned.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleDefinitionIds`
+
+The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `userAssignedIdentityId`
+
+The Resource ID for the user assigned identity to assign to the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | Policy Assignment Name. |
diff --git a/modules/authorization/policy-assignment/management-group/main.json b/modules/authorization/policy-assignment/management-group/main.json
index 1f346ad116..5041a99c35 100644
--- a/modules/authorization/policy-assignment/management-group/main.json
+++ b/modules/authorization/policy-assignment/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "8902545451587564927"
+ "version": "0.22.6.54827",
+ "templateHash": "14811948404877688716"
},
"name": "Policy Assignments (Management Group scope)",
"description": "This module deploys a Policy Assignment at a Management Group scope.",
diff --git a/modules/authorization/policy-assignment/resource-group/README.md b/modules/authorization/policy-assignment/resource-group/README.md
index 6ed90b07ac..fa03fd32ea 100644
--- a/modules/authorization/policy-assignment/resource-group/README.md
+++ b/modules/authorization/policy-assignment/resource-group/README.md
@@ -20,36 +20,162 @@ This module deploys a Policy Assignment at a Resource Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. |
-| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. |
+| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | This message will be part of response in case of policy violation. |
-| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
-| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
-| `notScopes` | array | `[]` | | The policy excluded scopes. |
-| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
-| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
-| `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
-| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
-| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. |
-| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
+| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. |
+| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. |
+| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
+| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
+| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. |
+| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. |
+
+### Parameter: `description`
+
+This message will be part of response in case of policy violation.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy assignment. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enforcementMode`
+
+The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Default, DoNotEnforce]`
+
+### Parameter: `identity`
+
+The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions.
+- Required: No
+- Type: string
+- Default: `'SystemAssigned'`
+- Allowed: `[None, SystemAssigned, UserAssigned]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `metadata`
+
+The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `nonComplianceMessages`
+
+The messages that describe why a resource is non-compliant with the policy.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notScopes`
+
+The policy excluded scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `overrides`
+
+The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `parameters`
+
+Parameters for the policy assignment if needed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionId`
+
+Specifies the ID of the policy definition or policy set definition being assigned.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceGroupName`
+
+The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().name]`
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleDefinitionIds`
+
+The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `subscriptionId`
+
+The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[subscription().subscriptionId]`
+
+### Parameter: `userAssignedIdentityId`
+
+The Resource ID for the user assigned identity to assign to the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | Policy Assignment Name. |
diff --git a/modules/authorization/policy-assignment/resource-group/main.json b/modules/authorization/policy-assignment/resource-group/main.json
index 91b95356eb..65912a4b91 100644
--- a/modules/authorization/policy-assignment/resource-group/main.json
+++ b/modules/authorization/policy-assignment/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "18205418867751406787"
+ "version": "0.22.6.54827",
+ "templateHash": "15032410491892224041"
},
"name": "Policy Assignments (Resource Group scope)",
"description": "This module deploys a Policy Assignment at a Resource Group scope.",
diff --git a/modules/authorization/policy-assignment/subscription/README.md b/modules/authorization/policy-assignment/subscription/README.md
index 26810db431..c861c6e6c7 100644
--- a/modules/authorization/policy-assignment/subscription/README.md
+++ b/modules/authorization/policy-assignment/subscription/README.md
@@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. |
-| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. |
+| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | This message will be part of response in case of policy violation. |
-| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
-| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
-| `location` | string | `[deployment().location]` | | Location for all resources. |
-| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. |
-| `notScopes` | array | `[]` | | The policy excluded scopes. |
-| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
-| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
-| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
-| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. |
-| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. |
+| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. |
+| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. |
+| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. |
+| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. |
+| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. |
+| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. |
+
+### Parameter: `description`
+
+This message will be part of response in case of policy violation.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy assignment. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enforcementMode`
+
+The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce.
+- Required: No
+- Type: string
+- Default: `'Default'`
+- Allowed: `[Default, DoNotEnforce]`
+
+### Parameter: `identity`
+
+The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions.
+- Required: No
+- Type: string
+- Default: `'SystemAssigned'`
+- Allowed: `[None, SystemAssigned, UserAssigned]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `nonComplianceMessages`
+
+The messages that describe why a resource is non-compliant with the policy.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notScopes`
+
+The policy excluded scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `overrides`
+
+The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `parameters`
+
+Parameters for the policy assignment if needed.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionId`
+
+Specifies the ID of the policy definition or policy set definition being assigned.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleDefinitionIds`
+
+The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `subscriptionId`
+
+The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[subscription().subscriptionId]`
+
+### Parameter: `userAssignedIdentityId`
+
+The Resource ID for the user assigned identity to assign to the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | Policy Assignment Name. |
diff --git a/modules/authorization/policy-assignment/subscription/main.json b/modules/authorization/policy-assignment/subscription/main.json
index 24a4662eca..5d6deb533a 100644
--- a/modules/authorization/policy-assignment/subscription/main.json
+++ b/modules/authorization/policy-assignment/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13568773713405945676"
+ "version": "0.22.6.54827",
+ "templateHash": "1296030047986147440"
},
"name": "Policy Assignments (Subscription scope)",
"description": "This module deploys a Policy Assignment at a Subscription scope.",
diff --git a/modules/authorization/policy-definition/README.md b/modules/authorization/policy-definition/README.md
index eea97f4ec3..0ab10d1680 100644
--- a/modules/authorization/policy-definition/README.md
+++ b/modules/authorization/policy-definition/README.md
@@ -4,70 +4,41 @@ This module deploys a Policy Definition at a Management Group or Subscription sc
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/policyDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyDefinitions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. |
-| `policyRule` | object | The Policy Rule details for the Policy Definition. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | The policy definition description. |
-| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. |
-| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
-| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. |
-| `subscriptionId` | string | `''` | | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Policy Definition Name. |
-| `resourceId` | string | Policy Definition resource ID. |
-| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. |
-
-## Cross-referenced modules
-
-_None_
+## Usage examples
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. |
+| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The policy definition description. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. |
+| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
+| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. |
+
+### Parameter: `description`
+
+The policy definition description.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy definition. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `metadata`
+
+The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `mode`
+
+The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data.
+- Required: No
+- Type: string
+- Default: `'All'`
+- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]`
+
+### Parameter: `name`
+
+Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `parameters`
+
+The policy definition parameters that can be used in policy definition references.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyRule`
+
+The Policy Rule details for the Policy Definition.
+- Required: Yes
+- Type: object
+
+### Parameter: `subscriptionId`
+
+The subscription ID of the subscription (Scope). Cannot be used with managementGroupId.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | Policy Definition Name. |
+| `resourceId` | string | Policy Definition resource ID. |
+| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Module Usage Guidance
diff --git a/modules/authorization/policy-definition/main.json b/modules/authorization/policy-definition/main.json
index 2d366af87f..0667382c4a 100644
--- a/modules/authorization/policy-definition/main.json
+++ b/modules/authorization/policy-definition/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15749498802750084340"
+ "version": "0.22.6.54827",
+ "templateHash": "12398926446776214850"
},
"name": "Policy Definitions (All scopes)",
"description": "This module deploys a Policy Definition at a Management Group or Subscription scope.",
@@ -156,8 +156,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "17859945353406314149"
+ "version": "0.22.6.54827",
+ "templateHash": "3632302304949681871"
},
"name": "Policy Definitions (Management Group scope)",
"description": "This module deploys a Policy Definition at a Management Group scope.",
@@ -332,8 +332,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7453988849629465072"
+ "version": "0.22.6.54827",
+ "templateHash": "15610043692526006499"
},
"name": "Policy Definitions (Subscription scope)",
"description": "This module deploys a Policy Definition at a Subscription scope.",
diff --git a/modules/authorization/policy-definition/management-group/README.md b/modules/authorization/policy-definition/management-group/README.md
index 01780427c6..d09b6aad3e 100644
--- a/modules/authorization/policy-definition/management-group/README.md
+++ b/modules/authorization/policy-definition/management-group/README.md
@@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Management Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. |
-| `policyRule` | object | The Policy Rule details for the Policy Definition. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. |
+| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | The policy definition description. |
-| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
-| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The policy definition description. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
+| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. |
+
+### Parameter: `description`
+
+The policy definition description.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy definition. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `mode`
+
+The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data.
+- Required: No
+- Type: string
+- Default: `'All'`
+- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]`
+
+### Parameter: `name`
+
+Specifies the name of the policy definition. Maximum length is 64 characters.
+- Required: Yes
+- Type: string
+
+### Parameter: `parameters`
+
+The policy definition parameters that can be used in policy definition references.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyRule`
+
+The Policy Rule details for the Policy Definition.
+- Required: Yes
+- Type: object
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Definition Name. |
| `resourceId` | string | Policy Definition resource ID. |
diff --git a/modules/authorization/policy-definition/management-group/main.json b/modules/authorization/policy-definition/management-group/main.json
index c1d82a9803..0c99261e72 100644
--- a/modules/authorization/policy-definition/management-group/main.json
+++ b/modules/authorization/policy-definition/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "14890815799488372081"
+ "version": "0.22.6.54827",
+ "templateHash": "3632302304949681871"
},
"name": "Policy Definitions (Management Group scope)",
"description": "This module deploys a Policy Definition at a Management Group scope.",
diff --git a/modules/authorization/policy-definition/subscription/README.md b/modules/authorization/policy-definition/subscription/README.md
index 2557236387..acb2ee448d 100644
--- a/modules/authorization/policy-definition/subscription/README.md
+++ b/modules/authorization/policy-definition/subscription/README.md
@@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. |
-| `policyRule` | object | The Policy Rule details for the Policy Definition. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. |
+| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `description` | string | `''` | | The policy definition description. |
-| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
-| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The policy definition description. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
+| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. |
+
+### Parameter: `description`
+
+The policy definition description.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy definition. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `mode`
+
+The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data.
+- Required: No
+- Type: string
+- Default: `'All'`
+- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]`
+
+### Parameter: `name`
+
+Specifies the name of the policy definition. Maximum length is 64 characters.
+- Required: Yes
+- Type: string
+
+### Parameter: `parameters`
+
+The policy definition parameters that can be used in policy definition references.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyRule`
+
+The Policy Rule details for the Policy Definition.
+- Required: Yes
+- Type: object
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Definition Name. |
| `resourceId` | string | Policy Definition resource ID. |
diff --git a/modules/authorization/policy-definition/subscription/main.json b/modules/authorization/policy-definition/subscription/main.json
index 9d45f6df13..d765d1b498 100644
--- a/modules/authorization/policy-definition/subscription/main.json
+++ b/modules/authorization/policy-definition/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "14434059777291440353"
+ "version": "0.22.6.54827",
+ "templateHash": "15610043692526006499"
},
"name": "Policy Definitions (Subscription scope)",
"description": "This module deploys a Policy Definition at a Subscription scope.",
diff --git a/modules/authorization/policy-exemption/README.md b/modules/authorization/policy-exemption/README.md
index 50aeb359a3..8fc662328a 100644
--- a/modules/authorization/policy-exemption/README.md
+++ b/modules/authorization/policy-exemption/README.md
@@ -4,74 +4,43 @@ This module deploys a Policy Exemption at a Management Group, Subscription or Re
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/policyExemptions` | [2022-07-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-07-01-preview/policyExemptions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. |
-| `description` | string | `''` | | The description of the policy exemption. |
-| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
-| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. |
-| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
-| `resourceGroupName` | string | `''` | | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. |
-| `subscriptionId` | string | `''` | | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Policy Exemption Name. |
-| `resourceId` | string | Policy Exemption resource ID. |
-| `scope` | string | Policy Exemption Scope. |
-
-## Cross-referenced modules
-
-_None_
-
-## Deployment examples
+## Usage examples
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. |
+| [`description`](#parameter-description) | string | The description of the policy exemption. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
+| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. |
+| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. |
+
+### Parameter: `assignmentScopeValidation`
+
+The option whether validate the exemption is at or under the assignment scope.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Default, DoNotValidate]`
+
+### Parameter: `description`
+
+The description of the policy exemption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy exemption. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `exemptionCategory`
+
+The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated.
+- Required: No
+- Type: string
+- Default: `'Mitigated'`
+- Allowed: `[Mitigated, Waiver]`
+
+### Parameter: `expiresOn`
+
+The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `metadata`
+
+The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that is being exempted.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceIds`
+
+The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `resourceGroupName`
+
+The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `subscriptionId`
+
+The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | Policy Exemption Name. |
+| `resourceId` | string | Policy Exemption resource ID. |
+| `scope` | string | Policy Exemption Scope. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Module Usage Guidance
diff --git a/modules/authorization/policy-exemption/main.json b/modules/authorization/policy-exemption/main.json
index a870d46d9b..37bb291bf4 100644
--- a/modules/authorization/policy-exemption/main.json
+++ b/modules/authorization/policy-exemption/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7537469788100455482"
+ "version": "0.22.6.54827",
+ "templateHash": "5596643679633132129"
},
"name": "Policy Exemptions (All scopes)",
"description": "This module deploys a Policy Exemption at a Management Group, Subscription or Resource Group scope.",
@@ -202,8 +202,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5811278633353778987"
+ "version": "0.22.6.54827",
+ "templateHash": "5606667569084267633"
},
"name": "Policy Exemptions (Management Group scope)",
"description": "This module deploys a Policy Exemption at a Management Group scope.",
@@ -413,8 +413,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "16790622898117117515"
+ "version": "0.22.6.54827",
+ "templateHash": "10613705515536903891"
},
"name": "Policy Exemptions (Subscription scope)",
"description": "This module deploys a Policy Exemption at a Subscription scope.",
@@ -621,8 +621,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15066914920145194393"
+ "version": "0.22.6.54827",
+ "templateHash": "17689607806582642174"
},
"name": "Policy Exemptions (Resource Group scope)",
"description": "This module deploys a Policy Exemption at a Resource Group scope.",
diff --git a/modules/authorization/policy-exemption/management-group/README.md b/modules/authorization/policy-exemption/management-group/README.md
index 1bfb787eab..7cca1936a3 100644
--- a/modules/authorization/policy-exemption/management-group/README.md
+++ b/modules/authorization/policy-exemption/management-group/README.md
@@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Management Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. |
-| `description` | string | `''` | | The description of the policy exemption. |
-| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
-| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. |
+| [`description`](#parameter-description) | string | The description of the policy exemption. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
+| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. |
+
+### Parameter: `assignmentScopeValidation`
+
+The option whether validate the exemption is at or under the assignment scope.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Default, DoNotValidate]`
+
+### Parameter: `description`
+
+The description of the policy exemption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy assignment. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `exemptionCategory`
+
+The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated.
+- Required: No
+- Type: string
+- Default: `'Mitigated'`
+- Allowed: `[Mitigated, Waiver]`
+
+### Parameter: `expiresOn`
+
+The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that is being exempted.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceIds`
+
+The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties.
+- Required: No
+- Type: array
+- Default: `[]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Exemption Name. |
| `resourceId` | string | Policy Exemption resource ID. |
diff --git a/modules/authorization/policy-exemption/management-group/main.json b/modules/authorization/policy-exemption/management-group/main.json
index 9d9e463ba8..8271a1ee56 100644
--- a/modules/authorization/policy-exemption/management-group/main.json
+++ b/modules/authorization/policy-exemption/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17592627855612646241"
+ "version": "0.22.6.54827",
+ "templateHash": "5606667569084267633"
},
"name": "Policy Exemptions (Management Group scope)",
"description": "This module deploys a Policy Exemption at a Management Group scope.",
diff --git a/modules/authorization/policy-exemption/resource-group/README.md b/modules/authorization/policy-exemption/resource-group/README.md
index 7fd6faa68a..cc3f54c9b9 100644
--- a/modules/authorization/policy-exemption/resource-group/README.md
+++ b/modules/authorization/policy-exemption/resource-group/README.md
@@ -19,29 +19,106 @@ This module deploys a Policy Exemption at a Resource Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. |
-| `description` | string | `''` | | The description of the policy exemption. |
-| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
-| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
-| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. |
+| [`description`](#parameter-description) | string | The description of the policy exemption. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
+| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
+| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. |
+
+### Parameter: `assignmentScopeValidation`
+
+The option whether validate the exemption is at or under the assignment scope.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Default, DoNotValidate]`
+
+### Parameter: `description`
+
+The description of the policy exemption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy exemption. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `exemptionCategory`
+
+The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated.
+- Required: No
+- Type: string
+- Default: `'Mitigated'`
+- Allowed: `[Mitigated, Waiver]`
+
+### Parameter: `expiresOn`
+
+The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `metadata`
+
+The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that is being exempted.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceIds`
+
+The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties.
+- Required: No
+- Type: array
+- Default: `[]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Exemption Name. |
| `resourceGroupName` | string | The name of the resource group the policy exemption was applied at. |
diff --git a/modules/authorization/policy-exemption/resource-group/main.json b/modules/authorization/policy-exemption/resource-group/main.json
index f9d5590f54..8672a1ff5d 100644
--- a/modules/authorization/policy-exemption/resource-group/main.json
+++ b/modules/authorization/policy-exemption/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13048294777047698866"
+ "version": "0.22.6.54827",
+ "templateHash": "17689607806582642174"
},
"name": "Policy Exemptions (Resource Group scope)",
"description": "This module deploys a Policy Exemption at a Resource Group scope.",
diff --git a/modules/authorization/policy-exemption/subscription/README.md b/modules/authorization/policy-exemption/subscription/README.md
index 82e45d2349..8094b8371f 100644
--- a/modules/authorization/policy-exemption/subscription/README.md
+++ b/modules/authorization/policy-exemption/subscription/README.md
@@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. |
-| `description` | string | `''` | | The description of the policy exemption. |
-| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
-| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
-| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. |
+| [`description`](#parameter-description) | string | The description of the policy exemption. |
+| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. |
+| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. |
+| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. |
+
+### Parameter: `assignmentScopeValidation`
+
+The option whether validate the exemption is at or under the assignment scope.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Default, DoNotValidate]`
+
+### Parameter: `description`
+
+The description of the policy exemption.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the policy exemption. Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `exemptionCategory`
+
+The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated.
+- Required: No
+- Type: string
+- Default: `'Mitigated'`
+- Allowed: `[Mitigated, Waiver]`
+
+### Parameter: `expiresOn`
+
+The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that is being exempted.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceIds`
+
+The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `resourceSelectors`
+
+The resource selector list to filter policies by resource properties.
+- Required: No
+- Type: array
+- Default: `[]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Exemption Name. |
| `resourceId` | string | Policy Exemption resource ID. |
diff --git a/modules/authorization/policy-exemption/subscription/main.json b/modules/authorization/policy-exemption/subscription/main.json
index 2418e1af36..b9bce72b18 100644
--- a/modules/authorization/policy-exemption/subscription/main.json
+++ b/modules/authorization/policy-exemption/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5067037150154630010"
+ "version": "0.22.6.54827",
+ "templateHash": "10613705515536903891"
},
"name": "Policy Exemptions (Subscription scope)",
"description": "This module deploys a Policy Exemption at a Subscription scope.",
diff --git a/modules/authorization/policy-set-definition/README.md b/modules/authorization/policy-set-definition/README.md
index aba3a1620c..fdedfe70d8 100644
--- a/modules/authorization/policy-set-definition/README.md
+++ b/modules/authorization/policy-set-definition/README.md
@@ -4,69 +4,41 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group o
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/policySetDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policySetDefinitions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy Set Definition (Initiative). |
-| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `description` | string | `''` | The description name of the Set Definition (Initiative). |
-| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. |
-| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. |
-| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). |
-| `subscriptionId` | string | `''` | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Policy Set Definition Name. |
-| `resourceId` | string | Policy Set Definition resource ID. |
-
-## Cross-referenced modules
+## Usage examples
-_None_
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). |
+| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). |
+| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. |
+| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. |
+| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. |
+
+### Parameter: `description`
+
+The description name of the Set Definition (Initiative).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the Set Definition (Initiative). Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `metadata`
+
+The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy Set Definition (Initiative).
+- Required: Yes
+- Type: string
+
+### Parameter: `parameters`
+
+The Set Definition (Initiative) parameters that can be used in policy definition references.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionGroups`
+
+The metadata describing groups of policy definition references within the Policy Set Definition (Initiative).
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `policyDefinitions`
+
+The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters.
+- Required: Yes
+- Type: array
+
+### Parameter: `subscriptionId`
+
+The subscription ID of the subscription (Scope). Cannot be used with managementGroupId.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | Policy Set Definition Name. |
+| `resourceId` | string | Policy Set Definition resource ID. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Module Usage Guidance
diff --git a/modules/authorization/policy-set-definition/main.json b/modules/authorization/policy-set-definition/main.json
index 4416cb72bf..d0051bf41a 100644
--- a/modules/authorization/policy-set-definition/main.json
+++ b/modules/authorization/policy-set-definition/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "1831706179623308969"
+ "version": "0.22.6.54827",
+ "templateHash": "9153336425223705834"
},
"name": "Policy Set Definitions (Initiatives) (All scopes)",
"description": "This module deploys a Policy Set Definition (Initiative) at a Management Group or Subscription scope.",
@@ -146,8 +146,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9278231745561513332"
+ "version": "0.22.6.54827",
+ "templateHash": "13574874097410910980"
},
"name": "Policy Set Definitions (Initiatives) (Management Group scope)",
"description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.",
@@ -305,8 +305,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "3357776167220688626"
+ "version": "0.22.6.54827",
+ "templateHash": "566743094418434146"
},
"name": "Policy Set Definitions (Initiatives) (Subscription scope)",
"description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.",
diff --git a/modules/authorization/policy-set-definition/management-group/README.md b/modules/authorization/policy-set-definition/management-group/README.md
index 40de7bcd60..6e0a971597 100644
--- a/modules/authorization/policy-set-definition/management-group/README.md
+++ b/modules/authorization/policy-set-definition/management-group/README.md
@@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group s
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy Set Definition (Initiative). |
-| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). |
+| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `description` | string | `''` | The description name of the Set Definition (Initiative). |
-| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. |
-| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). |
+| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. |
+| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). |
+
+### Parameter: `description`
+
+The description name of the Set Definition (Initiative).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the Set Definition (Initiative). Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy Set Definition (Initiative).
+- Required: Yes
+- Type: string
+
+### Parameter: `parameters`
+
+The Set Definition (Initiative) parameters that can be used in policy definition references.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionGroups`
+
+The metadata describing groups of policy definition references within the Policy Set Definition (Initiative).
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `policyDefinitions`
+
+The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters.
+- Required: Yes
+- Type: array
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Set Definition Name. |
| `resourceId` | string | Policy Set Definition resource ID. |
diff --git a/modules/authorization/policy-set-definition/management-group/main.json b/modules/authorization/policy-set-definition/management-group/main.json
index baa439be6e..9b627357b6 100644
--- a/modules/authorization/policy-set-definition/management-group/main.json
+++ b/modules/authorization/policy-set-definition/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "1638152228410583836"
+ "version": "0.22.6.54827",
+ "templateHash": "13574874097410910980"
},
"name": "Policy Set Definitions (Initiatives) (Management Group scope)",
"description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.",
diff --git a/modules/authorization/policy-set-definition/subscription/README.md b/modules/authorization/policy-set-definition/subscription/README.md
index 64b2597fe0..8b0f87ad46 100644
--- a/modules/authorization/policy-set-definition/subscription/README.md
+++ b/modules/authorization/policy-set-definition/subscription/README.md
@@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Subscription scope
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. |
-| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. |
+| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `description` | string | `''` | The description name of the Set Definition (Initiative). |
-| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
-| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. |
-| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). |
+| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
+| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. |
+| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). |
+
+### Parameter: `description`
+
+The description name of the Set Definition (Initiative).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `displayName`
+
+The display name of the Set Definition (Initiative). Maximum length is 128 characters.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `metadata`
+
+The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `parameters`
+
+The Set Definition (Initiative) parameters that can be used in policy definition references.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `policyDefinitionGroups`
+
+The metadata describing groups of policy definition references within the Policy Set Definition (Initiative).
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `policyDefinitions`
+
+The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters.
+- Required: Yes
+- Type: array
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | Policy Set Definition Name. |
| `resourceId` | string | Policy Set Definition resource ID. |
diff --git a/modules/authorization/policy-set-definition/subscription/main.json b/modules/authorization/policy-set-definition/subscription/main.json
index 430128e583..4f8ea43907 100644
--- a/modules/authorization/policy-set-definition/subscription/main.json
+++ b/modules/authorization/policy-set-definition/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "8864751360907211482"
+ "version": "0.22.6.54827",
+ "templateHash": "566743094418434146"
},
"name": "Policy Set Definitions (Initiatives) (Subscription scope)",
"description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.",
diff --git a/modules/authorization/role-assignment/README.md b/modules/authorization/role-assignment/README.md
index 005701544c..5d881fcdaf 100644
--- a/modules/authorization/role-assignment/README.md
+++ b/modules/authorization/role-assignment/README.md
@@ -4,71 +4,43 @@ This module deploys a Role Assignment at a Management Group, Subscription or Res
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
-| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. |
-| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". |
-| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. |
-| `description` | string | `''` | | The description of the role assignment. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
-| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. |
-| `resourceGroupName` | string | `''` | | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. |
-| `subscriptionId` | string | `''` | | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The GUID of the Role Assignment. |
-| `resourceId` | string | The resource ID of the Role Assignment. |
-| `scope` | string | The scope this Role Assignment applies to. |
-
-## Cross-referenced modules
+## Usage examples
-_None_
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
+| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. |
+| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". |
+| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. |
+| [`description`](#parameter-description) | string | The description of the role assignment. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. |
+
+### Parameter: `condition`
+
+The conditions on the role assignment. This limits the resources it can be assigned to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `conditionVersion`
+
+Version of the condition. Currently accepted value is "2.0".
+- Required: No
+- Type: string
+- Default: `'2.0'`
+- Allowed: `[2.0]`
+
+### Parameter: `delegatedManagedIdentityResourceId`
+
+ID of the delegated managed identity resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `description`
+
+The description of the role assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `principalId`
+
+The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity).
+- Required: Yes
+- Type: string
+
+### Parameter: `principalType`
+
+The principal type of the assigned principal ID.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `resourceGroupName`
+
+Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleDefinitionIdOrName`
+
+You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: Yes
+- Type: string
+
+### Parameter: `subscriptionId`
+
+Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The GUID of the Role Assignment. |
+| `resourceId` | string | The resource ID of the Role Assignment. |
+| `scope` | string | The scope this Role Assignment applies to. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Module Usage Guidance
diff --git a/modules/authorization/role-assignment/main.json b/modules/authorization/role-assignment/main.json
index 23f3d4897d..0cf8880ab7 100644
--- a/modules/authorization/role-assignment/main.json
+++ b/modules/authorization/role-assignment/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14335081108343042206"
+ "version": "0.22.6.54827",
+ "templateHash": "807341397297135440"
},
"name": "Role Assignments (All scopes)",
"description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.",
@@ -167,8 +167,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "6412111068130570787"
+ "version": "0.22.6.54827",
+ "templateHash": "3058280694250439865"
},
"name": "Role Assignments (Management Group scope)",
"description": "This module deploys a Role Assignment at a Management Group scope.",
@@ -756,8 +756,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15330444935750176887"
+ "version": "0.22.6.54827",
+ "templateHash": "1741591761510469286"
},
"name": "Role Assignments (Subscription scope)",
"description": "This module deploys a Role Assignment at a Subscription scope.",
@@ -1345,8 +1345,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11095586144343595797"
+ "version": "0.22.6.54827",
+ "templateHash": "13714993030578518060"
},
"name": "Role Assignments (Resource Group scope)",
"description": "This module deploys a Role Assignment at a Resource Group scope.",
diff --git a/modules/authorization/role-assignment/management-group/README.md b/modules/authorization/role-assignment/management-group/README.md
index 911ac2c8e6..2166992af8 100644
--- a/modules/authorization/role-assignment/management-group/README.md
+++ b/modules/authorization/role-assignment/management-group/README.md
@@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Management Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
-| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
+| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. |
-| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". |
-| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. |
-| `description` | string | `''` | | The description of the role assignment. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
-| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. |
+| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". |
+| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. |
+| [`description`](#parameter-description) | string | The description of the role assignment. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. |
+
+### Parameter: `condition`
+
+The conditions on the role assignment. This limits the resources it can be assigned to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `conditionVersion`
+
+Version of the condition. Currently accepted value is "2.0".
+- Required: No
+- Type: string
+- Default: `'2.0'`
+- Allowed: `[2.0]`
+
+### Parameter: `delegatedManagedIdentityResourceId`
+
+ID of the delegated managed identity resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `description`
+
+The description of the role assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `principalId`
+
+The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity).
+- Required: Yes
+- Type: string
+
+### Parameter: `principalType`
+
+The principal type of the assigned principal ID.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleDefinitionIdOrName`
+
+You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The GUID of the Role Assignment. |
| `resourceId` | string | The resource ID of the Role Assignment. |
diff --git a/modules/authorization/role-assignment/management-group/main.json b/modules/authorization/role-assignment/management-group/main.json
index 5356f24b6f..c7695ece43 100644
--- a/modules/authorization/role-assignment/management-group/main.json
+++ b/modules/authorization/role-assignment/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5116103670131987468"
+ "version": "0.22.6.54827",
+ "templateHash": "3058280694250439865"
},
"name": "Role Assignments (Management Group scope)",
"description": "This module deploys a Role Assignment at a Management Group scope.",
diff --git a/modules/authorization/role-assignment/resource-group/README.md b/modules/authorization/role-assignment/resource-group/README.md
index a2cd0959a5..3699890e4a 100644
--- a/modules/authorization/role-assignment/resource-group/README.md
+++ b/modules/authorization/role-assignment/resource-group/README.md
@@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Resource Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
-| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
+| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. |
-| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". |
-| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. |
-| `description` | string | `''` | | The description of the role assignment. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. |
-| `resourceGroupName` | string | `[resourceGroup().name]` | | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
-| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. |
+| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". |
+| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. |
+| [`description`](#parameter-description) | string | The description of the role assignment. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+
+### Parameter: `condition`
+
+The conditions on the role assignment. This limits the resources it can be assigned to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `conditionVersion`
+
+Version of the condition. Currently accepted value is "2.0".
+- Required: No
+- Type: string
+- Default: `'2.0'`
+- Allowed: `[2.0]`
+
+### Parameter: `delegatedManagedIdentityResourceId`
+
+ID of the delegated managed identity resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `description`
+
+The description of the role assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `principalId`
+
+The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity).
+- Required: Yes
+- Type: string
+
+### Parameter: `principalType`
+
+The principal type of the assigned principal ID.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `resourceGroupName`
+
+Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().name]`
+
+### Parameter: `roleDefinitionIdOrName`
+
+You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: Yes
+- Type: string
+
+### Parameter: `subscriptionId`
+
+Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[subscription().subscriptionId]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The GUID of the Role Assignment. |
| `resourceGroupName` | string | The name of the resource group the role assignment was applied at. |
diff --git a/modules/authorization/role-assignment/resource-group/main.json b/modules/authorization/role-assignment/resource-group/main.json
index 056f28f034..3ce0469854 100644
--- a/modules/authorization/role-assignment/resource-group/main.json
+++ b/modules/authorization/role-assignment/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "1439450089488966223"
+ "version": "0.22.6.54827",
+ "templateHash": "13714993030578518060"
},
"name": "Role Assignments (Resource Group scope)",
"description": "This module deploys a Role Assignment at a Resource Group scope.",
diff --git a/modules/authorization/role-assignment/subscription/README.md b/modules/authorization/role-assignment/subscription/README.md
index 58b5d059a4..cf374e9f4d 100644
--- a/modules/authorization/role-assignment/subscription/README.md
+++ b/modules/authorization/role-assignment/subscription/README.md
@@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
-| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
+| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. |
-| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". |
-| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. |
-| `description` | string | `''` | | The description of the role assignment. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. |
-| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. |
+| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". |
+| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. |
+| [`description`](#parameter-description) | string | The description of the role assignment. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. |
+
+### Parameter: `condition`
+
+The conditions on the role assignment. This limits the resources it can be assigned to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `conditionVersion`
+
+Version of the condition. Currently accepted value is "2.0".
+- Required: No
+- Type: string
+- Default: `'2.0'`
+- Allowed: `[2.0]`
+
+### Parameter: `delegatedManagedIdentityResourceId`
+
+ID of the delegated managed identity resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `description`
+
+The description of the role assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `principalId`
+
+The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity).
+- Required: Yes
+- Type: string
+
+### Parameter: `principalType`
+
+The principal type of the assigned principal ID.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleDefinitionIdOrName`
+
+You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: Yes
+- Type: string
+
+### Parameter: `subscriptionId`
+
+Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[subscription().subscriptionId]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The GUID of the Role Assignment. |
| `resourceId` | string | The resource ID of the Role Assignment. |
diff --git a/modules/authorization/role-assignment/subscription/main.json b/modules/authorization/role-assignment/subscription/main.json
index 751db130ed..12889ef5e5 100644
--- a/modules/authorization/role-assignment/subscription/main.json
+++ b/modules/authorization/role-assignment/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "318736480892502738"
+ "version": "0.22.6.54827",
+ "templateHash": "1741591761510469286"
},
"name": "Role Assignments (Subscription scope)",
"description": "This module deploys a Role Assignment at a Subscription scope.",
diff --git a/modules/authorization/role-definition/README.md b/modules/authorization/role-definition/README.md
index 35163be1ba..ca8b5c2988 100644
--- a/modules/authorization/role-definition/README.md
+++ b/modules/authorization/role-definition/README.md
@@ -4,71 +4,43 @@ This module deploys a Role Definition at a Management Group, Subscription or Res
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/roleDefinitions` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleDefinitions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `roleName` | string | Name of the custom RBAC role to be created. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `actions` | array | `[]` | List of allowed actions. |
-| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. |
-| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
-| `description` | string | `''` | Description of the custom RBAC role to be created. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
-| `notActions` | array | `[]` | List of denied actions. |
-| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
-| `resourceGroupName` | string | `''` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. |
-| `subscriptionId` | string | `''` | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The GUID of the Role Definition. |
-| `resourceId` | string | The resource ID of the Role Definition. |
-| `scope` | string | The scope this Role Definition applies to. |
-
-## Cross-referenced modules
+## Usage examples
-_None_
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
-
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`actions`](#parameter-actions) | array | List of allowed actions. |
+| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. |
+| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
+| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+| [`notActions`](#parameter-notactions) | array | List of denied actions. |
+| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. |
+
+### Parameter: `actions`
+
+List of allowed actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `assignableScopes`
+
+Role definition assignable scopes. If not provided, will use the current scope provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dataActions`
+
+List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+Description of the custom RBAC role to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `notActions`
+
+List of denied actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notDataActions`
+
+List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `resourceGroupName`
+
+The name of the Resource Group where the Role Definition and Target Scope will be applied to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleName`
+
+Name of the custom RBAC role to be created.
+- Required: Yes
+- Type: string
+
+### Parameter: `subscriptionId`
+
+The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The GUID of the Role Definition. |
+| `resourceId` | string | The resource ID of the Role Definition. |
+| `scope` | string | The scope this Role Definition applies to. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Module Usage Guidance
diff --git a/modules/authorization/role-definition/main.json b/modules/authorization/role-definition/main.json
index cf31e78348..51ac23254d 100644
--- a/modules/authorization/role-definition/main.json
+++ b/modules/authorization/role-definition/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "18292113724809460809"
+ "version": "0.22.6.54827",
+ "templateHash": "16702773762135222765"
},
"name": "Role Definitions (All scopes)",
"description": "This module deploys a Role Definition at a Management Group, Subscription or Resource Group scope.",
@@ -151,8 +151,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "1388091612585738122"
+ "version": "0.22.6.54827",
+ "templateHash": "5277764931156995532"
},
"name": "Role Definitions (Management Group scope)",
"description": "This module deploys a Role Definition at a Management Group scope.",
@@ -313,8 +313,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11994641933581262080"
+ "version": "0.22.6.54827",
+ "templateHash": "5911596219403447648"
},
"name": "Role Definitions (Subscription scope)",
"description": "This module deploys a Role Definition at a Subscription scope.",
@@ -491,8 +491,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "51591651981484766"
+ "version": "0.22.6.54827",
+ "templateHash": "15123790149450958610"
},
"name": "Role Definitions (Resource Group scope)",
"description": "This module deploys a Role Definition at a Resource Group scope.",
diff --git a/modules/authorization/role-definition/management-group/README.md b/modules/authorization/role-definition/management-group/README.md
index 02a11b45bc..e892466ced 100644
--- a/modules/authorization/role-definition/management-group/README.md
+++ b/modules/authorization/role-definition/management-group/README.md
@@ -19,26 +19,81 @@ This module deploys a Role Definition at a Management Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `roleName` | string | Name of the custom RBAC role to be created. |
+| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `actions` | array | `[]` | List of allowed actions. |
-| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. |
-| `description` | string | `''` | Description of the custom RBAC role to be created. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
-| `notActions` | array | `[]` | List of denied actions. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`actions`](#parameter-actions) | array | List of allowed actions. |
+| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. |
+| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+| [`notActions`](#parameter-notactions) | array | List of denied actions. |
+
+### Parameter: `actions`
+
+List of allowed actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `assignableScopes`
+
+Role definition assignable scopes. If not provided, will use the current scope provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+Description of the custom RBAC role to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `notActions`
+
+List of denied actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleName`
+
+Name of the custom RBAC role to be created.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The GUID of the Role Definition. |
| `resourceId` | string | The resource ID of the Role Definition. |
diff --git a/modules/authorization/role-definition/management-group/main.json b/modules/authorization/role-definition/management-group/main.json
index cc28a185f9..00d197b4e8 100644
--- a/modules/authorization/role-definition/management-group/main.json
+++ b/modules/authorization/role-definition/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "15321014984642305644"
+ "version": "0.22.6.54827",
+ "templateHash": "5277764931156995532"
},
"name": "Role Definitions (Management Group scope)",
"description": "This module deploys a Role Definition at a Management Group scope.",
diff --git a/modules/authorization/role-definition/resource-group/README.md b/modules/authorization/role-definition/resource-group/README.md
index 924c4eb112..1e5da9a0d7 100644
--- a/modules/authorization/role-definition/resource-group/README.md
+++ b/modules/authorization/role-definition/resource-group/README.md
@@ -19,28 +19,97 @@ This module deploys a Role Definition at a Resource Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `roleName` | string | Name of the custom RBAC role to be created. |
+| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `actions` | array | `[]` | List of allowed actions. |
-| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. |
-| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
-| `description` | string | `''` | Description of the custom RBAC role to be created. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `notActions` | array | `[]` | List of denied actions. |
-| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
-| `resourceGroupName` | string | `[resourceGroup().name]` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
-| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`actions`](#parameter-actions) | array | List of allowed actions. |
+| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. |
+| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
+| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`notActions`](#parameter-notactions) | array | List of denied actions. |
+| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+
+### Parameter: `actions`
+
+List of allowed actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `assignableScopes`
+
+Role definition assignable scopes. If not provided, will use the current scope provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dataActions`
+
+List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+Description of the custom RBAC role to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `notActions`
+
+List of denied actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notDataActions`
+
+List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `resourceGroupName`
+
+The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().name]`
+
+### Parameter: `roleName`
+
+Name of the custom RBAC role to be created.
+- Required: Yes
+- Type: string
+
+### Parameter: `subscriptionId`
+
+The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[subscription().subscriptionId]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The GUID of the Role Definition. |
| `resourceGroupName` | string | The name of the resource group the role definition was created at. |
diff --git a/modules/authorization/role-definition/resource-group/main.json b/modules/authorization/role-definition/resource-group/main.json
index 734ae5e18c..c10d685cc7 100644
--- a/modules/authorization/role-definition/resource-group/main.json
+++ b/modules/authorization/role-definition/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13735806028928031798"
+ "version": "0.22.6.54827",
+ "templateHash": "15123790149450958610"
},
"name": "Role Definitions (Resource Group scope)",
"description": "This module deploys a Role Definition at a Resource Group scope.",
diff --git a/modules/authorization/role-definition/subscription/README.md b/modules/authorization/role-definition/subscription/README.md
index 3bbd9894b0..e0f96a3894 100644
--- a/modules/authorization/role-definition/subscription/README.md
+++ b/modules/authorization/role-definition/subscription/README.md
@@ -19,28 +19,97 @@ This module deploys a Role Definition at a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `roleName` | string | Name of the custom RBAC role to be created. |
+| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `actions` | array | `[]` | List of allowed actions. |
-| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. |
-| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
-| `description` | string | `''` | Description of the custom RBAC role to be created. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `notActions` | array | `[]` | List of denied actions. |
-| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
-| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`actions`](#parameter-actions) | array | List of allowed actions. |
+| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. |
+| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
+| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`notActions`](#parameter-notactions) | array | List of denied actions. |
+| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
+
+### Parameter: `actions`
+
+List of allowed actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `assignableScopes`
+
+Role definition assignable scopes. If not provided, will use the current scope provided.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dataActions`
+
+List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `description`
+
+Description of the custom RBAC role to be created.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `notActions`
+
+List of denied actions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `notDataActions`
+
+List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleName`
+
+Name of the custom RBAC role to be created.
+- Required: Yes
+- Type: string
+
+### Parameter: `subscriptionId`
+
+The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[subscription().subscriptionId]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The GUID of the Role Definition. |
| `resourceId` | string | The resource ID of the Role Definition. |
diff --git a/modules/authorization/role-definition/subscription/main.json b/modules/authorization/role-definition/subscription/main.json
index 13af925166..ab79f1d69a 100644
--- a/modules/authorization/role-definition/subscription/main.json
+++ b/modules/authorization/role-definition/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "9532889033437004469"
+ "version": "0.22.6.54827",
+ "templateHash": "5911596219403447648"
},
"name": "Role Definitions (Subscription scope)",
"description": "This module deploys a Role Definition at a Subscription scope.",
diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep
index 2efb5d1f6e..7bfe9ab16b 100644
--- a/modules/automation/automation-account/.test/common/main.test.bicep
+++ b/modules/automation/automation-account/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/automation/automation-account/.test/min/main.test.bicep b/modules/automation/automation-account/.test/min/main.test.bicep
index 85372aede7..3156e8971b 100644
--- a/modules/automation/automation-account/.test/min/main.test.bicep
+++ b/modules/automation/automation-account/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md
index 92619970e8..524df37508 100644
--- a/modules/automation/automation-account/README.md
+++ b/modules/automation/automation-account/README.md
@@ -5,10 +5,10 @@ This module deploys an Azure Automation Account.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -29,90 +29,30 @@ This module deploys an Azure Automation Account.
| `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) |
| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Automation Account. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. |
-| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Automation Account. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Azure Batch. |
+| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account to be used for auto-storage account. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+| [`keyVaultReferenceResourceId`](#parameter-keyvaultreferenceresourceid) | string | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowedAuthenticationModes`](#parameter-allowedauthenticationmodes) | array | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Redis Cache Enterprise resource. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`capacity`](#parameter-capacity) | int | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. |
+| [`databases`](#parameter-databases) | array | The databases to create in the Redis Cache Enterprise Cluster. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Redis cache resource. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`capacity`](#parameter-capacity) | int | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "
-
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the CDN profile. |
+| [`sku`](#parameter-sku) | string | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`origionGroups`](#parameter-origiongroups) | array | Array of origin group objects. Required if the afdEndpoints is specified. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`afdEndpoints`](#parameter-afdendpoints) | array | Array of AFD endpoint objects. |
+| [`customDomains`](#parameter-customdomains) | array | Array of custom domain objects. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`endpointName`](#parameter-endpointname) | string | Name of the endpoint under the profile which is unique globally. |
+| [`endpointProperties`](#parameter-endpointproperties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`originResponseTimeoutSeconds`](#parameter-originresponsetimeoutseconds) | int | Send and receive timeout on forwarding request to the origin. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`ruleSets`](#parameter-rulesets) | array | Array of rule set objects. |
+| [`secrets`](#parameter-secrets) | array | Array of secret objects. |
+| [`tags`](#parameter-tags) | object | Endpoint tags. |
+
+### Parameter: `afdEndpoints`
+
+Array of AFD endpoint objects.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `customDomains`
+
+Array of custom domain objects.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endpointName`
+
+Name of the endpoint under the profile which is unique globally.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `endpointProperties`
+
+Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details).
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the CDN profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `originResponseTimeoutSeconds`
+
+Send and receive timeout on forwarding request to the origin.
+- Required: No
+- Type: int
+- Default: `60`
+
+### Parameter: `origionGroups`
+
+Array of origin group objects. Required if the afdEndpoints is specified.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ruleSets`
+
+Array of rule set objects.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `secrets`
+
+Array of secret objects.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sku`
+
+The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile.
+- Required: Yes
+- Type: string
+- Allowed: `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]`
+
+### Parameter: `tags`
+
+Endpoint tags.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the CDN profile. |
+| `profileType` | string | The type of the CDN profile. |
+| `resourceGroupName` | string | The resource group where the CDN profile is deployed. |
+| `resourceId` | string | The resource ID of the CDN profile. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/cdn/profile/afdEndpoint/README.md b/modules/cdn/profile/afdEndpoint/README.md
index 92b71cb16f..6668c13e76 100644
--- a/modules/cdn/profile/afdEndpoint/README.md
+++ b/modules/cdn/profile/afdEndpoint/README.md
@@ -20,31 +20,87 @@ This module deploys a CDN Profile AFD Endpoint.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the AFD Endpoint. |
+| [`name`](#parameter-name) | string | The name of the AFD Endpoint. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. |
+| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` | Indicates the endpoint name reuse scope. The default value is TenantReuse. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. |
-| `location` | string | `[resourceGroup().location]` | | The location of the AFD Endpoint. |
-| `routes` | array | `[]` | | The list of routes for this AFD Endpoint. |
-| `tags` | object | `{object}` | | The tags of the AFD Endpoint. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Indicates the endpoint name reuse scope. The default value is TenantReuse. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enabledState`](#parameter-enabledstate) | string | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. |
+| [`location`](#parameter-location) | string | The location of the AFD Endpoint. |
+| [`routes`](#parameter-routes) | array | The list of routes for this AFD Endpoint. |
+| [`tags`](#parameter-tags) | object | The tags of the AFD Endpoint. |
+
+### Parameter: `autoGeneratedDomainNameLabelScope`
+
+Indicates the endpoint name reuse scope. The default value is TenantReuse.
+- Required: No
+- Type: string
+- Default: `'TenantReuse'`
+- Allowed: `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enabledState`
+
+Indicates whether the AFD Endpoint is enabled. The default value is Enabled.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `location`
+
+The location of the AFD Endpoint.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the AFD Endpoint.
+- Required: Yes
+- Type: string
+
+### Parameter: `profileName`
+
+The name of the parent CDN profile. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `routes`
+
+The list of routes for this AFD Endpoint.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+The tags of the AFD Endpoint.
+- Required: No
+- Type: object
+- Default: `{object}`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | The name of the AFD Endpoint. |
diff --git a/modules/cdn/profile/afdEndpoint/route/README.md b/modules/cdn/profile/afdEndpoint/route/README.md
index ee07973325..5b63f03281 100644
--- a/modules/cdn/profile/afdEndpoint/route/README.md
+++ b/modules/cdn/profile/afdEndpoint/route/README.md
@@ -19,33 +19,139 @@ This module deploys a CDN Profile AFD Endpoint route.
**Required parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `afdEndpointName` | string | | The name of the AFD endpoint. |
-| `name` | string | | The name of the route. |
-| `originGroupName` | string | `''` | The name of the origin group. The origin group must be defined in the profile originGroups. |
-| `profileName` | string | | The name of the parent CDN profile. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`afdEndpointName`](#parameter-afdendpointname) | string | The name of the AFD endpoint. |
+| [`name`](#parameter-name) | string | The name of the route. |
+| [`originGroupName`](#parameter-origingroupname) | string | The name of the origin group. The origin group must be defined in the profile originGroups. |
+| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `cacheConfiguration` | object | `{object}` | | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. |
-| `customDomainName` | string | | | The name of the custom domain. The custom domain must be defined in the profile customDomains. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route is enabled. |
-| `forwardingProtocol` | string | `'MatchRequest'` | `[HttpOnly, HttpsOnly, MatchRequest]` | The protocol this rule will use when forwarding traffic to backends. |
-| `httpsRedirect` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to automatically redirect HTTP traffic to HTTPS traffic. |
-| `linkToDefaultDomain` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route will be linked to the default endpoint domain. |
-| `originPath` | string | `''` | | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. |
-| `patternsToMatch` | array | `[]` | | The route patterns of the rule. |
-| `ruleSets` | array | `[]` | | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. |
-| `supportedProtocols` | array | `[]` | `[Http, Https]` | The supported protocols of the rule. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cacheConfiguration`](#parameter-cacheconfiguration) | object | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. |
+| [`customDomainName`](#parameter-customdomainname) | string | The name of the custom domain. The custom domain must be defined in the profile customDomains. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enabledState`](#parameter-enabledstate) | string | Whether this route is enabled. |
+| [`forwardingProtocol`](#parameter-forwardingprotocol) | string | The protocol this rule will use when forwarding traffic to backends. |
+| [`httpsRedirect`](#parameter-httpsredirect) | string | Whether to automatically redirect HTTP traffic to HTTPS traffic. |
+| [`linkToDefaultDomain`](#parameter-linktodefaultdomain) | string | Whether this route will be linked to the default endpoint domain. |
+| [`originPath`](#parameter-originpath) | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. |
+| [`patternsToMatch`](#parameter-patternstomatch) | array | The route patterns of the rule. |
+| [`ruleSets`](#parameter-rulesets) | array | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. |
+| [`supportedProtocols`](#parameter-supportedprotocols) | array | The supported protocols of the rule. |
+
+### Parameter: `afdEndpointName`
+
+The name of the AFD endpoint.
+- Required: Yes
+- Type: string
+
+### Parameter: `cacheConfiguration`
+
+The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `customDomainName`
+
+The name of the custom domain. The custom domain must be defined in the profile customDomains.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enabledState`
+
+Whether this route is enabled.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `forwardingProtocol`
+
+The protocol this rule will use when forwarding traffic to backends.
+- Required: No
+- Type: string
+- Default: `'MatchRequest'`
+- Allowed: `[HttpOnly, HttpsOnly, MatchRequest]`
+
+### Parameter: `httpsRedirect`
+
+Whether to automatically redirect HTTP traffic to HTTPS traffic.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `linkToDefaultDomain`
+
+Whether this route will be linked to the default endpoint domain.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `name`
+
+The name of the route.
+- Required: Yes
+- Type: string
+
+### Parameter: `originGroupName`
+
+The name of the origin group. The origin group must be defined in the profile originGroups.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `originPath`
+
+A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `patternsToMatch`
+
+The route patterns of the rule.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `profileName`
+
+The name of the parent CDN profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `ruleSets`
+
+The rule sets of the rule. The rule sets must be defined in the profile ruleSets.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `supportedProtocols`
+
+The supported protocols of the rule.
+- Required: No
+- Type: array
+- Default: `[]`
+- Allowed: `[Http, Https]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the route. |
| `resourceGroupName` | string | The name of the resource group the route was created in. |
diff --git a/modules/cdn/profile/customdomain/README.md b/modules/cdn/profile/customdomain/README.md
index 87399b9693..57363db2c1 100644
--- a/modules/cdn/profile/customdomain/README.md
+++ b/modules/cdn/profile/customdomain/README.md
@@ -19,33 +19,101 @@ This module deploys a CDN Profile Custom Domains.
**Required parameters**
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `certificateType` | string | `[CustomerCertificate, ManagedCertificate]` | The type of the certificate used for secure delivery. |
-| `hostName` | string | | The host name of the domain. Must be a domain name. |
-| `name` | string | | The name of the custom domain. |
-| `profileName` | string | | The name of the CDN profile. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`certificateType`](#parameter-certificatetype) | string | The type of the certificate used for secure delivery. |
+| [`hostName`](#parameter-hostname) | string | The host name of the domain. Must be a domain name. |
+| [`name`](#parameter-name) | string | The name of the custom domain. |
+| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `extendedProperties` | object | `{object}` | | Key-Value pair representing migration properties for domains. |
-| `minimumTlsVersion` | string | `'TLS12'` | `[TLS10, TLS12]` | The minimum TLS version required for the custom domain. Default value: TLS12. |
-| `preValidatedCustomDomainResourceId` | string | `''` | | Resource reference to the Azure resource where custom domain ownership was prevalidated. |
-| `secretName` | string | `''` | | The name of the secret. ie. subs/rg/profile/secret. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`extendedProperties`](#parameter-extendedproperties) | object | Key-Value pair representing migration properties for domains. |
+| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version required for the custom domain. Default value: TLS12. |
+| [`preValidatedCustomDomainResourceId`](#parameter-prevalidatedcustomdomainresourceid) | string | Resource reference to the Azure resource where custom domain ownership was prevalidated. |
+| [`secretName`](#parameter-secretname) | string | The name of the secret. ie. subs/rg/profile/secret. |
**Optonal parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `azureDnsZoneResourceId` | string | `''` | Resource reference to the Azure DNS zone. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`azureDnsZoneResourceId`](#parameter-azurednszoneresourceid) | string | Resource reference to the Azure DNS zone. |
+
+### Parameter: `azureDnsZoneResourceId`
+
+Resource reference to the Azure DNS zone.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `certificateType`
+
+The type of the certificate used for secure delivery.
+- Required: Yes
+- Type: string
+- Allowed: `[CustomerCertificate, ManagedCertificate]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `extendedProperties`
+
+Key-Value pair representing migration properties for domains.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `hostName`
+
+The host name of the domain. Must be a domain name.
+- Required: Yes
+- Type: string
+
+### Parameter: `minimumTlsVersion`
+
+The minimum TLS version required for the custom domain. Default value: TLS12.
+- Required: No
+- Type: string
+- Default: `'TLS12'`
+- Allowed: `[TLS10, TLS12]`
+
+### Parameter: `name`
+
+The name of the custom domain.
+- Required: Yes
+- Type: string
+
+### Parameter: `preValidatedCustomDomainResourceId`
+
+Resource reference to the Azure resource where custom domain ownership was prevalidated.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `profileName`
+
+The name of the CDN profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `secretName`
+
+The name of the secret. ie. subs/rg/profile/secret.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the custom domain. |
| `resourceGroupName` | string | The name of the resource group the custom domain was created in. |
Example 1: Common
via Bicep module
```bicep
-module server './analysis-services/server/main.bicep' = {
+module server 'br:bicep/modules/analysis-services.server:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-asscom'
params: {
// Required parameters
@@ -169,14 +136,14 @@ module server './analysis-services/server/main.bicep' = {
Example 2: Max
+### Example 2: _Max_
via Bicep module
```bicep
-module server './analysis-services/server/main.bicep' = {
+module server 'br:bicep/modules/analysis-services.server:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-assmax'
params: {
// Required parameters
@@ -302,14 +269,17 @@ module server './analysis-services/server/main.bicep' = {
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module server './analysis-services/server/main.bicep' = {
+module server 'br:bicep/modules/analysis-services.server:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-assmin'
params: {
// Required parameters
@@ -346,3 +316,160 @@ module server './analysis-services/server/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module service './api-management/service/main.bicep' = {
+module service 'br:bicep/modules/api-management.service:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-apiscom'
params: {
// Required parameters
@@ -252,14 +191,14 @@ module service './api-management/service/main.bicep' = {
Example 2: Max
+### Example 2: _Max_
via Bicep module
```bicep
-module service './api-management/service/main.bicep' = {
+module service 'br:bicep/modules/api-management.service:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-apismax'
params: {
// Required parameters
@@ -601,14 +540,17 @@ module service './api-management/service/main.bicep' = {
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module service './api-management/service/main.bicep' = {
+module service 'br:bicep/modules/api-management.service:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-apismin'
params: {
// Required parameters
@@ -655,6 +597,380 @@ module service './api-management/service/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module configurationStore './app-configuration/configuration-store/main.bicep' = {
+module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-acccom'
params: {
// Required parameters
@@ -234,14 +189,17 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module configurationStore './app-configuration/configuration-store/main.bicep' = {
+module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-accmin'
params: {
// Required parameters
@@ -279,14 +237,14 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =
Example 3: Pe
+### Example 3: _Pe_
via Bicep module
```bicep
-module configurationStore './app-configuration/configuration-store/main.bicep' = {
+module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-accpe'
params: {
// Required parameters
@@ -385,3 +343,224 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =
Example 1: Common
via Bicep module
```bicep
-module containerApp './app/container-app/main.bicep' = {
+module containerApp 'br:bicep/modules/app.container-app:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-mcappcom'
params: {
// Required parameters
@@ -233,14 +182,17 @@ module containerApp './app/container-app/main.bicep' = {
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module containerApp './app/container-app/main.bicep' = {
+module containerApp 'br:bicep/modules/app.container-app:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-mcappmin'
params: {
// Required parameters
@@ -317,3 +269,294 @@ module containerApp './app/container-app/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module managedEnvironment './app/managed-environment/main.bicep' = {
+module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-amecom'
params: {
// Required parameters
@@ -168,14 +124,17 @@ module managedEnvironment './app/managed-environment/main.bicep' = {
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module managedEnvironment './app/managed-environment/main.bicep' = {
+module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-amemin'
params: {
// Required parameters
@@ -214,3 +173,202 @@ module managedEnvironment './app/managed-environment/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module lock './authorization/lock/main.bicep' = {
+module lock 'br:bicep/modules/authorization.lock:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-alcom'
params: {
// Required parameters
@@ -106,3 +82,77 @@ module lock './authorization/lock/main.bicep' = {
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-assignment:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Rg.Common](#example-3-rgcommon)
+- [Rg.Min](#example-4-rgmin)
+- [Sub.Common](#example-5-subcommon)
+- [Sub.Min](#example-6-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module policyAssignment './authorization/policy-assignment/main.bicep' = {
+module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-apamgcom'
params: {
// Required parameters
@@ -273,14 +237,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module policyAssignment './authorization/policy-assignment/main.bicep' = {
+module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apamgmin'
params: {
// Required parameters
@@ -330,14 +294,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {
Example 3: Rg.Common
+### Example 3: _Rg.Common_
via Bicep module
```bicep
-module policyAssignment './authorization/policy-assignment/main.bicep' = {
+module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apargcom'
params: {
// Required parameters
@@ -541,14 +505,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {
Example 4: Rg.Min
+### Example 4: _Rg.Min_
via Bicep module
```bicep
-module policyAssignment './authorization/policy-assignment/main.bicep' = {
+module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apargmin'
params: {
// Required parameters
@@ -602,14 +566,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {
Example 5: Sub.Common
+### Example 5: _Sub.Common_
via Bicep module
```bicep
-module policyAssignment './authorization/policy-assignment/main.bicep' = {
+module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apasubcom'
params: {
// Required parameters
@@ -809,14 +773,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {
Example 6: Sub.Min
+### Example 6: _Sub.Min_
via Bicep module
```bicep
-module policyAssignment './authorization/policy-assignment/main.bicep' = {
+module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apasubmin'
params: {
// Required parameters
@@ -875,6 +839,184 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-definition:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Sub.Common](#example-3-subcommon)
+- [Sub.Min](#example-4-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module policyDefinition './authorization/policy-definition/main.bicep' = {
+module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apdmgcom'
params: {
// Required parameters
@@ -215,14 +186,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module policyDefinition './authorization/policy-definition/main.bicep' = {
+module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apdmgmin'
params: {
// Required parameters
@@ -308,14 +279,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {
Example 3: Sub.Common
+### Example 3: _Sub.Common_
via Bicep module
```bicep
-module policyDefinition './authorization/policy-definition/main.bicep' = {
+module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apdsubcom'
params: {
// Required parameters
@@ -463,14 +434,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {
Example 4: Sub.Min
+### Example 4: _Sub.Min_
via Bicep module
```bicep
-module policyDefinition './authorization/policy-definition/main.bicep' = {
+module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apdsubmin'
params: {
// Required parameters
@@ -557,6 +528,118 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-exemption:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Rg.Common](#example-3-rgcommon)
+- [Rg.Min](#example-4-rgmin)
+- [Sub.Common](#example-5-subcommon)
+- [Sub.Min](#example-6-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module policyExemption './authorization/policy-exemption/main.bicep' = {
+module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apemgcom'
params: {
// Required parameters
@@ -177,14 +146,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module policyExemption './authorization/policy-exemption/main.bicep' = {
+module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apemgmin'
params: {
// Required parameters
@@ -226,14 +195,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {
Example 3: Rg.Common
+### Example 3: _Rg.Common_
via Bicep module
```bicep
-module policyExemption './authorization/policy-exemption/main.bicep' = {
+module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apergcom'
params: {
// Required parameters
@@ -339,14 +308,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {
Example 4: Rg.Min
+### Example 4: _Rg.Min_
via Bicep module
```bicep
-module policyExemption './authorization/policy-exemption/main.bicep' = {
+module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apergmin'
params: {
// Required parameters
@@ -388,14 +357,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {
Example 5: Sub.Common
+### Example 5: _Sub.Common_
via Bicep module
```bicep
-module policyExemption './authorization/policy-exemption/main.bicep' = {
+module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apesubcom'
params: {
// Required parameters
@@ -501,14 +470,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {
Example 6: Sub.Min
+### Example 6: _Sub.Min_
via Bicep module
```bicep
-module policyExemption './authorization/policy-exemption/main.bicep' = {
+module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apesubmin'
params: {
// Required parameters
@@ -551,6 +520,151 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-set-definition:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Sub.Common](#example-3-subcommon)
+- [Sub.Min](#example-4-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module policySetDefinition './authorization/policy-set-definition/main.bicep' = {
+module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apsdmgcom'
params: {
// Required parameters
@@ -202,14 +174,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module policySetDefinition './authorization/policy-set-definition/main.bicep' = {
+module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apsdmgmin'
params: {
// Required parameters
@@ -273,14 +245,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =
Example 3: Sub.Common
+### Example 3: _Sub.Common_
via Bicep module
```bicep
-module policySetDefinition './authorization/policy-set-definition/main.bicep' = {
+module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apsdsubcom'
params: {
// Required parameters
@@ -416,14 +388,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =
Example 4: Sub.Min
+### Example 4: _Sub.Min_
via Bicep module
```bicep
-module policySetDefinition './authorization/policy-set-definition/main.bicep' = {
+module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-apsdsubmin'
params: {
// Required parameters
@@ -488,6 +460,116 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-assignment:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Rg.Common](#example-3-rgcommon)
+- [Rg.Min](#example-4-rgmin)
+- [Sub.Common](#example-5-subcommon)
+- [Sub.Min](#example-6-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module roleAssignment './authorization/role-assignment/main.bicep' = {
+module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-aramgcom'
params: {
// Required parameters
@@ -122,14 +94,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module roleAssignment './authorization/role-assignment/main.bicep' = {
+module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-aramgmin'
params: {
// Required parameters
@@ -175,14 +147,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {
Example 3: Rg.Common
+### Example 3: _Rg.Common_
via Bicep module
```bicep
-module roleAssignment './authorization/role-assignment/main.bicep' = {
+module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-arargcom'
params: {
// Required parameters
@@ -240,14 +212,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {
Example 4: Rg.Min
+### Example 4: _Rg.Min_
via Bicep module
```bicep
-module roleAssignment './authorization/role-assignment/main.bicep' = {
+module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-arargmin'
params: {
// Required parameters
@@ -301,14 +273,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {
Example 5: Sub.Common
+### Example 5: _Sub.Common_
via Bicep module
```bicep
-module roleAssignment './authorization/role-assignment/main.bicep' = {
+module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-arasubcom'
params: {
// Required parameters
@@ -362,14 +334,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {
Example 6: Sub.Min
+### Example 6: _Sub.Min_
via Bicep module
```bicep
-module roleAssignment './authorization/role-assignment/main.bicep' = {
+module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-arasubmin'
params: {
// Required parameters
@@ -420,6 +392,127 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-definition:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Rg.Common](#example-3-rgcommon)
+- [Rg.Min](#example-4-rgmin)
+- [Sub.Common](#example-5-subcommon)
+- [Sub.Min](#example-6-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module roleDefinition './authorization/role-definition/main.bicep' = {
+module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-ardmgcom'
params: {
// Required parameters
@@ -140,14 +112,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module roleDefinition './authorization/role-definition/main.bicep' = {
+module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-ardmgmin'
params: {
// Required parameters
@@ -195,14 +167,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {
Example 3: Rg.Common
+### Example 3: _Rg.Common_
via Bicep module
```bicep
-module roleDefinition './authorization/role-definition/main.bicep' = {
+module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-ardrgcom'
params: {
// Required parameters
@@ -290,14 +262,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {
Example 4: Rg.Min
+### Example 4: _Rg.Min_
via Bicep module
```bicep
-module roleDefinition './authorization/role-definition/main.bicep' = {
+module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-ardrgmin'
params: {
// Required parameters
@@ -345,14 +317,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {
Example 5: Sub.Common
+### Example 5: _Sub.Common_
via Bicep module
```bicep
-module roleDefinition './authorization/role-definition/main.bicep' = {
+module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-ardsubcom'
params: {
// Required parameters
@@ -440,14 +412,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {
Example 6: Sub.Min
+### Example 6: _Sub.Min_
via Bicep module
```bicep
-module roleDefinition './authorization/role-definition/main.bicep' = {
+module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-ardsubmin'
params: {
// Required parameters
@@ -500,6 +472,126 @@ module roleDefinition './authorization/role-definition/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module automationAccount './automation/automation-account/main.bicep' = {
+module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-aacom'
params: {
// Required parameters
@@ -548,14 +488,14 @@ module automationAccount './automation/automation-account/main.bicep' = {
Example 2: Encr
+### Example 2: _Encr_
via Bicep module
```bicep
-module automationAccount './automation/automation-account/main.bicep' = {
+module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-aaencr'
params: {
// Required parameters
@@ -613,14 +553,17 @@ module automationAccount './automation/automation-account/main.bicep' = {
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module automationAccount './automation/automation-account/main.bicep' = {
+module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-aamin'
params: {
// Required parameters
@@ -657,3 +600,294 @@ module automationAccount './automation/automation-account/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module batchAccount './batch/batch-account/main.bicep' = {
+module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-bbacom'
params: {
// Required parameters
@@ -239,14 +186,14 @@ module batchAccount './batch/batch-account/main.bicep' = {
Example 2: Encr
+### Example 2: _Encr_
via Bicep module
```bicep
-module batchAccount './batch/batch-account/main.bicep' = {
+module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-bbaencr'
params: {
// Required parameters
@@ -362,14 +309,17 @@ module batchAccount './batch/batch-account/main.bicep' = {
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module batchAccount './batch/batch-account/main.bicep' = {
+module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-bbamin'
params: {
// Required parameters
@@ -410,3 +360,261 @@ module batchAccount './batch/batch-account/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module redisEnterprise './cache/redis-enterprise/main.bicep' = {
+module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-crecom'
params: {
// Required parameters
@@ -264,14 +223,14 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {
Example 2: Geo
+### Example 2: _Geo_
via Bicep module
```bicep
-module redisEnterprise './cache/redis-enterprise/main.bicep' = {
+module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-cregeo'
params: {
// Required parameters
@@ -385,14 +344,17 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module redisEnterprise './cache/redis-enterprise/main.bicep' = {
+module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-cremin'
params: {
// Required parameters
@@ -429,3 +391,191 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {
Example 1: Common
via Bicep module
```bicep
-module redis './cache/redis/main.bicep' = {
+module redis 'br:bicep/modules/cache.redis:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-crcom'
params: {
// Required parameters
@@ -252,14 +196,17 @@ module redis './cache/redis/main.bicep' = {
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module redis './cache/redis/main.bicep' = {
+module redis 'br:bicep/modules/cache.redis:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-crmin'
params: {
// Required parameters
@@ -298,6 +245,294 @@ module redis './cache/redis/main.bicep' = {
Example 1: Afd
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cdn.profile:1.0.0`.
+
+- [Afd](#example-1-afd)
+- [Using large parameter set](#example-2-using-large-parameter-set)
+
+### Example 1: _Afd_
via Bicep module
```bicep
-module profile './cdn/profile/main.bicep' = {
+module profile 'br:bicep/modules/cdn.profile:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-cdnpafd'
params: {
// Required parameters
@@ -297,14 +255,17 @@ module profile './cdn/profile/main.bicep' = {
Example 2: Common
+### Example 2: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
via Bicep module
```bicep
-module profile './cdn/profile/main.bicep' = {
+module profile 'br:bicep/modules/cdn.profile:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-cdnpcom'
params: {
// Required parameters
@@ -439,3 +400,156 @@ module profile './cdn/profile/main.bicep' = {