Share via


Microsoft.HealthcareApis services 2023-12-01

Bicep resource definition

The services resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.HealthcareApis/services resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.HealthcareApis/services@2023-12-01' = {
  etag: 'string'
  identity: {
    type: 'string'
  }
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    accessPolicies: [
      {
        objectId: 'string'
      }
    ]
    acrConfiguration: {
      loginServers: [
        'string'
      ]
      ociArtifacts: [
        {
          digest: 'string'
          imageName: 'string'
          loginServer: 'string'
        }
      ]
    }
    authenticationConfiguration: {
      audience: 'string'
      authority: 'string'
      smartProxyEnabled: bool
    }
    corsConfiguration: {
      allowCredentials: bool
      headers: [
        'string'
      ]
      maxAge: int
      methods: [
        'string'
      ]
      origins: [
        'string'
      ]
    }
    cosmosDbConfiguration: {
      crossTenantCmkApplicationId: 'string'
      keyVaultKeyUri: 'string'
      offerThroughput: int
    }
    exportConfiguration: {
      storageAccountName: 'string'
    }
    importConfiguration: {
      enabled: bool
      initialImportMode: bool
      integrationDataStore: 'string'
    }
    privateEndpointConnections: [
      {
        properties: {
          privateEndpoint: {}
          privateLinkServiceConnectionState: {
            actionsRequired: 'string'
            description: 'string'
            status: 'string'
          }
        }
      }
    ]
    publicNetworkAccess: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.HealthcareApis/services

Name Description Value
etag An etag associated with the resource, used for optimistic concurrency when editing it. string
identity Setting indicating whether the service has a managed identity associated with it. ServicesResourceIdentity
kind The kind of the service. 'fhir'
'fhir-R4'
'fhir-Stu3' (required)
location The resource location. string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 24 (required)
properties The common properties of a service. ServicesProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

PrivateEndpoint

Name Description Value

PrivateEndpointConnection

Name Description Value
properties Resource properties. PrivateEndpointConnectionProperties

PrivateEndpointConnectionProperties

Name Description Value
privateEndpoint The resource of private end point. PrivateEndpoint
privateLinkServiceConnectionState A collection of information about the state of the connection between service consumer and provider. PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name Description Value
actionsRequired A message indicating if changes on the service provider require any updates on the consumer. string
description The reason for approval/rejection of the connection. string
status Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. 'Approved'
'Pending'
'Rejected'

ServiceAccessPolicyEntry

Name Description Value
objectId An Azure AD object ID (User or Apps) that is allowed access to the FHIR service. string

Constraints:
Pattern = ^(([0-9A-Fa-f]{8}[-]?(?:[0-9A-Fa-f]{4}[-]?){3}[0-9A-Fa-f]{12}){1})+$ (required)

ServiceAcrConfigurationInfo

Name Description Value
loginServers The list of the ACR login servers. string[]
ociArtifacts The list of Open Container Initiative (OCI) artifacts. ServiceOciArtifactEntry[]

ServiceAuthenticationConfigurationInfo

Name Description Value
audience The audience url for the service string
authority The authority url for the service string
smartProxyEnabled If the SMART on FHIR proxy is enabled bool

ServiceCorsConfigurationInfo

Name Description Value
allowCredentials If credentials are allowed via CORS. bool
headers The headers to be allowed via CORS. string[]
maxAge The max age to be allowed via CORS. int

Constraints:
Min value = 0
Max value = 99999
methods The methods to be allowed via CORS. string[]
origins The origins to be allowed via CORS. string

Constraints:
Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[]

ServiceCosmosDbConfigurationInfo

Name Description Value
crossTenantCmkApplicationId The multi-tenant application id used to enable CMK access for services in a data sovereign region. string

Constraints:
Pattern = ^(([0-9A-Fa-f]{8}[-]?(?:[0-9A-Fa-f]{4}[-]?){3}[0-9A-Fa-f]{12}){1})+$
keyVaultKeyUri The URI of the customer-managed key for the backing database. string
offerThroughput The provisioned throughput for the backing database. int

Constraints:
Min value = 400

ServiceExportConfigurationInfo

Name Description Value
storageAccountName The name of the default export storage account. string

ServiceImportConfigurationInfo

Name Description Value
enabled If the import operation is enabled. bool
initialImportMode If the FHIR service is in InitialImportMode. bool
integrationDataStore The name of the default integration storage account. string

ServiceOciArtifactEntry

Name Description Value
digest The artifact digest. string
imageName The artifact name. string
loginServer The Azure Container Registry login server. string

ServicesProperties

Name Description Value
accessPolicies The access policies of the service instance. ServiceAccessPolicyEntry[]
acrConfiguration The azure container registry settings used for convert data operation of the service instance. ServiceAcrConfigurationInfo
authenticationConfiguration The authentication configuration for the service instance. ServiceAuthenticationConfigurationInfo
corsConfiguration The settings for the CORS configuration of the service instance. ServiceCorsConfigurationInfo
cosmosDbConfiguration The settings for the Cosmos DB database backing the service. ServiceCosmosDbConfigurationInfo
exportConfiguration The settings for the export operation of the service instance. ServiceExportConfigurationInfo
importConfiguration The settings for the import operation of the service instance. ServiceImportConfigurationInfo
privateEndpointConnections The list of private endpoint connections that are set up for this resource. PrivateEndpointConnection[]
publicNetworkAccess Control permission for data plane traffic coming from public networks while private endpoint is enabled. 'Disabled'
'Enabled'

ServicesResourceIdentity

Name Description Value
type Type of identity being specified, currently SystemAssigned and None are allowed. 'None'
'SystemAssigned'

ServicesResourceTags

Name Description Value

Usage Examples

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Deploy Azure API for FHIR This template creates an instance of Azure API for FHIR®. The Azure API for FHIR® is a managed, standards-based, and compliant healthcare data platform. It enables organizations to bring their clinical health data into the cloud based on the interoperable data standard FHIR®.

ARM template resource definition

The services resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.HealthcareApis/services resource, add the following JSON to your template.

{
  "type": "Microsoft.HealthcareApis/services",
  "apiVersion": "2023-12-01",
  "name": "string",
  "etag": "string",
  "identity": {
    "type": "string"
  },
  "kind": "string",
  "location": "string",
  "properties": {
    "accessPolicies": [
      {
        "objectId": "string"
      }
    ],
    "acrConfiguration": {
      "loginServers": [ "string" ],
      "ociArtifacts": [
        {
          "digest": "string",
          "imageName": "string",
          "loginServer": "string"
        }
      ]
    },
    "authenticationConfiguration": {
      "audience": "string",
      "authority": "string",
      "smartProxyEnabled": "bool"
    },
    "corsConfiguration": {
      "allowCredentials": "bool",
      "headers": [ "string" ],
      "maxAge": "int",
      "methods": [ "string" ],
      "origins": [ "string" ]
    },
    "cosmosDbConfiguration": {
      "crossTenantCmkApplicationId": "string",
      "keyVaultKeyUri": "string",
      "offerThroughput": "int"
    },
    "exportConfiguration": {
      "storageAccountName": "string"
    },
    "importConfiguration": {
      "enabled": "bool",
      "initialImportMode": "bool",
      "integrationDataStore": "string"
    },
    "privateEndpointConnections": [
      {
        "properties": {
          "privateEndpoint": {
          },
          "privateLinkServiceConnectionState": {
            "actionsRequired": "string",
            "description": "string",
            "status": "string"
          }
        }
      }
    ],
    "publicNetworkAccess": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.HealthcareApis/services

Name Description Value
apiVersion The api version '2023-12-01'
etag An etag associated with the resource, used for optimistic concurrency when editing it. string
identity Setting indicating whether the service has a managed identity associated with it. ServicesResourceIdentity
kind The kind of the service. 'fhir'
'fhir-R4'
'fhir-Stu3' (required)
location The resource location. string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 24 (required)
properties The common properties of a service. ServicesProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.HealthcareApis/services'

PrivateEndpoint

Name Description Value

PrivateEndpointConnection

Name Description Value
properties Resource properties. PrivateEndpointConnectionProperties

PrivateEndpointConnectionProperties

Name Description Value
privateEndpoint The resource of private end point. PrivateEndpoint
privateLinkServiceConnectionState A collection of information about the state of the connection between service consumer and provider. PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name Description Value
actionsRequired A message indicating if changes on the service provider require any updates on the consumer. string
description The reason for approval/rejection of the connection. string
status Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. 'Approved'
'Pending'
'Rejected'

ServiceAccessPolicyEntry

Name Description Value
objectId An Azure AD object ID (User or Apps) that is allowed access to the FHIR service. string

Constraints:
Pattern = ^(([0-9A-Fa-f]{8}[-]?(?:[0-9A-Fa-f]{4}[-]?){3}[0-9A-Fa-f]{12}){1})+$ (required)

ServiceAcrConfigurationInfo

Name Description Value
loginServers The list of the ACR login servers. string[]
ociArtifacts The list of Open Container Initiative (OCI) artifacts. ServiceOciArtifactEntry[]

ServiceAuthenticationConfigurationInfo

Name Description Value
audience The audience url for the service string
authority The authority url for the service string
smartProxyEnabled If the SMART on FHIR proxy is enabled bool

ServiceCorsConfigurationInfo

Name Description Value
allowCredentials If credentials are allowed via CORS. bool
headers The headers to be allowed via CORS. string[]
maxAge The max age to be allowed via CORS. int

Constraints:
Min value = 0
Max value = 99999
methods The methods to be allowed via CORS. string[]
origins The origins to be allowed via CORS. string

Constraints:
Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[]

ServiceCosmosDbConfigurationInfo

Name Description Value
crossTenantCmkApplicationId The multi-tenant application id used to enable CMK access for services in a data sovereign region. string

Constraints:
Pattern = ^(([0-9A-Fa-f]{8}[-]?(?:[0-9A-Fa-f]{4}[-]?){3}[0-9A-Fa-f]{12}){1})+$
keyVaultKeyUri The URI of the customer-managed key for the backing database. string
offerThroughput The provisioned throughput for the backing database. int

Constraints:
Min value = 400

ServiceExportConfigurationInfo

Name Description Value
storageAccountName The name of the default export storage account. string

ServiceImportConfigurationInfo

Name Description Value
enabled If the import operation is enabled. bool
initialImportMode If the FHIR service is in InitialImportMode. bool
integrationDataStore The name of the default integration storage account. string

ServiceOciArtifactEntry

Name Description Value
digest The artifact digest. string
imageName The artifact name. string
loginServer The Azure Container Registry login server. string

ServicesProperties

Name Description Value
accessPolicies The access policies of the service instance. ServiceAccessPolicyEntry[]
acrConfiguration The azure container registry settings used for convert data operation of the service instance. ServiceAcrConfigurationInfo
authenticationConfiguration The authentication configuration for the service instance. ServiceAuthenticationConfigurationInfo
corsConfiguration The settings for the CORS configuration of the service instance. ServiceCorsConfigurationInfo
cosmosDbConfiguration The settings for the Cosmos DB database backing the service. ServiceCosmosDbConfigurationInfo
exportConfiguration The settings for the export operation of the service instance. ServiceExportConfigurationInfo
importConfiguration The settings for the import operation of the service instance. ServiceImportConfigurationInfo
privateEndpointConnections The list of private endpoint connections that are set up for this resource. PrivateEndpointConnection[]
publicNetworkAccess Control permission for data plane traffic coming from public networks while private endpoint is enabled. 'Disabled'
'Enabled'

ServicesResourceIdentity

Name Description Value
type Type of identity being specified, currently SystemAssigned and None are allowed. 'None'
'SystemAssigned'

ServicesResourceTags

Name Description Value

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Deploy Azure API for FHIR

Deploy to Azure
This template creates an instance of Azure API for FHIR®. The Azure API for FHIR® is a managed, standards-based, and compliant healthcare data platform. It enables organizations to bring their clinical health data into the cloud based on the interoperable data standard FHIR®.

Terraform (AzAPI provider) resource definition

The services resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.HealthcareApis/services resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.HealthcareApis/services@2023-12-01"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    etag = "string"
    kind = "string"
    properties = {
      accessPolicies = [
        {
          objectId = "string"
        }
      ]
      acrConfiguration = {
        loginServers = [
          "string"
        ]
        ociArtifacts = [
          {
            digest = "string"
            imageName = "string"
            loginServer = "string"
          }
        ]
      }
      authenticationConfiguration = {
        audience = "string"
        authority = "string"
        smartProxyEnabled = bool
      }
      corsConfiguration = {
        allowCredentials = bool
        headers = [
          "string"
        ]
        maxAge = int
        methods = [
          "string"
        ]
        origins = [
          "string"
        ]
      }
      cosmosDbConfiguration = {
        crossTenantCmkApplicationId = "string"
        keyVaultKeyUri = "string"
        offerThroughput = int
      }
      exportConfiguration = {
        storageAccountName = "string"
      }
      importConfiguration = {
        enabled = bool
        initialImportMode = bool
        integrationDataStore = "string"
      }
      privateEndpointConnections = [
        {
          properties = {
            privateEndpoint = {
            }
            privateLinkServiceConnectionState = {
              actionsRequired = "string"
              description = "string"
              status = "string"
            }
          }
        }
      ]
      publicNetworkAccess = "string"
    }
  }
}

Property Values

Microsoft.HealthcareApis/services

Name Description Value
etag An etag associated with the resource, used for optimistic concurrency when editing it. string
identity Setting indicating whether the service has a managed identity associated with it. ServicesResourceIdentity
kind The kind of the service. 'fhir'
'fhir-R4'
'fhir-Stu3' (required)
location The resource location. string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 24 (required)
properties The common properties of a service. ServicesProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.HealthcareApis/services@2023-12-01"

PrivateEndpoint

Name Description Value

PrivateEndpointConnection

Name Description Value
properties Resource properties. PrivateEndpointConnectionProperties

PrivateEndpointConnectionProperties

Name Description Value
privateEndpoint The resource of private end point. PrivateEndpoint
privateLinkServiceConnectionState A collection of information about the state of the connection between service consumer and provider. PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name Description Value
actionsRequired A message indicating if changes on the service provider require any updates on the consumer. string
description The reason for approval/rejection of the connection. string
status Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. 'Approved'
'Pending'
'Rejected'

ServiceAccessPolicyEntry

Name Description Value
objectId An Azure AD object ID (User or Apps) that is allowed access to the FHIR service. string

Constraints:
Pattern = ^(([0-9A-Fa-f]{8}[-]?(?:[0-9A-Fa-f]{4}[-]?){3}[0-9A-Fa-f]{12}){1})+$ (required)

ServiceAcrConfigurationInfo

Name Description Value
loginServers The list of the ACR login servers. string[]
ociArtifacts The list of Open Container Initiative (OCI) artifacts. ServiceOciArtifactEntry[]

ServiceAuthenticationConfigurationInfo

Name Description Value
audience The audience url for the service string
authority The authority url for the service string
smartProxyEnabled If the SMART on FHIR proxy is enabled bool

ServiceCorsConfigurationInfo

Name Description Value
allowCredentials If credentials are allowed via CORS. bool
headers The headers to be allowed via CORS. string[]
maxAge The max age to be allowed via CORS. int

Constraints:
Min value = 0
Max value = 99999
methods The methods to be allowed via CORS. string[]
origins The origins to be allowed via CORS. string

Constraints:
Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[]

ServiceCosmosDbConfigurationInfo

Name Description Value
crossTenantCmkApplicationId The multi-tenant application id used to enable CMK access for services in a data sovereign region. string

Constraints:
Pattern = ^(([0-9A-Fa-f]{8}[-]?(?:[0-9A-Fa-f]{4}[-]?){3}[0-9A-Fa-f]{12}){1})+$
keyVaultKeyUri The URI of the customer-managed key for the backing database. string
offerThroughput The provisioned throughput for the backing database. int

Constraints:
Min value = 400

ServiceExportConfigurationInfo

Name Description Value
storageAccountName The name of the default export storage account. string

ServiceImportConfigurationInfo

Name Description Value
enabled If the import operation is enabled. bool
initialImportMode If the FHIR service is in InitialImportMode. bool
integrationDataStore The name of the default integration storage account. string

ServiceOciArtifactEntry

Name Description Value
digest The artifact digest. string
imageName The artifact name. string
loginServer The Azure Container Registry login server. string

ServicesProperties

Name Description Value
accessPolicies The access policies of the service instance. ServiceAccessPolicyEntry[]
acrConfiguration The azure container registry settings used for convert data operation of the service instance. ServiceAcrConfigurationInfo
authenticationConfiguration The authentication configuration for the service instance. ServiceAuthenticationConfigurationInfo
corsConfiguration The settings for the CORS configuration of the service instance. ServiceCorsConfigurationInfo
cosmosDbConfiguration The settings for the Cosmos DB database backing the service. ServiceCosmosDbConfigurationInfo
exportConfiguration The settings for the export operation of the service instance. ServiceExportConfigurationInfo
importConfiguration The settings for the import operation of the service instance. ServiceImportConfigurationInfo
privateEndpointConnections The list of private endpoint connections that are set up for this resource. PrivateEndpointConnection[]
publicNetworkAccess Control permission for data plane traffic coming from public networks while private endpoint is enabled. 'Disabled'
'Enabled'

ServicesResourceIdentity

Name Description Value
type Type of identity being specified, currently SystemAssigned and None are allowed. 'None'
'SystemAssigned'

ServicesResourceTags

Name Description Value