az blueprint assignment
Note
This reference is part of the blueprint extension for the Azure CLI (version 2.50.0 or higher). The extension will automatically install the first time you run an az blueprint assignment command. Learn more about extensions.
Commands to manage blueprint assignment.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az blueprint assignment create |
Create a blueprint assignment. |
Extension | GA |
| az blueprint assignment delete |
Delete a blueprint assignment. |
Extension | Preview |
| az blueprint assignment list |
List blueprint assignments within a subscription. |
Extension | Preview |
| az blueprint assignment show |
Get a blueprint assignment. |
Extension | Preview |
| az blueprint assignment update |
Update a blueprint assignment. |
Extension | GA |
| az blueprint assignment wait |
Place the CLI in a waiting state until a condition of the Blueprint Assignment is met. |
Extension | GA |
| az blueprint assignment who |
Get Blueprint Servie Principal Name objectId. |
Extension | Preview |
az blueprint assignment create
Create a blueprint assignment.
az blueprint assignment create --name
[--blueprint-version]
[--description]
[--display-name]
[--identity-type {None, SystemAssigned, UserAssigned}]
[--location]
[--locks-excluded-principals]
[--locks-mode {AllResourcesDoNotDelete, AllResourcesReadOnly, None}]
[--management-group]
[--parameters]
[--resource-group-value]
[--subscription]
[--user-assigned-identity]Examples
Assignment with system-assigned managed identity
az blueprint assignment create --subscription MySubscription --name \
MyBlueprintAssignment --location eastus --identity-type SystemAssigned \
--description "Enforce pre-defined MyBlueprint to this subscription." \
--blueprint-version "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/provid \
ers/Microsoft.Blueprint/blueprints/MyBlueprint/versions/v2" \
--resource-group-value artifact_name=rg-art-1 name=rg1 location=westus \
--resource-group-value artifact_name=rg-art-2 name=rg2 location=eastus \
--parameters "path/to/parameter/file" \Assignment with user-assigned managed identity
az blueprint assignment create --subscription MySubscription --name \
MyBlueprintAssignment --location eastus --identity-type UserAssigned \
--user-assigned-identity "/subscriptions/00000000-0000-0000-0000-000000000000 \
/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity"\
--description "Enforce pre-defined MyBlueprint to this subscription." \
--blueprint-version "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup \
/providers/Microsoft.Blueprint/blueprints/MyBlueprint/versions/v2" \
--resource-group-value artifact_name=rg-art-1 name=rg1 location=eastus \
--parameters "path/to/parameter/file" \Required Parameters
Name of the blueprint assignment.
Optional Parameters
Resource ID of the published version of a blueprint definition.
Multi-line explain this resource.
One-liner string explain this resource.
Type of the managed identity.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted.
Lock mode.
Use management group for the target scope of the blueprint assignment. It is reserved for future use. Use --subscription instead.
Blueprint assignment parameter values. It can be a JSON string or JSON file path.
Key=Value pairs for a resource group. Keys include 'artifact_name'(required), 'name', 'location'.
Use subscription for the target scope of the blueprint assignment. Default susbcription will be used if option not specified.
The user-assigned managed identity associated with the resource.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint assignment delete
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete a blueprint assignment.
az blueprint assignment delete --name
[--delete-behavior {all, none}]
[--management-group]
[--subscription]
[--yes]Examples
Delete an assignment
az blueprint assignment delete --subscription MySubscription --name MyBlueprintAssignmentRequired Parameters
Name of the blueprint assignment.
Optional Parameters
When deleteBehavior=all, the resources that were created by the blueprint assignment will be deleted.
Use management group for the scope of the blueprint.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint assignment list
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List blueprint assignments within a subscription.
az blueprint assignment list [--management-group]
[--max-items]
[--next-token]
[--subscription]Examples
List assignments
az blueprint assignment list --subscription MySubscriptionOptional Parameters
Use management group for the scope of the blueprint.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint assignment show
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get a blueprint assignment.
az blueprint assignment show --name
[--management-group]
[--subscription]Examples
Show an assignment
az blueprint assignment show --subscription MySubscription --name MyBlueprintAssignmentRequired Parameters
Name of the blueprint assignment.
Optional Parameters
Use management group for the scope of the blueprint.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint assignment update
Update a blueprint assignment.
az blueprint assignment update --name
[--blueprint-version]
[--description]
[--display-name]
[--identity-type {None, SystemAssigned, UserAssigned}]
[--location]
[--locks-excluded-principals]
[--locks-mode {AllResourcesDoNotDelete, AllResourcesReadOnly, None}]
[--management-group]
[--parameters]
[--resource-group-value]
[--subscription]
[--user-assigned-identity]Required Parameters
Name of the blueprint assignment.
Optional Parameters
Resource ID of the published version of a blueprint definition.
Multi-line explain this resource.
One-liner string explain this resource.
Type of the managed identity.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted.
Lock mode.
Use management group for the target scope of the blueprint assignment. It is reserved for future use. Use --subscription instead.
Blueprint assignment parameter values. It can be a JSON string or JSON file path.
Key=Value pairs for a resource group. Keys include 'artifact_name'(required), 'name', 'location'.
Use subscription for the target scope of the blueprint assignment. Default susbcription will be used if option not specified.
The user-assigned managed identity associated with the resource.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint assignment wait
Place the CLI in a waiting state until a condition of the Blueprint Assignment is met.
az blueprint assignment wait --name
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--management-group]
[--subscription]
[--timeout]
[--updated]Examples
Pause executing next line of CLI script until the Blueprint Assignment is successfully provisioned.
az blueprint assignment wait --subscription MySubscription \ --name MyBlueprintAssignment --createdRequired Parameters
Name of the blueprint assignment.
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
Polling interval in seconds.
Use management group for the target scope of the blueprint assignment. It is reserved for future use. Use --subscription instead.
Use subscription for the target scope of the blueprint assignment. Default susbcription will be used if option not specified.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint assignment who
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get Blueprint Servie Principal Name objectId.
az blueprint assignment who --name
[--management-group]
[--subscription]Examples
Get SPN objectId
az blueprint assignment who --subscription MySubscription --name MyBlueprintAssignmentRequired Parameters
Name of the blueprint assignment.
Optional Parameters
Use management group for the scope of the blueprint.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
