Microsoft.Resources deployments
Bicep resource definition
The deployments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
- Tenants - See tenant deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For Bicep, consider using modules instead of this resource type.
Resource format
To create a Microsoft.Resources/deployments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Resources/deployments@2024-03-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
scope: 'string'
properties: {
debugSetting: {
detailLevel: 'string'
}
expressionEvaluationOptions: {
scope: 'string'
}
mode: 'string'
onErrorDeployment: {
deploymentName: 'string'
type: 'string'
}
parameters: {
{customized property}: {
reference: {
keyVault: {
id: 'string'
}
secretName: 'string'
secretVersion: 'string'
}
value: any()
}
}
parametersLink: {
contentVersion: 'string'
uri: 'string'
}
template: any()
templateLink: {
contentVersion: 'string'
id: 'string'
queryString: 'string'
relativePath: 'string'
uri: 'string'
}
}
resourceGroup: 'string'
subscriptionId: 'string'
}
Property values
deployments
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 1-64 Valid characters: Alphanumerics, underscores, parentheses, hyphens, and periods. |
location | The location to store the deployment data. | string |
tags | Deployment tags | Dictionary of tag names and values. See Tags in templates |
scope | In tenant and management group deployments, provide the management group ID to target. Use the format Microsoft.Management/managementGroups/{managementGroupID} . |
string |
properties | The deployment properties. | DeploymentPropertiesOrDeploymentPropertiesExtended (required) |
resourceGroup | The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation. | string |
subscriptionId | The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation. | string |
DeploymentPropertiesOrDeploymentPropertiesExtended
Name | Description | Value |
---|---|---|
debugSetting | The debug setting of the deployment. | DebugSetting |
expressionEvaluationOptions | Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. | ExpressionEvaluationOptions |
mode | The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. | 'Complete' 'Incremental' (required) |
onErrorDeployment | The deployment on error behavior. | OnErrorDeploymentOrOnErrorDeploymentExtended |
parameters | Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string. | DeploymentPropertiesParameters |
parametersLink | The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. | ParametersLink |
template | The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both. | For Bicep, you can use the any() function. |
templateLink | The URI of the template. Use either the templateLink property or the template property, but not both. | TemplateLink |
DebugSetting
Name | Description | Value |
---|---|---|
detailLevel | Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations. | string |
ExpressionEvaluationOptions
Name | Description | Value |
---|---|---|
scope | The scope to be used for evaluation of parameters, variables and functions in a nested template. | 'Inner' 'NotSpecified' 'Outer' |
OnErrorDeploymentOrOnErrorDeploymentExtended
Name | Description | Value |
---|---|---|
deploymentName | The deployment to be used on error case. | string |
type | The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. | 'LastSuccessful' 'SpecificDeployment' |
DeploymentPropertiesParameters
Name | Description | Value |
---|---|---|
{customized property} | DeploymentParameter |
DeploymentParameter
Name | Description | Value |
---|---|---|
reference | Azure Key Vault parameter reference. | KeyVaultParameterReference |
value | Input value to the parameter . | For Bicep, you can use the any() function. |
KeyVaultParameterReference
Name | Description | Value |
---|---|---|
keyVault | Azure Key Vault reference. | KeyVaultReference (required) |
secretName | Azure Key Vault secret name. | string (required) |
secretVersion | Azure Key Vault secret version. | string |
KeyVaultReference
Name | Description | Value |
---|---|---|
id | Azure Key Vault resource id. | string (required) |
ParametersLink
Name | Description | Value |
---|---|---|
contentVersion | If included, must match the ContentVersion in the template. | string |
uri | The URI of the parameters file. | string (required) |
TemplateLink
Name | Description | Value |
---|---|---|
contentVersion | If included, must match the ContentVersion in the template. | string |
id | The resource id of a Template Spec. Use either the id or uri property, but not both. | string |
queryString | The query string (for example, a SAS token) to be used with the templateLink URI. | string |
relativePath | The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs | string |
uri | The URI of the template to deploy. Use either the uri or id property, but not both. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Moesif API Analytics and Monetization |
The template will log API calls from Azure API Management to Moesif API analytics and monetization platform |
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
Creates a Dapr microservices app using Container Apps |
Create a Dapr microservices app using Container Apps. |
Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
Server managed by Desired State Configuration service |
This template provides an example of how to deliver a virtual machine and and Automation account to manage the machine, in a single deployment |
Create alert rule for azure business continuity items |
This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details. |
Redis cluster on Ubuntu VMs |
This template creates a Redis cluster on Ubuntu virtual machine images, configures persistence and applies well known optimizations and proven practices |
Front Door Premium with App Service origin and Private Link |
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application. |
Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
Front Door Standard/Premium with API Management origin |
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin. |
Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
Front Door Standard/Premium with Azure Functions origin |
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin. |
Front Door Standard/Premium with static website origin |
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. |
Creates an encrypted managed disk from an encrypted VHD |
This template allows you to create an encrypted managed disk using an existing encrypted VHD and encryption settings. |
Disable encryption on a running Windows VM |
This template disables encryption on a running windows vm |
Enable encryption on a running Windows VM & AAD |
This template enables encryption on a running windows vm using AAD client cert thumbprint. The certificate should have been deployed to the VM earlier |
GlassFish on SUSE |
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs. |
Deploy multiple VM Scale Sets of Linux VMs |
This template allows you to deploy multiple VM Scale Sets of Linux VMs. |
Deploy multiple VM Scale Sets of Windows VMs |
This template allows you to deploy multiple VM Scale Sets of Windows VMs. |
Deploy a simple Linux VM and update private IP to static |
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP. |
Use output from a Custom Script Extension during Deployment |
This is useful to the VM's compute to perform some task during deployment that Azure Resource Manager does not provide. The output of that compute (script) can then be leveraged elsewhere in the deployment. This is useful if the compute resource is needed in the deployment (e.g. a jumpbox, DC, etc), a bit wasteful if it is not. |
Deploy a Linux or Windows VM with MSI |
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity. |
Linux VM with MSI Accessing Storage |
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group. |
SQL Server 2014 SP2 Enterprise with Auto Backup |
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled |
SQL Server 2014 SP1 Enterprise with Azure Key Vault |
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled. |
Virus attack on Virtual Machines Scenario |
This will deploy 2 virtual machines, OMS and other network resources. One virtual machine without endpoint protection and other with enpoint protection installed. Perform the virus attack by following the guidlines and execute the scenario for mitigation and prevention of a virus attack. |
Create a data management gateway and install on an Azure VM |
This template deploys a virtual machine and creates a workable data management gateway |
Self-host Integration Runtime on Azure VMs |
This template creates a selfhost integration runtime and registers it on Azure virtual machines |
VM Scale Set Configuration managed by Azure Automation |
Deploy a VM Scale Set where virtual machines are deployed as registered nodes in the Azure Automation Desired State Configuration service, and node configuration is guaranteed consistency after deployment. NOTE: Required prerequisites Registration Key and Registration URL are available only after successful creation of an Azure Automation Account for Azure Automation DSC. |
VMSS Flexible Orchestration Mode Quickstart Linux |
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
Deploy a Linux or Windows VMSS with MSI |
This template allows you to deploy a Linux or Windows Virtual Machine Scale Set with a Managed Service Identity. That identity is then used to access Azure services. |
On-demand SFTP Server using an existing storage account |
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). |
Deploy a managed Kubernetes Cluster (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
Deploy a managed Kubernetes Cluster with AAD (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
FinOps hub |
This template creates a new FinOps hub instance, including Data Lake storage and a Data Factory. |
FinOps toolkit workbook |
This template creates a new Azure Monitor workbook for governance. |
Extend Existing Azure Resources with Custom Providers |
This sample will go into detail on how to extend existing Azure resources and Resource Manager templates to add in custom workloads. |
Deploy an Azure Databricks Workspace with PE,CMK all forms |
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption. |
Deploy an Azure Databricks Workspace with all 3 forms of CMK |
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption. |
Deploy an Azure Databricks WS with CMK for DBFS encryption |
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption |
Deploy an Azure Databricks Workspace with Managed Disks CMK |
This template allows you to create an Azure Databricks workspace with Managed Disks CMK. |
Deploy Azure Databricks Workspace with Managed Services CMK |
This template allows you to create an Azure Databricks workspace with Managed Services CMK. |
Create a new Datadog Organization |
This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. |
Use script extensions to install Mongo DB on Ubuntu VM |
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface. |
Create HA data management gateway and install on an Azure VMs |
This template deploys multiple virtual machines with workable HA data management gateway |
Deploy Data Lake Store account with encryption(Key Vault) |
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key. |
Performs ETL job using Azure services |
This template provides an example of how to perform analytics on the historic as well as real time streaming data stored in Azure Blob Storage. The data from the event hub is taken by the Azure Stream Analytics Job to perform transformation and the output is stored in Azure Blob Storage and is visualized in PowerBI. The analytics is applied on the historic data stored in Blob storage by Azure Data Analytics and the movement of extracted, transformed and published data and the orchestration is done by Data Factory. The published data is further visualized in PowerBI |
Deploy Dev Box Service with built-in image |
This template provides a way to deploy an Dev Box service with built-in image. |
Configure Dev Box service |
This template would create all Dev Box admin resources as per Dev Box quick start guide. You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
Azure Digital Twins with Function and Private Link service |
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'. |
Azure Digital Twins with Time Data History Connection |
This template creates an Azure Digital Twins instance configured with a time series data history connection. In order to create a connection, other resources must be created such as an Event Hubs namespace, an event hub, Azure Data Explorer cluster, and a database. Data is sent to an event hub which eventually forwards the data to the Azure Data Explorer cluster. Data is stored in a database table in the cluster |
HDInsight with custom Ambari + Hive Metastore DB in VNET |
This template allows you to create an HDInsight cluster in an existing virtual network with a new SQL DB that serves as both a custom Ambari DB and Hive Metastore. You must have an existing SQL Sever, storage account, and VNET. |
Configure FHIR service to enable $import |
This template provisions FHIR service to enable $import for initial data loading |
Create key vault, managed identity, and role assignment |
This template creates a key vault, managed identity, and role assignment. |
Use KeyVault with a Dynamic resourceId |
This template creates a SQL Server and uses an admin password from Key Vault. The reference parameter for the Key Vault secret is created at deployment time using a nested template. This allows the user to simply pass parameter values to the template rather than create a reference parameter in the parameter file. |
Azure Container Service (AKS) with Helm |
Deploy a managed cluster with Azure Container Service (AKS) with Helm |
Run timer jobs that execute on a schedule using Logic Apps |
This template creates a pair of Logic Apps that allows you to create scheduled timer job instances. |
User assigned identity role assignment template |
A template that creates role assignments of user assigned identity on resources that Azure Machine Learning workspace depends on |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an Azure Machine Learning Sweep job |
This template creates an Azure Machine Learning Sweep job for hyperparameter tuning. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |
Application Gateway for a Web App with IP Restriction |
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App. |
Apply a NSG to an existing subnet |
This template applies a newly created NSG to an existing subnet |
NSG Flow Logs with traffic analytics |
This template creates a NSG Flow log on an existing NSG with traffic analytics |
Azure Virtual WAN Routing Intent and Policies |
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled. |
Add an NSG with Redis security rules to an existing subnet |
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET. |
Build container images with ACR Tasks |
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. |
Import Container Images into ACR |
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. |
Create Application Gateway with Certificates |
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Create ssh-keys and store in KeyVault |
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault. |
Create and Deploy a templateSpec |
This sample creates and deploys a templateSpec resource within the same template. This is not a typical pattern just meant to show how the templateSpec and the deployment resources are meant to work together. |
Create TemplateSpecs from Template Gallery Templates |
This sample contains a script to easily migrate template gallery templates to templateSpec resources. The template provide will deploy all templates that can be exported using the migration script. |
Deploy SQL Always ON setup with existing SQL Virtual Machines |
Deploy SQL Always ON setup with existing SQL Virtual Machines. The virtual machines should already be joined to an existing domain and must be running enterprise version of SQL Server. |
Azure Synapse Proof-of-Concept |
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools |
Create an AppServicePlan and App in an ASEv3 |
Create an AppServicePlan and App in an ASEv3 |
Create a Azure Native New Relic Resource |
This template sets up an 'Azure Native New Relic Service' to monitor resources in your Azure subscription. |
ARM template resource definition
The deployments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
- Tenants - See tenant deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For Bicep, consider using modules instead of this resource type.
Resource format
To create a Microsoft.Resources/deployments resource, add the following JSON to your template.
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2024-03-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"scope": "string",
"properties": {
"debugSetting": {
"detailLevel": "string"
},
"expressionEvaluationOptions": {
"scope": "string"
},
"mode": "string",
"onErrorDeployment": {
"deploymentName": "string",
"type": "string"
},
"parameters": {
"{customized property}": {
"reference": {
"keyVault": {
"id": "string"
},
"secretName": "string",
"secretVersion": "string"
},
"value": {}
}
},
"parametersLink": {
"contentVersion": "string",
"uri": "string"
},
"template": {},
"templateLink": {
"contentVersion": "string",
"id": "string",
"queryString": "string",
"relativePath": "string",
"uri": "string"
}
},
"resourceGroup": "string",
"subscriptionId": "string"
}
Property values
deployments
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Resources/deployments' |
apiVersion | The resource api version | '2024-03-01' |
name | The resource name | string (required) Character limit: 1-64 Valid characters: Alphanumerics, underscores, parentheses, hyphens, and periods. |
location | The location to store the deployment data. | string |
tags | Deployment tags | Dictionary of tag names and values. See Tags in templates |
scope | In tenant and management group deployments, provide the management group ID to target. Use the format Microsoft.Management/managementGroups/{managementGroupID} . |
string |
properties | The deployment properties. | DeploymentPropertiesOrDeploymentPropertiesExtended (required) |
resourceGroup | The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation. | string |
subscriptionId | The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation. | string |
DeploymentPropertiesOrDeploymentPropertiesExtended
Name | Description | Value |
---|---|---|
debugSetting | The debug setting of the deployment. | DebugSetting |
expressionEvaluationOptions | Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. | ExpressionEvaluationOptions |
mode | The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. | 'Complete' 'Incremental' (required) |
onErrorDeployment | The deployment on error behavior. | OnErrorDeploymentOrOnErrorDeploymentExtended |
parameters | Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string. | DeploymentPropertiesParameters |
parametersLink | The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. | ParametersLink |
template | The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both. | |
templateLink | The URI of the template. Use either the templateLink property or the template property, but not both. | TemplateLink |
DebugSetting
Name | Description | Value |
---|---|---|
detailLevel | Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations. | string |
ExpressionEvaluationOptions
Name | Description | Value |
---|---|---|
scope | The scope to be used for evaluation of parameters, variables and functions in a nested template. | 'Inner' 'NotSpecified' 'Outer' |
OnErrorDeploymentOrOnErrorDeploymentExtended
Name | Description | Value |
---|---|---|
deploymentName | The deployment to be used on error case. | string |
type | The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. | 'LastSuccessful' 'SpecificDeployment' |
DeploymentPropertiesParameters
Name | Description | Value |
---|---|---|
{customized property} | DeploymentParameter |
DeploymentParameter
Name | Description | Value |
---|---|---|
reference | Azure Key Vault parameter reference. | KeyVaultParameterReference |
value | Input value to the parameter . |
KeyVaultParameterReference
Name | Description | Value |
---|---|---|
keyVault | Azure Key Vault reference. | KeyVaultReference (required) |
secretName | Azure Key Vault secret name. | string (required) |
secretVersion | Azure Key Vault secret version. | string |
KeyVaultReference
Name | Description | Value |
---|---|---|
id | Azure Key Vault resource id. | string (required) |
ParametersLink
Name | Description | Value |
---|---|---|
contentVersion | If included, must match the ContentVersion in the template. | string |
uri | The URI of the parameters file. | string (required) |
TemplateLink
Name | Description | Value |
---|---|---|
contentVersion | If included, must match the ContentVersion in the template. | string |
id | The resource id of a Template Spec. Use either the id or uri property, but not both. | string |
queryString | The query string (for example, a SAS token) to be used with the templateLink URI. | string |
relativePath | The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs | string |
uri | The URI of the template to deploy. Use either the uri or id property, but not both. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Moesif API Analytics and Monetization |
The template will log API calls from Azure API Management to Moesif API analytics and monetization platform |
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
Creates a Dapr microservices app using Container Apps |
Create a Dapr microservices app using Container Apps. |
Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
Server managed by Desired State Configuration service |
This template provides an example of how to deliver a virtual machine and and Automation account to manage the machine, in a single deployment |
Create alert rule for azure business continuity items |
This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details. |
Redis cluster on Ubuntu VMs |
This template creates a Redis cluster on Ubuntu virtual machine images, configures persistence and applies well known optimizations and proven practices |
Front Door Premium with App Service origin and Private Link |
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application. |
Front Door Premium with blob origin and Private Link |
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account. |
Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
Front Door Standard/Premium with API Management origin |
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin. |
Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
Front Door Standard/Premium with Azure Functions origin |
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin. |
Front Door Standard/Premium with static website origin |
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. |
Creates an encrypted managed disk from an encrypted VHD |
This template allows you to create an encrypted managed disk using an existing encrypted VHD and encryption settings. |
Disable encryption on a running Windows VM |
This template disables encryption on a running windows vm |
Enable encryption on a running Windows VM & AAD |
This template enables encryption on a running windows vm using AAD client cert thumbprint. The certificate should have been deployed to the VM earlier |
GlassFish on SUSE |
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs. |
Deploy multiple VM Scale Sets of Linux VMs |
This template allows you to deploy multiple VM Scale Sets of Linux VMs. |
Deploy multiple VM Scale Sets of Windows VMs |
This template allows you to deploy multiple VM Scale Sets of Windows VMs. |
Deploy a simple Linux VM and update private IP to static |
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP. |
Use output from a Custom Script Extension during Deployment |
This is useful to the VM's compute to perform some task during deployment that Azure Resource Manager does not provide. The output of that compute (script) can then be leveraged elsewhere in the deployment. This is useful if the compute resource is needed in the deployment (e.g. a jumpbox, DC, etc), a bit wasteful if it is not. |
Deploy a Linux or Windows VM with MSI |
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity. |
Linux VM with MSI Accessing Storage |
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group. |
SQL Server 2014 SP2 Enterprise with Auto Backup |
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled |
SQL Server 2014 SP1 Enterprise with Azure Key Vault |
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled. |
Virus attack on Virtual Machines Scenario |
This will deploy 2 virtual machines, OMS and other network resources. One virtual machine without endpoint protection and other with enpoint protection installed. Perform the virus attack by following the guidlines and execute the scenario for mitigation and prevention of a virus attack. |
Create a data management gateway and install on an Azure VM |
This template deploys a virtual machine and creates a workable data management gateway |
Self-host Integration Runtime on Azure VMs |
This template creates a selfhost integration runtime and registers it on Azure virtual machines |
VM Scale Set Configuration managed by Azure Automation |
Deploy a VM Scale Set where virtual machines are deployed as registered nodes in the Azure Automation Desired State Configuration service, and node configuration is guaranteed consistency after deployment. NOTE: Required prerequisites Registration Key and Registration URL are available only after successful creation of an Azure Automation Account for Azure Automation DSC. |
VMSS Flexible Orchestration Mode Quickstart Linux |
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
Deploy a Linux or Windows VMSS with MSI |
This template allows you to deploy a Linux or Windows Virtual Machine Scale Set with a Managed Service Identity. That identity is then used to access Azure services. |
On-demand SFTP Server using an existing storage account |
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). |
Deploy a managed Kubernetes Cluster (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
Deploy a managed Kubernetes Cluster with AAD (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
FinOps hub |
This template creates a new FinOps hub instance, including Data Lake storage and a Data Factory. |
FinOps toolkit workbook |
This template creates a new Azure Monitor workbook for governance. |
Extend Existing Azure Resources with Custom Providers |
This sample will go into detail on how to extend existing Azure resources and Resource Manager templates to add in custom workloads. |
Deploy an Azure Databricks Workspace with PE,CMK all forms |
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption. |
Deploy an Azure Databricks Workspace with all 3 forms of CMK |
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption. |
Deploy an Azure Databricks WS with CMK for DBFS encryption |
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption |
Deploy an Azure Databricks Workspace with Managed Disks CMK |
This template allows you to create an Azure Databricks workspace with Managed Disks CMK. |
Deploy Azure Databricks Workspace with Managed Services CMK |
This template allows you to create an Azure Databricks workspace with Managed Services CMK. |
Create a new Datadog Organization |
This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. |
Use script extensions to install Mongo DB on Ubuntu VM |
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface. |
Create HA data management gateway and install on an Azure VMs |
This template deploys multiple virtual machines with workable HA data management gateway |
Deploy Data Lake Store account with encryption(Key Vault) |
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key. |
Performs ETL job using Azure services |
This template provides an example of how to perform analytics on the historic as well as real time streaming data stored in Azure Blob Storage. The data from the event hub is taken by the Azure Stream Analytics Job to perform transformation and the output is stored in Azure Blob Storage and is visualized in PowerBI. The analytics is applied on the historic data stored in Blob storage by Azure Data Analytics and the movement of extracted, transformed and published data and the orchestration is done by Data Factory. The published data is further visualized in PowerBI |
Deploy Dev Box Service with built-in image |
This template provides a way to deploy an Dev Box service with built-in image. |
Configure Dev Box service |
This template would create all Dev Box admin resources as per Dev Box quick start guide. You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
Azure Digital Twins with Function and Private Link service |
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'. |
Azure Digital Twins with Time Data History Connection |
This template creates an Azure Digital Twins instance configured with a time series data history connection. In order to create a connection, other resources must be created such as an Event Hubs namespace, an event hub, Azure Data Explorer cluster, and a database. Data is sent to an event hub which eventually forwards the data to the Azure Data Explorer cluster. Data is stored in a database table in the cluster |
HDInsight with custom Ambari + Hive Metastore DB in VNET |
This template allows you to create an HDInsight cluster in an existing virtual network with a new SQL DB that serves as both a custom Ambari DB and Hive Metastore. You must have an existing SQL Sever, storage account, and VNET. |
Configure FHIR service to enable $import |
This template provisions FHIR service to enable $import for initial data loading |
Create key vault, managed identity, and role assignment |
This template creates a key vault, managed identity, and role assignment. |
Use KeyVault with a Dynamic resourceId |
This template creates a SQL Server and uses an admin password from Key Vault. The reference parameter for the Key Vault secret is created at deployment time using a nested template. This allows the user to simply pass parameter values to the template rather than create a reference parameter in the parameter file. |
Azure Container Service (AKS) with Helm |
Deploy a managed cluster with Azure Container Service (AKS) with Helm |
Run timer jobs that execute on a schedule using Logic Apps |
This template creates a pair of Logic Apps that allows you to create scheduled timer job instances. |
User assigned identity role assignment template |
A template that creates role assignments of user assigned identity on resources that Azure Machine Learning workspace depends on |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an Azure Machine Learning Sweep job |
This template creates an Azure Machine Learning Sweep job for hyperparameter tuning. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |
Application Gateway for a Web App with IP Restriction |
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App. |
Apply a NSG to an existing subnet |
This template applies a newly created NSG to an existing subnet |
NSG Flow Logs with traffic analytics |
This template creates a NSG Flow log on an existing NSG with traffic analytics |
Azure Virtual WAN Routing Intent and Policies |
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled. |
Add an NSG with Redis security rules to an existing subnet |
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET. |
Build container images with ACR Tasks |
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. |
Import Container Images into ACR |
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. |
Create Application Gateway with Certificates |
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Create ssh-keys and store in KeyVault |
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault. |
Create and Deploy a templateSpec |
This sample creates and deploys a templateSpec resource within the same template. This is not a typical pattern just meant to show how the templateSpec and the deployment resources are meant to work together. |
Create TemplateSpecs from Template Gallery Templates |
This sample contains a script to easily migrate template gallery templates to templateSpec resources. The template provide will deploy all templates that can be exported using the migration script. |
Deploy SQL Always ON setup with existing SQL Virtual Machines |
Deploy SQL Always ON setup with existing SQL Virtual Machines. The virtual machines should already be joined to an existing domain and must be running enterprise version of SQL Server. |
Azure Synapse Proof-of-Concept |
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools |
Create an AppServicePlan and App in an ASEv3 |
Create an AppServicePlan and App in an ASEv3 |
Create a Azure Native New Relic Resource |
This template sets up an 'Azure Native New Relic Service' to monitor resources in your Azure subscription. |
Terraform (AzAPI provider) resource definition
The deployments resource type can be deployed with operations that target:
- Resource groups
- Subscriptions
- Management groups
- Tenants
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Resources/deployments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Resources/deployments@2024-03-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
debugSetting = {
detailLevel = "string"
}
expressionEvaluationOptions = {
scope = "string"
}
mode = "string"
onErrorDeployment = {
deploymentName = "string"
type = "string"
}
parameters = {
{customized property} = {
reference = {
keyVault = {
id = "string"
}
secretName = "string"
secretVersion = "string"
}
}
}
parametersLink = {
contentVersion = "string"
uri = "string"
}
templateLink = {
contentVersion = "string"
id = "string"
queryString = "string"
relativePath = "string"
uri = "string"
}
}
resourceGroup = "string"
subscriptionId = "string"
scope = "string"
})
}
Property values
deployments
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Resources/deployments@2024-03-01" |
name | The resource name | string (required) Character limit: 1-64 Valid characters: Alphanumerics, underscores, parentheses, hyphens, and periods. |
location | The location to store the deployment data. | string |
parent_id | To deploy to a resource group, use the ID of that resource group. To deploy to a subscription, use the ID of that subscription. To deploy to a management group, use the ID of that management group. To deploy to a tenant, use / . |
string (required) |
tags | Deployment tags | Dictionary of tag names and values. |
properties | The deployment properties. | DeploymentPropertiesOrDeploymentPropertiesExtended (required) |
resourceGroup | The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation. | string |
subscriptionId | The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation. | string |
DeploymentPropertiesOrDeploymentPropertiesExtended
Name | Description | Value |
---|---|---|
debugSetting | The debug setting of the deployment. | DebugSetting |
expressionEvaluationOptions | Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. | ExpressionEvaluationOptions |
mode | The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. | "Complete" "Incremental" (required) |
onErrorDeployment | The deployment on error behavior. | OnErrorDeploymentOrOnErrorDeploymentExtended |
parameters | Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string. | DeploymentPropertiesParameters |
parametersLink | The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. | ParametersLink |
template | The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both. | |
templateLink | The URI of the template. Use either the templateLink property or the template property, but not both. | TemplateLink |
DebugSetting
Name | Description | Value |
---|---|---|
detailLevel | Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations. | string |
ExpressionEvaluationOptions
Name | Description | Value |
---|---|---|
scope | The scope to be used for evaluation of parameters, variables and functions in a nested template. | "Inner" "NotSpecified" "Outer" |
OnErrorDeploymentOrOnErrorDeploymentExtended
Name | Description | Value |
---|---|---|
deploymentName | The deployment to be used on error case. | string |
type | The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. | "LastSuccessful" "SpecificDeployment" |
DeploymentPropertiesParameters
Name | Description | Value |
---|---|---|
{customized property} | DeploymentParameter |
DeploymentParameter
Name | Description | Value |
---|---|---|
reference | Azure Key Vault parameter reference. | KeyVaultParameterReference |
value | Input value to the parameter . |
KeyVaultParameterReference
Name | Description | Value |
---|---|---|
keyVault | Azure Key Vault reference. | KeyVaultReference (required) |
secretName | Azure Key Vault secret name. | string (required) |
secretVersion | Azure Key Vault secret version. | string |
KeyVaultReference
Name | Description | Value |
---|---|---|
id | Azure Key Vault resource id. | string (required) |
ParametersLink
Name | Description | Value |
---|---|---|
contentVersion | If included, must match the ContentVersion in the template. | string |
uri | The URI of the parameters file. | string (required) |
TemplateLink
Name | Description | Value |
---|---|---|
contentVersion | If included, must match the ContentVersion in the template. | string |
id | The resource id of a Template Spec. Use either the id or uri property, but not both. | string |
queryString | The query string (for example, a SAS token) to be used with the templateLink URI. | string |
relativePath | The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs | string |
uri | The URI of the template to deploy. Use either the uri or id property, but not both. | string |