Microsoft.SignalRService webPubSub
Bicep resource definition
The webPubSub resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SignalRService/webPubSub resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.SignalRService/webPubSub@2024-10-01-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
name: 'string'
properties: {
applicationFirewall: {
clientConnectionCountRules: [
{
type: 'string'
// For remaining properties, see ClientConnectionCountRule objects
}
]
clientTrafficControlRules: [
{
type: 'string'
// For remaining properties, see ClientTrafficControlRule objects
}
]
}
disableAadAuth: bool
disableLocalAuth: bool
liveTraceConfiguration: {
categories: [
{
enabled: 'string'
name: 'string'
}
]
enabled: 'string'
}
networkACLs: {
defaultAction: 'string'
ipRules: [
{
action: 'string'
value: 'string'
}
]
privateEndpoints: [
{
allow: [
'string'
]
deny: [
'string'
]
name: 'string'
}
]
publicNetwork: {
allow: [
'string'
]
deny: [
'string'
]
}
}
publicNetworkAccess: 'string'
regionEndpointEnabled: 'string'
resourceLogConfiguration: {
categories: [
{
enabled: 'string'
name: 'string'
}
]
}
resourceStopped: 'string'
socketIO: {
serviceMode: 'string'
}
tls: {
clientCertEnabled: bool
}
}
sku: {
capacity: int
name: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
}
ClientTrafficControlRule objects
Set the type property to specify the type of object.
For TrafficThrottleByJwtCustomClaimRule, use:
{
aggregationWindowInSeconds: int
claimName: 'string'
maxInboundMessageBytes: int
type: 'TrafficThrottleByJwtCustomClaimRule'
}
For TrafficThrottleByJwtSignatureRule, use:
{
aggregationWindowInSeconds: int
maxInboundMessageBytes: int
type: 'TrafficThrottleByJwtSignatureRule'
}
For TrafficThrottleByUserIdRule, use:
{
aggregationWindowInSeconds: int
maxInboundMessageBytes: int
type: 'TrafficThrottleByUserIdRule'
}
ClientConnectionCountRule objects
Set the type property to specify the type of object.
For ThrottleByJwtCustomClaimRule, use:
{
claimName: 'string'
maxCount: int
type: 'ThrottleByJwtCustomClaimRule'
}
For ThrottleByJwtSignatureRule, use:
{
maxCount: int
type: 'ThrottleByJwtSignatureRule'
}
For ThrottleByUserIdRule, use:
{
maxCount: int
type: 'ThrottleByUserIdRule'
}
Property values
ApplicationFirewallSettings
Name | Description | Value |
---|---|---|
clientConnectionCountRules | Rules to control the client connection count | ClientConnectionCountRule[] |
clientTrafficControlRules | Rules to control the client traffic | ClientTrafficControlRule[] |
ClientConnectionCountRule
Name | Description | Value |
---|---|---|
type | Set to 'ThrottleByJwtCustomClaimRule' for type ThrottleByJwtCustomClaimRule. Set to 'ThrottleByJwtSignatureRule' for type ThrottleByJwtSignatureRule. Set to 'ThrottleByUserIdRule' for type ThrottleByUserIdRule. | 'ThrottleByJwtCustomClaimRule' 'ThrottleByJwtSignatureRule' 'ThrottleByUserIdRule' (required) |
ClientTrafficControlRule
Name | Description | Value |
---|---|---|
type | Set to 'TrafficThrottleByJwtCustomClaimRule' for type TrafficThrottleByJwtCustomClaimRule. Set to 'TrafficThrottleByJwtSignatureRule' for type TrafficThrottleByJwtSignatureRule. Set to 'TrafficThrottleByUserIdRule' for type TrafficThrottleByUserIdRule. | 'TrafficThrottleByJwtCustomClaimRule' 'TrafficThrottleByJwtSignatureRule' 'TrafficThrottleByUserIdRule' (required) |
IPRule
Name | Description | Value |
---|---|---|
action | Azure Networking ACL Action. | 'Allow' 'Deny' |
value | An IP or CIDR or ServiceTag | string |
LiveTraceCategory
Name | Description | Value |
---|---|---|
enabled | Indicates whether or the live trace category is enabled. Available values: true, false. Case insensitive. |
string |
name | Gets or sets the live trace category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive. |
string |
LiveTraceConfiguration
Name | Description | Value |
---|---|---|
categories | Gets or sets the list of category configurations. | LiveTraceCategory[] |
enabled | Indicates whether or not enable live trace. When it's set to true, live trace client can connect to the service. Otherwise, live trace client can't connect to the service, so that you are unable to receive any log, no matter what you configure in "categories". Available values: true, false. Case insensitive. |
string |
ManagedIdentity
Name | Description | Value |
---|---|---|
type | Represents the identity type: systemAssigned, userAssigned, None | 'None' 'SystemAssigned' 'UserAssigned' |
userAssignedIdentities | Get or set the user assigned identities | ManagedIdentityUserAssignedIdentities |
ManagedIdentityUserAssignedIdentities
Name | Description | Value |
---|
Microsoft.SignalRService/webPubSub
Name | Description | Value |
---|---|---|
identity | A class represent managed identities used for request and response | ManagedIdentity |
kind | The kind of the service | 'SocketIO' 'WebPubSub' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string Constraints: Min length = 3 Max length = 3 Pattern = ^[a-zA-Z][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]$ (required) |
properties | A class that describes the properties of the resource | WebPubSubProperties |
sku | The billing information of the resource. | ResourceSku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NetworkACL
Name | Description | Value |
---|---|---|
allow | Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
deny | Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
PrivateEndpointACL
Name | Description | Value |
---|---|---|
allow | Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
deny | Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
name | Name of the private endpoint connection | string (required) |
ResourceLogCategory
Name | Description | Value |
---|---|---|
enabled | Indicates whether or the resource log category is enabled. Available values: true, false. Case insensitive. |
string |
name | Gets or sets the resource log category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive. |
string |
ResourceLogConfiguration
Name | Description | Value |
---|---|---|
categories | Gets or sets the list of category configurations. | ResourceLogCategory[] |
ResourceSku
Name | Description | Value |
---|---|---|
capacity | Optional, integer. The unit count of the resource. 1 for Free_F1/Standard_S1/Premium_P1, 100 for Premium_P2 by default. If present, following values are allowed: Free_F1: 1; Standard_S1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P2: 100,200,300,400,500,600,700,800,900,1000; |
int |
name | The name of the SKU. Required. Allowed values: Standard_S1, Free_F1, Premium_P1, Premium_P2 |
string (required) |
tier | Optional tier of this particular SKU. 'Standard' or 'Free'. Basic is deprecated, use Standard instead. |
'Basic' 'Free' 'Premium' 'Standard' |
ThrottleByJwtCustomClaimRule
Name | Description | Value |
---|---|---|
claimName | The name of the claim in the JWT token. The client connection with the same claim value will be aggregated. If the claim is not found in the token, the connection will be allowed. | string (required) |
maxCount | Maximum connection count allowed for the same Jwt claim value. Clients with the same Jwt claim will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByJwtCustomClaimRule' (required) |
ThrottleByJwtSignatureRule
Name | Description | Value |
---|---|---|
maxCount | Maximum connection count allowed for the same JWT signature. Clients with the same JWT signature will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByJwtSignatureRule' (required) |
ThrottleByUserIdRule
Name | Description | Value |
---|---|---|
maxCount | Maximum connection count allowed for the same user ID. Clients with the same user ID will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByUserIdRule' (required) |
TrackedResourceTags
Name | Description | Value |
---|
TrafficThrottleByJwtCustomClaimRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
claimName | The name of the claim in the JWT token. The message bytes with the same claim value will be aggregated. If the claim is not found in the token, the rule will be skipped. | string (required) |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same JWT signature within a time window. Clients with the same JWT claim will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByJwtCustomClaimRule' (required) |
TrafficThrottleByJwtSignatureRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same JWT signature within a time window. Clients with the same JWT signature will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByJwtSignatureRule' (required) |
TrafficThrottleByUserIdRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same user ID within a time window. Clients with the same user ID will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByUserIdRule' (required) |
UserAssignedIdentityProperty
Name | Description | Value |
---|
WebPubSubNetworkACLs
Name | Description | Value |
---|---|---|
defaultAction | Azure Networking ACL Action. | 'Allow' 'Deny' |
ipRules | IP rules for filtering public traffic | IPRule[] |
privateEndpoints | ACLs for requests from private endpoints | PrivateEndpointACL[] |
publicNetwork | Network ACL | NetworkACL |
WebPubSubProperties
Name | Description | Value |
---|---|---|
applicationFirewall | Application firewall settings for the resource | ApplicationFirewallSettings |
disableAadAuth | DisableLocalAuth Enable or disable aad auth When set as true, connection with AuthType=aad won't work. |
bool |
disableLocalAuth | DisableLocalAuth Enable or disable local auth with AccessKey When set as true, connection with AccessKey=xxx won't work. |
bool |
liveTraceConfiguration | Live trace configuration of a Microsoft.SignalRService resource. | LiveTraceConfiguration |
networkACLs | Network ACLs for the resource | WebPubSubNetworkACLs |
publicNetworkAccess | Enable or disable public network access. Default to "Enabled". When it's Enabled, network ACLs still apply. When it's Disabled, public network access is always disabled no matter what you set in network ACLs. |
string |
regionEndpointEnabled | Enable or disable the regional endpoint. Default to "Enabled". When it's Disabled, new connections will not be routed to this endpoint, however existing connections will not be affected. This property is replica specific. Disable the regional endpoint without replica is not allowed. |
string |
resourceLogConfiguration | Resource log configuration of a Microsoft.SignalRService resource. | ResourceLogConfiguration |
resourceStopped | Stop or start the resource. Default to "False". When it's true, the data plane of the resource is shutdown. When it's false, the data plane of the resource is started. |
string |
socketIO | SocketIO settings for the resource | WebPubSubSocketIOSettings |
tls | TLS settings for the resource | WebPubSubTlsSettings |
WebPubSubSocketIOSettings
Name | Description | Value |
---|---|---|
serviceMode | The service mode of Web PubSub for Socket.IO. Values allowed: "Default": have your own backend Socket.IO server "Serverless": your application doesn't have a backend server |
string |
WebPubSubTlsSettings
Name | Description | Value |
---|---|---|
clientCertEnabled | Request client certificate during TLS handshake if enabled. Not supported for free tier. Any input will be ignored for free tier. | bool |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Create Azure Web PubSub by using Bicep | Azure Web PubSub Service helps you build real-time messaging web applications using WebSockets and the publish-subscribe pattern. This uses Bicep language to create and configure a Web PubSub resource. You can use this template to conveniently deploy Web PubSub for a tutorial or testing, or as a building block for more complex deployments with Web PubSub. |
ARM template resource definition
The webPubSub resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SignalRService/webPubSub resource, add the following JSON to your template.
{
"type": "Microsoft.SignalRService/webPubSub",
"apiVersion": "2024-10-01-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"properties": {
"applicationFirewall": {
"clientConnectionCountRules": [ {
"type": "string"
// For remaining properties, see ClientConnectionCountRule objects
} ],
"clientTrafficControlRules": [ {
"type": "string"
// For remaining properties, see ClientTrafficControlRule objects
} ]
},
"disableAadAuth": "bool",
"disableLocalAuth": "bool",
"liveTraceConfiguration": {
"categories": [
{
"enabled": "string",
"name": "string"
}
],
"enabled": "string"
},
"networkACLs": {
"defaultAction": "string",
"ipRules": [
{
"action": "string",
"value": "string"
}
],
"privateEndpoints": [
{
"allow": [ "string" ],
"deny": [ "string" ],
"name": "string"
}
],
"publicNetwork": {
"allow": [ "string" ],
"deny": [ "string" ]
}
},
"publicNetworkAccess": "string",
"regionEndpointEnabled": "string",
"resourceLogConfiguration": {
"categories": [
{
"enabled": "string",
"name": "string"
}
]
},
"resourceStopped": "string",
"socketIO": {
"serviceMode": "string"
},
"tls": {
"clientCertEnabled": "bool"
}
},
"sku": {
"capacity": "int",
"name": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
}
}
ClientTrafficControlRule objects
Set the type property to specify the type of object.
For TrafficThrottleByJwtCustomClaimRule, use:
{
"aggregationWindowInSeconds": "int",
"claimName": "string",
"maxInboundMessageBytes": "int",
"type": "TrafficThrottleByJwtCustomClaimRule"
}
For TrafficThrottleByJwtSignatureRule, use:
{
"aggregationWindowInSeconds": "int",
"maxInboundMessageBytes": "int",
"type": "TrafficThrottleByJwtSignatureRule"
}
For TrafficThrottleByUserIdRule, use:
{
"aggregationWindowInSeconds": "int",
"maxInboundMessageBytes": "int",
"type": "TrafficThrottleByUserIdRule"
}
ClientConnectionCountRule objects
Set the type property to specify the type of object.
For ThrottleByJwtCustomClaimRule, use:
{
"claimName": "string",
"maxCount": "int",
"type": "ThrottleByJwtCustomClaimRule"
}
For ThrottleByJwtSignatureRule, use:
{
"maxCount": "int",
"type": "ThrottleByJwtSignatureRule"
}
For ThrottleByUserIdRule, use:
{
"maxCount": "int",
"type": "ThrottleByUserIdRule"
}
Property values
ApplicationFirewallSettings
Name | Description | Value |
---|---|---|
clientConnectionCountRules | Rules to control the client connection count | ClientConnectionCountRule[] |
clientTrafficControlRules | Rules to control the client traffic | ClientTrafficControlRule[] |
ClientConnectionCountRule
Name | Description | Value |
---|---|---|
type | Set to 'ThrottleByJwtCustomClaimRule' for type ThrottleByJwtCustomClaimRule. Set to 'ThrottleByJwtSignatureRule' for type ThrottleByJwtSignatureRule. Set to 'ThrottleByUserIdRule' for type ThrottleByUserIdRule. | 'ThrottleByJwtCustomClaimRule' 'ThrottleByJwtSignatureRule' 'ThrottleByUserIdRule' (required) |
ClientTrafficControlRule
Name | Description | Value |
---|---|---|
type | Set to 'TrafficThrottleByJwtCustomClaimRule' for type TrafficThrottleByJwtCustomClaimRule. Set to 'TrafficThrottleByJwtSignatureRule' for type TrafficThrottleByJwtSignatureRule. Set to 'TrafficThrottleByUserIdRule' for type TrafficThrottleByUserIdRule. | 'TrafficThrottleByJwtCustomClaimRule' 'TrafficThrottleByJwtSignatureRule' 'TrafficThrottleByUserIdRule' (required) |
IPRule
Name | Description | Value |
---|---|---|
action | Azure Networking ACL Action. | 'Allow' 'Deny' |
value | An IP or CIDR or ServiceTag | string |
LiveTraceCategory
Name | Description | Value |
---|---|---|
enabled | Indicates whether or the live trace category is enabled. Available values: true, false. Case insensitive. |
string |
name | Gets or sets the live trace category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive. |
string |
LiveTraceConfiguration
Name | Description | Value |
---|---|---|
categories | Gets or sets the list of category configurations. | LiveTraceCategory[] |
enabled | Indicates whether or not enable live trace. When it's set to true, live trace client can connect to the service. Otherwise, live trace client can't connect to the service, so that you are unable to receive any log, no matter what you configure in "categories". Available values: true, false. Case insensitive. |
string |
ManagedIdentity
Name | Description | Value |
---|---|---|
type | Represents the identity type: systemAssigned, userAssigned, None | 'None' 'SystemAssigned' 'UserAssigned' |
userAssignedIdentities | Get or set the user assigned identities | ManagedIdentityUserAssignedIdentities |
ManagedIdentityUserAssignedIdentities
Name | Description | Value |
---|
Microsoft.SignalRService/webPubSub
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2024-10-01-preview' |
identity | A class represent managed identities used for request and response | ManagedIdentity |
kind | The kind of the service | 'SocketIO' 'WebPubSub' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string Constraints: Min length = 3 Max length = 3 Pattern = ^[a-zA-Z][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]$ (required) |
properties | A class that describes the properties of the resource | WebPubSubProperties |
sku | The billing information of the resource. | ResourceSku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.SignalRService/webPubSub' |
NetworkACL
Name | Description | Value |
---|---|---|
allow | Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
deny | Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
PrivateEndpointACL
Name | Description | Value |
---|---|---|
allow | Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
deny | Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
name | Name of the private endpoint connection | string (required) |
ResourceLogCategory
Name | Description | Value |
---|---|---|
enabled | Indicates whether or the resource log category is enabled. Available values: true, false. Case insensitive. |
string |
name | Gets or sets the resource log category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive. |
string |
ResourceLogConfiguration
Name | Description | Value |
---|---|---|
categories | Gets or sets the list of category configurations. | ResourceLogCategory[] |
ResourceSku
Name | Description | Value |
---|---|---|
capacity | Optional, integer. The unit count of the resource. 1 for Free_F1/Standard_S1/Premium_P1, 100 for Premium_P2 by default. If present, following values are allowed: Free_F1: 1; Standard_S1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P2: 100,200,300,400,500,600,700,800,900,1000; |
int |
name | The name of the SKU. Required. Allowed values: Standard_S1, Free_F1, Premium_P1, Premium_P2 |
string (required) |
tier | Optional tier of this particular SKU. 'Standard' or 'Free'. Basic is deprecated, use Standard instead. |
'Basic' 'Free' 'Premium' 'Standard' |
ThrottleByJwtCustomClaimRule
Name | Description | Value |
---|---|---|
claimName | The name of the claim in the JWT token. The client connection with the same claim value will be aggregated. If the claim is not found in the token, the connection will be allowed. | string (required) |
maxCount | Maximum connection count allowed for the same Jwt claim value. Clients with the same Jwt claim will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByJwtCustomClaimRule' (required) |
ThrottleByJwtSignatureRule
Name | Description | Value |
---|---|---|
maxCount | Maximum connection count allowed for the same JWT signature. Clients with the same JWT signature will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByJwtSignatureRule' (required) |
ThrottleByUserIdRule
Name | Description | Value |
---|---|---|
maxCount | Maximum connection count allowed for the same user ID. Clients with the same user ID will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByUserIdRule' (required) |
TrackedResourceTags
Name | Description | Value |
---|
TrafficThrottleByJwtCustomClaimRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
claimName | The name of the claim in the JWT token. The message bytes with the same claim value will be aggregated. If the claim is not found in the token, the rule will be skipped. | string (required) |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same JWT signature within a time window. Clients with the same JWT claim will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByJwtCustomClaimRule' (required) |
TrafficThrottleByJwtSignatureRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same JWT signature within a time window. Clients with the same JWT signature will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByJwtSignatureRule' (required) |
TrafficThrottleByUserIdRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same user ID within a time window. Clients with the same user ID will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByUserIdRule' (required) |
UserAssignedIdentityProperty
Name | Description | Value |
---|
WebPubSubNetworkACLs
Name | Description | Value |
---|---|---|
defaultAction | Azure Networking ACL Action. | 'Allow' 'Deny' |
ipRules | IP rules for filtering public traffic | IPRule[] |
privateEndpoints | ACLs for requests from private endpoints | PrivateEndpointACL[] |
publicNetwork | Network ACL | NetworkACL |
WebPubSubProperties
Name | Description | Value |
---|---|---|
applicationFirewall | Application firewall settings for the resource | ApplicationFirewallSettings |
disableAadAuth | DisableLocalAuth Enable or disable aad auth When set as true, connection with AuthType=aad won't work. |
bool |
disableLocalAuth | DisableLocalAuth Enable or disable local auth with AccessKey When set as true, connection with AccessKey=xxx won't work. |
bool |
liveTraceConfiguration | Live trace configuration of a Microsoft.SignalRService resource. | LiveTraceConfiguration |
networkACLs | Network ACLs for the resource | WebPubSubNetworkACLs |
publicNetworkAccess | Enable or disable public network access. Default to "Enabled". When it's Enabled, network ACLs still apply. When it's Disabled, public network access is always disabled no matter what you set in network ACLs. |
string |
regionEndpointEnabled | Enable or disable the regional endpoint. Default to "Enabled". When it's Disabled, new connections will not be routed to this endpoint, however existing connections will not be affected. This property is replica specific. Disable the regional endpoint without replica is not allowed. |
string |
resourceLogConfiguration | Resource log configuration of a Microsoft.SignalRService resource. | ResourceLogConfiguration |
resourceStopped | Stop or start the resource. Default to "False". When it's true, the data plane of the resource is shutdown. When it's false, the data plane of the resource is started. |
string |
socketIO | SocketIO settings for the resource | WebPubSubSocketIOSettings |
tls | TLS settings for the resource | WebPubSubTlsSettings |
WebPubSubSocketIOSettings
Name | Description | Value |
---|---|---|
serviceMode | The service mode of Web PubSub for Socket.IO. Values allowed: "Default": have your own backend Socket.IO server "Serverless": your application doesn't have a backend server |
string |
WebPubSubTlsSettings
Name | Description | Value |
---|---|---|
clientCertEnabled | Request client certificate during TLS handshake if enabled. Not supported for free tier. Any input will be ignored for free tier. | bool |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create Azure Web PubSub by using Bicep |
Azure Web PubSub Service helps you build real-time messaging web applications using WebSockets and the publish-subscribe pattern. This uses Bicep language to create and configure a Web PubSub resource. You can use this template to conveniently deploy Web PubSub for a tutorial or testing, or as a building block for more complex deployments with Web PubSub. |
Terraform (AzAPI provider) resource definition
The webPubSub resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SignalRService/webPubSub resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.SignalRService/webPubSub@2024-10-01-preview"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
kind = "string"
location = "string"
sku = {
capacity = int
name = "string"
tier = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
applicationFirewall = {
clientConnectionCountRules = [
{
type = "string"
// For remaining properties, see ClientConnectionCountRule objects
}
]
clientTrafficControlRules = [
{
type = "string"
// For remaining properties, see ClientTrafficControlRule objects
}
]
}
disableAadAuth = bool
disableLocalAuth = bool
liveTraceConfiguration = {
categories = [
{
enabled = "string"
name = "string"
}
]
enabled = "string"
}
networkACLs = {
defaultAction = "string"
ipRules = [
{
action = "string"
value = "string"
}
]
privateEndpoints = [
{
allow = [
"string"
]
deny = [
"string"
]
name = "string"
}
]
publicNetwork = {
allow = [
"string"
]
deny = [
"string"
]
}
}
publicNetworkAccess = "string"
regionEndpointEnabled = "string"
resourceLogConfiguration = {
categories = [
{
enabled = "string"
name = "string"
}
]
}
resourceStopped = "string"
socketIO = {
serviceMode = "string"
}
tls = {
clientCertEnabled = bool
}
}
})
}
ClientTrafficControlRule objects
Set the type property to specify the type of object.
For TrafficThrottleByJwtCustomClaimRule, use:
{
aggregationWindowInSeconds = int
claimName = "string"
maxInboundMessageBytes = int
type = "TrafficThrottleByJwtCustomClaimRule"
}
For TrafficThrottleByJwtSignatureRule, use:
{
aggregationWindowInSeconds = int
maxInboundMessageBytes = int
type = "TrafficThrottleByJwtSignatureRule"
}
For TrafficThrottleByUserIdRule, use:
{
aggregationWindowInSeconds = int
maxInboundMessageBytes = int
type = "TrafficThrottleByUserIdRule"
}
ClientConnectionCountRule objects
Set the type property to specify the type of object.
For ThrottleByJwtCustomClaimRule, use:
{
claimName = "string"
maxCount = int
type = "ThrottleByJwtCustomClaimRule"
}
For ThrottleByJwtSignatureRule, use:
{
maxCount = int
type = "ThrottleByJwtSignatureRule"
}
For ThrottleByUserIdRule, use:
{
maxCount = int
type = "ThrottleByUserIdRule"
}
Property values
ApplicationFirewallSettings
Name | Description | Value |
---|---|---|
clientConnectionCountRules | Rules to control the client connection count | ClientConnectionCountRule[] |
clientTrafficControlRules | Rules to control the client traffic | ClientTrafficControlRule[] |
ClientConnectionCountRule
Name | Description | Value |
---|---|---|
type | Set to 'ThrottleByJwtCustomClaimRule' for type ThrottleByJwtCustomClaimRule. Set to 'ThrottleByJwtSignatureRule' for type ThrottleByJwtSignatureRule. Set to 'ThrottleByUserIdRule' for type ThrottleByUserIdRule. | 'ThrottleByJwtCustomClaimRule' 'ThrottleByJwtSignatureRule' 'ThrottleByUserIdRule' (required) |
ClientTrafficControlRule
Name | Description | Value |
---|---|---|
type | Set to 'TrafficThrottleByJwtCustomClaimRule' for type TrafficThrottleByJwtCustomClaimRule. Set to 'TrafficThrottleByJwtSignatureRule' for type TrafficThrottleByJwtSignatureRule. Set to 'TrafficThrottleByUserIdRule' for type TrafficThrottleByUserIdRule. | 'TrafficThrottleByJwtCustomClaimRule' 'TrafficThrottleByJwtSignatureRule' 'TrafficThrottleByUserIdRule' (required) |
IPRule
Name | Description | Value |
---|---|---|
action | Azure Networking ACL Action. | 'Allow' 'Deny' |
value | An IP or CIDR or ServiceTag | string |
LiveTraceCategory
Name | Description | Value |
---|---|---|
enabled | Indicates whether or the live trace category is enabled. Available values: true, false. Case insensitive. |
string |
name | Gets or sets the live trace category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive. |
string |
LiveTraceConfiguration
Name | Description | Value |
---|---|---|
categories | Gets or sets the list of category configurations. | LiveTraceCategory[] |
enabled | Indicates whether or not enable live trace. When it's set to true, live trace client can connect to the service. Otherwise, live trace client can't connect to the service, so that you are unable to receive any log, no matter what you configure in "categories". Available values: true, false. Case insensitive. |
string |
ManagedIdentity
Name | Description | Value |
---|---|---|
type | Represents the identity type: systemAssigned, userAssigned, None | 'None' 'SystemAssigned' 'UserAssigned' |
userAssignedIdentities | Get or set the user assigned identities | ManagedIdentityUserAssignedIdentities |
ManagedIdentityUserAssignedIdentities
Name | Description | Value |
---|
Microsoft.SignalRService/webPubSub
Name | Description | Value |
---|---|---|
identity | A class represent managed identities used for request and response | ManagedIdentity |
kind | The kind of the service | 'SocketIO' 'WebPubSub' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string Constraints: Min length = 3 Max length = 3 Pattern = ^[a-zA-Z][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]$ (required) |
properties | A class that describes the properties of the resource | WebPubSubProperties |
sku | The billing information of the resource. | ResourceSku |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.SignalRService/webPubSub@2024-10-01-preview" |
NetworkACL
Name | Description | Value |
---|---|---|
allow | Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
deny | Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
PrivateEndpointACL
Name | Description | Value |
---|---|---|
allow | Allowed request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
deny | Denied request types. The value can be one or more of: ClientConnection, ServerConnection, RESTAPI. | String array containing any of: 'ClientConnection' 'RESTAPI' 'ServerConnection' 'Trace' |
name | Name of the private endpoint connection | string (required) |
ResourceLogCategory
Name | Description | Value |
---|---|---|
enabled | Indicates whether or the resource log category is enabled. Available values: true, false. Case insensitive. |
string |
name | Gets or sets the resource log category's name. Available values: ConnectivityLogs, MessagingLogs. Case insensitive. |
string |
ResourceLogConfiguration
Name | Description | Value |
---|---|---|
categories | Gets or sets the list of category configurations. | ResourceLogCategory[] |
ResourceSku
Name | Description | Value |
---|---|---|
capacity | Optional, integer. The unit count of the resource. 1 for Free_F1/Standard_S1/Premium_P1, 100 for Premium_P2 by default. If present, following values are allowed: Free_F1: 1; Standard_S1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P1: 1,2,3,4,5,6,7,8,9,10,20,30,40,50,60,70,80,90,100; Premium_P2: 100,200,300,400,500,600,700,800,900,1000; |
int |
name | The name of the SKU. Required. Allowed values: Standard_S1, Free_F1, Premium_P1, Premium_P2 |
string (required) |
tier | Optional tier of this particular SKU. 'Standard' or 'Free'. Basic is deprecated, use Standard instead. |
'Basic' 'Free' 'Premium' 'Standard' |
ThrottleByJwtCustomClaimRule
Name | Description | Value |
---|---|---|
claimName | The name of the claim in the JWT token. The client connection with the same claim value will be aggregated. If the claim is not found in the token, the connection will be allowed. | string (required) |
maxCount | Maximum connection count allowed for the same Jwt claim value. Clients with the same Jwt claim will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByJwtCustomClaimRule' (required) |
ThrottleByJwtSignatureRule
Name | Description | Value |
---|---|---|
maxCount | Maximum connection count allowed for the same JWT signature. Clients with the same JWT signature will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByJwtSignatureRule' (required) |
ThrottleByUserIdRule
Name | Description | Value |
---|---|---|
maxCount | Maximum connection count allowed for the same user ID. Clients with the same user ID will get rejected if the connection count exceeds this value. Default value is 20. | int Constraints: Min value = 0 Max value = 2147483647 |
type | 'ThrottleByUserIdRule' (required) |
TrackedResourceTags
Name | Description | Value |
---|
TrafficThrottleByJwtCustomClaimRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
claimName | The name of the claim in the JWT token. The message bytes with the same claim value will be aggregated. If the claim is not found in the token, the rule will be skipped. | string (required) |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same JWT signature within a time window. Clients with the same JWT claim will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByJwtCustomClaimRule' (required) |
TrafficThrottleByJwtSignatureRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same JWT signature within a time window. Clients with the same JWT signature will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByJwtSignatureRule' (required) |
TrafficThrottleByUserIdRule
Name | Description | Value |
---|---|---|
aggregationWindowInSeconds | The aggregation window for the message bytes. The message bytes will be aggregated in this window and be reset after the window. Default value is 60 seconds. | int Constraints: Min value = 10 Max value = 3600 |
maxInboundMessageBytes | Maximum accumulated inbound message bytes allowed for the same user ID within a time window. Clients with the same user ID will get disconnected if the message bytes exceeds this value. Default value is 1GB. | int Constraints: Min value = 0 |
type | 'TrafficThrottleByUserIdRule' (required) |
UserAssignedIdentityProperty
Name | Description | Value |
---|
WebPubSubNetworkACLs
Name | Description | Value |
---|---|---|
defaultAction | Azure Networking ACL Action. | 'Allow' 'Deny' |
ipRules | IP rules for filtering public traffic | IPRule[] |
privateEndpoints | ACLs for requests from private endpoints | PrivateEndpointACL[] |
publicNetwork | Network ACL | NetworkACL |
WebPubSubProperties
Name | Description | Value |
---|---|---|
applicationFirewall | Application firewall settings for the resource | ApplicationFirewallSettings |
disableAadAuth | DisableLocalAuth Enable or disable aad auth When set as true, connection with AuthType=aad won't work. |
bool |
disableLocalAuth | DisableLocalAuth Enable or disable local auth with AccessKey When set as true, connection with AccessKey=xxx won't work. |
bool |
liveTraceConfiguration | Live trace configuration of a Microsoft.SignalRService resource. | LiveTraceConfiguration |
networkACLs | Network ACLs for the resource | WebPubSubNetworkACLs |
publicNetworkAccess | Enable or disable public network access. Default to "Enabled". When it's Enabled, network ACLs still apply. When it's Disabled, public network access is always disabled no matter what you set in network ACLs. |
string |
regionEndpointEnabled | Enable or disable the regional endpoint. Default to "Enabled". When it's Disabled, new connections will not be routed to this endpoint, however existing connections will not be affected. This property is replica specific. Disable the regional endpoint without replica is not allowed. |
string |
resourceLogConfiguration | Resource log configuration of a Microsoft.SignalRService resource. | ResourceLogConfiguration |
resourceStopped | Stop or start the resource. Default to "False". When it's true, the data plane of the resource is shutdown. When it's false, the data plane of the resource is started. |
string |
socketIO | SocketIO settings for the resource | WebPubSubSocketIOSettings |
tls | TLS settings for the resource | WebPubSubTlsSettings |
WebPubSubSocketIOSettings
Name | Description | Value |
---|---|---|
serviceMode | The service mode of Web PubSub for Socket.IO. Values allowed: "Default": have your own backend Socket.IO server "Serverless": your application doesn't have a backend server |
string |
WebPubSubTlsSettings
Name | Description | Value |
---|---|---|
clientCertEnabled | Request client certificate during TLS handshake if enabled. Not supported for free tier. Any input will be ignored for free tier. | bool |