Microsoft.Web sites/slots
Bicep resource definition
The sites/slots resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Web/sites/slots resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Web/sites/slots@2024-04-01' = {
extendedLocation: {
name: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
name: 'string'
properties: {
autoGeneratedDomainNameLabelScope: 'string'
clientAffinityEnabled: bool
clientCertEnabled: bool
clientCertExclusionPaths: 'string'
clientCertMode: 'string'
cloningInfo: {
appSettingsOverrides: {
{customized property}: 'string'
}
cloneCustomHostNames: bool
cloneSourceControl: bool
configureLoadBalancing: bool
correlationId: 'string'
hostingEnvironment: 'string'
overwrite: bool
sourceWebAppId: 'string'
sourceWebAppLocation: 'string'
trafficManagerProfileId: 'string'
trafficManagerProfileName: 'string'
}
containerSize: int
customDomainVerificationId: 'string'
dailyMemoryTimeQuota: int
daprConfig: {
appId: 'string'
appPort: int
enableApiLogging: bool
enabled: bool
httpMaxRequestSize: int
httpReadBufferSize: int
logLevel: 'string'
}
dnsConfiguration: {
dnsAltServer: 'string'
dnsMaxCacheTimeout: int
dnsRetryAttemptCount: int
dnsRetryAttemptTimeout: int
dnsServers: [
'string'
]
}
enabled: bool
endToEndEncryptionEnabled: bool
functionAppConfig: {
deployment: {
storage: {
authentication: {
storageAccountConnectionStringName: 'string'
type: 'string'
userAssignedIdentityResourceId: 'string'
}
type: 'string'
value: 'string'
}
}
runtime: {
name: 'string'
version: 'string'
}
scaleAndConcurrency: {
alwaysReady: [
{
instanceCount: int
name: 'string'
}
]
instanceMemoryMB: int
maximumInstanceCount: int
triggers: {
http: {
perInstanceConcurrency: int
}
}
}
}
hostingEnvironmentProfile: {
id: 'string'
}
hostNamesDisabled: bool
hostNameSslStates: [
{
hostType: 'string'
name: 'string'
sslState: 'string'
thumbprint: 'string'
toUpdate: bool
virtualIP: 'string'
}
]
httpsOnly: bool
hyperV: bool
ipMode: 'string'
isXenon: bool
keyVaultReferenceIdentity: 'string'
managedEnvironmentId: 'string'
publicNetworkAccess: 'string'
redundancyMode: 'string'
reserved: bool
resourceConfig: {
cpu: int
memory: 'string'
}
scmSiteAlsoStopped: bool
serverFarmId: 'string'
siteConfig: {
acrUseManagedIdentityCreds: bool
acrUserManagedIdentityID: 'string'
alwaysOn: bool
apiDefinition: {
url: 'string'
}
apiManagementConfig: {
id: 'string'
}
appCommandLine: 'string'
appSettings: [
{
name: 'string'
value: 'string'
}
]
autoHealEnabled: bool
autoHealRules: {
actions: {
actionType: 'string'
customAction: {
exe: 'string'
parameters: 'string'
}
minProcessExecutionTime: 'string'
}
triggers: {
privateBytesInKB: int
requests: {
count: int
timeInterval: 'string'
}
slowRequests: {
count: int
path: 'string'
timeInterval: 'string'
timeTaken: 'string'
}
slowRequestsWithPath: [
{
count: int
path: 'string'
timeInterval: 'string'
timeTaken: 'string'
}
]
statusCodes: [
{
count: int
path: 'string'
status: int
subStatus: int
timeInterval: 'string'
win32Status: int
}
]
statusCodesRange: [
{
count: int
path: 'string'
statusCodes: 'string'
timeInterval: 'string'
}
]
}
}
autoSwapSlotName: 'string'
azureStorageAccounts: {
{customized property}: {
accessKey: 'string'
accountName: 'string'
mountPath: 'string'
protocol: 'string'
shareName: 'string'
type: 'string'
}
}
connectionStrings: [
{
connectionString: 'string'
name: 'string'
type: 'string'
}
]
cors: {
allowedOrigins: [
'string'
]
supportCredentials: bool
}
defaultDocuments: [
'string'
]
detailedErrorLoggingEnabled: bool
documentRoot: 'string'
elasticWebAppScaleLimit: int
experiments: {
rampUpRules: [
{
actionHostName: 'string'
changeDecisionCallbackUrl: 'string'
changeIntervalInMinutes: int
changeStep: int
maxReroutePercentage: int
minReroutePercentage: int
name: 'string'
reroutePercentage: int
}
]
}
ftpsState: 'string'
functionAppScaleLimit: int
functionsRuntimeScaleMonitoringEnabled: bool
handlerMappings: [
{
arguments: 'string'
extension: 'string'
scriptProcessor: 'string'
}
]
healthCheckPath: 'string'
http20Enabled: bool
httpLoggingEnabled: bool
ipSecurityRestrictions: [
{
action: 'string'
description: 'string'
headers: {
{customized property}: [
'string'
]
}
ipAddress: 'string'
name: 'string'
priority: int
subnetMask: 'string'
subnetTrafficTag: int
tag: 'string'
vnetSubnetResourceId: 'string'
vnetTrafficTag: int
}
]
ipSecurityRestrictionsDefaultAction: 'string'
javaContainer: 'string'
javaContainerVersion: 'string'
javaVersion: 'string'
keyVaultReferenceIdentity: 'string'
limits: {
maxDiskSizeInMb: int
maxMemoryInMb: int
maxPercentageCpu: int
}
linuxFxVersion: 'string'
loadBalancing: 'string'
localMySqlEnabled: bool
logsDirectorySizeLimit: int
managedPipelineMode: 'string'
managedServiceIdentityId: int
metadata: [
{
name: 'string'
value: 'string'
}
]
minimumElasticInstanceCount: int
minTlsCipherSuite: 'string'
minTlsVersion: 'string'
netFrameworkVersion: 'string'
nodeVersion: 'string'
numberOfWorkers: int
phpVersion: 'string'
powerShellVersion: 'string'
preWarmedInstanceCount: int
publicNetworkAccess: 'string'
publishingUsername: 'string'
push: {
kind: 'string'
properties: {
dynamicTagsJson: 'string'
isPushEnabled: bool
tagsRequiringAuth: 'string'
tagWhitelistJson: 'string'
}
}
pythonVersion: 'string'
remoteDebuggingEnabled: bool
remoteDebuggingVersion: 'string'
requestTracingEnabled: bool
requestTracingExpirationTime: 'string'
scmIpSecurityRestrictions: [
{
action: 'string'
description: 'string'
headers: {
{customized property}: [
'string'
]
}
ipAddress: 'string'
name: 'string'
priority: int
subnetMask: 'string'
subnetTrafficTag: int
tag: 'string'
vnetSubnetResourceId: 'string'
vnetTrafficTag: int
}
]
scmIpSecurityRestrictionsDefaultAction: 'string'
scmIpSecurityRestrictionsUseMain: bool
scmMinTlsVersion: 'string'
scmType: 'string'
tracingOptions: 'string'
use32BitWorkerProcess: bool
virtualApplications: [
{
physicalPath: 'string'
preloadEnabled: bool
virtualDirectories: [
{
physicalPath: 'string'
virtualPath: 'string'
}
]
virtualPath: 'string'
}
]
vnetName: 'string'
vnetPrivatePortsCount: int
vnetRouteAllEnabled: bool
websiteTimeZone: 'string'
webSocketsEnabled: bool
windowsFxVersion: 'string'
xManagedServiceIdentityId: int
}
storageAccountRequired: bool
virtualNetworkSubnetId: 'string'
vnetBackupRestoreEnabled: bool
vnetContentShareEnabled: bool
vnetImagePullEnabled: bool
vnetRouteAllEnabled: bool
workloadProfileName: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
ApiDefinitionInfo
| Name | Description | Value |
|---|---|---|
| url | The URL of the API definition. | string |
ApiManagementConfig
| Name | Description | Value |
|---|---|---|
| id | APIM-Api Identifier. | string |
AutoHealActions
| Name | Description | Value |
|---|---|---|
| actionType | Predefined action to be taken. | 'CustomAction' 'LogEvent' 'Recycle' |
| customAction | Custom action to be taken. | AutoHealCustomAction |
| minProcessExecutionTime | Minimum time the process must execute before taking the action |
string |
AutoHealCustomAction
| Name | Description | Value |
|---|---|---|
| exe | Executable to be run. | string |
| parameters | Parameters for the executable. | string |
AutoHealRules
| Name | Description | Value |
|---|---|---|
| actions | Actions to be executed when a rule is triggered. | AutoHealActions |
| triggers | Conditions that describe when to execute the auto-heal actions. | AutoHealTriggers |
AutoHealTriggers
| Name | Description | Value |
|---|---|---|
| privateBytesInKB | A rule based on private bytes. | int |
| requests | A rule based on total requests. | RequestsBasedTrigger |
| slowRequests | A rule based on request execution time. | SlowRequestsBasedTrigger |
| slowRequestsWithPath | A rule based on multiple Slow Requests Rule with path | SlowRequestsBasedTrigger[] |
| statusCodes | A rule based on status codes. | StatusCodesBasedTrigger[] |
| statusCodesRange | A rule based on status codes ranges. | StatusCodesRangeBasedTrigger[] |
AzureStorageInfoValue
| Name | Description | Value |
|---|---|---|
| accessKey | Access key for the storage account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| accountName | Name of the storage account. | string |
| mountPath | Path to mount the storage within the site's runtime environment. | string |
| protocol | Mounting protocol to use for the storage account. | 'Http' 'Nfs' 'Smb' |
| shareName | Name of the file share (container name, for Blob storage). | string |
| type | Type of storage. | 'AzureBlob' 'AzureFiles' |
CloningInfo
| Name | Description | Value |
|---|---|---|
| appSettingsOverrides | Application setting overrides for cloned app. If specified, these settings override the settings cloned from source app. Otherwise, application settings from source app are retained. |
CloningInfoAppSettingsOverrides |
| cloneCustomHostNames | <code>true</code> to clone custom hostnames from source app; otherwise, <code>false</code>. | bool |
| cloneSourceControl | <code>true</code> to clone source control from source app; otherwise, <code>false</code>. | bool |
| configureLoadBalancing | <code>true</code> to configure load balancing for source and destination app. | bool |
| correlationId | Correlation ID of cloning operation. This ID ties multiple cloning operations together to use the same snapshot. |
string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| hostingEnvironment | App Service Environment. | string |
| overwrite | <code>true</code> to overwrite destination app; otherwise, <code>false</code>. | bool |
| sourceWebAppId | ARM resource ID of the source app. App resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName} for production slots and /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/slots/{slotName} for other slots. |
string (required) |
| sourceWebAppLocation | Location of source app ex: West US or North Europe | string |
| trafficManagerProfileId | ARM resource ID of the Traffic Manager profile to use, if it exists. Traffic Manager resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/trafficManagerProfiles/{profileName}. |
string |
| trafficManagerProfileName | Name of Traffic Manager profile to create. This is only needed if Traffic Manager profile does not already exist. | string |
CloningInfoAppSettingsOverrides
| Name | Description | Value |
|---|
ConnStringInfo
| Name | Description | Value |
|---|---|---|
| connectionString | Connection string value. | string |
| name | Name of connection string. | string |
| type | Type of database. | 'ApiHub' 'Custom' 'DocDb' 'EventHub' 'MySql' 'NotificationHub' 'PostgreSQL' 'RedisCache' 'ServiceBus' 'SQLAzure' 'SQLServer' |
CorsSettings
| Name | Description | Value |
|---|---|---|
| allowedOrigins | Gets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all. |
string[] |
| supportCredentials | Gets or sets whether CORS requests with credentials are allowed. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials for more details. |
bool |
DaprConfig
| Name | Description | Value |
|---|---|---|
| appId | Dapr application identifier | string |
| appPort | Tells Dapr which port your application is listening on | int |
| enableApiLogging | Enables API logging for the Dapr sidecar | bool |
| enabled | Boolean indicating if the Dapr side car is enabled | bool |
| httpMaxRequestSize | Increasing max size of request body http servers parameter in MB to handle uploading of big files. Default is 4 MB. | int |
| httpReadBufferSize | Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. | int |
| logLevel | Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. | 'debug' 'error' 'info' 'warn' |
Experiments
| Name | Description | Value |
|---|---|---|
| rampUpRules | List of ramp-up rules. | RampUpRule[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | Name of extended location. | string |
FunctionAppConfig
| Name | Description | Value |
|---|---|---|
| deployment | Function app deployment configuration. | FunctionsDeployment |
| runtime | Function app runtime settings. | FunctionsRuntime |
| scaleAndConcurrency | Function app scale and concurrency settings. | FunctionsScaleAndConcurrency |
FunctionsAlwaysReadyConfig
| Name | Description | Value |
|---|---|---|
| instanceCount | Sets the number of 'Always Ready' instances for a given function group or a specific function. For additional information see https://aka.ms/flexconsumption/alwaysready. | int |
| name | Either a function group or a function name is required. For additional information see https://aka.ms/flexconsumption/alwaysready. | string |
FunctionsDeployment
| Name | Description | Value |
|---|---|---|
| storage | Storage for deployed package used by the function app. | FunctionsDeploymentStorage |
FunctionsDeploymentStorage
| Name | Description | Value |
|---|---|---|
| authentication | Authentication method to access the storage account for deployment. | FunctionsDeploymentStorageAuthentication |
| type | Property to select Azure Storage type. Available options: blobContainer. | 'blobContainer' |
| value | Property to set the URL for the selected Azure Storage type. Example: For blobContainer, the value could be https://<storageAccountName>.blob.core.windows.net/<containerName>. | string |
FunctionsDeploymentStorageAuthentication
| Name | Description | Value |
|---|---|---|
| storageAccountConnectionStringName | Use this property for StorageAccountConnectionString. Set the name of the app setting that has the storage account connection string. Do not set a value for this property when using other authentication type. | string |
| type | Property to select authentication type to access the selected storage account. Available options: SystemAssignedIdentity, UserAssignedIdentity, StorageAccountConnectionString. | 'StorageAccountConnectionString' 'SystemAssignedIdentity' 'UserAssignedIdentity' |
| userAssignedIdentityResourceId | Use this property for UserAssignedIdentity. Set the resource ID of the identity. Do not set a value for this property when using other authentication type. | string |
FunctionsRuntime
| Name | Description | Value |
|---|---|---|
| name | Function app runtime name. Available options: dotnet-isolated, node, java, powershell, python, custom | 'custom' 'dotnet-isolated' 'java' 'node' 'powershell' 'python' |
| version | Function app runtime version. Example: 8 (for dotnet-isolated) | string |
FunctionsScaleAndConcurrency
| Name | Description | Value |
|---|---|---|
| alwaysReady | 'Always Ready' configuration for the function app. | FunctionsAlwaysReadyConfig[] |
| instanceMemoryMB | Set the amount of memory allocated to each instance of the function app in MB. CPU and network bandwidth are allocated proportionally. | int |
| maximumInstanceCount | The maximum number of instances for the function app. | int |
| triggers | Scale and concurrency settings for the function app triggers. | FunctionsScaleAndConcurrencyTriggers |
FunctionsScaleAndConcurrencyTriggers
| Name | Description | Value |
|---|---|---|
| http | Scale and concurrency settings for the HTTP trigger. | FunctionsScaleAndConcurrencyTriggersHttp |
FunctionsScaleAndConcurrencyTriggersHttp
| Name | Description | Value |
|---|---|---|
| perInstanceConcurrency | The maximum number of concurrent HTTP trigger invocations per instance. | int |
HandlerMapping
| Name | Description | Value |
|---|---|---|
| arguments | Command-line arguments to be passed to the script processor. | string |
| extension | Requests with this extension will be handled using the specified FastCGI application. | string |
| scriptProcessor | The absolute path to the FastCGI application. | string |
HostingEnvironmentProfile
| Name | Description | Value |
|---|---|---|
| id | Resource ID of the App Service Environment. | string |
HostNameSslState
| Name | Description | Value |
|---|---|---|
| hostType | Indicates whether the hostname is a standard or repository hostname. | 'Repository' 'Standard' |
| name | Hostname. | string |
| sslState | SSL type. | 'Disabled' 'IpBasedEnabled' 'SniEnabled' |
| thumbprint | SSL certificate thumbprint. | string |
| toUpdate | Set to <code>true</code> to update existing hostname. | bool |
| virtualIP | Virtual IP address assigned to the hostname if IP based SSL is enabled. | string |
IpSecurityRestriction
| Name | Description | Value |
|---|---|---|
| action | Allow or Deny access for this IP range. | string |
| description | IP restriction rule description. | string |
| headers | IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is .. - If the property is null or empty (default), all hosts(or lack of) are allowed. - A value is compared using ordinal-ignore-case (excluding port number). - Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com - Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is .. - If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed. - If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match. |
IpSecurityRestrictionHeaders |
| ipAddress | IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified. |
string |
| name | IP restriction rule name. | string |
| priority | Priority of IP restriction rule. | int |
| subnetMask | Subnet mask for the range of IP addresses the restriction is valid for. | string |
| subnetTrafficTag | (internal) Subnet traffic tag | int |
| tag | Defines what this IP filter will be used for. This is to support IP filtering on proxies. | 'Default' 'ServiceTag' 'XffProxy' |
| vnetSubnetResourceId | Virtual network resource id | string |
| vnetTrafficTag | (internal) Vnet traffic tag | int |
IpSecurityRestrictionHeaders
| Name | Description | Value |
|---|
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user assigned identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName} | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
Microsoft.Web/sites/slots
| Name | Description | Value |
|---|---|---|
| extendedLocation | Extended Location. | ExtendedLocation |
| identity | Managed service identity. | ManagedServiceIdentity |
| kind | Kind of resource. If the resource is an app, you can refer to https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md#app-service-resource-kind-reference for details supported values for kind. | string |
| location | Resource Location. | string (required) |
| name | The resource name | string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: sites |
| properties | Site resource specific properties | SiteProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NameValuePair
| Name | Description | Value |
|---|---|---|
| name | Pair name. | string |
| value | Pair value. | string |
PushSettings
| Name | Description | Value |
|---|---|---|
| kind | Kind of resource. | string |
| properties | PushSettings resource specific properties | PushSettingsProperties |
PushSettingsProperties
| Name | Description | Value |
|---|---|---|
| dynamicTagsJson | Gets or sets a JSON string containing a list of dynamic tags that will be evaluated from user claims in the push registration endpoint. | string |
| isPushEnabled | Gets or sets a flag indicating whether the Push endpoint is enabled. | bool (required) |
| tagsRequiringAuth | Gets or sets a JSON string containing a list of tags that require user authentication to be used in the push registration endpoint. Tags can consist of alphanumeric characters and the following: '_', '@', '#', '.', ':', '-'. Validation should be performed at the PushRequestHandler. |
string |
| tagWhitelistJson | Gets or sets a JSON string containing a list of tags that are whitelisted for use by the push registration endpoint. | string |
RampUpRule
| Name | Description | Value |
|---|---|---|
| actionHostName | Hostname of a slot to which the traffic will be redirected if decided to. E.g. myapp-stage.azurewebsites.net. | string |
| changeDecisionCallbackUrl | Custom decision algorithm can be provided in TiPCallback site extension which URL can be specified. See TiPCallback site extension for the scaffold and contracts. https://www.siteextensions.net/packages/TiPCallback/ |
string |
| changeIntervalInMinutes | Specifies interval in minutes to reevaluate ReroutePercentage. | int |
| changeStep | In auto ramp up scenario this is the step to add/remove from <code>ReroutePercentage</code> until it reaches \n<code>MinReroutePercentage</code> or <code>MaxReroutePercentage</code>. Site metrics are checked every N minutes specified in <code>ChangeIntervalInMinutes</code>.\nCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified in <code>ChangeDecisionCallbackUrl</code>. |
int |
| maxReroutePercentage | Specifies upper boundary below which ReroutePercentage will stay. | int |
| minReroutePercentage | Specifies lower boundary above which ReroutePercentage will stay. | int |
| name | Name of the routing rule. The recommended name would be to point to the slot which will receive the traffic in the experiment. | string |
| reroutePercentage | Percentage of the traffic which will be redirected to <code>ActionHostName</code>. | int |
RequestsBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| timeInterval | Time interval. | string |
ResourceConfig
| Name | Description | Value |
|---|---|---|
| cpu | Required CPU in cores, e.g. 0.5 | int |
| memory | Required memory, e.g. "1Gi" | string |
ResourceTags
| Name | Description | Value |
|---|
SiteConfig
| Name | Description | Value |
|---|---|---|
| acrUseManagedIdentityCreds | Flag to use Managed Identity Creds for ACR pull | bool |
| acrUserManagedIdentityID | If using user managed identity, the user managed identity ClientId | string |
| alwaysOn | <code>true</code> if Always On is enabled; otherwise, <code>false</code>. | bool |
| apiDefinition | Information about the formal API definition for the app. | ApiDefinitionInfo |
| apiManagementConfig | Azure API management settings linked to the app. | ApiManagementConfig |
| appCommandLine | App command line to launch. | string |
| appSettings | Application settings. | NameValuePair[] |
| autoHealEnabled | <code>true</code> if Auto Heal is enabled; otherwise, <code>false</code>. | bool |
| autoHealRules | Auto Heal rules. | AutoHealRules |
| autoSwapSlotName | Auto-swap slot name. | string |
| azureStorageAccounts | List of Azure Storage Accounts. | SiteConfigAzureStorageAccounts |
| connectionStrings | Connection strings. | ConnStringInfo[] |
| cors | Cross-Origin Resource Sharing (CORS) settings. | CorsSettings |
| defaultDocuments | Default documents. | string[] |
| detailedErrorLoggingEnabled | <code>true</code> if detailed error logging is enabled; otherwise, <code>false</code>. | bool |
| documentRoot | Document root. | string |
| elasticWebAppScaleLimit | Maximum number of workers that a site can scale out to. This setting only applies to apps in plans where ElasticScaleEnabled is <code>true</code> |
int Constraints: Min value = 0 |
| experiments | This is work around for polymorphic types. | Experiments |
| ftpsState | State of FTP / FTPS service | 'AllAllowed' 'Disabled' 'FtpsOnly' |
| functionAppScaleLimit | Maximum number of workers that a site can scale out to. This setting only applies to the Consumption and Elastic Premium Plans |
int Constraints: Min value = 0 |
| functionsRuntimeScaleMonitoringEnabled | Gets or sets a value indicating whether functions runtime scale monitoring is enabled. When enabled, the ScaleController will not monitor event sources directly, but will instead call to the runtime to get scale status. |
bool |
| handlerMappings | Handler mappings. | HandlerMapping[] |
| healthCheckPath | Health check path | string |
| http20Enabled | Http20Enabled: configures a web site to allow clients to connect over http2.0 | bool |
| httpLoggingEnabled | <code>true</code> if HTTP logging is enabled; otherwise, <code>false</code>. | bool |
| ipSecurityRestrictions | IP security restrictions for main. | IpSecurityRestriction[] |
| ipSecurityRestrictionsDefaultAction | Default action for main access restriction if no rules are matched. | 'Allow' 'Deny' |
| javaContainer | Java container. | string |
| javaContainerVersion | Java container version. | string |
| javaVersion | Java version. | string |
| keyVaultReferenceIdentity | Identity to use for Key Vault Reference authentication. | string |
| limits | Site limits. | SiteLimits |
| linuxFxVersion | Linux App Framework and version | string |
| loadBalancing | Site load balancing. | 'LeastRequests' 'LeastRequestsWithTieBreaker' 'LeastResponseTime' 'PerSiteRoundRobin' 'RequestHash' 'WeightedRoundRobin' 'WeightedTotalTraffic' |
| localMySqlEnabled | <code>true</code> to enable local MySQL; otherwise, <code>false</code>. | bool |
| logsDirectorySizeLimit | HTTP logs directory size limit. | int |
| managedPipelineMode | Managed pipeline mode. | 'Classic' 'Integrated' |
| managedServiceIdentityId | Managed Service Identity Id | int |
| metadata | Application metadata. This property cannot be retrieved, since it may contain secrets. | NameValuePair[] |
| minimumElasticInstanceCount | Number of minimum instance count for a site This setting only applies to the Elastic Plans |
int Constraints: Min value = 0 Max value = 20 |
| minTlsCipherSuite | The minimum strength TLS cipher suite allowed for an application | 'TLS_AES_128_GCM_SHA256' 'TLS_AES_256_GCM_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_RSA_WITH_AES_128_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA256' 'TLS_RSA_WITH_AES_128_GCM_SHA256' 'TLS_RSA_WITH_AES_256_CBC_SHA' 'TLS_RSA_WITH_AES_256_CBC_SHA256' 'TLS_RSA_WITH_AES_256_GCM_SHA384' |
| minTlsVersion | MinTlsVersion: configures the minimum version of TLS required for SSL requests | '1.0' '1.1' '1.2' '1.3' |
| netFrameworkVersion | .NET Framework version. | string |
| nodeVersion | Version of Node.js. | string |
| numberOfWorkers | Number of workers. | int |
| phpVersion | Version of PHP. | string |
| powerShellVersion | Version of PowerShell. | string |
| preWarmedInstanceCount | Number of preWarmed instances. This setting only applies to the Consumption and Elastic Plans |
int Constraints: Min value = 0 Max value = 10 |
| publicNetworkAccess | Property to allow or block all public traffic. | string |
| publishingUsername | Publishing user name. | string |
| push | Push endpoint settings. | PushSettings |
| pythonVersion | Version of Python. | string |
| remoteDebuggingEnabled | <code>true</code> if remote debugging is enabled; otherwise, <code>false</code>. | bool |
| remoteDebuggingVersion | Remote debugging version. | string |
| requestTracingEnabled | <code>true</code> if request tracing is enabled; otherwise, <code>false</code>. | bool |
| requestTracingExpirationTime | Request tracing expiration time. | string |
| scmIpSecurityRestrictions | IP security restrictions for scm. | IpSecurityRestriction[] |
| scmIpSecurityRestrictionsDefaultAction | Default action for scm access restriction if no rules are matched. | 'Allow' 'Deny' |
| scmIpSecurityRestrictionsUseMain | IP security restrictions for scm to use main. | bool |
| scmMinTlsVersion | ScmMinTlsVersion: configures the minimum version of TLS required for SSL requests for SCM site | '1.0' '1.1' '1.2' '1.3' |
| scmType | SCM type. | 'BitbucketGit' 'BitbucketHg' 'CodePlexGit' 'CodePlexHg' 'Dropbox' 'ExternalGit' 'ExternalHg' 'GitHub' 'LocalGit' 'None' 'OneDrive' 'Tfs' 'VSO' 'VSTSRM' |
| tracingOptions | Tracing options. | string |
| use32BitWorkerProcess | <code>true</code> to use 32-bit worker process; otherwise, <code>false</code>. | bool |
| virtualApplications | Virtual applications. | VirtualApplication[] |
| vnetName | Virtual Network name. | string |
| vnetPrivatePortsCount | The number of private ports assigned to this app. These will be assigned dynamically on runtime. | int |
| vnetRouteAllEnabled | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | bool |
| websiteTimeZone | Sets the time zone a site uses for generating timestamps. Compatible with Linux and Windows App Service. Setting the WEBSITE_TIME_ZONE app setting takes precedence over this config. For Linux, expects tz database values https://www.iana.org/time-zones (for a quick reference see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). For Windows, expects one of the time zones listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones | string |
| webSocketsEnabled | <code>true</code> if WebSocket is enabled; otherwise, <code>false</code>. | bool |
| windowsFxVersion | Xenon App Framework and version | string |
| xManagedServiceIdentityId | Explicit Managed Service Identity Id | int |
SiteConfigAzureStorageAccounts
| Name | Description | Value |
|---|
SiteDnsConfig
| Name | Description | Value |
|---|---|---|
| dnsAltServer | Alternate DNS server to be used by apps. This property replicates the WEBSITE_DNS_ALT_SERVER app setting. | string |
| dnsMaxCacheTimeout | Custom time for DNS to be cached in seconds. Allowed range: 0-60. Default is 30 seconds. 0 means caching disabled. | int |
| dnsRetryAttemptCount | Total number of retries for dns lookup. Allowed range: 1-5. Default is 3. | int |
| dnsRetryAttemptTimeout | Timeout for a single dns lookup in seconds. Allowed range: 1-30. Default is 3. | int |
| dnsServers | List of custom DNS servers to be used by an app for lookups. Maximum 5 dns servers can be set. | string[] |
SiteLimits
| Name | Description | Value |
|---|---|---|
| maxDiskSizeInMb | Maximum allowed disk size usage in MB. | int |
| maxMemoryInMb | Maximum allowed memory usage in MB. | int |
| maxPercentageCpu | Maximum allowed CPU usage percentage. | int |
SiteProperties
| Name | Description | Value |
|---|---|---|
| autoGeneratedDomainNameLabelScope | Specifies the scope of uniqueness for the default hostname during resource creation | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| clientAffinityEnabled | <code>true</code> to enable client affinity; <code>false</code> to stop sending session affinity cookies, which route client requests in the same session to the same instance. Default is <code>true</code>. | bool |
| clientCertEnabled | <code>true</code> to enable client certificate authentication (TLS mutual authentication); otherwise, <code>false</code>. Default is <code>false</code>. | bool |
| clientCertExclusionPaths | client certificate authentication comma-separated exclusion paths | string |
| clientCertMode | This composes with ClientCertEnabled setting. - ClientCertEnabled: false means ClientCert is ignored. - ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required. - ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. |
'Optional' 'OptionalInteractiveUser' 'Required' |
| cloningInfo | If specified during app creation, the app is cloned from a source app. | CloningInfo |
| containerSize | Size of the function container. | int |
| customDomainVerificationId | Unique identifier that verifies the custom domains assigned to the app. Customer will add this id to a txt record for verification. | string |
| dailyMemoryTimeQuota | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | int |
| daprConfig | Dapr configuration of the app. | DaprConfig |
| dnsConfiguration | Property to configure various DNS related settings for a site. | SiteDnsConfig |
| enabled | <code>true</code> if the app is enabled; otherwise, <code>false</code>. Setting this value to false disables the app (takes the app offline). | bool |
| endToEndEncryptionEnabled | Whether to use end to end encryption between the FrontEnd and the Worker | bool |
| functionAppConfig | Configuration specific of the Azure Function app. | FunctionAppConfig |
| hostingEnvironmentProfile | App Service Environment to use for the app. | HostingEnvironmentProfile |
| hostNamesDisabled | <code>true</code> to disable the public hostnames of the app; otherwise, <code>false</code>. If <code>true</code>, the app is only accessible via API management process. |
bool |
| hostNameSslStates | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | HostNameSslState[] |
| httpsOnly | HttpsOnly: configures a web site to accept only https requests. Issues redirect for http requests |
bool |
| hyperV | Hyper-V sandbox. | bool |
| ipMode | Specifies the IP mode of the app. | 'IPv4' 'IPv4AndIPv6' 'IPv6' |
| isXenon | Obsolete: Hyper-V sandbox. | bool |
| keyVaultReferenceIdentity | Identity to use for Key Vault Reference authentication. | string |
| managedEnvironmentId | Azure Resource Manager ID of the customer's selected Managed Environment on which to host this app. This must be of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.App/managedEnvironments/{managedEnvironmentName} | string |
| publicNetworkAccess | Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled' or an empty string. | string |
| redundancyMode | Site redundancy mode | 'ActiveActive' 'Failover' 'GeoRedundant' 'Manual' 'None' |
| reserved | <code>true</code> if reserved; otherwise, <code>false</code>. | bool |
| resourceConfig | Function app resource requirements. | ResourceConfig |
| scmSiteAlsoStopped | <code>true</code> to stop SCM (KUDU) site when the app is stopped; otherwise, <code>false</code>. The default is <code>false</code>. | bool |
| serverFarmId | Resource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}". | string |
| siteConfig | Configuration of the app. | SiteConfig |
| storageAccountRequired | Checks if Customer provided storage account is required | bool |
| virtualNetworkSubnetId | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} |
string |
| vnetBackupRestoreEnabled | To enable Backup and Restore operations over virtual network | bool |
| vnetContentShareEnabled | To enable accessing content over virtual network | bool |
| vnetImagePullEnabled | To enable pulling image over Virtual Network | bool |
| vnetRouteAllEnabled | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | bool |
| workloadProfileName | Workload profile name for function app to execute on. | string |
SlowRequestsBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | Request Path. | string |
| timeInterval | Time interval. | string |
| timeTaken | Time taken. | string |
StatusCodesBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | Request Path | string |
| status | HTTP status code. | int |
| subStatus | Request Sub Status. | int |
| timeInterval | Time interval. | string |
| win32Status | Win32 error code. | int |
StatusCodesRangeBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | string | |
| statusCodes | HTTP status code. | string |
| timeInterval | Time interval. | string |
UserAssignedIdentity
| Name | Description | Value |
|---|
VirtualApplication
| Name | Description | Value |
|---|---|---|
| physicalPath | Physical path. | string |
| preloadEnabled | <code>true</code> if preloading is enabled; otherwise, <code>false</code>. | bool |
| virtualDirectories | Virtual directories for virtual application. | VirtualDirectory[] |
| virtualPath | Virtual path. | string |
VirtualDirectory
| Name | Description | Value |
|---|---|---|
| physicalPath | Physical path. | string |
| virtualPath | Path to virtual application. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Azure Function App with a Deployment Slot | This template provisions a function app on a Premium plan with production slot and an additional deployment slot. |
| Highly Available Multi-region Web App | This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door |
| Provision Consumption plan function with a Deployment Slot | This template provisions a function app on a Consumption plan, which is a dynamic hosting plan. The app runs on demand and you're billed per execution, with no standing resource committment. There are other templates available for provisioning on a dedicated hosting plan. |
| Secure N-tier Web App | This template allows you to create a secure end to end solution with two web apps with staging slots, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint |
ARM template resource definition
The sites/slots resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Web/sites/slots resource, add the following JSON to your template.
{
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2024-04-01",
"name": "string",
"extendedLocation": {
"name": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"properties": {
"autoGeneratedDomainNameLabelScope": "string",
"clientAffinityEnabled": "bool",
"clientCertEnabled": "bool",
"clientCertExclusionPaths": "string",
"clientCertMode": "string",
"cloningInfo": {
"appSettingsOverrides": {
"{customized property}": "string"
},
"cloneCustomHostNames": "bool",
"cloneSourceControl": "bool",
"configureLoadBalancing": "bool",
"correlationId": "string",
"hostingEnvironment": "string",
"overwrite": "bool",
"sourceWebAppId": "string",
"sourceWebAppLocation": "string",
"trafficManagerProfileId": "string",
"trafficManagerProfileName": "string"
},
"containerSize": "int",
"customDomainVerificationId": "string",
"dailyMemoryTimeQuota": "int",
"daprConfig": {
"appId": "string",
"appPort": "int",
"enableApiLogging": "bool",
"enabled": "bool",
"httpMaxRequestSize": "int",
"httpReadBufferSize": "int",
"logLevel": "string"
},
"dnsConfiguration": {
"dnsAltServer": "string",
"dnsMaxCacheTimeout": "int",
"dnsRetryAttemptCount": "int",
"dnsRetryAttemptTimeout": "int",
"dnsServers": [ "string" ]
},
"enabled": "bool",
"endToEndEncryptionEnabled": "bool",
"functionAppConfig": {
"deployment": {
"storage": {
"authentication": {
"storageAccountConnectionStringName": "string",
"type": "string",
"userAssignedIdentityResourceId": "string"
},
"type": "string",
"value": "string"
}
},
"runtime": {
"name": "string",
"version": "string"
},
"scaleAndConcurrency": {
"alwaysReady": [
{
"instanceCount": "int",
"name": "string"
}
],
"instanceMemoryMB": "int",
"maximumInstanceCount": "int",
"triggers": {
"http": {
"perInstanceConcurrency": "int"
}
}
}
},
"hostingEnvironmentProfile": {
"id": "string"
},
"hostNamesDisabled": "bool",
"hostNameSslStates": [
{
"hostType": "string",
"name": "string",
"sslState": "string",
"thumbprint": "string",
"toUpdate": "bool",
"virtualIP": "string"
}
],
"httpsOnly": "bool",
"hyperV": "bool",
"ipMode": "string",
"isXenon": "bool",
"keyVaultReferenceIdentity": "string",
"managedEnvironmentId": "string",
"publicNetworkAccess": "string",
"redundancyMode": "string",
"reserved": "bool",
"resourceConfig": {
"cpu": "int",
"memory": "string"
},
"scmSiteAlsoStopped": "bool",
"serverFarmId": "string",
"siteConfig": {
"acrUseManagedIdentityCreds": "bool",
"acrUserManagedIdentityID": "string",
"alwaysOn": "bool",
"apiDefinition": {
"url": "string"
},
"apiManagementConfig": {
"id": "string"
},
"appCommandLine": "string",
"appSettings": [
{
"name": "string",
"value": "string"
}
],
"autoHealEnabled": "bool",
"autoHealRules": {
"actions": {
"actionType": "string",
"customAction": {
"exe": "string",
"parameters": "string"
},
"minProcessExecutionTime": "string"
},
"triggers": {
"privateBytesInKB": "int",
"requests": {
"count": "int",
"timeInterval": "string"
},
"slowRequests": {
"count": "int",
"path": "string",
"timeInterval": "string",
"timeTaken": "string"
},
"slowRequestsWithPath": [
{
"count": "int",
"path": "string",
"timeInterval": "string",
"timeTaken": "string"
}
],
"statusCodes": [
{
"count": "int",
"path": "string",
"status": "int",
"subStatus": "int",
"timeInterval": "string",
"win32Status": "int"
}
],
"statusCodesRange": [
{
"count": "int",
"path": "string",
"statusCodes": "string",
"timeInterval": "string"
}
]
}
},
"autoSwapSlotName": "string",
"azureStorageAccounts": {
"{customized property}": {
"accessKey": "string",
"accountName": "string",
"mountPath": "string",
"protocol": "string",
"shareName": "string",
"type": "string"
}
},
"connectionStrings": [
{
"connectionString": "string",
"name": "string",
"type": "string"
}
],
"cors": {
"allowedOrigins": [ "string" ],
"supportCredentials": "bool"
},
"defaultDocuments": [ "string" ],
"detailedErrorLoggingEnabled": "bool",
"documentRoot": "string",
"elasticWebAppScaleLimit": "int",
"experiments": {
"rampUpRules": [
{
"actionHostName": "string",
"changeDecisionCallbackUrl": "string",
"changeIntervalInMinutes": "int",
"changeStep": "int",
"maxReroutePercentage": "int",
"minReroutePercentage": "int",
"name": "string",
"reroutePercentage": "int"
}
]
},
"ftpsState": "string",
"functionAppScaleLimit": "int",
"functionsRuntimeScaleMonitoringEnabled": "bool",
"handlerMappings": [
{
"arguments": "string",
"extension": "string",
"scriptProcessor": "string"
}
],
"healthCheckPath": "string",
"http20Enabled": "bool",
"httpLoggingEnabled": "bool",
"ipSecurityRestrictions": [
{
"action": "string",
"description": "string",
"headers": {
"{customized property}": [ "string" ]
},
"ipAddress": "string",
"name": "string",
"priority": "int",
"subnetMask": "string",
"subnetTrafficTag": "int",
"tag": "string",
"vnetSubnetResourceId": "string",
"vnetTrafficTag": "int"
}
],
"ipSecurityRestrictionsDefaultAction": "string",
"javaContainer": "string",
"javaContainerVersion": "string",
"javaVersion": "string",
"keyVaultReferenceIdentity": "string",
"limits": {
"maxDiskSizeInMb": "int",
"maxMemoryInMb": "int",
"maxPercentageCpu": "int"
},
"linuxFxVersion": "string",
"loadBalancing": "string",
"localMySqlEnabled": "bool",
"logsDirectorySizeLimit": "int",
"managedPipelineMode": "string",
"managedServiceIdentityId": "int",
"metadata": [
{
"name": "string",
"value": "string"
}
],
"minimumElasticInstanceCount": "int",
"minTlsCipherSuite": "string",
"minTlsVersion": "string",
"netFrameworkVersion": "string",
"nodeVersion": "string",
"numberOfWorkers": "int",
"phpVersion": "string",
"powerShellVersion": "string",
"preWarmedInstanceCount": "int",
"publicNetworkAccess": "string",
"publishingUsername": "string",
"push": {
"kind": "string",
"properties": {
"dynamicTagsJson": "string",
"isPushEnabled": "bool",
"tagsRequiringAuth": "string",
"tagWhitelistJson": "string"
}
},
"pythonVersion": "string",
"remoteDebuggingEnabled": "bool",
"remoteDebuggingVersion": "string",
"requestTracingEnabled": "bool",
"requestTracingExpirationTime": "string",
"scmIpSecurityRestrictions": [
{
"action": "string",
"description": "string",
"headers": {
"{customized property}": [ "string" ]
},
"ipAddress": "string",
"name": "string",
"priority": "int",
"subnetMask": "string",
"subnetTrafficTag": "int",
"tag": "string",
"vnetSubnetResourceId": "string",
"vnetTrafficTag": "int"
}
],
"scmIpSecurityRestrictionsDefaultAction": "string",
"scmIpSecurityRestrictionsUseMain": "bool",
"scmMinTlsVersion": "string",
"scmType": "string",
"tracingOptions": "string",
"use32BitWorkerProcess": "bool",
"virtualApplications": [
{
"physicalPath": "string",
"preloadEnabled": "bool",
"virtualDirectories": [
{
"physicalPath": "string",
"virtualPath": "string"
}
],
"virtualPath": "string"
}
],
"vnetName": "string",
"vnetPrivatePortsCount": "int",
"vnetRouteAllEnabled": "bool",
"websiteTimeZone": "string",
"webSocketsEnabled": "bool",
"windowsFxVersion": "string",
"xManagedServiceIdentityId": "int"
},
"storageAccountRequired": "bool",
"virtualNetworkSubnetId": "string",
"vnetBackupRestoreEnabled": "bool",
"vnetContentShareEnabled": "bool",
"vnetImagePullEnabled": "bool",
"vnetRouteAllEnabled": "bool",
"workloadProfileName": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
ApiDefinitionInfo
| Name | Description | Value |
|---|---|---|
| url | The URL of the API definition. | string |
ApiManagementConfig
| Name | Description | Value |
|---|---|---|
| id | APIM-Api Identifier. | string |
AutoHealActions
| Name | Description | Value |
|---|---|---|
| actionType | Predefined action to be taken. | 'CustomAction' 'LogEvent' 'Recycle' |
| customAction | Custom action to be taken. | AutoHealCustomAction |
| minProcessExecutionTime | Minimum time the process must execute before taking the action |
string |
AutoHealCustomAction
| Name | Description | Value |
|---|---|---|
| exe | Executable to be run. | string |
| parameters | Parameters for the executable. | string |
AutoHealRules
| Name | Description | Value |
|---|---|---|
| actions | Actions to be executed when a rule is triggered. | AutoHealActions |
| triggers | Conditions that describe when to execute the auto-heal actions. | AutoHealTriggers |
AutoHealTriggers
| Name | Description | Value |
|---|---|---|
| privateBytesInKB | A rule based on private bytes. | int |
| requests | A rule based on total requests. | RequestsBasedTrigger |
| slowRequests | A rule based on request execution time. | SlowRequestsBasedTrigger |
| slowRequestsWithPath | A rule based on multiple Slow Requests Rule with path | SlowRequestsBasedTrigger[] |
| statusCodes | A rule based on status codes. | StatusCodesBasedTrigger[] |
| statusCodesRange | A rule based on status codes ranges. | StatusCodesRangeBasedTrigger[] |
AzureStorageInfoValue
| Name | Description | Value |
|---|---|---|
| accessKey | Access key for the storage account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| accountName | Name of the storage account. | string |
| mountPath | Path to mount the storage within the site's runtime environment. | string |
| protocol | Mounting protocol to use for the storage account. | 'Http' 'Nfs' 'Smb' |
| shareName | Name of the file share (container name, for Blob storage). | string |
| type | Type of storage. | 'AzureBlob' 'AzureFiles' |
CloningInfo
| Name | Description | Value |
|---|---|---|
| appSettingsOverrides | Application setting overrides for cloned app. If specified, these settings override the settings cloned from source app. Otherwise, application settings from source app are retained. |
CloningInfoAppSettingsOverrides |
| cloneCustomHostNames | <code>true</code> to clone custom hostnames from source app; otherwise, <code>false</code>. | bool |
| cloneSourceControl | <code>true</code> to clone source control from source app; otherwise, <code>false</code>. | bool |
| configureLoadBalancing | <code>true</code> to configure load balancing for source and destination app. | bool |
| correlationId | Correlation ID of cloning operation. This ID ties multiple cloning operations together to use the same snapshot. |
string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| hostingEnvironment | App Service Environment. | string |
| overwrite | <code>true</code> to overwrite destination app; otherwise, <code>false</code>. | bool |
| sourceWebAppId | ARM resource ID of the source app. App resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName} for production slots and /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/slots/{slotName} for other slots. |
string (required) |
| sourceWebAppLocation | Location of source app ex: West US or North Europe | string |
| trafficManagerProfileId | ARM resource ID of the Traffic Manager profile to use, if it exists. Traffic Manager resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/trafficManagerProfiles/{profileName}. |
string |
| trafficManagerProfileName | Name of Traffic Manager profile to create. This is only needed if Traffic Manager profile does not already exist. | string |
CloningInfoAppSettingsOverrides
| Name | Description | Value |
|---|
ConnStringInfo
| Name | Description | Value |
|---|---|---|
| connectionString | Connection string value. | string |
| name | Name of connection string. | string |
| type | Type of database. | 'ApiHub' 'Custom' 'DocDb' 'EventHub' 'MySql' 'NotificationHub' 'PostgreSQL' 'RedisCache' 'ServiceBus' 'SQLAzure' 'SQLServer' |
CorsSettings
| Name | Description | Value |
|---|---|---|
| allowedOrigins | Gets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all. |
string[] |
| supportCredentials | Gets or sets whether CORS requests with credentials are allowed. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials for more details. |
bool |
DaprConfig
| Name | Description | Value |
|---|---|---|
| appId | Dapr application identifier | string |
| appPort | Tells Dapr which port your application is listening on | int |
| enableApiLogging | Enables API logging for the Dapr sidecar | bool |
| enabled | Boolean indicating if the Dapr side car is enabled | bool |
| httpMaxRequestSize | Increasing max size of request body http servers parameter in MB to handle uploading of big files. Default is 4 MB. | int |
| httpReadBufferSize | Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. | int |
| logLevel | Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. | 'debug' 'error' 'info' 'warn' |
Experiments
| Name | Description | Value |
|---|---|---|
| rampUpRules | List of ramp-up rules. | RampUpRule[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | Name of extended location. | string |
FunctionAppConfig
| Name | Description | Value |
|---|---|---|
| deployment | Function app deployment configuration. | FunctionsDeployment |
| runtime | Function app runtime settings. | FunctionsRuntime |
| scaleAndConcurrency | Function app scale and concurrency settings. | FunctionsScaleAndConcurrency |
FunctionsAlwaysReadyConfig
| Name | Description | Value |
|---|---|---|
| instanceCount | Sets the number of 'Always Ready' instances for a given function group or a specific function. For additional information see https://aka.ms/flexconsumption/alwaysready. | int |
| name | Either a function group or a function name is required. For additional information see https://aka.ms/flexconsumption/alwaysready. | string |
FunctionsDeployment
| Name | Description | Value |
|---|---|---|
| storage | Storage for deployed package used by the function app. | FunctionsDeploymentStorage |
FunctionsDeploymentStorage
| Name | Description | Value |
|---|---|---|
| authentication | Authentication method to access the storage account for deployment. | FunctionsDeploymentStorageAuthentication |
| type | Property to select Azure Storage type. Available options: blobContainer. | 'blobContainer' |
| value | Property to set the URL for the selected Azure Storage type. Example: For blobContainer, the value could be https://<storageAccountName>.blob.core.windows.net/<containerName>. | string |
FunctionsDeploymentStorageAuthentication
| Name | Description | Value |
|---|---|---|
| storageAccountConnectionStringName | Use this property for StorageAccountConnectionString. Set the name of the app setting that has the storage account connection string. Do not set a value for this property when using other authentication type. | string |
| type | Property to select authentication type to access the selected storage account. Available options: SystemAssignedIdentity, UserAssignedIdentity, StorageAccountConnectionString. | 'StorageAccountConnectionString' 'SystemAssignedIdentity' 'UserAssignedIdentity' |
| userAssignedIdentityResourceId | Use this property for UserAssignedIdentity. Set the resource ID of the identity. Do not set a value for this property when using other authentication type. | string |
FunctionsRuntime
| Name | Description | Value |
|---|---|---|
| name | Function app runtime name. Available options: dotnet-isolated, node, java, powershell, python, custom | 'custom' 'dotnet-isolated' 'java' 'node' 'powershell' 'python' |
| version | Function app runtime version. Example: 8 (for dotnet-isolated) | string |
FunctionsScaleAndConcurrency
| Name | Description | Value |
|---|---|---|
| alwaysReady | 'Always Ready' configuration for the function app. | FunctionsAlwaysReadyConfig[] |
| instanceMemoryMB | Set the amount of memory allocated to each instance of the function app in MB. CPU and network bandwidth are allocated proportionally. | int |
| maximumInstanceCount | The maximum number of instances for the function app. | int |
| triggers | Scale and concurrency settings for the function app triggers. | FunctionsScaleAndConcurrencyTriggers |
FunctionsScaleAndConcurrencyTriggers
| Name | Description | Value |
|---|---|---|
| http | Scale and concurrency settings for the HTTP trigger. | FunctionsScaleAndConcurrencyTriggersHttp |
FunctionsScaleAndConcurrencyTriggersHttp
| Name | Description | Value |
|---|---|---|
| perInstanceConcurrency | The maximum number of concurrent HTTP trigger invocations per instance. | int |
HandlerMapping
| Name | Description | Value |
|---|---|---|
| arguments | Command-line arguments to be passed to the script processor. | string |
| extension | Requests with this extension will be handled using the specified FastCGI application. | string |
| scriptProcessor | The absolute path to the FastCGI application. | string |
HostingEnvironmentProfile
| Name | Description | Value |
|---|---|---|
| id | Resource ID of the App Service Environment. | string |
HostNameSslState
| Name | Description | Value |
|---|---|---|
| hostType | Indicates whether the hostname is a standard or repository hostname. | 'Repository' 'Standard' |
| name | Hostname. | string |
| sslState | SSL type. | 'Disabled' 'IpBasedEnabled' 'SniEnabled' |
| thumbprint | SSL certificate thumbprint. | string |
| toUpdate | Set to <code>true</code> to update existing hostname. | bool |
| virtualIP | Virtual IP address assigned to the hostname if IP based SSL is enabled. | string |
IpSecurityRestriction
| Name | Description | Value |
|---|---|---|
| action | Allow or Deny access for this IP range. | string |
| description | IP restriction rule description. | string |
| headers | IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is .. - If the property is null or empty (default), all hosts(or lack of) are allowed. - A value is compared using ordinal-ignore-case (excluding port number). - Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com - Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is .. - If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed. - If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match. |
IpSecurityRestrictionHeaders |
| ipAddress | IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified. |
string |
| name | IP restriction rule name. | string |
| priority | Priority of IP restriction rule. | int |
| subnetMask | Subnet mask for the range of IP addresses the restriction is valid for. | string |
| subnetTrafficTag | (internal) Subnet traffic tag | int |
| tag | Defines what this IP filter will be used for. This is to support IP filtering on proxies. | 'Default' 'ServiceTag' 'XffProxy' |
| vnetSubnetResourceId | Virtual network resource id | string |
| vnetTrafficTag | (internal) Vnet traffic tag | int |
IpSecurityRestrictionHeaders
| Name | Description | Value |
|---|
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user assigned identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName} | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
Microsoft.Web/sites/slots
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-04-01' |
| extendedLocation | Extended Location. | ExtendedLocation |
| identity | Managed service identity. | ManagedServiceIdentity |
| kind | Kind of resource. If the resource is an app, you can refer to https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md#app-service-resource-kind-reference for details supported values for kind. | string |
| location | Resource Location. | string (required) |
| name | The resource name | string (required) |
| properties | Site resource specific properties | SiteProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Web/sites/slots' |
NameValuePair
| Name | Description | Value |
|---|---|---|
| name | Pair name. | string |
| value | Pair value. | string |
PushSettings
| Name | Description | Value |
|---|---|---|
| kind | Kind of resource. | string |
| properties | PushSettings resource specific properties | PushSettingsProperties |
PushSettingsProperties
| Name | Description | Value |
|---|---|---|
| dynamicTagsJson | Gets or sets a JSON string containing a list of dynamic tags that will be evaluated from user claims in the push registration endpoint. | string |
| isPushEnabled | Gets or sets a flag indicating whether the Push endpoint is enabled. | bool (required) |
| tagsRequiringAuth | Gets or sets a JSON string containing a list of tags that require user authentication to be used in the push registration endpoint. Tags can consist of alphanumeric characters and the following: '_', '@', '#', '.', ':', '-'. Validation should be performed at the PushRequestHandler. |
string |
| tagWhitelistJson | Gets or sets a JSON string containing a list of tags that are whitelisted for use by the push registration endpoint. | string |
RampUpRule
| Name | Description | Value |
|---|---|---|
| actionHostName | Hostname of a slot to which the traffic will be redirected if decided to. E.g. myapp-stage.azurewebsites.net. | string |
| changeDecisionCallbackUrl | Custom decision algorithm can be provided in TiPCallback site extension which URL can be specified. See TiPCallback site extension for the scaffold and contracts. https://www.siteextensions.net/packages/TiPCallback/ |
string |
| changeIntervalInMinutes | Specifies interval in minutes to reevaluate ReroutePercentage. | int |
| changeStep | In auto ramp up scenario this is the step to add/remove from <code>ReroutePercentage</code> until it reaches \n<code>MinReroutePercentage</code> or <code>MaxReroutePercentage</code>. Site metrics are checked every N minutes specified in <code>ChangeIntervalInMinutes</code>.\nCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified in <code>ChangeDecisionCallbackUrl</code>. |
int |
| maxReroutePercentage | Specifies upper boundary below which ReroutePercentage will stay. | int |
| minReroutePercentage | Specifies lower boundary above which ReroutePercentage will stay. | int |
| name | Name of the routing rule. The recommended name would be to point to the slot which will receive the traffic in the experiment. | string |
| reroutePercentage | Percentage of the traffic which will be redirected to <code>ActionHostName</code>. | int |
RequestsBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| timeInterval | Time interval. | string |
ResourceConfig
| Name | Description | Value |
|---|---|---|
| cpu | Required CPU in cores, e.g. 0.5 | int |
| memory | Required memory, e.g. "1Gi" | string |
ResourceTags
| Name | Description | Value |
|---|
SiteConfig
| Name | Description | Value |
|---|---|---|
| acrUseManagedIdentityCreds | Flag to use Managed Identity Creds for ACR pull | bool |
| acrUserManagedIdentityID | If using user managed identity, the user managed identity ClientId | string |
| alwaysOn | <code>true</code> if Always On is enabled; otherwise, <code>false</code>. | bool |
| apiDefinition | Information about the formal API definition for the app. | ApiDefinitionInfo |
| apiManagementConfig | Azure API management settings linked to the app. | ApiManagementConfig |
| appCommandLine | App command line to launch. | string |
| appSettings | Application settings. | NameValuePair[] |
| autoHealEnabled | <code>true</code> if Auto Heal is enabled; otherwise, <code>false</code>. | bool |
| autoHealRules | Auto Heal rules. | AutoHealRules |
| autoSwapSlotName | Auto-swap slot name. | string |
| azureStorageAccounts | List of Azure Storage Accounts. | SiteConfigAzureStorageAccounts |
| connectionStrings | Connection strings. | ConnStringInfo[] |
| cors | Cross-Origin Resource Sharing (CORS) settings. | CorsSettings |
| defaultDocuments | Default documents. | string[] |
| detailedErrorLoggingEnabled | <code>true</code> if detailed error logging is enabled; otherwise, <code>false</code>. | bool |
| documentRoot | Document root. | string |
| elasticWebAppScaleLimit | Maximum number of workers that a site can scale out to. This setting only applies to apps in plans where ElasticScaleEnabled is <code>true</code> |
int Constraints: Min value = 0 |
| experiments | This is work around for polymorphic types. | Experiments |
| ftpsState | State of FTP / FTPS service | 'AllAllowed' 'Disabled' 'FtpsOnly' |
| functionAppScaleLimit | Maximum number of workers that a site can scale out to. This setting only applies to the Consumption and Elastic Premium Plans |
int Constraints: Min value = 0 |
| functionsRuntimeScaleMonitoringEnabled | Gets or sets a value indicating whether functions runtime scale monitoring is enabled. When enabled, the ScaleController will not monitor event sources directly, but will instead call to the runtime to get scale status. |
bool |
| handlerMappings | Handler mappings. | HandlerMapping[] |
| healthCheckPath | Health check path | string |
| http20Enabled | Http20Enabled: configures a web site to allow clients to connect over http2.0 | bool |
| httpLoggingEnabled | <code>true</code> if HTTP logging is enabled; otherwise, <code>false</code>. | bool |
| ipSecurityRestrictions | IP security restrictions for main. | IpSecurityRestriction[] |
| ipSecurityRestrictionsDefaultAction | Default action for main access restriction if no rules are matched. | 'Allow' 'Deny' |
| javaContainer | Java container. | string |
| javaContainerVersion | Java container version. | string |
| javaVersion | Java version. | string |
| keyVaultReferenceIdentity | Identity to use for Key Vault Reference authentication. | string |
| limits | Site limits. | SiteLimits |
| linuxFxVersion | Linux App Framework and version | string |
| loadBalancing | Site load balancing. | 'LeastRequests' 'LeastRequestsWithTieBreaker' 'LeastResponseTime' 'PerSiteRoundRobin' 'RequestHash' 'WeightedRoundRobin' 'WeightedTotalTraffic' |
| localMySqlEnabled | <code>true</code> to enable local MySQL; otherwise, <code>false</code>. | bool |
| logsDirectorySizeLimit | HTTP logs directory size limit. | int |
| managedPipelineMode | Managed pipeline mode. | 'Classic' 'Integrated' |
| managedServiceIdentityId | Managed Service Identity Id | int |
| metadata | Application metadata. This property cannot be retrieved, since it may contain secrets. | NameValuePair[] |
| minimumElasticInstanceCount | Number of minimum instance count for a site This setting only applies to the Elastic Plans |
int Constraints: Min value = 0 Max value = 20 |
| minTlsCipherSuite | The minimum strength TLS cipher suite allowed for an application | 'TLS_AES_128_GCM_SHA256' 'TLS_AES_256_GCM_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_RSA_WITH_AES_128_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA256' 'TLS_RSA_WITH_AES_128_GCM_SHA256' 'TLS_RSA_WITH_AES_256_CBC_SHA' 'TLS_RSA_WITH_AES_256_CBC_SHA256' 'TLS_RSA_WITH_AES_256_GCM_SHA384' |
| minTlsVersion | MinTlsVersion: configures the minimum version of TLS required for SSL requests | '1.0' '1.1' '1.2' '1.3' |
| netFrameworkVersion | .NET Framework version. | string |
| nodeVersion | Version of Node.js. | string |
| numberOfWorkers | Number of workers. | int |
| phpVersion | Version of PHP. | string |
| powerShellVersion | Version of PowerShell. | string |
| preWarmedInstanceCount | Number of preWarmed instances. This setting only applies to the Consumption and Elastic Plans |
int Constraints: Min value = 0 Max value = 10 |
| publicNetworkAccess | Property to allow or block all public traffic. | string |
| publishingUsername | Publishing user name. | string |
| push | Push endpoint settings. | PushSettings |
| pythonVersion | Version of Python. | string |
| remoteDebuggingEnabled | <code>true</code> if remote debugging is enabled; otherwise, <code>false</code>. | bool |
| remoteDebuggingVersion | Remote debugging version. | string |
| requestTracingEnabled | <code>true</code> if request tracing is enabled; otherwise, <code>false</code>. | bool |
| requestTracingExpirationTime | Request tracing expiration time. | string |
| scmIpSecurityRestrictions | IP security restrictions for scm. | IpSecurityRestriction[] |
| scmIpSecurityRestrictionsDefaultAction | Default action for scm access restriction if no rules are matched. | 'Allow' 'Deny' |
| scmIpSecurityRestrictionsUseMain | IP security restrictions for scm to use main. | bool |
| scmMinTlsVersion | ScmMinTlsVersion: configures the minimum version of TLS required for SSL requests for SCM site | '1.0' '1.1' '1.2' '1.3' |
| scmType | SCM type. | 'BitbucketGit' 'BitbucketHg' 'CodePlexGit' 'CodePlexHg' 'Dropbox' 'ExternalGit' 'ExternalHg' 'GitHub' 'LocalGit' 'None' 'OneDrive' 'Tfs' 'VSO' 'VSTSRM' |
| tracingOptions | Tracing options. | string |
| use32BitWorkerProcess | <code>true</code> to use 32-bit worker process; otherwise, <code>false</code>. | bool |
| virtualApplications | Virtual applications. | VirtualApplication[] |
| vnetName | Virtual Network name. | string |
| vnetPrivatePortsCount | The number of private ports assigned to this app. These will be assigned dynamically on runtime. | int |
| vnetRouteAllEnabled | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | bool |
| websiteTimeZone | Sets the time zone a site uses for generating timestamps. Compatible with Linux and Windows App Service. Setting the WEBSITE_TIME_ZONE app setting takes precedence over this config. For Linux, expects tz database values https://www.iana.org/time-zones (for a quick reference see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). For Windows, expects one of the time zones listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones | string |
| webSocketsEnabled | <code>true</code> if WebSocket is enabled; otherwise, <code>false</code>. | bool |
| windowsFxVersion | Xenon App Framework and version | string |
| xManagedServiceIdentityId | Explicit Managed Service Identity Id | int |
SiteConfigAzureStorageAccounts
| Name | Description | Value |
|---|
SiteDnsConfig
| Name | Description | Value |
|---|---|---|
| dnsAltServer | Alternate DNS server to be used by apps. This property replicates the WEBSITE_DNS_ALT_SERVER app setting. | string |
| dnsMaxCacheTimeout | Custom time for DNS to be cached in seconds. Allowed range: 0-60. Default is 30 seconds. 0 means caching disabled. | int |
| dnsRetryAttemptCount | Total number of retries for dns lookup. Allowed range: 1-5. Default is 3. | int |
| dnsRetryAttemptTimeout | Timeout for a single dns lookup in seconds. Allowed range: 1-30. Default is 3. | int |
| dnsServers | List of custom DNS servers to be used by an app for lookups. Maximum 5 dns servers can be set. | string[] |
SiteLimits
| Name | Description | Value |
|---|---|---|
| maxDiskSizeInMb | Maximum allowed disk size usage in MB. | int |
| maxMemoryInMb | Maximum allowed memory usage in MB. | int |
| maxPercentageCpu | Maximum allowed CPU usage percentage. | int |
SiteProperties
| Name | Description | Value |
|---|---|---|
| autoGeneratedDomainNameLabelScope | Specifies the scope of uniqueness for the default hostname during resource creation | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| clientAffinityEnabled | <code>true</code> to enable client affinity; <code>false</code> to stop sending session affinity cookies, which route client requests in the same session to the same instance. Default is <code>true</code>. | bool |
| clientCertEnabled | <code>true</code> to enable client certificate authentication (TLS mutual authentication); otherwise, <code>false</code>. Default is <code>false</code>. | bool |
| clientCertExclusionPaths | client certificate authentication comma-separated exclusion paths | string |
| clientCertMode | This composes with ClientCertEnabled setting. - ClientCertEnabled: false means ClientCert is ignored. - ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required. - ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. |
'Optional' 'OptionalInteractiveUser' 'Required' |
| cloningInfo | If specified during app creation, the app is cloned from a source app. | CloningInfo |
| containerSize | Size of the function container. | int |
| customDomainVerificationId | Unique identifier that verifies the custom domains assigned to the app. Customer will add this id to a txt record for verification. | string |
| dailyMemoryTimeQuota | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | int |
| daprConfig | Dapr configuration of the app. | DaprConfig |
| dnsConfiguration | Property to configure various DNS related settings for a site. | SiteDnsConfig |
| enabled | <code>true</code> if the app is enabled; otherwise, <code>false</code>. Setting this value to false disables the app (takes the app offline). | bool |
| endToEndEncryptionEnabled | Whether to use end to end encryption between the FrontEnd and the Worker | bool |
| functionAppConfig | Configuration specific of the Azure Function app. | FunctionAppConfig |
| hostingEnvironmentProfile | App Service Environment to use for the app. | HostingEnvironmentProfile |
| hostNamesDisabled | <code>true</code> to disable the public hostnames of the app; otherwise, <code>false</code>. If <code>true</code>, the app is only accessible via API management process. |
bool |
| hostNameSslStates | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | HostNameSslState[] |
| httpsOnly | HttpsOnly: configures a web site to accept only https requests. Issues redirect for http requests |
bool |
| hyperV | Hyper-V sandbox. | bool |
| ipMode | Specifies the IP mode of the app. | 'IPv4' 'IPv4AndIPv6' 'IPv6' |
| isXenon | Obsolete: Hyper-V sandbox. | bool |
| keyVaultReferenceIdentity | Identity to use for Key Vault Reference authentication. | string |
| managedEnvironmentId | Azure Resource Manager ID of the customer's selected Managed Environment on which to host this app. This must be of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.App/managedEnvironments/{managedEnvironmentName} | string |
| publicNetworkAccess | Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled' or an empty string. | string |
| redundancyMode | Site redundancy mode | 'ActiveActive' 'Failover' 'GeoRedundant' 'Manual' 'None' |
| reserved | <code>true</code> if reserved; otherwise, <code>false</code>. | bool |
| resourceConfig | Function app resource requirements. | ResourceConfig |
| scmSiteAlsoStopped | <code>true</code> to stop SCM (KUDU) site when the app is stopped; otherwise, <code>false</code>. The default is <code>false</code>. | bool |
| serverFarmId | Resource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}". | string |
| siteConfig | Configuration of the app. | SiteConfig |
| storageAccountRequired | Checks if Customer provided storage account is required | bool |
| virtualNetworkSubnetId | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} |
string |
| vnetBackupRestoreEnabled | To enable Backup and Restore operations over virtual network | bool |
| vnetContentShareEnabled | To enable accessing content over virtual network | bool |
| vnetImagePullEnabled | To enable pulling image over Virtual Network | bool |
| vnetRouteAllEnabled | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | bool |
| workloadProfileName | Workload profile name for function app to execute on. | string |
SlowRequestsBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | Request Path. | string |
| timeInterval | Time interval. | string |
| timeTaken | Time taken. | string |
StatusCodesBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | Request Path | string |
| status | HTTP status code. | int |
| subStatus | Request Sub Status. | int |
| timeInterval | Time interval. | string |
| win32Status | Win32 error code. | int |
StatusCodesRangeBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | string | |
| statusCodes | HTTP status code. | string |
| timeInterval | Time interval. | string |
UserAssignedIdentity
| Name | Description | Value |
|---|
VirtualApplication
| Name | Description | Value |
|---|---|---|
| physicalPath | Physical path. | string |
| preloadEnabled | <code>true</code> if preloading is enabled; otherwise, <code>false</code>. | bool |
| virtualDirectories | Virtual directories for virtual application. | VirtualDirectory[] |
| virtualPath | Virtual path. | string |
VirtualDirectory
| Name | Description | Value |
|---|---|---|
| physicalPath | Physical path. | string |
| virtualPath | Path to virtual application. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Azure Function App with a Deployment Slot |
This template provisions a function app on a Premium plan with production slot and an additional deployment slot. |
| Highly Available Multi-region Web App |
This template allows you to create a secure, highly available, multi-region end to end solution with two web apps in different regions behind Azure Front Door |
| Provision Consumption plan function with a Deployment Slot |
This template provisions a function app on a Consumption plan, which is a dynamic hosting plan. The app runs on demand and you're billed per execution, with no standing resource committment. There are other templates available for provisioning on a dedicated hosting plan. |
| Secure N-tier Web App |
This template allows you to create a secure end to end solution with two web apps with staging slots, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint |
| Web App with custom Deployment slots |
This template provides an easy way to deploy a web app with custom deployment slots on Azure Web Apps. |
Terraform (AzAPI provider) resource definition
The sites/slots resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Web/sites/slots resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Web/sites/slots@2024-04-01"
name = "string"
extendedLocation = {
name = "string"
}
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
kind = "string"
location = "string"
body = jsonencode({
properties = {
autoGeneratedDomainNameLabelScope = "string"
clientAffinityEnabled = bool
clientCertEnabled = bool
clientCertExclusionPaths = "string"
clientCertMode = "string"
cloningInfo = {
appSettingsOverrides = {
{customized property} = "string"
}
cloneCustomHostNames = bool
cloneSourceControl = bool
configureLoadBalancing = bool
correlationId = "string"
hostingEnvironment = "string"
overwrite = bool
sourceWebAppId = "string"
sourceWebAppLocation = "string"
trafficManagerProfileId = "string"
trafficManagerProfileName = "string"
}
containerSize = int
customDomainVerificationId = "string"
dailyMemoryTimeQuota = int
daprConfig = {
appId = "string"
appPort = int
enableApiLogging = bool
enabled = bool
httpMaxRequestSize = int
httpReadBufferSize = int
logLevel = "string"
}
dnsConfiguration = {
dnsAltServer = "string"
dnsMaxCacheTimeout = int
dnsRetryAttemptCount = int
dnsRetryAttemptTimeout = int
dnsServers = [
"string"
]
}
enabled = bool
endToEndEncryptionEnabled = bool
functionAppConfig = {
deployment = {
storage = {
authentication = {
storageAccountConnectionStringName = "string"
type = "string"
userAssignedIdentityResourceId = "string"
}
type = "string"
value = "string"
}
}
runtime = {
name = "string"
version = "string"
}
scaleAndConcurrency = {
alwaysReady = [
{
instanceCount = int
name = "string"
}
]
instanceMemoryMB = int
maximumInstanceCount = int
triggers = {
http = {
perInstanceConcurrency = int
}
}
}
}
hostingEnvironmentProfile = {
id = "string"
}
hostNamesDisabled = bool
hostNameSslStates = [
{
hostType = "string"
name = "string"
sslState = "string"
thumbprint = "string"
toUpdate = bool
virtualIP = "string"
}
]
httpsOnly = bool
hyperV = bool
ipMode = "string"
isXenon = bool
keyVaultReferenceIdentity = "string"
managedEnvironmentId = "string"
publicNetworkAccess = "string"
redundancyMode = "string"
reserved = bool
resourceConfig = {
cpu = int
memory = "string"
}
scmSiteAlsoStopped = bool
serverFarmId = "string"
siteConfig = {
acrUseManagedIdentityCreds = bool
acrUserManagedIdentityID = "string"
alwaysOn = bool
apiDefinition = {
url = "string"
}
apiManagementConfig = {
id = "string"
}
appCommandLine = "string"
appSettings = [
{
name = "string"
value = "string"
}
]
autoHealEnabled = bool
autoHealRules = {
actions = {
actionType = "string"
customAction = {
exe = "string"
parameters = "string"
}
minProcessExecutionTime = "string"
}
triggers = {
privateBytesInKB = int
requests = {
count = int
timeInterval = "string"
}
slowRequests = {
count = int
path = "string"
timeInterval = "string"
timeTaken = "string"
}
slowRequestsWithPath = [
{
count = int
path = "string"
timeInterval = "string"
timeTaken = "string"
}
]
statusCodes = [
{
count = int
path = "string"
status = int
subStatus = int
timeInterval = "string"
win32Status = int
}
]
statusCodesRange = [
{
count = int
path = "string"
statusCodes = "string"
timeInterval = "string"
}
]
}
}
autoSwapSlotName = "string"
azureStorageAccounts = {
{customized property} = {
accessKey = "string"
accountName = "string"
mountPath = "string"
protocol = "string"
shareName = "string"
type = "string"
}
}
connectionStrings = [
{
connectionString = "string"
name = "string"
type = "string"
}
]
cors = {
allowedOrigins = [
"string"
]
supportCredentials = bool
}
defaultDocuments = [
"string"
]
detailedErrorLoggingEnabled = bool
documentRoot = "string"
elasticWebAppScaleLimit = int
experiments = {
rampUpRules = [
{
actionHostName = "string"
changeDecisionCallbackUrl = "string"
changeIntervalInMinutes = int
changeStep = int
maxReroutePercentage = int
minReroutePercentage = int
name = "string"
reroutePercentage = int
}
]
}
ftpsState = "string"
functionAppScaleLimit = int
functionsRuntimeScaleMonitoringEnabled = bool
handlerMappings = [
{
arguments = "string"
extension = "string"
scriptProcessor = "string"
}
]
healthCheckPath = "string"
http20Enabled = bool
httpLoggingEnabled = bool
ipSecurityRestrictions = [
{
action = "string"
description = "string"
headers = {
{customized property} = [
"string"
]
}
ipAddress = "string"
name = "string"
priority = int
subnetMask = "string"
subnetTrafficTag = int
tag = "string"
vnetSubnetResourceId = "string"
vnetTrafficTag = int
}
]
ipSecurityRestrictionsDefaultAction = "string"
javaContainer = "string"
javaContainerVersion = "string"
javaVersion = "string"
keyVaultReferenceIdentity = "string"
limits = {
maxDiskSizeInMb = int
maxMemoryInMb = int
maxPercentageCpu = int
}
linuxFxVersion = "string"
loadBalancing = "string"
localMySqlEnabled = bool
logsDirectorySizeLimit = int
managedPipelineMode = "string"
managedServiceIdentityId = int
metadata = [
{
name = "string"
value = "string"
}
]
minimumElasticInstanceCount = int
minTlsCipherSuite = "string"
minTlsVersion = "string"
netFrameworkVersion = "string"
nodeVersion = "string"
numberOfWorkers = int
phpVersion = "string"
powerShellVersion = "string"
preWarmedInstanceCount = int
publicNetworkAccess = "string"
publishingUsername = "string"
push = {
kind = "string"
properties = {
dynamicTagsJson = "string"
isPushEnabled = bool
tagsRequiringAuth = "string"
tagWhitelistJson = "string"
}
}
pythonVersion = "string"
remoteDebuggingEnabled = bool
remoteDebuggingVersion = "string"
requestTracingEnabled = bool
requestTracingExpirationTime = "string"
scmIpSecurityRestrictions = [
{
action = "string"
description = "string"
headers = {
{customized property} = [
"string"
]
}
ipAddress = "string"
name = "string"
priority = int
subnetMask = "string"
subnetTrafficTag = int
tag = "string"
vnetSubnetResourceId = "string"
vnetTrafficTag = int
}
]
scmIpSecurityRestrictionsDefaultAction = "string"
scmIpSecurityRestrictionsUseMain = bool
scmMinTlsVersion = "string"
scmType = "string"
tracingOptions = "string"
use32BitWorkerProcess = bool
virtualApplications = [
{
physicalPath = "string"
preloadEnabled = bool
virtualDirectories = [
{
physicalPath = "string"
virtualPath = "string"
}
]
virtualPath = "string"
}
]
vnetName = "string"
vnetPrivatePortsCount = int
vnetRouteAllEnabled = bool
websiteTimeZone = "string"
webSocketsEnabled = bool
windowsFxVersion = "string"
xManagedServiceIdentityId = int
}
storageAccountRequired = bool
virtualNetworkSubnetId = "string"
vnetBackupRestoreEnabled = bool
vnetContentShareEnabled = bool
vnetImagePullEnabled = bool
vnetRouteAllEnabled = bool
workloadProfileName = "string"
}
})
tags = {
{customized property} = "string"
}
}
Property values
ApiDefinitionInfo
| Name | Description | Value |
|---|---|---|
| url | The URL of the API definition. | string |
ApiManagementConfig
| Name | Description | Value |
|---|---|---|
| id | APIM-Api Identifier. | string |
AutoHealActions
| Name | Description | Value |
|---|---|---|
| actionType | Predefined action to be taken. | 'CustomAction' 'LogEvent' 'Recycle' |
| customAction | Custom action to be taken. | AutoHealCustomAction |
| minProcessExecutionTime | Minimum time the process must execute before taking the action |
string |
AutoHealCustomAction
| Name | Description | Value |
|---|---|---|
| exe | Executable to be run. | string |
| parameters | Parameters for the executable. | string |
AutoHealRules
| Name | Description | Value |
|---|---|---|
| actions | Actions to be executed when a rule is triggered. | AutoHealActions |
| triggers | Conditions that describe when to execute the auto-heal actions. | AutoHealTriggers |
AutoHealTriggers
| Name | Description | Value |
|---|---|---|
| privateBytesInKB | A rule based on private bytes. | int |
| requests | A rule based on total requests. | RequestsBasedTrigger |
| slowRequests | A rule based on request execution time. | SlowRequestsBasedTrigger |
| slowRequestsWithPath | A rule based on multiple Slow Requests Rule with path | SlowRequestsBasedTrigger[] |
| statusCodes | A rule based on status codes. | StatusCodesBasedTrigger[] |
| statusCodesRange | A rule based on status codes ranges. | StatusCodesRangeBasedTrigger[] |
AzureStorageInfoValue
| Name | Description | Value |
|---|---|---|
| accessKey | Access key for the storage account. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| accountName | Name of the storage account. | string |
| mountPath | Path to mount the storage within the site's runtime environment. | string |
| protocol | Mounting protocol to use for the storage account. | 'Http' 'Nfs' 'Smb' |
| shareName | Name of the file share (container name, for Blob storage). | string |
| type | Type of storage. | 'AzureBlob' 'AzureFiles' |
CloningInfo
| Name | Description | Value |
|---|---|---|
| appSettingsOverrides | Application setting overrides for cloned app. If specified, these settings override the settings cloned from source app. Otherwise, application settings from source app are retained. |
CloningInfoAppSettingsOverrides |
| cloneCustomHostNames | <code>true</code> to clone custom hostnames from source app; otherwise, <code>false</code>. | bool |
| cloneSourceControl | <code>true</code> to clone source control from source app; otherwise, <code>false</code>. | bool |
| configureLoadBalancing | <code>true</code> to configure load balancing for source and destination app. | bool |
| correlationId | Correlation ID of cloning operation. This ID ties multiple cloning operations together to use the same snapshot. |
string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
| hostingEnvironment | App Service Environment. | string |
| overwrite | <code>true</code> to overwrite destination app; otherwise, <code>false</code>. | bool |
| sourceWebAppId | ARM resource ID of the source app. App resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName} for production slots and /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/slots/{slotName} for other slots. |
string (required) |
| sourceWebAppLocation | Location of source app ex: West US or North Europe | string |
| trafficManagerProfileId | ARM resource ID of the Traffic Manager profile to use, if it exists. Traffic Manager resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/trafficManagerProfiles/{profileName}. |
string |
| trafficManagerProfileName | Name of Traffic Manager profile to create. This is only needed if Traffic Manager profile does not already exist. | string |
CloningInfoAppSettingsOverrides
| Name | Description | Value |
|---|
ConnStringInfo
| Name | Description | Value |
|---|---|---|
| connectionString | Connection string value. | string |
| name | Name of connection string. | string |
| type | Type of database. | 'ApiHub' 'Custom' 'DocDb' 'EventHub' 'MySql' 'NotificationHub' 'PostgreSQL' 'RedisCache' 'ServiceBus' 'SQLAzure' 'SQLServer' |
CorsSettings
| Name | Description | Value |
|---|---|---|
| allowedOrigins | Gets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all. |
string[] |
| supportCredentials | Gets or sets whether CORS requests with credentials are allowed. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials for more details. |
bool |
DaprConfig
| Name | Description | Value |
|---|---|---|
| appId | Dapr application identifier | string |
| appPort | Tells Dapr which port your application is listening on | int |
| enableApiLogging | Enables API logging for the Dapr sidecar | bool |
| enabled | Boolean indicating if the Dapr side car is enabled | bool |
| httpMaxRequestSize | Increasing max size of request body http servers parameter in MB to handle uploading of big files. Default is 4 MB. | int |
| httpReadBufferSize | Dapr max size of http header read buffer in KB to handle when sending multi-KB headers. Default is 65KB. | int |
| logLevel | Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info. | 'debug' 'error' 'info' 'warn' |
Experiments
| Name | Description | Value |
|---|---|---|
| rampUpRules | List of ramp-up rules. | RampUpRule[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | Name of extended location. | string |
FunctionAppConfig
| Name | Description | Value |
|---|---|---|
| deployment | Function app deployment configuration. | FunctionsDeployment |
| runtime | Function app runtime settings. | FunctionsRuntime |
| scaleAndConcurrency | Function app scale and concurrency settings. | FunctionsScaleAndConcurrency |
FunctionsAlwaysReadyConfig
| Name | Description | Value |
|---|---|---|
| instanceCount | Sets the number of 'Always Ready' instances for a given function group or a specific function. For additional information see https://aka.ms/flexconsumption/alwaysready. | int |
| name | Either a function group or a function name is required. For additional information see https://aka.ms/flexconsumption/alwaysready. | string |
FunctionsDeployment
| Name | Description | Value |
|---|---|---|
| storage | Storage for deployed package used by the function app. | FunctionsDeploymentStorage |
FunctionsDeploymentStorage
| Name | Description | Value |
|---|---|---|
| authentication | Authentication method to access the storage account for deployment. | FunctionsDeploymentStorageAuthentication |
| type | Property to select Azure Storage type. Available options: blobContainer. | 'blobContainer' |
| value | Property to set the URL for the selected Azure Storage type. Example: For blobContainer, the value could be https://<storageAccountName>.blob.core.windows.net/<containerName>. | string |
FunctionsDeploymentStorageAuthentication
| Name | Description | Value |
|---|---|---|
| storageAccountConnectionStringName | Use this property for StorageAccountConnectionString. Set the name of the app setting that has the storage account connection string. Do not set a value for this property when using other authentication type. | string |
| type | Property to select authentication type to access the selected storage account. Available options: SystemAssignedIdentity, UserAssignedIdentity, StorageAccountConnectionString. | 'StorageAccountConnectionString' 'SystemAssignedIdentity' 'UserAssignedIdentity' |
| userAssignedIdentityResourceId | Use this property for UserAssignedIdentity. Set the resource ID of the identity. Do not set a value for this property when using other authentication type. | string |
FunctionsRuntime
| Name | Description | Value |
|---|---|---|
| name | Function app runtime name. Available options: dotnet-isolated, node, java, powershell, python, custom | 'custom' 'dotnet-isolated' 'java' 'node' 'powershell' 'python' |
| version | Function app runtime version. Example: 8 (for dotnet-isolated) | string |
FunctionsScaleAndConcurrency
| Name | Description | Value |
|---|---|---|
| alwaysReady | 'Always Ready' configuration for the function app. | FunctionsAlwaysReadyConfig[] |
| instanceMemoryMB | Set the amount of memory allocated to each instance of the function app in MB. CPU and network bandwidth are allocated proportionally. | int |
| maximumInstanceCount | The maximum number of instances for the function app. | int |
| triggers | Scale and concurrency settings for the function app triggers. | FunctionsScaleAndConcurrencyTriggers |
FunctionsScaleAndConcurrencyTriggers
| Name | Description | Value |
|---|---|---|
| http | Scale and concurrency settings for the HTTP trigger. | FunctionsScaleAndConcurrencyTriggersHttp |
FunctionsScaleAndConcurrencyTriggersHttp
| Name | Description | Value |
|---|---|---|
| perInstanceConcurrency | The maximum number of concurrent HTTP trigger invocations per instance. | int |
HandlerMapping
| Name | Description | Value |
|---|---|---|
| arguments | Command-line arguments to be passed to the script processor. | string |
| extension | Requests with this extension will be handled using the specified FastCGI application. | string |
| scriptProcessor | The absolute path to the FastCGI application. | string |
HostingEnvironmentProfile
| Name | Description | Value |
|---|---|---|
| id | Resource ID of the App Service Environment. | string |
HostNameSslState
| Name | Description | Value |
|---|---|---|
| hostType | Indicates whether the hostname is a standard or repository hostname. | 'Repository' 'Standard' |
| name | Hostname. | string |
| sslState | SSL type. | 'Disabled' 'IpBasedEnabled' 'SniEnabled' |
| thumbprint | SSL certificate thumbprint. | string |
| toUpdate | Set to <code>true</code> to update existing hostname. | bool |
| virtualIP | Virtual IP address assigned to the hostname if IP based SSL is enabled. | string |
IpSecurityRestriction
| Name | Description | Value |
|---|---|---|
| action | Allow or Deny access for this IP range. | string |
| description | IP restriction rule description. | string |
| headers | IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is .. - If the property is null or empty (default), all hosts(or lack of) are allowed. - A value is compared using ordinal-ignore-case (excluding port number). - Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com - Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is .. - If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed. - If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match. |
IpSecurityRestrictionHeaders |
| ipAddress | IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified. |
string |
| name | IP restriction rule name. | string |
| priority | Priority of IP restriction rule. | int |
| subnetMask | Subnet mask for the range of IP addresses the restriction is valid for. | string |
| subnetTrafficTag | (internal) Subnet traffic tag | int |
| tag | Defines what this IP filter will be used for. This is to support IP filtering on proxies. | 'Default' 'ServiceTag' 'XffProxy' |
| vnetSubnetResourceId | Virtual network resource id | string |
| vnetTrafficTag | (internal) Vnet traffic tag | int |
IpSecurityRestrictionHeaders
| Name | Description | Value |
|---|
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user assigned identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName} | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
Microsoft.Web/sites/slots
| Name | Description | Value |
|---|---|---|
| extendedLocation | Extended Location. | ExtendedLocation |
| identity | Managed service identity. | ManagedServiceIdentity |
| kind | Kind of resource. If the resource is an app, you can refer to https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md#app-service-resource-kind-reference for details supported values for kind. | string |
| location | Resource Location. | string (required) |
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: sites |
| properties | Site resource specific properties | SiteProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Web/sites/slots@2024-04-01" |
NameValuePair
| Name | Description | Value |
|---|---|---|
| name | Pair name. | string |
| value | Pair value. | string |
PushSettings
| Name | Description | Value |
|---|---|---|
| kind | Kind of resource. | string |
| properties | PushSettings resource specific properties | PushSettingsProperties |
PushSettingsProperties
| Name | Description | Value |
|---|---|---|
| dynamicTagsJson | Gets or sets a JSON string containing a list of dynamic tags that will be evaluated from user claims in the push registration endpoint. | string |
| isPushEnabled | Gets or sets a flag indicating whether the Push endpoint is enabled. | bool (required) |
| tagsRequiringAuth | Gets or sets a JSON string containing a list of tags that require user authentication to be used in the push registration endpoint. Tags can consist of alphanumeric characters and the following: '_', '@', '#', '.', ':', '-'. Validation should be performed at the PushRequestHandler. |
string |
| tagWhitelistJson | Gets or sets a JSON string containing a list of tags that are whitelisted for use by the push registration endpoint. | string |
RampUpRule
| Name | Description | Value |
|---|---|---|
| actionHostName | Hostname of a slot to which the traffic will be redirected if decided to. E.g. myapp-stage.azurewebsites.net. | string |
| changeDecisionCallbackUrl | Custom decision algorithm can be provided in TiPCallback site extension which URL can be specified. See TiPCallback site extension for the scaffold and contracts. https://www.siteextensions.net/packages/TiPCallback/ |
string |
| changeIntervalInMinutes | Specifies interval in minutes to reevaluate ReroutePercentage. | int |
| changeStep | In auto ramp up scenario this is the step to add/remove from <code>ReroutePercentage</code> until it reaches \n<code>MinReroutePercentage</code> or <code>MaxReroutePercentage</code>. Site metrics are checked every N minutes specified in <code>ChangeIntervalInMinutes</code>.\nCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified in <code>ChangeDecisionCallbackUrl</code>. |
int |
| maxReroutePercentage | Specifies upper boundary below which ReroutePercentage will stay. | int |
| minReroutePercentage | Specifies lower boundary above which ReroutePercentage will stay. | int |
| name | Name of the routing rule. The recommended name would be to point to the slot which will receive the traffic in the experiment. | string |
| reroutePercentage | Percentage of the traffic which will be redirected to <code>ActionHostName</code>. | int |
RequestsBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| timeInterval | Time interval. | string |
ResourceConfig
| Name | Description | Value |
|---|---|---|
| cpu | Required CPU in cores, e.g. 0.5 | int |
| memory | Required memory, e.g. "1Gi" | string |
ResourceTags
| Name | Description | Value |
|---|
SiteConfig
| Name | Description | Value |
|---|---|---|
| acrUseManagedIdentityCreds | Flag to use Managed Identity Creds for ACR pull | bool |
| acrUserManagedIdentityID | If using user managed identity, the user managed identity ClientId | string |
| alwaysOn | <code>true</code> if Always On is enabled; otherwise, <code>false</code>. | bool |
| apiDefinition | Information about the formal API definition for the app. | ApiDefinitionInfo |
| apiManagementConfig | Azure API management settings linked to the app. | ApiManagementConfig |
| appCommandLine | App command line to launch. | string |
| appSettings | Application settings. | NameValuePair[] |
| autoHealEnabled | <code>true</code> if Auto Heal is enabled; otherwise, <code>false</code>. | bool |
| autoHealRules | Auto Heal rules. | AutoHealRules |
| autoSwapSlotName | Auto-swap slot name. | string |
| azureStorageAccounts | List of Azure Storage Accounts. | SiteConfigAzureStorageAccounts |
| connectionStrings | Connection strings. | ConnStringInfo[] |
| cors | Cross-Origin Resource Sharing (CORS) settings. | CorsSettings |
| defaultDocuments | Default documents. | string[] |
| detailedErrorLoggingEnabled | <code>true</code> if detailed error logging is enabled; otherwise, <code>false</code>. | bool |
| documentRoot | Document root. | string |
| elasticWebAppScaleLimit | Maximum number of workers that a site can scale out to. This setting only applies to apps in plans where ElasticScaleEnabled is <code>true</code> |
int Constraints: Min value = 0 |
| experiments | This is work around for polymorphic types. | Experiments |
| ftpsState | State of FTP / FTPS service | 'AllAllowed' 'Disabled' 'FtpsOnly' |
| functionAppScaleLimit | Maximum number of workers that a site can scale out to. This setting only applies to the Consumption and Elastic Premium Plans |
int Constraints: Min value = 0 |
| functionsRuntimeScaleMonitoringEnabled | Gets or sets a value indicating whether functions runtime scale monitoring is enabled. When enabled, the ScaleController will not monitor event sources directly, but will instead call to the runtime to get scale status. |
bool |
| handlerMappings | Handler mappings. | HandlerMapping[] |
| healthCheckPath | Health check path | string |
| http20Enabled | Http20Enabled: configures a web site to allow clients to connect over http2.0 | bool |
| httpLoggingEnabled | <code>true</code> if HTTP logging is enabled; otherwise, <code>false</code>. | bool |
| ipSecurityRestrictions | IP security restrictions for main. | IpSecurityRestriction[] |
| ipSecurityRestrictionsDefaultAction | Default action for main access restriction if no rules are matched. | 'Allow' 'Deny' |
| javaContainer | Java container. | string |
| javaContainerVersion | Java container version. | string |
| javaVersion | Java version. | string |
| keyVaultReferenceIdentity | Identity to use for Key Vault Reference authentication. | string |
| limits | Site limits. | SiteLimits |
| linuxFxVersion | Linux App Framework and version | string |
| loadBalancing | Site load balancing. | 'LeastRequests' 'LeastRequestsWithTieBreaker' 'LeastResponseTime' 'PerSiteRoundRobin' 'RequestHash' 'WeightedRoundRobin' 'WeightedTotalTraffic' |
| localMySqlEnabled | <code>true</code> to enable local MySQL; otherwise, <code>false</code>. | bool |
| logsDirectorySizeLimit | HTTP logs directory size limit. | int |
| managedPipelineMode | Managed pipeline mode. | 'Classic' 'Integrated' |
| managedServiceIdentityId | Managed Service Identity Id | int |
| metadata | Application metadata. This property cannot be retrieved, since it may contain secrets. | NameValuePair[] |
| minimumElasticInstanceCount | Number of minimum instance count for a site This setting only applies to the Elastic Plans |
int Constraints: Min value = 0 Max value = 20 |
| minTlsCipherSuite | The minimum strength TLS cipher suite allowed for an application | 'TLS_AES_128_GCM_SHA256' 'TLS_AES_256_GCM_SHA384' 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' 'TLS_RSA_WITH_AES_128_CBC_SHA' 'TLS_RSA_WITH_AES_128_CBC_SHA256' 'TLS_RSA_WITH_AES_128_GCM_SHA256' 'TLS_RSA_WITH_AES_256_CBC_SHA' 'TLS_RSA_WITH_AES_256_CBC_SHA256' 'TLS_RSA_WITH_AES_256_GCM_SHA384' |
| minTlsVersion | MinTlsVersion: configures the minimum version of TLS required for SSL requests | '1.0' '1.1' '1.2' '1.3' |
| netFrameworkVersion | .NET Framework version. | string |
| nodeVersion | Version of Node.js. | string |
| numberOfWorkers | Number of workers. | int |
| phpVersion | Version of PHP. | string |
| powerShellVersion | Version of PowerShell. | string |
| preWarmedInstanceCount | Number of preWarmed instances. This setting only applies to the Consumption and Elastic Plans |
int Constraints: Min value = 0 Max value = 10 |
| publicNetworkAccess | Property to allow or block all public traffic. | string |
| publishingUsername | Publishing user name. | string |
| push | Push endpoint settings. | PushSettings |
| pythonVersion | Version of Python. | string |
| remoteDebuggingEnabled | <code>true</code> if remote debugging is enabled; otherwise, <code>false</code>. | bool |
| remoteDebuggingVersion | Remote debugging version. | string |
| requestTracingEnabled | <code>true</code> if request tracing is enabled; otherwise, <code>false</code>. | bool |
| requestTracingExpirationTime | Request tracing expiration time. | string |
| scmIpSecurityRestrictions | IP security restrictions for scm. | IpSecurityRestriction[] |
| scmIpSecurityRestrictionsDefaultAction | Default action for scm access restriction if no rules are matched. | 'Allow' 'Deny' |
| scmIpSecurityRestrictionsUseMain | IP security restrictions for scm to use main. | bool |
| scmMinTlsVersion | ScmMinTlsVersion: configures the minimum version of TLS required for SSL requests for SCM site | '1.0' '1.1' '1.2' '1.3' |
| scmType | SCM type. | 'BitbucketGit' 'BitbucketHg' 'CodePlexGit' 'CodePlexHg' 'Dropbox' 'ExternalGit' 'ExternalHg' 'GitHub' 'LocalGit' 'None' 'OneDrive' 'Tfs' 'VSO' 'VSTSRM' |
| tracingOptions | Tracing options. | string |
| use32BitWorkerProcess | <code>true</code> to use 32-bit worker process; otherwise, <code>false</code>. | bool |
| virtualApplications | Virtual applications. | VirtualApplication[] |
| vnetName | Virtual Network name. | string |
| vnetPrivatePortsCount | The number of private ports assigned to this app. These will be assigned dynamically on runtime. | int |
| vnetRouteAllEnabled | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | bool |
| websiteTimeZone | Sets the time zone a site uses for generating timestamps. Compatible with Linux and Windows App Service. Setting the WEBSITE_TIME_ZONE app setting takes precedence over this config. For Linux, expects tz database values https://www.iana.org/time-zones (for a quick reference see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). For Windows, expects one of the time zones listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones | string |
| webSocketsEnabled | <code>true</code> if WebSocket is enabled; otherwise, <code>false</code>. | bool |
| windowsFxVersion | Xenon App Framework and version | string |
| xManagedServiceIdentityId | Explicit Managed Service Identity Id | int |
SiteConfigAzureStorageAccounts
| Name | Description | Value |
|---|
SiteDnsConfig
| Name | Description | Value |
|---|---|---|
| dnsAltServer | Alternate DNS server to be used by apps. This property replicates the WEBSITE_DNS_ALT_SERVER app setting. | string |
| dnsMaxCacheTimeout | Custom time for DNS to be cached in seconds. Allowed range: 0-60. Default is 30 seconds. 0 means caching disabled. | int |
| dnsRetryAttemptCount | Total number of retries for dns lookup. Allowed range: 1-5. Default is 3. | int |
| dnsRetryAttemptTimeout | Timeout for a single dns lookup in seconds. Allowed range: 1-30. Default is 3. | int |
| dnsServers | List of custom DNS servers to be used by an app for lookups. Maximum 5 dns servers can be set. | string[] |
SiteLimits
| Name | Description | Value |
|---|---|---|
| maxDiskSizeInMb | Maximum allowed disk size usage in MB. | int |
| maxMemoryInMb | Maximum allowed memory usage in MB. | int |
| maxPercentageCpu | Maximum allowed CPU usage percentage. | int |
SiteProperties
| Name | Description | Value |
|---|---|---|
| autoGeneratedDomainNameLabelScope | Specifies the scope of uniqueness for the default hostname during resource creation | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| clientAffinityEnabled | <code>true</code> to enable client affinity; <code>false</code> to stop sending session affinity cookies, which route client requests in the same session to the same instance. Default is <code>true</code>. | bool |
| clientCertEnabled | <code>true</code> to enable client certificate authentication (TLS mutual authentication); otherwise, <code>false</code>. Default is <code>false</code>. | bool |
| clientCertExclusionPaths | client certificate authentication comma-separated exclusion paths | string |
| clientCertMode | This composes with ClientCertEnabled setting. - ClientCertEnabled: false means ClientCert is ignored. - ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required. - ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. |
'Optional' 'OptionalInteractiveUser' 'Required' |
| cloningInfo | If specified during app creation, the app is cloned from a source app. | CloningInfo |
| containerSize | Size of the function container. | int |
| customDomainVerificationId | Unique identifier that verifies the custom domains assigned to the app. Customer will add this id to a txt record for verification. | string |
| dailyMemoryTimeQuota | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | int |
| daprConfig | Dapr configuration of the app. | DaprConfig |
| dnsConfiguration | Property to configure various DNS related settings for a site. | SiteDnsConfig |
| enabled | <code>true</code> if the app is enabled; otherwise, <code>false</code>. Setting this value to false disables the app (takes the app offline). | bool |
| endToEndEncryptionEnabled | Whether to use end to end encryption between the FrontEnd and the Worker | bool |
| functionAppConfig | Configuration specific of the Azure Function app. | FunctionAppConfig |
| hostingEnvironmentProfile | App Service Environment to use for the app. | HostingEnvironmentProfile |
| hostNamesDisabled | <code>true</code> to disable the public hostnames of the app; otherwise, <code>false</code>. If <code>true</code>, the app is only accessible via API management process. |
bool |
| hostNameSslStates | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | HostNameSslState[] |
| httpsOnly | HttpsOnly: configures a web site to accept only https requests. Issues redirect for http requests |
bool |
| hyperV | Hyper-V sandbox. | bool |
| ipMode | Specifies the IP mode of the app. | 'IPv4' 'IPv4AndIPv6' 'IPv6' |
| isXenon | Obsolete: Hyper-V sandbox. | bool |
| keyVaultReferenceIdentity | Identity to use for Key Vault Reference authentication. | string |
| managedEnvironmentId | Azure Resource Manager ID of the customer's selected Managed Environment on which to host this app. This must be of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.App/managedEnvironments/{managedEnvironmentName} | string |
| publicNetworkAccess | Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled' or an empty string. | string |
| redundancyMode | Site redundancy mode | 'ActiveActive' 'Failover' 'GeoRedundant' 'Manual' 'None' |
| reserved | <code>true</code> if reserved; otherwise, <code>false</code>. | bool |
| resourceConfig | Function app resource requirements. | ResourceConfig |
| scmSiteAlsoStopped | <code>true</code> to stop SCM (KUDU) site when the app is stopped; otherwise, <code>false</code>. The default is <code>false</code>. | bool |
| serverFarmId | Resource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}". | string |
| siteConfig | Configuration of the app. | SiteConfig |
| storageAccountRequired | Checks if Customer provided storage account is required | bool |
| virtualNetworkSubnetId | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} |
string |
| vnetBackupRestoreEnabled | To enable Backup and Restore operations over virtual network | bool |
| vnetContentShareEnabled | To enable accessing content over virtual network | bool |
| vnetImagePullEnabled | To enable pulling image over Virtual Network | bool |
| vnetRouteAllEnabled | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | bool |
| workloadProfileName | Workload profile name for function app to execute on. | string |
SlowRequestsBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | Request Path. | string |
| timeInterval | Time interval. | string |
| timeTaken | Time taken. | string |
StatusCodesBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | Request Path | string |
| status | HTTP status code. | int |
| subStatus | Request Sub Status. | int |
| timeInterval | Time interval. | string |
| win32Status | Win32 error code. | int |
StatusCodesRangeBasedTrigger
| Name | Description | Value |
|---|---|---|
| count | Request Count. | int |
| path | string | |
| statusCodes | HTTP status code. | string |
| timeInterval | Time interval. | string |
UserAssignedIdentity
| Name | Description | Value |
|---|
VirtualApplication
| Name | Description | Value |
|---|---|---|
| physicalPath | Physical path. | string |
| preloadEnabled | <code>true</code> if preloading is enabled; otherwise, <code>false</code>. | bool |
| virtualDirectories | Virtual directories for virtual application. | VirtualDirectory[] |
| virtualPath | Virtual path. | string |
VirtualDirectory
| Name | Description | Value |
|---|---|---|
| physicalPath | Physical path. | string |
| virtualPath | Path to virtual application. | string |