Assignments - Create Or Update

Service:

Blueprints

API Version:

2018-11-01-preview

Create or update a blueprint assignment.

PUT https://management.azure.com/{resourceScope}/providers/Microsoft.Blueprint/blueprintAssignments/{assignmentName}?api-version=2018-11-01-preview

URI Parameters

Name	In	Required	Type	Description
assignmentName	path	True	string	Name of the blueprint assignment.
resourceScope	path	True	string	The scope of the resource. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}').
api-version	query	True	string	Client API Version.

Request Body

Name	Required	Type	Description
identity	True	ManagedServiceIdentity	Managed identity for this blueprint assignment.
location	True	string	The location of this blueprint assignment.
properties.parameters	True	<string,  ParameterValue>	Blueprint assignment parameter values.
properties.resourceGroups	True	<string,  ResourceGroupValue>	Names and locations of resource group placeholders.
properties.blueprintId		string	ID of the published version of a blueprint definition.
properties.description		string	Multi-line explain this resource.
properties.displayName		string	One-liner string explain this resource.
properties.locks		AssignmentLockSettings	Defines how resources deployed by a blueprint assignment are locked.
properties.scope		string	The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required.

Responses

Name	Type	Description
201 Created	Assignment	Created -- blueprint assignment saved.
Other Status Codes	CloudError	Blueprints error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Assignment with system-assigned managed identity at management group scope

Assignment with system-assigned managed identity at subscription scope

Assignment with user-assigned managed identity at management group scope

Assignment with user-assigned managed identity at subscription scope

Assignment with system-assigned managed identity at management group scope

Sample request

HTTP

PUT https://management.azure.com/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "SystemAssigned"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Go

package armblueprint_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/blueprint/armblueprint"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/f790e624d0d080b89d962a3bd19c65bc6a6b2f5e/specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/managementGroupBPAssignment/BlueprintAssignment_Create_SystemAssignedMSI.json
func ExampleAssignmentsClient_CreateOrUpdate_assignmentWithSystemAssignedManagedIdentityAtManagementGroupScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armblueprint.NewClientFactory(cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().CreateOrUpdate(ctx, "managementGroups/ContosoOnlineGroup", "assignSimpleBlueprint", armblueprint.Assignment{
		Location: to.Ptr("eastus"),
		Identity: &armblueprint.ManagedServiceIdentity{
			Type: to.Ptr(armblueprint.ManagedServiceIdentityTypeSystemAssigned),
		},
		Properties: &armblueprint.AssignmentProperties{
			Description: to.Ptr("enforce pre-defined simpleBlueprint to this XXXXXXXX subscription."),
			BlueprintID: to.Ptr("/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint"),
			Parameters: map[string]*armblueprint.ParameterValue{
				"costCenter": {
					Value: "Contoso/Online/Shopping/Production",
				},
				"owners": {
					Value: []any{
						"johnDoe@contoso.com",
						"johnsteam@contoso.com",
					},
				},
				"storageAccountType": {
					Value: "Standard_LRS",
				},
			},
			ResourceGroups: map[string]*armblueprint.ResourceGroupValue{
				"storageRG": {
					Name:     to.Ptr("defaultRG"),
					Location: to.Ptr("eastus"),
				},
			},
			Scope: to.Ptr("subscriptions/00000000-0000-0000-0000-000000000000"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Blueprint;
using Azure.ResourceManager.Blueprint.Models;
using Azure.ResourceManager.Models;

// Generated from example definition: specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/managementGroupBPAssignment/BlueprintAssignment_Create_SystemAssignedMSI.json
// this example is just showing the usage of "Assignments_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AssignmentResource created on azure
// for more information of creating AssignmentResource, please refer to the document of AssignmentResource
string resourceScope = "managementGroups/ContosoOnlineGroup";
string assignmentName = "assignSimpleBlueprint";
ResourceIdentifier assignmentResourceId = AssignmentResource.CreateResourceIdentifier(resourceScope, assignmentName);
AssignmentResource assignment = client.GetAssignmentResource(assignmentResourceId);

// invoke the operation
AssignmentData data = new AssignmentData(new Models.ManagedServiceIdentity(ManagedServiceIdentityType.SystemAssigned), new Dictionary<string, ParameterValue>()
{
    ["costCenter"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Contoso/Online/Shopping/Production"),
    },
    ["owners"] = new ParameterValue()
    {
        Value = BinaryData.FromObjectAsJson(new object[] { "johnDoe@contoso.com", "johnsteam@contoso.com" }),
    },
    ["storageAccountType"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Standard_LRS"),
    },
}, new Dictionary<string, ResourceGroupValue>()
{
    ["storageRG"] = new ResourceGroupValue()
    {
        Name = "defaultRG",
        Location = new AzureLocation("eastus"),
    },
}, new AzureLocation("eastus"))
{
    Description = "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    BlueprintId = "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    Scope = "subscriptions/00000000-0000-0000-0000-000000000000",
};
ArmOperation<AssignmentResource> lro = await assignment.UpdateAsync(WaitUntil.Completed, data);
AssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

201

{
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "principalId": "00000000-0000-0000-0000-000000000000"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Assignment with system-assigned managed identity at subscription scope

Sample request

HTTP

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "SystemAssigned"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Go

package armblueprint_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/blueprint/armblueprint"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/f790e624d0d080b89d962a3bd19c65bc6a6b2f5e/specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/subscriptionBPAssignment/BlueprintAssignment_Create_SystemAssignedMSI.json
func ExampleAssignmentsClient_CreateOrUpdate_assignmentWithSystemAssignedManagedIdentityAtSubscriptionScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armblueprint.NewClientFactory(cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().CreateOrUpdate(ctx, "subscriptions/00000000-0000-0000-0000-000000000000", "assignSimpleBlueprint", armblueprint.Assignment{
		Location: to.Ptr("eastus"),
		Identity: &armblueprint.ManagedServiceIdentity{
			Type: to.Ptr(armblueprint.ManagedServiceIdentityTypeSystemAssigned),
		},
		Properties: &armblueprint.AssignmentProperties{
			Description: to.Ptr("enforce pre-defined simpleBlueprint to this XXXXXXXX subscription."),
			BlueprintID: to.Ptr("/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint"),
			Parameters: map[string]*armblueprint.ParameterValue{
				"costCenter": {
					Value: "Contoso/Online/Shopping/Production",
				},
				"owners": {
					Value: []any{
						"johnDoe@contoso.com",
						"johnsteam@contoso.com",
					},
				},
				"storageAccountType": {
					Value: "Standard_LRS",
				},
			},
			ResourceGroups: map[string]*armblueprint.ResourceGroupValue{
				"storageRG": {
					Name:     to.Ptr("defaultRG"),
					Location: to.Ptr("eastus"),
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Blueprint;
using Azure.ResourceManager.Blueprint.Models;
using Azure.ResourceManager.Models;

// Generated from example definition: specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/subscriptionBPAssignment/BlueprintAssignment_Create_SystemAssignedMSI.json
// this example is just showing the usage of "Assignments_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AssignmentResource created on azure
// for more information of creating AssignmentResource, please refer to the document of AssignmentResource
string resourceScope = "subscriptions/00000000-0000-0000-0000-000000000000";
string assignmentName = "assignSimpleBlueprint";
ResourceIdentifier assignmentResourceId = AssignmentResource.CreateResourceIdentifier(resourceScope, assignmentName);
AssignmentResource assignment = client.GetAssignmentResource(assignmentResourceId);

// invoke the operation
AssignmentData data = new AssignmentData(new Models.ManagedServiceIdentity(ManagedServiceIdentityType.SystemAssigned), new Dictionary<string, ParameterValue>()
{
    ["costCenter"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Contoso/Online/Shopping/Production"),
    },
    ["owners"] = new ParameterValue()
    {
        Value = BinaryData.FromObjectAsJson(new object[] { "johnDoe@contoso.com", "johnsteam@contoso.com" }),
    },
    ["storageAccountType"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Standard_LRS"),
    },
}, new Dictionary<string, ResourceGroupValue>()
{
    ["storageRG"] = new ResourceGroupValue()
    {
        Name = "defaultRG",
        Location = new AzureLocation("eastus"),
    },
}, new AzureLocation("eastus"))
{
    Description = "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    BlueprintId = "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
};
ArmOperation<AssignmentResource> lro = await assignment.UpdateAsync(WaitUntil.Completed, data);
AssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

201

{
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "principalId": "00000000-0000-0000-0000-000000000000"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Assignment with user-assigned managed identity at management group scope

Sample request

HTTP

PUT https://management.azure.com/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {}
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Go

package armblueprint_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/blueprint/armblueprint"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/f790e624d0d080b89d962a3bd19c65bc6a6b2f5e/specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/managementGroupBPAssignment/BlueprintAssignment_Create_UserAssignedMSI.json
func ExampleAssignmentsClient_CreateOrUpdate_assignmentWithUserAssignedManagedIdentityAtManagementGroupScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armblueprint.NewClientFactory(cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().CreateOrUpdate(ctx, "managementGroups/ContosoOnlineGroup", "assignSimpleBlueprint", armblueprint.Assignment{
		Location: to.Ptr("eastus"),
		Identity: &armblueprint.ManagedServiceIdentity{
			Type: to.Ptr(armblueprint.ManagedServiceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armblueprint.UserAssignedIdentity{
				"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {},
			},
		},
		Properties: &armblueprint.AssignmentProperties{
			Description: to.Ptr("enforce pre-defined simpleBlueprint to this XXXXXXXX subscription."),
			BlueprintID: to.Ptr("/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint"),
			Parameters: map[string]*armblueprint.ParameterValue{
				"costCenter": {
					Value: "Contoso/Online/Shopping/Production",
				},
				"owners": {
					Value: []any{
						"johnDoe@contoso.com",
						"johnsteam@contoso.com",
					},
				},
				"storageAccountType": {
					Value: "Standard_LRS",
				},
			},
			ResourceGroups: map[string]*armblueprint.ResourceGroupValue{
				"storageRG": {
					Name:     to.Ptr("defaultRG"),
					Location: to.Ptr("eastus"),
				},
			},
			Scope: to.Ptr("subscriptions/00000000-0000-0000-0000-000000000000"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Blueprint;
using Azure.ResourceManager.Blueprint.Models;
using Azure.ResourceManager.Models;

// Generated from example definition: specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/managementGroupBPAssignment/BlueprintAssignment_Create_UserAssignedMSI.json
// this example is just showing the usage of "Assignments_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AssignmentResource created on azure
// for more information of creating AssignmentResource, please refer to the document of AssignmentResource
string resourceScope = "managementGroups/ContosoOnlineGroup";
string assignmentName = "assignSimpleBlueprint";
ResourceIdentifier assignmentResourceId = AssignmentResource.CreateResourceIdentifier(resourceScope, assignmentName);
AssignmentResource assignment = client.GetAssignmentResource(assignmentResourceId);

// invoke the operation
AssignmentData data = new AssignmentData(new Models.ManagedServiceIdentity(ManagedServiceIdentityType.UserAssigned)
{
    UserAssignedIdentities =
    {
    ["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity"] = new UserAssignedIdentity(),
    },
}, new Dictionary<string, ParameterValue>()
{
    ["costCenter"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Contoso/Online/Shopping/Production"),
    },
    ["owners"] = new ParameterValue()
    {
        Value = BinaryData.FromObjectAsJson(new object[] { "johnDoe@contoso.com", "johnsteam@contoso.com" }),
    },
    ["storageAccountType"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Standard_LRS"),
    },
}, new Dictionary<string, ResourceGroupValue>()
{
    ["storageRG"] = new ResourceGroupValue()
    {
        Name = "defaultRG",
        Location = new AzureLocation("eastus"),
    },
}, new AzureLocation("eastus"))
{
    Description = "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    BlueprintId = "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    Scope = "subscriptions/00000000-0000-0000-0000-000000000000",
};
ArmOperation<AssignmentResource> lro = await assignment.UpdateAsync(WaitUntil.Completed, data);
AssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

201

{
  "identity": {
    "type": "UserAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {
        "principalId": "00000000-0000-0000-0000-000000000000",
        "clientId": "00000000-0000-0000-0000-000000000000"
      }
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Assignment with user-assigned managed identity at subscription scope

Sample request

HTTP

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {}
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Go

package armblueprint_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/blueprint/armblueprint"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/f790e624d0d080b89d962a3bd19c65bc6a6b2f5e/specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/subscriptionBPAssignment/BlueprintAssignment_Create_UserAssignedMSI.json
func ExampleAssignmentsClient_CreateOrUpdate_assignmentWithUserAssignedManagedIdentityAtSubscriptionScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armblueprint.NewClientFactory(cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().CreateOrUpdate(ctx, "subscriptions/00000000-0000-0000-0000-000000000000", "assignSimpleBlueprint", armblueprint.Assignment{
		Location: to.Ptr("eastus"),
		Identity: &armblueprint.ManagedServiceIdentity{
			Type: to.Ptr(armblueprint.ManagedServiceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armblueprint.UserAssignedIdentity{
				"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {},
			},
		},
		Properties: &armblueprint.AssignmentProperties{
			Description: to.Ptr("enforce pre-defined simpleBlueprint to this XXXXXXXX subscription."),
			BlueprintID: to.Ptr("/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint"),
			Parameters: map[string]*armblueprint.ParameterValue{
				"costCenter": {
					Value: "Contoso/Online/Shopping/Production",
				},
				"owners": {
					Value: []any{
						"johnDoe@contoso.com",
						"johnsteam@contoso.com",
					},
				},
				"storageAccountType": {
					Value: "Standard_LRS",
				},
			},
			ResourceGroups: map[string]*armblueprint.ResourceGroupValue{
				"storageRG": {
					Name:     to.Ptr("defaultRG"),
					Location: to.Ptr("eastus"),
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Blueprint;
using Azure.ResourceManager.Blueprint.Models;
using Azure.ResourceManager.Models;

// Generated from example definition: specification/blueprint/resource-manager/Microsoft.Blueprint/preview/2018-11-01-preview/examples/subscriptionBPAssignment/BlueprintAssignment_Create_UserAssignedMSI.json
// this example is just showing the usage of "Assignments_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AssignmentResource created on azure
// for more information of creating AssignmentResource, please refer to the document of AssignmentResource
string resourceScope = "subscriptions/00000000-0000-0000-0000-000000000000";
string assignmentName = "assignSimpleBlueprint";
ResourceIdentifier assignmentResourceId = AssignmentResource.CreateResourceIdentifier(resourceScope, assignmentName);
AssignmentResource assignment = client.GetAssignmentResource(assignmentResourceId);

// invoke the operation
AssignmentData data = new AssignmentData(new Models.ManagedServiceIdentity(ManagedServiceIdentityType.UserAssigned)
{
    UserAssignedIdentities =
    {
    ["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity"] = new UserAssignedIdentity(),
    },
}, new Dictionary<string, ParameterValue>()
{
    ["costCenter"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Contoso/Online/Shopping/Production"),
    },
    ["owners"] = new ParameterValue()
    {
        Value = BinaryData.FromObjectAsJson(new object[] { "johnDoe@contoso.com", "johnsteam@contoso.com" }),
    },
    ["storageAccountType"] = new ParameterValue()
    {
        Value = BinaryData.FromString("Standard_LRS"),
    },
}, new Dictionary<string, ResourceGroupValue>()
{
    ["storageRG"] = new ResourceGroupValue()
    {
        Name = "defaultRG",
        Location = new AzureLocation("eastus"),
    },
}, new AzureLocation("eastus"))
{
    Description = "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    BlueprintId = "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
};
ArmOperation<AssignmentResource> lro = await assignment.UpdateAsync(WaitUntil.Completed, data);
AssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

201

{
  "identity": {
    "type": "UserAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {
        "principalId": "00000000-0000-0000-0000-000000000000",
        "clientId": "00000000-0000-0000-0000-000000000000"
      }
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Definitions

Name	Description
Assignment	Represents a blueprint assignment.
AssignmentLockMode	Lock mode.
AssignmentLockSettings	Defines how resources deployed by a blueprint assignment are locked.
AssignmentProvisioningState	State of the blueprint assignment.
AssignmentStatus	The status of a blueprint assignment. This field is readonly.
CloudError
ErrorAdditionalInfo	The resource management error additional info.
ErrorResponse	Error Response
keyVaultReference	Specifies the link to a Key Vault.
ManagedServiceIdentity	Managed identity generic object.
ManagedServiceIdentityType	Type of the managed identity.
ParameterValue	Value for the specified parameter. Can be either 'value' or 'reference' but not both.
ResourceGroupValue	Represents an Azure resource group.
SecretValueReference	Reference to a Key Vault secret.
UserAssignedIdentity	User-assigned managed identity.

Assignment

Represents a blueprint assignment.

Name	Type	Description
id	string	String Id used to locate any resource on Azure.
identity	ManagedServiceIdentity	Managed identity for this blueprint assignment.
location	string	The location of this blueprint assignment.
name	string	Name of this resource.
properties.blueprintId	string	ID of the published version of a blueprint definition.
properties.description	string	Multi-line explain this resource.
properties.displayName	string	One-liner string explain this resource.
properties.locks	AssignmentLockSettings	Defines how resources deployed by a blueprint assignment are locked.
properties.parameters	<string,  ParameterValue>	Blueprint assignment parameter values.
properties.provisioningState	AssignmentProvisioningState	State of the blueprint assignment.
properties.resourceGroups	<string,  ResourceGroupValue>	Names and locations of resource group placeholders.
properties.scope	string	The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required.
properties.status	AssignmentStatus	Status of blueprint assignment. This field is readonly.
type	string	Type of this resource.

AssignmentLockMode

Lock mode.

Name	Type	Description
AllResourcesDoNotDelete	string
AllResourcesReadOnly	string
None	string

AssignmentLockSettings

Defines how resources deployed by a blueprint assignment are locked.

Name	Type	Description
excludedActions	string[]	List of management operations that are excluded from blueprint locks. Up to 200 actions are permitted. If the lock mode is set to 'AllResourcesReadOnly', then the following actions are automatically appended to 'excludedActions': '*/read', 'Microsoft.Network/virtualNetworks/subnets/join/action' and 'Microsoft.Authorization/locks/delete'. If the lock mode is set to 'AllResourcesDoNotDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will get removed.
excludedPrincipals	string[]	List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted.
mode	AssignmentLockMode	Lock mode.

AssignmentProvisioningState

State of the blueprint assignment.

Name	Type	Description
canceled	string
cancelling	string
creating	string
deleting	string
deploying	string
failed	string
locking	string
succeeded	string
validating	string
waiting	string

AssignmentStatus

The status of a blueprint assignment. This field is readonly.

Name	Type	Description
lastModified	string	Last modified time of this blueprint definition.
managedResources	string[]	List of resources that were created by the blueprint assignment.
timeCreated	string	Creation time of this blueprint definition.

CloudError

Name	Type	Description
error	ErrorResponse	Error Response Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.)

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorResponse

Error Response

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorResponse[]	The error details.
message	string	The error message.
target	string	The error target.

keyVaultReference

Specifies the link to a Key Vault.

Name	Type	Description
id	string	Azure resource ID of the Key Vault.

ManagedServiceIdentity

Managed identity generic object.

Name	Type	Description
principalId	string	Azure Active Directory principal ID associated with this Identity.
tenantId	string	ID of the Azure Active Directory.
type	ManagedServiceIdentityType	Type of the managed identity.
userAssignedIdentities	<string,  UserAssignedIdentity>	The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity.

ManagedServiceIdentityType

Type of the managed identity.

Name	Type	Description
None	string
SystemAssigned	string
UserAssigned	string

ParameterValue

Value for the specified parameter. Can be either 'value' or 'reference' but not both.

Name	Type	Description
reference	SecretValueReference	Parameter value as reference type.
value	object	Parameter value. Any valid JSON value is allowed including objects, arrays, strings, numbers and booleans.

ResourceGroupValue

Represents an Azure resource group.

Name	Type	Description
location	string	Location of the resource group.
name	string	Name of the resource group.

SecretValueReference

Reference to a Key Vault secret.

Name	Type	Description
keyVault	keyVaultReference	Specifies the reference to a given Azure Key Vault.
secretName	string	Name of the secret.
secretVersion	string	The version of the secret to use. If left blank, the latest version of the secret is used.

UserAssignedIdentity

User-assigned managed identity.

Name	Type	Description
clientId	string	Client App Id associated with this identity.
principalId	string	Azure Active Directory principal ID associated with this Identity.