From 47f74d78359b298af43ed25acdc94f3a998ee0e1 Mon Sep 17 00:00:00 2001 From: Steven <87738005+stemaMSFT@users.noreply.github.com> Date: Thu, 14 Aug 2025 14:24:15 -0700 Subject: [PATCH 1/3] Swapping order of property values and usage examples --- .../Generators/MarkdownGenerator.cs | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/TemplateRefGenerator/Generators/MarkdownGenerator.cs b/src/TemplateRefGenerator/Generators/MarkdownGenerator.cs index 575ba03..21202a1 100644 --- a/src/TemplateRefGenerator/Generators/MarkdownGenerator.cs +++ b/src/TemplateRefGenerator/Generators/MarkdownGenerator.cs @@ -356,16 +356,16 @@ Set the **{discObjectType.Discriminator}** property to specify the type of objec } } - sb.Append(GenerateOptionalSection("Property Values", [ - GetPropertyValues(resource, DeploymentType.Bicep, namedTypes, remarks, anchorIndex), - ])); - sb.Append(GenerateOptionalSection("Usage Examples", [ GetBicepSamplesSection(remarksLoader, resource, remarks), GetAvmSection(configLoader.GetSamples(), AvmLinkType.Bicep, resource), GetBicepQuickstartsSection(configLoader.GetSamples(), resource), ])); + sb.Append(GenerateOptionalSection("Property Values", [ + GetPropertyValues(resource, DeploymentType.Bicep, namedTypes, remarks, anchorIndex), + ])); + sb.Append($""" ::: zone-end @@ -485,14 +485,14 @@ Set the **{discObjectType.Discriminator}** property to specify the type of objec } } - sb.Append(GenerateOptionalSection("Property Values", [ - GetPropertyValues(resource, DeploymentType.Json, namedTypes, remarks, anchorIndex), - ])); - sb.Append(GenerateOptionalSection("Usage Examples", [ GetJsonQuickstartsSection(configLoader.GetSamples(), resource), ])); + sb.Append(GenerateOptionalSection("Property Values", [ + GetPropertyValues(resource, DeploymentType.Json, namedTypes, remarks, anchorIndex), + ])); + sb.Append($""" ::: zone-end @@ -586,14 +586,14 @@ Set the **{discObjectType.Discriminator}** property to specify the type of objec } } - sb.Append(GenerateOptionalSection("Property Values", [ - GetPropertyValues(resource, DeploymentType.Terraform, namedTypes, remarks, anchorIndex), - ])); - sb.Append(GenerateOptionalSection("Usage Examples", [ GetAvmSection(configLoader.GetSamples(), AvmLinkType.Terraform, resource), ])); + sb.Append(GenerateOptionalSection("Property Values", [ + GetPropertyValues(resource, DeploymentType.Terraform, namedTypes, remarks, anchorIndex), + ])); + sb.Append($""" ::: zone-end From 8531395fcdc64af721646100659e313dcb227016 Mon Sep 17 00:00:00 2001 From: Steven <87738005+stemaMSFT@users.noreply.github.com> Date: Thu, 14 Aug 2025 16:29:50 -0700 Subject: [PATCH 2/3] Seeing how the tests pass now (probably excessive changes made) --- .../supportproviders/supportplantypes.md | 2 +- .../microsoft.compute/2024-03-02/disks.md | 1196 ++++++------ .../2019-01-01/exports.md | 926 ++++----- .../2024-05-15/databaseaccounts.md | 1700 ++++++++--------- .../microsoft.keyvault/2023-07-01/vaults.md | 900 ++++----- .../2024-07-01/resourcegroups.md | 92 +- .../TemplateRefGenerator.Tests.csproj | 3 + .../packages.lock.json | 53 + .../TemplateRefGenerator.csproj | 3 + src/TemplateRefGenerator/packages.lock.json | 3 +- src/TestHelpers/TestHelpers.csproj | 3 + src/TestHelpers/packages.lock.json | 33 + 12 files changed, 2505 insertions(+), 2409 deletions(-) diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.addons/2018-03-01/supportproviders/supportplantypes.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.addons/2018-03-01/supportproviders/supportplantypes.md index 0849c05..0500e57 100644 --- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.addons/2018-03-01/supportproviders/supportplantypes.md +++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.addons/2018-03-01/supportproviders/supportplantypes.md @@ -65,6 +65,7 @@ To create a Microsoft.Addons/supportProviders/supportPlanTypes resource, add the "name": "string" } ``` +## Usage Examples ## Property Values ### Microsoft.Addons/supportProviders/supportPlanTypes @@ -74,7 +75,6 @@ To create a Microsoft.Addons/supportProviders/supportPlanTypes resource, add the | name | The resource name | 'Advanced'
'Essential'
'Standard' (required) | | type | The resource type | 'Microsoft.Addons/supportProviders/supportPlanTypes' | -## Usage Examples ::: zone-end diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md index b1a2ef8..26d10de 100644 --- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md +++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md @@ -1,52 +1,52 @@ ---- -title: Microsoft.Compute/disks 2024-03-02 -description: Azure Microsoft.Compute/disks syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-03-02 -zone_pivot_groups: deployment-languages-reference -ms.service: azure-resource-manager -ms.topic: reference ---- -# Microsoft.Compute disks 2024-03-02 - -> [!div class="op_single_selector" title1="API Versions:"] -> - [Latest](../disks.md) -> - [2024-03-02](../2024-03-02/disks.md) -> - [2023-10-02](../2023-10-02/disks.md) -> - [2023-04-02](../2023-04-02/disks.md) -> - [2023-01-02](../2023-01-02/disks.md) -> - [2022-07-02](../2022-07-02/disks.md) -> - [2022-03-02](../2022-03-02/disks.md) -> - [2021-12-01](../2021-12-01/disks.md) -> - [2021-08-01](../2021-08-01/disks.md) -> - [2021-04-01](../2021-04-01/disks.md) -> - [2020-12-01](../2020-12-01/disks.md) -> - [2020-09-30](../2020-09-30/disks.md) -> - [2020-06-30](../2020-06-30/disks.md) -> - [2020-05-01](../2020-05-01/disks.md) -> - [2019-11-01](../2019-11-01/disks.md) -> - [2019-07-01](../2019-07-01/disks.md) -> - [2019-03-01](../2019-03-01/disks.md) -> - [2018-09-30](../2018-09-30/disks.md) -> - [2018-06-01](../2018-06-01/disks.md) -> - [2018-04-01](../2018-04-01/disks.md) -> - [2017-03-30](../2017-03-30/disks.md) -> - [2016-04-30-preview](../2016-04-30-preview/disks.md) - - -::: zone pivot="deployment-language-bicep" - -## Bicep resource definition - -The disks resource type can be deployed with operations that target: - -* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group) - -For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md). - -## Resource format - -To create a Microsoft.Compute/disks resource, add the following Bicep to your template. - -```bicep +--- +title: Microsoft.Compute/disks 2024-03-02 +description: Azure Microsoft.Compute/disks syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-03-02 +zone_pivot_groups: deployment-languages-reference +ms.service: azure-resource-manager +ms.topic: reference +--- +# Microsoft.Compute disks 2024-03-02 + +> [!div class="op_single_selector" title1="API Versions:"] +> - [Latest](../disks.md) +> - [2024-03-02](../2024-03-02/disks.md) +> - [2023-10-02](../2023-10-02/disks.md) +> - [2023-04-02](../2023-04-02/disks.md) +> - [2023-01-02](../2023-01-02/disks.md) +> - [2022-07-02](../2022-07-02/disks.md) +> - [2022-03-02](../2022-03-02/disks.md) +> - [2021-12-01](../2021-12-01/disks.md) +> - [2021-08-01](../2021-08-01/disks.md) +> - [2021-04-01](../2021-04-01/disks.md) +> - [2020-12-01](../2020-12-01/disks.md) +> - [2020-09-30](../2020-09-30/disks.md) +> - [2020-06-30](../2020-06-30/disks.md) +> - [2020-05-01](../2020-05-01/disks.md) +> - [2019-11-01](../2019-11-01/disks.md) +> - [2019-07-01](../2019-07-01/disks.md) +> - [2019-03-01](../2019-03-01/disks.md) +> - [2018-09-30](../2018-09-30/disks.md) +> - [2018-06-01](../2018-06-01/disks.md) +> - [2018-04-01](../2018-04-01/disks.md) +> - [2017-03-30](../2017-03-30/disks.md) +> - [2016-04-30-preview](../2016-04-30-preview/disks.md) + + +::: zone pivot="deployment-language-bicep" + +## Bicep resource definition + +The disks resource type can be deployed with operations that target: + +* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group) + +For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md). + +## Resource format + +To create a Microsoft.Compute/disks resource, add the following Bicep to your template. + +```bicep resource symbolicname 'Microsoft.Compute/disks@2024-03-02' = { extendedLocation: { name: 'string' @@ -145,198 +145,198 @@ resource symbolicname 'Microsoft.Compute/disks@2024-03-02' = { zones: [ 'string' ] -} -``` -## Property Values -### Microsoft.Compute/disks - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation) | -| location | Resource location | string (required) | -| name | The resource name | string (required) | -| properties | Disk resource properties. | [DiskProperties](#diskproperties) | -| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | -| zones | The Logical zone list for Disk. | string[] | - -### CreationData - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'
'Copy'
'CopyFromSanSnapshot'
'CopyStart'
'Empty'
'FromImage'
'Import'
'ImportSecure'
'Restore'
'Upload'
'UploadPreparedSecure' (required) | -| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string | -| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference) | -| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference) | -| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int | -| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool | -| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'
'None' | -| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string | -| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string | -| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string | -| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string | -| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int | - -### DiskProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool | -| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int | -| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata) (required) | -| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'
'None' | -| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string | -| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int | -| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int | -| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | -| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | -| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int | -| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption) | -| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection) | -| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'
'V2' | -| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int | -| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'
'AllowPrivate'
'DenyAll' | -| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool | -| osType | The Operating System type. | 'Linux'
'Windows' | -| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'
'Enabled' | -| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [PurchasePlan](#purchaseplan) | -| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile) | -| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities) | -| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool | -| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string | - -### DiskSecurityProfile - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string | -| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'
'ConfidentialVM_DiskEncryptedWithPlatformKey'
'ConfidentialVM_NonPersistedTPM'
'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'
'TrustedLaunch' | - -### DiskSku - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The sku name. | 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS' | - -### Encryption - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string | -| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
'EncryptionAtRestWithPlatformKey' | - -### EncryptionSettingsCollection - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) | -| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement)[] | -| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string | - -### EncryptionSettingsElement - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference) | -| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference) | - -### ExtendedLocation - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the extended location. | string | -| type | The type of the extended location. | 'EdgeZone' | - -### ImageDiskReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string | -| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string | -| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int | -| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string | - -### KeyVaultAndKeyReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| keyUrl | Url pointing to a key or secret in KeyVault | string (required) | -| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) | - -### KeyVaultAndSecretReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| secretUrl | Url pointing to a key or secret in KeyVault | string (required) | -| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) | - -### PurchasePlan - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The plan ID. | string (required) | -| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) | -| promotionCode | The Offer Promotion Code. | string | -| publisher | The publisher ID. | string (required) | - -### ResourceTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### SourceVault - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Resource Id | string | - -### SupportedCapabilities - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool | -| architecture | CPU architecture supported by an OS disk. | 'Arm64'
'x64' | -| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string | - -## Usage Examples -### Azure Verified Modules - -The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Module | Description | -> | ----- | ----- | -> | [Compute Disk](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/compute/disk) | AVM Resource Module for Compute Disk | - -### Azure Quickstart Samples - -The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type. - -> [!div class="mx-tableFixed"] -> | Bicep File | Description | -> | ----- | ----- | -> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection/main.bicep) | Template that creates a disk and enables protection via Backup Vault | -> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm/main.bicep) | Windows Docker Host with Portainer and Traefik pre-installed | -> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh/main.bicep) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. | - - -::: zone-end - -::: zone pivot="deployment-language-arm-template" - -## ARM template resource definition - -The disks resource type can be deployed with operations that target: - -* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group) - -For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md). - -## Resource format - -To create a Microsoft.Compute/disks resource, add the following JSON to your template. - -```json +} +``` +## Usage Examples +### Azure Verified Modules + +The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Module | Description | +> | ----- | ----- | +> | [Compute Disk](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/compute/disk) | AVM Resource Module for Compute Disk | + +### Azure Quickstart Samples + +The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type. + +> [!div class="mx-tableFixed"] +> | Bicep File | Description | +> | ----- | ----- | +> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection/main.bicep) | Template that creates a disk and enables protection via Backup Vault | +> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm/main.bicep) | Windows Docker Host with Portainer and Traefik pre-installed | +> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh/main.bicep) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. | + +## Property Values +### Microsoft.Compute/disks + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation) | +| location | Resource location | string (required) | +| name | The resource name | string (required) | +| properties | Disk resource properties. | [DiskProperties](#diskproperties) | +| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | +| zones | The Logical zone list for Disk. | string[] | + +### CreationData + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'
'Copy'
'CopyFromSanSnapshot'
'CopyStart'
'Empty'
'FromImage'
'Import'
'ImportSecure'
'Restore'
'Upload'
'UploadPreparedSecure' (required) | +| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string | +| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference) | +| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference) | +| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int | +| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool | +| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'
'None' | +| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string | +| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string | +| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string | +| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string | +| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int | + +### DiskProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool | +| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int | +| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata) (required) | +| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'
'None' | +| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string | +| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int | +| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int | +| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | +| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | +| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int | +| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption) | +| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection) | +| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'
'V2' | +| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int | +| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'
'AllowPrivate'
'DenyAll' | +| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool | +| osType | The Operating System type. | 'Linux'
'Windows' | +| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'
'Enabled' | +| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [PurchasePlan](#purchaseplan) | +| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile) | +| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities) | +| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool | +| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string | + +### DiskSecurityProfile + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string | +| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'
'ConfidentialVM_DiskEncryptedWithPlatformKey'
'ConfidentialVM_NonPersistedTPM'
'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'
'TrustedLaunch' | + +### DiskSku + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The sku name. | 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS' | + +### Encryption + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string | +| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
'EncryptionAtRestWithPlatformKey' | + +### EncryptionSettingsCollection + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) | +| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement)[] | +| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string | + +### EncryptionSettingsElement + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference) | +| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference) | + +### ExtendedLocation + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the extended location. | string | +| type | The type of the extended location. | 'EdgeZone' | + +### ImageDiskReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string | +| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string | +| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int | +| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string | + +### KeyVaultAndKeyReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| keyUrl | Url pointing to a key or secret in KeyVault | string (required) | +| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) | + +### KeyVaultAndSecretReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| secretUrl | Url pointing to a key or secret in KeyVault | string (required) | +| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) | + +### PurchasePlan + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The plan ID. | string (required) | +| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) | +| promotionCode | The Offer Promotion Code. | string | +| publisher | The publisher ID. | string (required) | + +### ResourceTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### SourceVault + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Resource Id | string | + +### SupportedCapabilities + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool | +| architecture | CPU architecture supported by an OS disk. | 'Arm64'
'x64' | +| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string | + + +::: zone-end + +::: zone pivot="deployment-language-arm-template" + +## ARM template resource definition + +The disks resource type can be deployed with operations that target: + +* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group) + +For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md). + +## Resource format + +To create a Microsoft.Compute/disks resource, add the following JSON to your template. + +```json { "type": "Microsoft.Compute/disks", "apiVersion": "2024-03-02", @@ -435,197 +435,197 @@ To create a Microsoft.Compute/disks resource, add the following JSON to your tem "{customized property}": "string" }, "zones": [ "string" ] -} -``` -## Property Values -### Microsoft.Compute/disks - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| apiVersion | The api version | '2024-03-02' | -| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-1) | -| location | Resource location | string (required) | -| name | The resource name | string (required) | -| properties | Disk resource properties. | [DiskProperties](#diskproperties-1) | -| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-1) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | -| type | The resource type | 'Microsoft.Compute/disks' | -| zones | The Logical zone list for Disk. | string[] | - -### CreationData - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'
'Copy'
'CopyFromSanSnapshot'
'CopyStart'
'Empty'
'FromImage'
'Import'
'ImportSecure'
'Restore'
'Upload'
'UploadPreparedSecure' (required) | -| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string | -| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-1) | -| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-1) | -| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int | -| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool | -| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'
'None' | -| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string | -| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string | -| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string | -| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string | -| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int | - -### DiskProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool | -| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int | -| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-1) (required) | -| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'
'None' | -| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string | -| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int | -| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int | -| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | -| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | -| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int | -| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-1) | -| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-1) | -| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'
'V2' | -| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int | -| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'
'AllowPrivate'
'DenyAll' | -| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool | -| osType | The Operating System type. | 'Linux'
'Windows' | -| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'
'Enabled' | -| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [PurchasePlan](#purchaseplan-1) | -| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-1) | -| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-1) | -| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool | -| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string | - -### DiskSecurityProfile - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string | -| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'
'ConfidentialVM_DiskEncryptedWithPlatformKey'
'ConfidentialVM_NonPersistedTPM'
'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'
'TrustedLaunch' | - -### DiskSku - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The sku name. | 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS' | - -### Encryption - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string | -| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
'EncryptionAtRestWithPlatformKey' | - -### EncryptionSettingsCollection - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) | -| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-1)[] | -| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string | - -### EncryptionSettingsElement - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-1) | -| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-1) | - -### ExtendedLocation - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the extended location. | string | -| type | The type of the extended location. | 'EdgeZone' | - -### ImageDiskReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string | -| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string | -| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int | -| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string | - -### KeyVaultAndKeyReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| keyUrl | Url pointing to a key or secret in KeyVault | string (required) | -| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) | - -### KeyVaultAndSecretReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| secretUrl | Url pointing to a key or secret in KeyVault | string (required) | -| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) | - -### PurchasePlan - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The plan ID. | string (required) | -| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) | -| promotionCode | The Offer Promotion Code. | string | -| publisher | The publisher ID. | string (required) | - -### ResourceTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### SourceVault - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Resource Id | string | - -### SupportedCapabilities - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool | -| architecture | CPU architecture supported by an OS disk. | 'Arm64'
'x64' | -| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string | - -## Usage Examples -### Azure Quickstart Templates - -The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Template | Description | -> | ----- | ----- | -> | [Create a VM from a EfficientIP VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-efficientip-vhd)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-efficientip-vhd%2Fazuredeploy.json) | This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine | -> | [Create a VM in a new or existing vnet from a custom VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-specialized-vhd-new-or-existing-vnet)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-specialized-vhd-new-or-existing-vnet%2Fazuredeploy.json) | This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine | -> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.dataprotection%2Fbackup-create-disk-enable-protection%2Fazuredeploy.json) | Template that creates a disk and enables protection via Backup Vault | -> | [Create VM from existing VHDs and connect it to existingVNET](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-os-disk-and-data-disk-existing-vnet)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-os-disk-and-data-disk-existing-vnet%2Fazuredeploy.json) | This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine | -> | [Creates an ultra managed disk with a specific sector size](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/ultra-managed-disk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fultra-managed-disk%2Fazuredeploy.json) | This template creates a new ultra managed disk allowing the user to specify a sector size of either 512 or 4096. | -> | [Deploy a 3 node Percona XtraDB Cluster in Availability Zones](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/mysql/mysql-ha-pxc-zones)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fmysql%2Fmysql-ha-pxc-zones%2Fazuredeploy.json) | This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04 | -> | [SQL VM Performance Optimized Storage Settings on UltraSSD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.sqlvirtualmachine/sql-vm-new-storage-ultrassd)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.sqlvirtualmachine%2Fsql-vm-new-storage-ultrassd%2Fazuredeploy.json) | Create a SQL Server Virtual Machine with performance optimized storage settings, using UltraSSD for SQL Log files | -> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Ftraefik%2Fdocker-portainer-traefik-windows-vm%2Fazuredeploy.json) | Windows Docker Host with Portainer and Traefik pre-installed | -> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-windows-ssh%2Fazuredeploy.json) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. | - - -::: zone-end - -::: zone pivot="deployment-language-terraform" - -## Terraform (AzAPI provider) resource definition - -The disks resource type can be deployed with operations that target: - -* **Resource groups** - -For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md). - -## Resource format - -To create a Microsoft.Compute/disks resource, add the following Terraform to your template. - -```terraform +} +``` +## Usage Examples +### Azure Quickstart Templates + +The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Template | Description | +> | ----- | ----- | +> | [Create a VM from a EfficientIP VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-efficientip-vhd)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-efficientip-vhd%2Fazuredeploy.json) | This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine | +> | [Create a VM in a new or existing vnet from a custom VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-specialized-vhd-new-or-existing-vnet)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-specialized-vhd-new-or-existing-vnet%2Fazuredeploy.json) | This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine | +> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.dataprotection%2Fbackup-create-disk-enable-protection%2Fazuredeploy.json) | Template that creates a disk and enables protection via Backup Vault | +> | [Create VM from existing VHDs and connect it to existingVNET](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-os-disk-and-data-disk-existing-vnet)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-os-disk-and-data-disk-existing-vnet%2Fazuredeploy.json) | This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine | +> | [Creates an ultra managed disk with a specific sector size](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/ultra-managed-disk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fultra-managed-disk%2Fazuredeploy.json) | This template creates a new ultra managed disk allowing the user to specify a sector size of either 512 or 4096. | +> | [Deploy a 3 node Percona XtraDB Cluster in Availability Zones](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/mysql/mysql-ha-pxc-zones)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fmysql%2Fmysql-ha-pxc-zones%2Fazuredeploy.json) | This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04 | +> | [SQL VM Performance Optimized Storage Settings on UltraSSD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.sqlvirtualmachine/sql-vm-new-storage-ultrassd)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.sqlvirtualmachine%2Fsql-vm-new-storage-ultrassd%2Fazuredeploy.json) | Create a SQL Server Virtual Machine with performance optimized storage settings, using UltraSSD for SQL Log files | +> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Ftraefik%2Fdocker-portainer-traefik-windows-vm%2Fazuredeploy.json) | Windows Docker Host with Portainer and Traefik pre-installed | +> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-windows-ssh%2Fazuredeploy.json) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. | + +## Property Values +### Microsoft.Compute/disks + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| apiVersion | The api version | '2024-03-02' | +| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-1) | +| location | Resource location | string (required) | +| name | The resource name | string (required) | +| properties | Disk resource properties. | [DiskProperties](#diskproperties-1) | +| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-1) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | +| type | The resource type | 'Microsoft.Compute/disks' | +| zones | The Logical zone list for Disk. | string[] | + +### CreationData + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'
'Copy'
'CopyFromSanSnapshot'
'CopyStart'
'Empty'
'FromImage'
'Import'
'ImportSecure'
'Restore'
'Upload'
'UploadPreparedSecure' (required) | +| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string | +| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-1) | +| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-1) | +| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int | +| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool | +| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'
'None' | +| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string | +| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string | +| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string | +| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string | +| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int | + +### DiskProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool | +| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int | +| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-1) (required) | +| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'
'None' | +| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string | +| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int | +| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int | +| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | +| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | +| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int | +| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-1) | +| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-1) | +| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'
'V2' | +| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int | +| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'
'AllowPrivate'
'DenyAll' | +| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool | +| osType | The Operating System type. | 'Linux'
'Windows' | +| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'
'Enabled' | +| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [PurchasePlan](#purchaseplan-1) | +| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-1) | +| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-1) | +| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool | +| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string | + +### DiskSecurityProfile + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string | +| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'
'ConfidentialVM_DiskEncryptedWithPlatformKey'
'ConfidentialVM_NonPersistedTPM'
'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'
'TrustedLaunch' | + +### DiskSku + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The sku name. | 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS' | + +### Encryption + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string | +| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
'EncryptionAtRestWithPlatformKey' | + +### EncryptionSettingsCollection + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) | +| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-1)[] | +| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string | + +### EncryptionSettingsElement + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-1) | +| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-1) | + +### ExtendedLocation + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the extended location. | string | +| type | The type of the extended location. | 'EdgeZone' | + +### ImageDiskReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string | +| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string | +| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int | +| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string | + +### KeyVaultAndKeyReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| keyUrl | Url pointing to a key or secret in KeyVault | string (required) | +| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) | + +### KeyVaultAndSecretReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| secretUrl | Url pointing to a key or secret in KeyVault | string (required) | +| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) | + +### PurchasePlan + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The plan ID. | string (required) | +| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) | +| promotionCode | The Offer Promotion Code. | string | +| publisher | The publisher ID. | string (required) | + +### ResourceTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### SourceVault + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Resource Id | string | + +### SupportedCapabilities + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool | +| architecture | CPU architecture supported by an OS disk. | 'Arm64'
'x64' | +| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string | + + +::: zone-end + +::: zone pivot="deployment-language-terraform" + +## Terraform (AzAPI provider) resource definition + +The disks resource type can be deployed with operations that target: + +* **Resource groups** + +For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md). + +## Resource format + +To create a Microsoft.Compute/disks resource, add the following Terraform to your template. + +```terraform resource "azapi_resource" "symbolicname" { type = "Microsoft.Compute/disks@2024-03-02" name = "string" @@ -728,169 +728,169 @@ resource "azapi_resource" "symbolicname" { "string" ] } -} -``` -## Property Values -### Microsoft.Compute/disks - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-2) | -| location | Resource location | string (required) | -| name | The resource name | string (required) | -| properties | Disk resource properties. | [DiskProperties](#diskproperties-2) | -| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-2) | -| tags | Resource tags | Dictionary of tag names and values. | -| type | The resource type | "Microsoft.Compute/disks@2024-03-02" | -| zones | The Logical zone list for Disk. | string[] | - -### CreationData - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'
'Copy'
'CopyFromSanSnapshot'
'CopyStart'
'Empty'
'FromImage'
'Import'
'ImportSecure'
'Restore'
'Upload'
'UploadPreparedSecure' (required) | -| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string | -| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-2) | -| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-2) | -| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int | -| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool | -| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'
'None' | -| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string | -| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string | -| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string | -| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string | -| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int | - -### DiskProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool | -| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int | -| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-2) (required) | -| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'
'None' | -| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string | -| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int | -| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int | -| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | -| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | -| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int | -| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-2) | -| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-2) | -| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'
'V2' | -| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int | -| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'
'AllowPrivate'
'DenyAll' | -| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool | -| osType | The Operating System type. | 'Linux'
'Windows' | -| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'
'Enabled' | -| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [PurchasePlan](#purchaseplan-2) | -| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-2) | -| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-2) | -| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool | -| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string | - -### DiskSecurityProfile - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string | -| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'
'ConfidentialVM_DiskEncryptedWithPlatformKey'
'ConfidentialVM_NonPersistedTPM'
'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'
'TrustedLaunch' | - -### DiskSku - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The sku name. | 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS' | - -### Encryption - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string | -| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
'EncryptionAtRestWithPlatformKey' | - -### EncryptionSettingsCollection - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) | -| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-2)[] | -| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string | - -### EncryptionSettingsElement - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-2) | -| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-2) | - -### ExtendedLocation - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the extended location. | string | -| type | The type of the extended location. | 'EdgeZone' | - -### ImageDiskReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string | -| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string | -| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int | -| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string | - -### KeyVaultAndKeyReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| keyUrl | Url pointing to a key or secret in KeyVault | string (required) | -| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) | - -### KeyVaultAndSecretReference - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| secretUrl | Url pointing to a key or secret in KeyVault | string (required) | -| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) | - -### PurchasePlan - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The plan ID. | string (required) | -| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) | -| promotionCode | The Offer Promotion Code. | string | -| publisher | The publisher ID. | string (required) | - -### ResourceTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### SourceVault - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Resource Id | string | - -### SupportedCapabilities - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool | -| architecture | CPU architecture supported by an OS disk. | 'Arm64'
'x64' | -| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string | - -## Usage Examples -### Azure Verified Modules - -The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Module | Description | -> | ----- | ----- | -> | [Compute Disk](https://github.com/Azure/terraform-azurerm-avm-res-compute-disk) | AVM Resource Module for Compute Disk | - - -::: zone-end +} +``` +## Usage Examples +### Azure Verified Modules + +The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Module | Description | +> | ----- | ----- | +> | [Compute Disk](https://github.com/Azure/terraform-azurerm-avm-res-compute-disk) | AVM Resource Module for Compute Disk | + +## Property Values +### Microsoft.Compute/disks + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-2) | +| location | Resource location | string (required) | +| name | The resource name | string (required) | +| properties | Disk resource properties. | [DiskProperties](#diskproperties-2) | +| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-2) | +| tags | Resource tags | Dictionary of tag names and values. | +| type | The resource type | "Microsoft.Compute/disks@2024-03-02" | +| zones | The Logical zone list for Disk. | string[] | + +### CreationData + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'
'Copy'
'CopyFromSanSnapshot'
'CopyStart'
'Empty'
'FromImage'
'Import'
'ImportSecure'
'Restore'
'Upload'
'UploadPreparedSecure' (required) | +| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string | +| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-2) | +| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-2) | +| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int | +| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool | +| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'
'None' | +| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string | +| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string | +| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string | +| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string | +| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int | + +### DiskProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool | +| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int | +| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-2) (required) | +| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'
'None' | +| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string | +| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int | +| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int | +| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | +| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int | +| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int | +| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-2) | +| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-2) | +| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'
'V2' | +| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int | +| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'
'AllowPrivate'
'DenyAll' | +| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool | +| osType | The Operating System type. | 'Linux'
'Windows' | +| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'
'Enabled' | +| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [PurchasePlan](#purchaseplan-2) | +| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-2) | +| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-2) | +| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool | +| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string | + +### DiskSecurityProfile + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string | +| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'
'ConfidentialVM_DiskEncryptedWithPlatformKey'
'ConfidentialVM_NonPersistedTPM'
'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'
'TrustedLaunch' | + +### DiskSku + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The sku name. | 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS' | + +### Encryption + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string | +| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'
'EncryptionAtRestWithPlatformAndCustomerKeys'
'EncryptionAtRestWithPlatformKey' | + +### EncryptionSettingsCollection + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) | +| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-2)[] | +| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string | + +### EncryptionSettingsElement + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-2) | +| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-2) | + +### ExtendedLocation + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the extended location. | string | +| type | The type of the extended location. | 'EdgeZone' | + +### ImageDiskReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string | +| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string | +| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int | +| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string | + +### KeyVaultAndKeyReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| keyUrl | Url pointing to a key or secret in KeyVault | string (required) | +| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) | + +### KeyVaultAndSecretReference + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| secretUrl | Url pointing to a key or secret in KeyVault | string (required) | +| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) | + +### PurchasePlan + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The plan ID. | string (required) | +| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) | +| promotionCode | The Offer Promotion Code. | string | +| publisher | The publisher ID. | string (required) | + +### ResourceTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### SourceVault + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Resource Id | string | + +### SupportedCapabilities + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool | +| architecture | CPU architecture supported by an OS disk. | 'Arm64'
'x64' | +| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string | + + +::: zone-end diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.costmanagement/2019-01-01/exports.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.costmanagement/2019-01-01/exports.md index 9c9233f..0f58a29 100644 --- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.costmanagement/2019-01-01/exports.md +++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.costmanagement/2019-01-01/exports.md @@ -1,47 +1,47 @@ ---- -title: Microsoft.CostManagement/exports 2019-01-01 -description: Azure Microsoft.CostManagement/exports syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2019-01-01 -zone_pivot_groups: deployment-languages-reference -ms.service: azure-resource-manager -ms.topic: reference ---- -# Microsoft.CostManagement exports 2019-01-01 - -> [!div class="op_single_selector" title1="API Versions:"] -> - [Latest](../exports.md) -> - [2024-08-01](../2024-08-01/exports.md) -> - [2023-11-01](../2023-11-01/exports.md) -> - [2023-09-01](../2023-09-01/exports.md) -> - [2023-08-01](../2023-08-01/exports.md) -> - [2023-07-01-preview](../2023-07-01-preview/exports.md) -> - [2023-04-01-preview](../2023-04-01-preview/exports.md) -> - [2023-03-01](../2023-03-01/exports.md) -> - [2022-10-01](../2022-10-01/exports.md) -> - [2021-10-01](../2021-10-01/exports.md) -> - [2021-01-01](../2021-01-01/exports.md) -> - [2020-12-01-preview](../2020-12-01-preview/exports.md) -> - [2020-06-01](../2020-06-01/exports.md) -> - [2019-11-01](../2019-11-01/exports.md) -> - [2019-10-01](../2019-10-01/exports.md) -> - [2019-09-01](../2019-09-01/exports.md) -> - [2019-01-01](../2019-01-01/exports.md) - - -::: zone pivot="deployment-language-bicep" - -## Bicep resource definition - -The exports resource type can be deployed with operations that target: - - - -For a list of changed properties in each API version, see [change log](~/microsoft.costmanagement/change-log/exports.md). - -## Resource format - -To create a Microsoft.CostManagement/exports resource, add the following Bicep to your template. - -```bicep +--- +title: Microsoft.CostManagement/exports 2019-01-01 +description: Azure Microsoft.CostManagement/exports syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2019-01-01 +zone_pivot_groups: deployment-languages-reference +ms.service: azure-resource-manager +ms.topic: reference +--- +# Microsoft.CostManagement exports 2019-01-01 + +> [!div class="op_single_selector" title1="API Versions:"] +> - [Latest](../exports.md) +> - [2024-08-01](../2024-08-01/exports.md) +> - [2023-11-01](../2023-11-01/exports.md) +> - [2023-09-01](../2023-09-01/exports.md) +> - [2023-08-01](../2023-08-01/exports.md) +> - [2023-07-01-preview](../2023-07-01-preview/exports.md) +> - [2023-04-01-preview](../2023-04-01-preview/exports.md) +> - [2023-03-01](../2023-03-01/exports.md) +> - [2022-10-01](../2022-10-01/exports.md) +> - [2021-10-01](../2021-10-01/exports.md) +> - [2021-01-01](../2021-01-01/exports.md) +> - [2020-12-01-preview](../2020-12-01-preview/exports.md) +> - [2020-06-01](../2020-06-01/exports.md) +> - [2019-11-01](../2019-11-01/exports.md) +> - [2019-10-01](../2019-10-01/exports.md) +> - [2019-09-01](../2019-09-01/exports.md) +> - [2019-01-01](../2019-01-01/exports.md) + + +::: zone pivot="deployment-language-bicep" + +## Bicep resource definition + +The exports resource type can be deployed with operations that target: + + + +For a list of changed properties in each API version, see [change log](~/microsoft.costmanagement/change-log/exports.md). + +## Resource format + +To create a Microsoft.CostManagement/exports resource, add the following Bicep to your template. + +```bicep resource symbolicname 'Microsoft.CostManagement/exports@2019-01-01' = { scope: resourceSymbolicName or scope name: 'string' @@ -120,150 +120,150 @@ resource symbolicname 'Microsoft.CostManagement/exports@2019-01-01' = { status: 'string' } } -} -``` -## Property Values -### Microsoft.CostManagement/exports - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The resource name | string (required) | -| properties | The properties of the export. | [ExportProperties](#exportproperties) | -| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the [extension resource](/azure/azure-resource-manager/bicep/scope-extension-resources). | - -### ExportDeliveryDestination - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| container | The name of the container where exports will be uploaded. | string (required) | -| resourceId | The resource id of the storage account where exports will be delivered. | string (required) | -| rootFolderPath | The name of the directory where exports will be uploaded. | string | - -### ExportDeliveryInfo - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| destination | Has destination for the export being delivered. | [ExportDeliveryDestination](#exportdeliverydestination) (required) | - -### ExportProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| definition | Has definition for the export. | [QueryDefinition](#querydefinition) (required) | -| deliveryInfo | Has delivery information for the export. | [ExportDeliveryInfo](#exportdeliveryinfo) (required) | -| format | The format of the export being delivered. | 'Csv' | -| schedule | Has schedule information for the export. | [ExportSchedule](#exportschedule) | - -### ExportRecurrencePeriod - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| from | The start date of recurrence. | string (required) | -| to | The end date of recurrence. | string | - -### ExportSchedule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| recurrence | The schedule recurrence. | 'Annually'
'Daily'
'Monthly'
'Weekly' (required) | -| recurrencePeriod | Has start and end date of the recurrence. The start date must be in future. If present, the end date must be greater than start date. | [ExportRecurrencePeriod](#exportrecurrenceperiod) | -| status | The status of the schedule. Whether active or not. If inactive, the export's scheduled execution is paused. | 'Active'
'Inactive' | - -### QueryAggregation - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| function | The name of the aggregation function to use. | 'Sum' (required) | -| name | The name of the column to aggregate. | string (required) | - -### QueryComparisonExpression - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to use in comparison. | string (required) | -| operator | The operator to use for comparison. | 'In' (required) | -| values | Array of values to use for comparison | string[] (required) | - -### QueryDataset - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| aggregation | Dictionary of aggregation expression to use in the query. The key of each item in the dictionary is the alias for the aggregated column. Query can have up to 2 aggregation clauses. | [QueryDatasetAggregation](#querydatasetaggregation) | -| configuration | Has configuration information for the data in the export. The configuration will be ignored if aggregation and grouping are provided. | [QueryDatasetConfiguration](#querydatasetconfiguration) | -| filter | The filter expression to use in the query. Please reference our Query API REST documentation for how to properly format the filter. | [QueryFilter](#queryfilter) | -| granularity | The granularity of rows in the query. | 'Daily'
'Hourly' | -| grouping | Array of group by expression to use in the query. Query can have up to 2 group by clauses. | [QueryGrouping](#querygrouping)[] | -| sorting | Array of sorting by columns in query. | [QuerySortingConfiguration](#querysortingconfiguration)[] | - -### QueryDatasetAggregation - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### QueryDatasetConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| columns | Array of column names to be included in the query. Any valid query column name is allowed. If not provided, then query includes all columns. | string[] | - -### QueryDefinition - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| dataset | Has definition for data in this query. | [QueryDataset](#querydataset) | -| timeframe | The time frame for pulling data for the query. If custom, then a specific time period must be provided. | 'BillingMonthToDate'
'Custom'
'MonthToDate'
'TheLastBillingMonth'
'TheLastMonth'
'TheLastWeek'
'TheLastYear'
'WeekToDate'
'YearToDate' (required) | -| timePeriod | Has time period for pulling data for the query. | [QueryTimePeriod](#querytimeperiod) | -| type | The type of the query. | 'Usage' (required) | - -### QueryFilter - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| and | The logical "AND" expression. Must have at least 2 items. | [QueryFilter](#queryfilter)[] | -| dimension | Has comparison expression for a dimension | [QueryComparisonExpression](#querycomparisonexpression) | -| not | The logical "NOT" expression. | [QueryFilter](#queryfilter) | -| or | The logical "OR" expression. Must have at least 2 items. | [QueryFilter](#queryfilter)[] | -| tag | Has comparison expression for a tag | [QueryComparisonExpression](#querycomparisonexpression) | - -### QueryGrouping - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to group. | string (required) | -| type | Has type of the column to group. | 'Dimension'
'Tag' (required) | - -### QuerySortingConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to use in sorting. | string | -| querySortingDirection | The sorting direction | 'Ascending'
'Descending' | - -### QueryTimePeriod - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| from | The start date to pull data from. | string (required) | -| to | The end date to pull data to. | string (required) | - - -::: zone-end - -::: zone pivot="deployment-language-arm-template" - -## ARM template resource definition - -The exports resource type can be deployed with operations that target: - - - -For a list of changed properties in each API version, see [change log](~/microsoft.costmanagement/change-log/exports.md). - -## Resource format - -To create a Microsoft.CostManagement/exports resource, add the following JSON to your template. - -```json +} +``` +## Property Values +### Microsoft.CostManagement/exports + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The resource name | string (required) | +| properties | The properties of the export. | [ExportProperties](#exportproperties) | +| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the [extension resource](/azure/azure-resource-manager/bicep/scope-extension-resources). | + +### ExportDeliveryDestination + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| container | The name of the container where exports will be uploaded. | string (required) | +| resourceId | The resource id of the storage account where exports will be delivered. | string (required) | +| rootFolderPath | The name of the directory where exports will be uploaded. | string | + +### ExportDeliveryInfo + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| destination | Has destination for the export being delivered. | [ExportDeliveryDestination](#exportdeliverydestination) (required) | + +### ExportProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| definition | Has definition for the export. | [QueryDefinition](#querydefinition) (required) | +| deliveryInfo | Has delivery information for the export. | [ExportDeliveryInfo](#exportdeliveryinfo) (required) | +| format | The format of the export being delivered. | 'Csv' | +| schedule | Has schedule information for the export. | [ExportSchedule](#exportschedule) | + +### ExportRecurrencePeriod + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| from | The start date of recurrence. | string (required) | +| to | The end date of recurrence. | string | + +### ExportSchedule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| recurrence | The schedule recurrence. | 'Annually'
'Daily'
'Monthly'
'Weekly' (required) | +| recurrencePeriod | Has start and end date of the recurrence. The start date must be in future. If present, the end date must be greater than start date. | [ExportRecurrencePeriod](#exportrecurrenceperiod) | +| status | The status of the schedule. Whether active or not. If inactive, the export's scheduled execution is paused. | 'Active'
'Inactive' | + +### QueryAggregation + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| function | The name of the aggregation function to use. | 'Sum' (required) | +| name | The name of the column to aggregate. | string (required) | + +### QueryComparisonExpression + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to use in comparison. | string (required) | +| operator | The operator to use for comparison. | 'In' (required) | +| values | Array of values to use for comparison | string[] (required) | + +### QueryDataset + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| aggregation | Dictionary of aggregation expression to use in the query. The key of each item in the dictionary is the alias for the aggregated column. Query can have up to 2 aggregation clauses. | [QueryDatasetAggregation](#querydatasetaggregation) | +| configuration | Has configuration information for the data in the export. The configuration will be ignored if aggregation and grouping are provided. | [QueryDatasetConfiguration](#querydatasetconfiguration) | +| filter | The filter expression to use in the query. Please reference our Query API REST documentation for how to properly format the filter. | [QueryFilter](#queryfilter) | +| granularity | The granularity of rows in the query. | 'Daily'
'Hourly' | +| grouping | Array of group by expression to use in the query. Query can have up to 2 group by clauses. | [QueryGrouping](#querygrouping)[] | +| sorting | Array of sorting by columns in query. | [QuerySortingConfiguration](#querysortingconfiguration)[] | + +### QueryDatasetAggregation + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### QueryDatasetConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| columns | Array of column names to be included in the query. Any valid query column name is allowed. If not provided, then query includes all columns. | string[] | + +### QueryDefinition + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| dataset | Has definition for data in this query. | [QueryDataset](#querydataset) | +| timeframe | The time frame for pulling data for the query. If custom, then a specific time period must be provided. | 'BillingMonthToDate'
'Custom'
'MonthToDate'
'TheLastBillingMonth'
'TheLastMonth'
'TheLastWeek'
'TheLastYear'
'WeekToDate'
'YearToDate' (required) | +| timePeriod | Has time period for pulling data for the query. | [QueryTimePeriod](#querytimeperiod) | +| type | The type of the query. | 'Usage' (required) | + +### QueryFilter + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| and | The logical "AND" expression. Must have at least 2 items. | [QueryFilter](#queryfilter)[] | +| dimension | Has comparison expression for a dimension | [QueryComparisonExpression](#querycomparisonexpression) | +| not | The logical "NOT" expression. | [QueryFilter](#queryfilter) | +| or | The logical "OR" expression. Must have at least 2 items. | [QueryFilter](#queryfilter)[] | +| tag | Has comparison expression for a tag | [QueryComparisonExpression](#querycomparisonexpression) | + +### QueryGrouping + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to group. | string (required) | +| type | Has type of the column to group. | 'Dimension'
'Tag' (required) | + +### QuerySortingConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to use in sorting. | string | +| querySortingDirection | The sorting direction | 'Ascending'
'Descending' | + +### QueryTimePeriod + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| from | The start date to pull data from. | string (required) | +| to | The end date to pull data to. | string (required) | + + +::: zone-end + +::: zone pivot="deployment-language-arm-template" + +## ARM template resource definition + +The exports resource type can be deployed with operations that target: + + + +For a list of changed properties in each API version, see [change log](~/microsoft.costmanagement/change-log/exports.md). + +## Resource format + +To create a Microsoft.CostManagement/exports resource, add the following JSON to your template. + +```json { "type": "Microsoft.CostManagement/exports", "apiVersion": "2019-01-01", @@ -337,152 +337,152 @@ To create a Microsoft.CostManagement/exports resource, add the following JSON to "status": "string" } } -} -``` -## Property Values -### Microsoft.CostManagement/exports - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| apiVersion | The api version | '2019-01-01' | -| name | The resource name | string (required) | -| properties | The properties of the export. | [ExportProperties](#exportproperties-1) | -| type | The resource type | 'Microsoft.CostManagement/exports' | - -### ExportDeliveryDestination - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| container | The name of the container where exports will be uploaded. | string (required) | -| resourceId | The resource id of the storage account where exports will be delivered. | string (required) | -| rootFolderPath | The name of the directory where exports will be uploaded. | string | - -### ExportDeliveryInfo - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| destination | Has destination for the export being delivered. | [ExportDeliveryDestination](#exportdeliverydestination-1) (required) | - -### ExportProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| definition | Has definition for the export. | [QueryDefinition](#querydefinition-1) (required) | -| deliveryInfo | Has delivery information for the export. | [ExportDeliveryInfo](#exportdeliveryinfo-1) (required) | -| format | The format of the export being delivered. | 'Csv' | -| schedule | Has schedule information for the export. | [ExportSchedule](#exportschedule-1) | - -### ExportRecurrencePeriod - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| from | The start date of recurrence. | string (required) | -| to | The end date of recurrence. | string | - -### ExportSchedule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| recurrence | The schedule recurrence. | 'Annually'
'Daily'
'Monthly'
'Weekly' (required) | -| recurrencePeriod | Has start and end date of the recurrence. The start date must be in future. If present, the end date must be greater than start date. | [ExportRecurrencePeriod](#exportrecurrenceperiod-1) | -| status | The status of the schedule. Whether active or not. If inactive, the export's scheduled execution is paused. | 'Active'
'Inactive' | - -### QueryAggregation - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| function | The name of the aggregation function to use. | 'Sum' (required) | -| name | The name of the column to aggregate. | string (required) | - -### QueryComparisonExpression - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to use in comparison. | string (required) | -| operator | The operator to use for comparison. | 'In' (required) | -| values | Array of values to use for comparison | string[] (required) | - -### QueryDataset - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| aggregation | Dictionary of aggregation expression to use in the query. The key of each item in the dictionary is the alias for the aggregated column. Query can have up to 2 aggregation clauses. | [QueryDatasetAggregation](#querydatasetaggregation-1) | -| configuration | Has configuration information for the data in the export. The configuration will be ignored if aggregation and grouping are provided. | [QueryDatasetConfiguration](#querydatasetconfiguration-1) | -| filter | The filter expression to use in the query. Please reference our Query API REST documentation for how to properly format the filter. | [QueryFilter](#queryfilter-1) | -| granularity | The granularity of rows in the query. | 'Daily'
'Hourly' | -| grouping | Array of group by expression to use in the query. Query can have up to 2 group by clauses. | [QueryGrouping](#querygrouping-1)[] | -| sorting | Array of sorting by columns in query. | [QuerySortingConfiguration](#querysortingconfiguration-1)[] | - -### QueryDatasetAggregation - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### QueryDatasetConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| columns | Array of column names to be included in the query. Any valid query column name is allowed. If not provided, then query includes all columns. | string[] | - -### QueryDefinition - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| dataset | Has definition for data in this query. | [QueryDataset](#querydataset-1) | -| timeframe | The time frame for pulling data for the query. If custom, then a specific time period must be provided. | 'BillingMonthToDate'
'Custom'
'MonthToDate'
'TheLastBillingMonth'
'TheLastMonth'
'TheLastWeek'
'TheLastYear'
'WeekToDate'
'YearToDate' (required) | -| timePeriod | Has time period for pulling data for the query. | [QueryTimePeriod](#querytimeperiod-1) | -| type | The type of the query. | 'Usage' (required) | - -### QueryFilter - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| and | The logical "AND" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-1)[] | -| dimension | Has comparison expression for a dimension | [QueryComparisonExpression](#querycomparisonexpression-1) | -| not | The logical "NOT" expression. | [QueryFilter](#queryfilter-1) | -| or | The logical "OR" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-1)[] | -| tag | Has comparison expression for a tag | [QueryComparisonExpression](#querycomparisonexpression-1) | - -### QueryGrouping - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to group. | string (required) | -| type | Has type of the column to group. | 'Dimension'
'Tag' (required) | - -### QuerySortingConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to use in sorting. | string | -| querySortingDirection | The sorting direction | 'Ascending'
'Descending' | - -### QueryTimePeriod - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| from | The start date to pull data from. | string (required) | -| to | The end date to pull data to. | string (required) | - -## Usage Examples - -::: zone-end - -::: zone pivot="deployment-language-terraform" - -## Terraform (AzAPI provider) resource definition - -The exports resource type can be deployed with operations that target: - - - -For a list of changed properties in each API version, see [change log](~/microsoft.costmanagement/change-log/exports.md). - -## Resource format - -To create a Microsoft.CostManagement/exports resource, add the following Terraform to your template. - -```terraform +} +``` +## Usage Examples +## Property Values +### Microsoft.CostManagement/exports + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| apiVersion | The api version | '2019-01-01' | +| name | The resource name | string (required) | +| properties | The properties of the export. | [ExportProperties](#exportproperties-1) | +| type | The resource type | 'Microsoft.CostManagement/exports' | + +### ExportDeliveryDestination + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| container | The name of the container where exports will be uploaded. | string (required) | +| resourceId | The resource id of the storage account where exports will be delivered. | string (required) | +| rootFolderPath | The name of the directory where exports will be uploaded. | string | + +### ExportDeliveryInfo + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| destination | Has destination for the export being delivered. | [ExportDeliveryDestination](#exportdeliverydestination-1) (required) | + +### ExportProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| definition | Has definition for the export. | [QueryDefinition](#querydefinition-1) (required) | +| deliveryInfo | Has delivery information for the export. | [ExportDeliveryInfo](#exportdeliveryinfo-1) (required) | +| format | The format of the export being delivered. | 'Csv' | +| schedule | Has schedule information for the export. | [ExportSchedule](#exportschedule-1) | + +### ExportRecurrencePeriod + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| from | The start date of recurrence. | string (required) | +| to | The end date of recurrence. | string | + +### ExportSchedule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| recurrence | The schedule recurrence. | 'Annually'
'Daily'
'Monthly'
'Weekly' (required) | +| recurrencePeriod | Has start and end date of the recurrence. The start date must be in future. If present, the end date must be greater than start date. | [ExportRecurrencePeriod](#exportrecurrenceperiod-1) | +| status | The status of the schedule. Whether active or not. If inactive, the export's scheduled execution is paused. | 'Active'
'Inactive' | + +### QueryAggregation + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| function | The name of the aggregation function to use. | 'Sum' (required) | +| name | The name of the column to aggregate. | string (required) | + +### QueryComparisonExpression + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to use in comparison. | string (required) | +| operator | The operator to use for comparison. | 'In' (required) | +| values | Array of values to use for comparison | string[] (required) | + +### QueryDataset + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| aggregation | Dictionary of aggregation expression to use in the query. The key of each item in the dictionary is the alias for the aggregated column. Query can have up to 2 aggregation clauses. | [QueryDatasetAggregation](#querydatasetaggregation-1) | +| configuration | Has configuration information for the data in the export. The configuration will be ignored if aggregation and grouping are provided. | [QueryDatasetConfiguration](#querydatasetconfiguration-1) | +| filter | The filter expression to use in the query. Please reference our Query API REST documentation for how to properly format the filter. | [QueryFilter](#queryfilter-1) | +| granularity | The granularity of rows in the query. | 'Daily'
'Hourly' | +| grouping | Array of group by expression to use in the query. Query can have up to 2 group by clauses. | [QueryGrouping](#querygrouping-1)[] | +| sorting | Array of sorting by columns in query. | [QuerySortingConfiguration](#querysortingconfiguration-1)[] | + +### QueryDatasetAggregation + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### QueryDatasetConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| columns | Array of column names to be included in the query. Any valid query column name is allowed. If not provided, then query includes all columns. | string[] | + +### QueryDefinition + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| dataset | Has definition for data in this query. | [QueryDataset](#querydataset-1) | +| timeframe | The time frame for pulling data for the query. If custom, then a specific time period must be provided. | 'BillingMonthToDate'
'Custom'
'MonthToDate'
'TheLastBillingMonth'
'TheLastMonth'
'TheLastWeek'
'TheLastYear'
'WeekToDate'
'YearToDate' (required) | +| timePeriod | Has time period for pulling data for the query. | [QueryTimePeriod](#querytimeperiod-1) | +| type | The type of the query. | 'Usage' (required) | + +### QueryFilter + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| and | The logical "AND" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-1)[] | +| dimension | Has comparison expression for a dimension | [QueryComparisonExpression](#querycomparisonexpression-1) | +| not | The logical "NOT" expression. | [QueryFilter](#queryfilter-1) | +| or | The logical "OR" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-1)[] | +| tag | Has comparison expression for a tag | [QueryComparisonExpression](#querycomparisonexpression-1) | + +### QueryGrouping + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to group. | string (required) | +| type | Has type of the column to group. | 'Dimension'
'Tag' (required) | + +### QuerySortingConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to use in sorting. | string | +| querySortingDirection | The sorting direction | 'Ascending'
'Descending' | + +### QueryTimePeriod + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| from | The start date to pull data from. | string (required) | +| to | The end date to pull data to. | string (required) | + + +::: zone-end + +::: zone pivot="deployment-language-terraform" + +## Terraform (AzAPI provider) resource definition + +The exports resource type can be deployed with operations that target: + + + +For a list of changed properties in each API version, see [change log](~/microsoft.costmanagement/change-log/exports.md). + +## Resource format + +To create a Microsoft.CostManagement/exports resource, add the following Terraform to your template. + +```terraform resource "azapi_resource" "symbolicname" { type = "Microsoft.CostManagement/exports@2019-01-01" name = "string" @@ -564,132 +564,132 @@ resource "azapi_resource" "symbolicname" { } } } -} -``` -## Property Values -### Microsoft.CostManagement/exports - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The resource name | string (required) | -| parent_id | The ID of the resource to apply this extension resource to. | string (required) | -| properties | The properties of the export. | [ExportProperties](#exportproperties-2) | -| type | The resource type | "Microsoft.CostManagement/exports@2019-01-01" | - -### ExportDeliveryDestination - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| container | The name of the container where exports will be uploaded. | string (required) | -| resourceId | The resource id of the storage account where exports will be delivered. | string (required) | -| rootFolderPath | The name of the directory where exports will be uploaded. | string | - -### ExportDeliveryInfo - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| destination | Has destination for the export being delivered. | [ExportDeliveryDestination](#exportdeliverydestination-2) (required) | - -### ExportProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| definition | Has definition for the export. | [QueryDefinition](#querydefinition-2) (required) | -| deliveryInfo | Has delivery information for the export. | [ExportDeliveryInfo](#exportdeliveryinfo-2) (required) | -| format | The format of the export being delivered. | 'Csv' | -| schedule | Has schedule information for the export. | [ExportSchedule](#exportschedule-2) | - -### ExportRecurrencePeriod - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| from | The start date of recurrence. | string (required) | -| to | The end date of recurrence. | string | - -### ExportSchedule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| recurrence | The schedule recurrence. | 'Annually'
'Daily'
'Monthly'
'Weekly' (required) | -| recurrencePeriod | Has start and end date of the recurrence. The start date must be in future. If present, the end date must be greater than start date. | [ExportRecurrencePeriod](#exportrecurrenceperiod-2) | -| status | The status of the schedule. Whether active or not. If inactive, the export's scheduled execution is paused. | 'Active'
'Inactive' | - -### QueryAggregation - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| function | The name of the aggregation function to use. | 'Sum' (required) | -| name | The name of the column to aggregate. | string (required) | - -### QueryComparisonExpression - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to use in comparison. | string (required) | -| operator | The operator to use for comparison. | 'In' (required) | -| values | Array of values to use for comparison | string[] (required) | - -### QueryDataset - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| aggregation | Dictionary of aggregation expression to use in the query. The key of each item in the dictionary is the alias for the aggregated column. Query can have up to 2 aggregation clauses. | [QueryDatasetAggregation](#querydatasetaggregation-2) | -| configuration | Has configuration information for the data in the export. The configuration will be ignored if aggregation and grouping are provided. | [QueryDatasetConfiguration](#querydatasetconfiguration-2) | -| filter | The filter expression to use in the query. Please reference our Query API REST documentation for how to properly format the filter. | [QueryFilter](#queryfilter-2) | -| granularity | The granularity of rows in the query. | 'Daily'
'Hourly' | -| grouping | Array of group by expression to use in the query. Query can have up to 2 group by clauses. | [QueryGrouping](#querygrouping-2)[] | -| sorting | Array of sorting by columns in query. | [QuerySortingConfiguration](#querysortingconfiguration-2)[] | - -### QueryDatasetAggregation - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### QueryDatasetConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| columns | Array of column names to be included in the query. Any valid query column name is allowed. If not provided, then query includes all columns. | string[] | - -### QueryDefinition - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| dataset | Has definition for data in this query. | [QueryDataset](#querydataset-2) | -| timeframe | The time frame for pulling data for the query. If custom, then a specific time period must be provided. | 'BillingMonthToDate'
'Custom'
'MonthToDate'
'TheLastBillingMonth'
'TheLastMonth'
'TheLastWeek'
'TheLastYear'
'WeekToDate'
'YearToDate' (required) | -| timePeriod | Has time period for pulling data for the query. | [QueryTimePeriod](#querytimeperiod-2) | -| type | The type of the query. | 'Usage' (required) | - -### QueryFilter - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| and | The logical "AND" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-2)[] | -| dimension | Has comparison expression for a dimension | [QueryComparisonExpression](#querycomparisonexpression-2) | -| not | The logical "NOT" expression. | [QueryFilter](#queryfilter-2) | -| or | The logical "OR" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-2)[] | -| tag | Has comparison expression for a tag | [QueryComparisonExpression](#querycomparisonexpression-2) | - -### QueryGrouping - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to group. | string (required) | -| type | Has type of the column to group. | 'Dimension'
'Tag' (required) | - -### QuerySortingConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | The name of the column to use in sorting. | string | -| querySortingDirection | The sorting direction | 'Ascending'
'Descending' | - -### QueryTimePeriod - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| from | The start date to pull data from. | string (required) | -| to | The end date to pull data to. | string (required) | - - -::: zone-end +} +``` +## Property Values +### Microsoft.CostManagement/exports + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The resource name | string (required) | +| parent_id | The ID of the resource to apply this extension resource to. | string (required) | +| properties | The properties of the export. | [ExportProperties](#exportproperties-2) | +| type | The resource type | "Microsoft.CostManagement/exports@2019-01-01" | + +### ExportDeliveryDestination + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| container | The name of the container where exports will be uploaded. | string (required) | +| resourceId | The resource id of the storage account where exports will be delivered. | string (required) | +| rootFolderPath | The name of the directory where exports will be uploaded. | string | + +### ExportDeliveryInfo + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| destination | Has destination for the export being delivered. | [ExportDeliveryDestination](#exportdeliverydestination-2) (required) | + +### ExportProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| definition | Has definition for the export. | [QueryDefinition](#querydefinition-2) (required) | +| deliveryInfo | Has delivery information for the export. | [ExportDeliveryInfo](#exportdeliveryinfo-2) (required) | +| format | The format of the export being delivered. | 'Csv' | +| schedule | Has schedule information for the export. | [ExportSchedule](#exportschedule-2) | + +### ExportRecurrencePeriod + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| from | The start date of recurrence. | string (required) | +| to | The end date of recurrence. | string | + +### ExportSchedule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| recurrence | The schedule recurrence. | 'Annually'
'Daily'
'Monthly'
'Weekly' (required) | +| recurrencePeriod | Has start and end date of the recurrence. The start date must be in future. If present, the end date must be greater than start date. | [ExportRecurrencePeriod](#exportrecurrenceperiod-2) | +| status | The status of the schedule. Whether active or not. If inactive, the export's scheduled execution is paused. | 'Active'
'Inactive' | + +### QueryAggregation + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| function | The name of the aggregation function to use. | 'Sum' (required) | +| name | The name of the column to aggregate. | string (required) | + +### QueryComparisonExpression + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to use in comparison. | string (required) | +| operator | The operator to use for comparison. | 'In' (required) | +| values | Array of values to use for comparison | string[] (required) | + +### QueryDataset + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| aggregation | Dictionary of aggregation expression to use in the query. The key of each item in the dictionary is the alias for the aggregated column. Query can have up to 2 aggregation clauses. | [QueryDatasetAggregation](#querydatasetaggregation-2) | +| configuration | Has configuration information for the data in the export. The configuration will be ignored if aggregation and grouping are provided. | [QueryDatasetConfiguration](#querydatasetconfiguration-2) | +| filter | The filter expression to use in the query. Please reference our Query API REST documentation for how to properly format the filter. | [QueryFilter](#queryfilter-2) | +| granularity | The granularity of rows in the query. | 'Daily'
'Hourly' | +| grouping | Array of group by expression to use in the query. Query can have up to 2 group by clauses. | [QueryGrouping](#querygrouping-2)[] | +| sorting | Array of sorting by columns in query. | [QuerySortingConfiguration](#querysortingconfiguration-2)[] | + +### QueryDatasetAggregation + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### QueryDatasetConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| columns | Array of column names to be included in the query. Any valid query column name is allowed. If not provided, then query includes all columns. | string[] | + +### QueryDefinition + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| dataset | Has definition for data in this query. | [QueryDataset](#querydataset-2) | +| timeframe | The time frame for pulling data for the query. If custom, then a specific time period must be provided. | 'BillingMonthToDate'
'Custom'
'MonthToDate'
'TheLastBillingMonth'
'TheLastMonth'
'TheLastWeek'
'TheLastYear'
'WeekToDate'
'YearToDate' (required) | +| timePeriod | Has time period for pulling data for the query. | [QueryTimePeriod](#querytimeperiod-2) | +| type | The type of the query. | 'Usage' (required) | + +### QueryFilter + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| and | The logical "AND" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-2)[] | +| dimension | Has comparison expression for a dimension | [QueryComparisonExpression](#querycomparisonexpression-2) | +| not | The logical "NOT" expression. | [QueryFilter](#queryfilter-2) | +| or | The logical "OR" expression. Must have at least 2 items. | [QueryFilter](#queryfilter-2)[] | +| tag | Has comparison expression for a tag | [QueryComparisonExpression](#querycomparisonexpression-2) | + +### QueryGrouping + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to group. | string (required) | +| type | Has type of the column to group. | 'Dimension'
'Tag' (required) | + +### QuerySortingConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | The name of the column to use in sorting. | string | +| querySortingDirection | The sorting direction | 'Ascending'
'Descending' | + +### QueryTimePeriod + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| from | The start date to pull data from. | string (required) | +| to | The end date to pull data to. | string (required) | + + +::: zone-end diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md index 5d883bb..092f7d1 100644 --- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md +++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md @@ -1,75 +1,75 @@ ---- -title: Microsoft.DocumentDB/databaseAccounts 2024-05-15 -description: Azure Microsoft.DocumentDB/databaseAccounts syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-05-15 -zone_pivot_groups: deployment-languages-reference -ms.service: azure-resource-manager -ms.topic: reference ---- -# Microsoft.DocumentDB databaseAccounts 2024-05-15 - -> [!div class="op_single_selector" title1="API Versions:"] -> - [Latest](../databaseaccounts.md) -> - [2024-12-01-preview](../2024-12-01-preview/databaseaccounts.md) -> - [2024-11-15](../2024-11-15/databaseaccounts.md) -> - [2024-09-01-preview](../2024-09-01-preview/databaseaccounts.md) -> - [2024-08-15](../2024-08-15/databaseaccounts.md) -> - [2024-05-15](../2024-05-15/databaseaccounts.md) -> - [2024-05-15-preview](../2024-05-15-preview/databaseaccounts.md) -> - [2024-02-15-preview](../2024-02-15-preview/databaseaccounts.md) -> - [2023-11-15](../2023-11-15/databaseaccounts.md) -> - [2023-11-15-preview](../2023-11-15-preview/databaseaccounts.md) -> - [2023-09-15](../2023-09-15/databaseaccounts.md) -> - [2023-09-15-preview](../2023-09-15-preview/databaseaccounts.md) -> - [2023-04-15](../2023-04-15/databaseaccounts.md) -> - [2023-03-15](../2023-03-15/databaseaccounts.md) -> - [2023-03-15-preview](../2023-03-15-preview/databaseaccounts.md) -> - [2023-03-01-preview](../2023-03-01-preview/databaseaccounts.md) -> - [2022-11-15](../2022-11-15/databaseaccounts.md) -> - [2022-11-15-preview](../2022-11-15-preview/databaseaccounts.md) -> - [2022-08-15](../2022-08-15/databaseaccounts.md) -> - [2022-08-15-preview](../2022-08-15-preview/databaseaccounts.md) -> - [2022-05-15](../2022-05-15/databaseaccounts.md) -> - [2022-05-15-preview](../2022-05-15-preview/databaseaccounts.md) -> - [2022-02-15-preview](../2022-02-15-preview/databaseaccounts.md) -> - [2021-11-15-preview](../2021-11-15-preview/databaseaccounts.md) -> - [2021-10-15](../2021-10-15/databaseaccounts.md) -> - [2021-10-15-preview](../2021-10-15-preview/databaseaccounts.md) -> - [2021-07-01-preview](../2021-07-01-preview/databaseaccounts.md) -> - [2021-06-15](../2021-06-15/databaseaccounts.md) -> - [2021-05-15](../2021-05-15/databaseaccounts.md) -> - [2021-04-15](../2021-04-15/databaseaccounts.md) -> - [2021-04-01-preview](../2021-04-01-preview/databaseaccounts.md) -> - [2021-03-15](../2021-03-15/databaseaccounts.md) -> - [2021-03-01-preview](../2021-03-01-preview/databaseaccounts.md) -> - [2021-01-15](../2021-01-15/databaseaccounts.md) -> - [2020-09-01](../2020-09-01/databaseaccounts.md) -> - [2020-06-01-preview](../2020-06-01-preview/databaseaccounts.md) -> - [2020-04-01](../2020-04-01/databaseaccounts.md) -> - [2020-03-01](../2020-03-01/databaseaccounts.md) -> - [2019-12-12](../2019-12-12/databaseaccounts.md) -> - [2019-08-01](../2019-08-01/databaseaccounts.md) -> - [2016-03-31](../2016-03-31/databaseaccounts.md) -> - [2016-03-19](../2016-03-19/databaseaccounts.md) -> - [2015-11-06](../2015-11-06/databaseaccounts.md) -> - [2015-04-08](../2015-04-08/databaseaccounts.md) -> - [2015-04-01](../2015-04-01/databaseaccounts.md) - - -::: zone pivot="deployment-language-bicep" - -## Bicep resource definition - -The databaseAccounts resource type can be deployed with operations that target: - -* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group) - -For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md). - -## Resource format - -To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Bicep to your template. - -```bicep +--- +title: Microsoft.DocumentDB/databaseAccounts 2024-05-15 +description: Azure Microsoft.DocumentDB/databaseAccounts syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-05-15 +zone_pivot_groups: deployment-languages-reference +ms.service: azure-resource-manager +ms.topic: reference +--- +# Microsoft.DocumentDB databaseAccounts 2024-05-15 + +> [!div class="op_single_selector" title1="API Versions:"] +> - [Latest](../databaseaccounts.md) +> - [2024-12-01-preview](../2024-12-01-preview/databaseaccounts.md) +> - [2024-11-15](../2024-11-15/databaseaccounts.md) +> - [2024-09-01-preview](../2024-09-01-preview/databaseaccounts.md) +> - [2024-08-15](../2024-08-15/databaseaccounts.md) +> - [2024-05-15](../2024-05-15/databaseaccounts.md) +> - [2024-05-15-preview](../2024-05-15-preview/databaseaccounts.md) +> - [2024-02-15-preview](../2024-02-15-preview/databaseaccounts.md) +> - [2023-11-15](../2023-11-15/databaseaccounts.md) +> - [2023-11-15-preview](../2023-11-15-preview/databaseaccounts.md) +> - [2023-09-15](../2023-09-15/databaseaccounts.md) +> - [2023-09-15-preview](../2023-09-15-preview/databaseaccounts.md) +> - [2023-04-15](../2023-04-15/databaseaccounts.md) +> - [2023-03-15](../2023-03-15/databaseaccounts.md) +> - [2023-03-15-preview](../2023-03-15-preview/databaseaccounts.md) +> - [2023-03-01-preview](../2023-03-01-preview/databaseaccounts.md) +> - [2022-11-15](../2022-11-15/databaseaccounts.md) +> - [2022-11-15-preview](../2022-11-15-preview/databaseaccounts.md) +> - [2022-08-15](../2022-08-15/databaseaccounts.md) +> - [2022-08-15-preview](../2022-08-15-preview/databaseaccounts.md) +> - [2022-05-15](../2022-05-15/databaseaccounts.md) +> - [2022-05-15-preview](../2022-05-15-preview/databaseaccounts.md) +> - [2022-02-15-preview](../2022-02-15-preview/databaseaccounts.md) +> - [2021-11-15-preview](../2021-11-15-preview/databaseaccounts.md) +> - [2021-10-15](../2021-10-15/databaseaccounts.md) +> - [2021-10-15-preview](../2021-10-15-preview/databaseaccounts.md) +> - [2021-07-01-preview](../2021-07-01-preview/databaseaccounts.md) +> - [2021-06-15](../2021-06-15/databaseaccounts.md) +> - [2021-05-15](../2021-05-15/databaseaccounts.md) +> - [2021-04-15](../2021-04-15/databaseaccounts.md) +> - [2021-04-01-preview](../2021-04-01-preview/databaseaccounts.md) +> - [2021-03-15](../2021-03-15/databaseaccounts.md) +> - [2021-03-01-preview](../2021-03-01-preview/databaseaccounts.md) +> - [2021-01-15](../2021-01-15/databaseaccounts.md) +> - [2020-09-01](../2020-09-01/databaseaccounts.md) +> - [2020-06-01-preview](../2020-06-01-preview/databaseaccounts.md) +> - [2020-04-01](../2020-04-01/databaseaccounts.md) +> - [2020-03-01](../2020-03-01/databaseaccounts.md) +> - [2019-12-12](../2019-12-12/databaseaccounts.md) +> - [2019-08-01](../2019-08-01/databaseaccounts.md) +> - [2016-03-31](../2016-03-31/databaseaccounts.md) +> - [2016-03-19](../2016-03-19/databaseaccounts.md) +> - [2015-11-06](../2015-11-06/databaseaccounts.md) +> - [2015-04-08](../2015-04-08/databaseaccounts.md) +> - [2015-04-01](../2015-04-01/databaseaccounts.md) + + +::: zone pivot="deployment-language-bicep" + +## Bicep resource definition + +The databaseAccounts resource type can be deployed with operations that target: + +* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group) + +For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md). + +## Resource format + +To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Bicep to your template. + +```bicep resource symbolicname 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = { identity: { type: 'string' @@ -186,26 +186,26 @@ resource symbolicname 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = { tags: { {customized property}: 'string' } -} -``` -### BackupPolicy objects - -Set the **type** property to specify the type of object. - -For **Continuous**, use: - -```bicep +} +``` +### BackupPolicy objects + +Set the **type** property to specify the type of object. + +For **Continuous**, use: + +```bicep { continuousModeProperties: { tier: 'string' } type: 'Continuous' -} -``` - -For **Periodic**, use: - -```bicep +} +``` + +For **Periodic**, use: + +```bicep { periodicModeProperties: { backupIntervalInMinutes: int @@ -213,271 +213,271 @@ For **Periodic**, use: backupStorageRedundancy: 'string' } type: 'Periodic' -} -``` - -## Property Values -### Microsoft.DocumentDB/databaseAccounts - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity) | -| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'
'MongoDB'
'Parse' | -| location | The location of the resource group to which the resource belongs. | string | -| name | The resource name | string

Constraints:
Min length = 3
Max length = 50
Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) | -| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties) (required) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | - -### AnalyticalStorageConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'
'WellDefined' | - -### ApiProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'
'3.6'
'4.0'
'4.2'
'5.0'
'6.0' | - -### BackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate) | -| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy). | 'Continuous'
'Periodic' (required) | - -### BackupPolicyMigrationState - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| startTime | Time at which the backup policy migration started (ISO-8601 format). | string | -| status | Describes the status of migration between backup policy types. | 'Completed'
'Failed'
'InProgress'
'Invalid' | -| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'
'Periodic' | - -### Capability - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string | - -### Capacity - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int

Constraints:
Min value = -1 | - -### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### ConsistencyPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required) | -| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 5
Max value = 86400 | -| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 1
Max value = 2147483647 | - -### ContinuousModeBackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties) | -| type | Describes the mode of backups. | 'Continuous' (required) | - -### ContinuousModeProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'
'Continuous7Days' | - -### CorsPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string | -| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string | -| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) | -| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string | -| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int

Constraints:
Min value = 1
Max value = 2147483647 | - -### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration) | -| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties) | -| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy) | -| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability)[] | -| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity) | -| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' | -| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy) | -| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy)[] | -| createMode | Enum to indicate the mode of account creation. | 'Default'
'Restore' | -| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string | -| databaseAccountOfferType | The offer type for the database | 'Standard' (required) | -| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string | -| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool | -| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool | -| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool | -| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool | -| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool | -| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool | -| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool | -| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool | -| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool | -| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange)[] | -| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool | -| keyVaultKeyUri | The URI of the key vault | string | -| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location)[] (required) | -| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'
'Tls11'
'Tls12' | -| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'
'None' | -| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] | -| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'
'Enabled'
'SecuredByPerimeter' | -| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters) | -| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule)[] | - -### DatabaseRestoreResource - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| collectionNames | The names of the collections available for restore. | string[] | -| databaseName | The name of the database available for restore. | string | - -### GremlinDatabaseRestoreResource - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| databaseName | The name of the gremlin database available for restore. | string | -| graphNames | The names of the graphs available for restore. | string[] | - -### IpAddressOrRange - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string | - -### Location - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int

Constraints:
Min value = 0 | -| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool | -| locationName | The name of the region. | string | - -### ManagedServiceIdentity - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' | -| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities) | - -### ManagedServiceIdentityUserAssignedIdentities - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### PeriodicModeBackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties) | -| type | Describes the mode of backups. | 'Periodic' (required) | - -### PeriodicModeProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int

Constraints:
Min value = 0 | -| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int

Constraints:
Min value = 0 | -| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'
'Local'
'Zone' | - -### RestoreParameters - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource)[] | -| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource)[] | -| restoreMode | Describes the mode of the restore. | 'PointInTime' | -| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string | -| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string | -| tablesToRestore | List of specific tables available for restore. | string[] | - -### Tags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### VirtualNetworkRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string | -| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool | - -## Usage Examples -### Azure Verified Modules - -The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Module | Description | -> | ----- | ----- | -> | [CosmosDB Database Account](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/document-db/database-account) | AVM Resource Module for CosmosDB Database Account | - -### Azure Quickstart Samples - -The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type. - -> [!div class="mx-tableFixed"] -> | Bicep File | Description | -> | ----- | ----- | -> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. | -> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp/main.bicep) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. | -> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account/main.bicep) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. | -> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free/main.bicep) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. | -> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal/main.bicep) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. | -> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless/main.bicep) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. | -> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp/main.bicep) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. | -> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. | -> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. | -> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. | -> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. | -> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. | -> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. | -> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. | -> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. | -> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account/main.bicep) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. | -> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. | -> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint/main.bicep) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. | -> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac/main.bicep) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. | -> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account/main.bicep) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values | -> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. | -> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs/main.bicep) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. | -> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob/main.bicep) | Create a Dapr microservices app using Container Apps. | -> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. | -> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db/main.bicep) | Deploy Azure Data Explorer DB with Cosmos DB connection. | - - -::: zone-end - -::: zone pivot="deployment-language-arm-template" - -## ARM template resource definition - -The databaseAccounts resource type can be deployed with operations that target: - -* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group) - -For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md). - -## Resource format - -To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JSON to your template. - -```json +} +``` + +## Usage Examples +### Azure Verified Modules + +The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Module | Description | +> | ----- | ----- | +> | [CosmosDB Database Account](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/document-db/database-account) | AVM Resource Module for CosmosDB Database Account | + +### Azure Quickstart Samples + +The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type. + +> [!div class="mx-tableFixed"] +> | Bicep File | Description | +> | ----- | ----- | +> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. | +> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp/main.bicep) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. | +> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account/main.bicep) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. | +> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free/main.bicep) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. | +> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal/main.bicep) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. | +> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless/main.bicep) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. | +> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp/main.bicep) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. | +> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. | +> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. | +> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. | +> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. | +> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. | +> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. | +> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. | +> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. | +> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account/main.bicep) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. | +> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. | +> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint/main.bicep) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. | +> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac/main.bicep) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. | +> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account/main.bicep) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values | +> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. | +> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs/main.bicep) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. | +> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob/main.bicep) | Create a Dapr microservices app using Container Apps. | +> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. | +> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db/main.bicep) | Deploy Azure Data Explorer DB with Cosmos DB connection. | + +## Property Values +### Microsoft.DocumentDB/databaseAccounts + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity) | +| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'
'MongoDB'
'Parse' | +| location | The location of the resource group to which the resource belongs. | string | +| name | The resource name | string

Constraints:
Min length = 3
Max length = 50
Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) | +| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties) (required) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | + +### AnalyticalStorageConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'
'WellDefined' | + +### ApiProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'
'3.6'
'4.0'
'4.2'
'5.0'
'6.0' | + +### BackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate) | +| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy). | 'Continuous'
'Periodic' (required) | + +### BackupPolicyMigrationState + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| startTime | Time at which the backup policy migration started (ISO-8601 format). | string | +| status | Describes the status of migration between backup policy types. | 'Completed'
'Failed'
'InProgress'
'Invalid' | +| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'
'Periodic' | + +### Capability + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string | + +### Capacity + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int

Constraints:
Min value = -1 | + +### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### ConsistencyPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required) | +| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 5
Max value = 86400 | +| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 1
Max value = 2147483647 | + +### ContinuousModeBackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties) | +| type | Describes the mode of backups. | 'Continuous' (required) | + +### ContinuousModeProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'
'Continuous7Days' | + +### CorsPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string | +| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string | +| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) | +| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string | +| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int

Constraints:
Min value = 1
Max value = 2147483647 | + +### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration) | +| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties) | +| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy) | +| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability)[] | +| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity) | +| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' | +| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy) | +| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy)[] | +| createMode | Enum to indicate the mode of account creation. | 'Default'
'Restore' | +| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string | +| databaseAccountOfferType | The offer type for the database | 'Standard' (required) | +| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string | +| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool | +| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool | +| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool | +| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool | +| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool | +| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool | +| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool | +| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool | +| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool | +| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange)[] | +| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool | +| keyVaultKeyUri | The URI of the key vault | string | +| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location)[] (required) | +| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'
'Tls11'
'Tls12' | +| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'
'None' | +| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] | +| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'
'Enabled'
'SecuredByPerimeter' | +| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters) | +| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule)[] | + +### DatabaseRestoreResource + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| collectionNames | The names of the collections available for restore. | string[] | +| databaseName | The name of the database available for restore. | string | + +### GremlinDatabaseRestoreResource + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| databaseName | The name of the gremlin database available for restore. | string | +| graphNames | The names of the graphs available for restore. | string[] | + +### IpAddressOrRange + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string | + +### Location + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int

Constraints:
Min value = 0 | +| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool | +| locationName | The name of the region. | string | + +### ManagedServiceIdentity + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' | +| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities) | + +### ManagedServiceIdentityUserAssignedIdentities + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### PeriodicModeBackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties) | +| type | Describes the mode of backups. | 'Periodic' (required) | + +### PeriodicModeProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int

Constraints:
Min value = 0 | +| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int

Constraints:
Min value = 0 | +| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'
'Local'
'Zone' | + +### RestoreParameters + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource)[] | +| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource)[] | +| restoreMode | Describes the mode of the restore. | 'PointInTime' | +| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string | +| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string | +| tablesToRestore | List of specific tables available for restore. | string[] | + +### Tags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### VirtualNetworkRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string | +| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool | + + +::: zone-end + +::: zone pivot="deployment-language-arm-template" + +## ARM template resource definition + +The databaseAccounts resource type can be deployed with operations that target: + +* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group) + +For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md). + +## Resource format + +To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JSON to your template. + +```json { "type": "Microsoft.DocumentDB/databaseAccounts", "apiVersion": "2024-05-15", @@ -589,26 +589,26 @@ To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JS "tags": { "{customized property}": "string" } -} -``` -### BackupPolicy objects - -Set the **type** property to specify the type of object. - -For **Continuous**, use: - -```json +} +``` +### BackupPolicy objects + +Set the **type** property to specify the type of object. + +For **Continuous**, use: + +```json { "continuousModeProperties": { "tier": "string" }, "type": "Continuous" -} -``` - -For **Periodic**, use: - -```json +} +``` + +For **Periodic**, use: + +```json { "periodicModeProperties": { "backupIntervalInMinutes": "int", @@ -616,267 +616,267 @@ For **Periodic**, use: "backupStorageRedundancy": "string" }, "type": "Periodic" -} -``` - -## Property Values -### Microsoft.DocumentDB/databaseAccounts - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| apiVersion | The api version | '2024-05-15' | -| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-1) | -| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'
'MongoDB'
'Parse' | -| location | The location of the resource group to which the resource belongs. | string | -| name | The resource name | string

Constraints:
Min length = 3
Max length = 50
Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) | -| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-1) (required) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | -| type | The resource type | 'Microsoft.DocumentDB/databaseAccounts' | - -### AnalyticalStorageConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'
'WellDefined' | - -### ApiProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'
'3.6'
'4.0'
'4.2'
'5.0'
'6.0' | - -### BackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-1) | -| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-1). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-1). | 'Continuous'
'Periodic' (required) | - -### BackupPolicyMigrationState - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| startTime | Time at which the backup policy migration started (ISO-8601 format). | string | -| status | Describes the status of migration between backup policy types. | 'Completed'
'Failed'
'InProgress'
'Invalid' | -| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'
'Periodic' | - -### Capability - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string | - -### Capacity - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int

Constraints:
Min value = -1 | - -### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### ConsistencyPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required) | -| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 5
Max value = 86400 | -| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 1
Max value = 2147483647 | - -### ContinuousModeBackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-1) | -| type | Describes the mode of backups. | 'Continuous' (required) | - -### ContinuousModeProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'
'Continuous7Days' | - -### CorsPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string | -| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string | -| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) | -| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string | -| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int

Constraints:
Min value = 1
Max value = 2147483647 | - -### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-1) | -| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-1) | -| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-1) | -| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-1)[] | -| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-1) | -| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' | -| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-1) | -| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-1)[] | -| createMode | Enum to indicate the mode of account creation. | 'Default'
'Restore' | -| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string | -| databaseAccountOfferType | The offer type for the database | 'Standard' (required) | -| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string | -| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool | -| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool | -| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool | -| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool | -| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool | -| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool | -| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool | -| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool | -| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool | -| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-1)[] | -| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool | -| keyVaultKeyUri | The URI of the key vault | string | -| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-1)[] (required) | -| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'
'Tls11'
'Tls12' | -| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'
'None' | -| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] | -| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'
'Enabled'
'SecuredByPerimeter' | -| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-1) | -| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-1)[] | - -### DatabaseRestoreResource - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| collectionNames | The names of the collections available for restore. | string[] | -| databaseName | The name of the database available for restore. | string | - -### GremlinDatabaseRestoreResource - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| databaseName | The name of the gremlin database available for restore. | string | -| graphNames | The names of the graphs available for restore. | string[] | - -### IpAddressOrRange - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string | - -### Location - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int

Constraints:
Min value = 0 | -| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool | -| locationName | The name of the region. | string | - -### ManagedServiceIdentity - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' | -| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-1) | - -### ManagedServiceIdentityUserAssignedIdentities - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### PeriodicModeBackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-1) | -| type | Describes the mode of backups. | 'Periodic' (required) | - -### PeriodicModeProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int

Constraints:
Min value = 0 | -| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int

Constraints:
Min value = 0 | -| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'
'Local'
'Zone' | - -### RestoreParameters - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-1)[] | -| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-1)[] | -| restoreMode | Describes the mode of the restore. | 'PointInTime' | -| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string | -| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string | -| tablesToRestore | List of specific tables available for restore. | string[] | - -### Tags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### VirtualNetworkRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string | -| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool | - -## Usage Examples -### Azure Quickstart Templates - -The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Template | Description | -> | ----- | ----- | -> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-analytical-store%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. | -> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fdocumentdb-webapp%2Fazuredeploy.json) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. | -> | [CI/CD using Jenkins on Azure Container Service (AKS)](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/jenkins/jenkins-cicd-container)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fjenkins%2Fjenkins-cicd-container%2Fazuredeploy.json) | Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. | -> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fmicrosoft-defender-cosmosdb-create-account%2Fazuredeploy.json) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. | -> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-free%2Fazuredeploy.json) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. | -> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-minimal%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. | -> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-serverless%2Fazuredeploy.json) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. | -> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-webapp%2Fazuredeploy.json) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. | -> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. | -> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. | -> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. | -> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. | -> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. | -> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. | -> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. | -> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. | -> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-multi-region-account%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. | -> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. | -> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-private-endpoint%2Fazuredeploy.json) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. | -> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-rbac%2Fazuredeploy.json) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. | -> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-account%2Fazuredeploy.json) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values | -> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. | -> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-container-sprocs%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. | -> | [Create Azure Cosmos with SQL API and multiple containers](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-multiple-containers)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-multiple-containers%2Fazuredeploy.json) | The template creates a Cosmos container with a SQL API and allows adding mulitple containers. | -> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-blob%2Fazuredeploy.json) | Create a Dapr microservices app using Container Apps. | -> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. | -> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.kusto%2Fkusto-cosmos-db%2Fazuredeploy.json) | Deploy Azure Data Explorer DB with Cosmos DB connection. | -> | [Web App with a SQL Database, Azure Cosmos DB, Azure Search](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/web-app-sql-docdb-search)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fweb-app-sql-docdb-search%2Fazuredeploy.json) | This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights. | - - -::: zone-end - -::: zone pivot="deployment-language-terraform" - -## Terraform (AzAPI provider) resource definition - -The databaseAccounts resource type can be deployed with operations that target: - -* **Resource groups** - -For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md). - -## Resource format - -To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Terraform to your template. - -```terraform +} +``` + +## Usage Examples +### Azure Quickstart Templates + +The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Template | Description | +> | ----- | ----- | +> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-analytical-store%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. | +> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fdocumentdb-webapp%2Fazuredeploy.json) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. | +> | [CI/CD using Jenkins on Azure Container Service (AKS)](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/jenkins/jenkins-cicd-container)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fjenkins%2Fjenkins-cicd-container%2Fazuredeploy.json) | Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. | +> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fmicrosoft-defender-cosmosdb-create-account%2Fazuredeploy.json) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. | +> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-free%2Fazuredeploy.json) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. | +> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-minimal%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. | +> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-serverless%2Fazuredeploy.json) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. | +> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-webapp%2Fazuredeploy.json) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. | +> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. | +> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. | +> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. | +> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. | +> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. | +> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. | +> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. | +> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. | +> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-multi-region-account%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. | +> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. | +> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-private-endpoint%2Fazuredeploy.json) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. | +> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-rbac%2Fazuredeploy.json) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. | +> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-account%2Fazuredeploy.json) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values | +> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. | +> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-container-sprocs%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. | +> | [Create Azure Cosmos with SQL API and multiple containers](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-multiple-containers)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-multiple-containers%2Fazuredeploy.json) | The template creates a Cosmos container with a SQL API and allows adding mulitple containers. | +> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-blob%2Fazuredeploy.json) | Create a Dapr microservices app using Container Apps. | +> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. | +> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.kusto%2Fkusto-cosmos-db%2Fazuredeploy.json) | Deploy Azure Data Explorer DB with Cosmos DB connection. | +> | [Web App with a SQL Database, Azure Cosmos DB, Azure Search](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/web-app-sql-docdb-search)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fweb-app-sql-docdb-search%2Fazuredeploy.json) | This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights. | + +## Property Values +### Microsoft.DocumentDB/databaseAccounts + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| apiVersion | The api version | '2024-05-15' | +| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-1) | +| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'
'MongoDB'
'Parse' | +| location | The location of the resource group to which the resource belongs. | string | +| name | The resource name | string

Constraints:
Min length = 3
Max length = 50
Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) | +| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-1) (required) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | +| type | The resource type | 'Microsoft.DocumentDB/databaseAccounts' | + +### AnalyticalStorageConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'
'WellDefined' | + +### ApiProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'
'3.6'
'4.0'
'4.2'
'5.0'
'6.0' | + +### BackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-1) | +| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-1). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-1). | 'Continuous'
'Periodic' (required) | + +### BackupPolicyMigrationState + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| startTime | Time at which the backup policy migration started (ISO-8601 format). | string | +| status | Describes the status of migration between backup policy types. | 'Completed'
'Failed'
'InProgress'
'Invalid' | +| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'
'Periodic' | + +### Capability + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string | + +### Capacity + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int

Constraints:
Min value = -1 | + +### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### ConsistencyPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required) | +| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 5
Max value = 86400 | +| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 1
Max value = 2147483647 | + +### ContinuousModeBackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-1) | +| type | Describes the mode of backups. | 'Continuous' (required) | + +### ContinuousModeProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'
'Continuous7Days' | + +### CorsPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string | +| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string | +| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) | +| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string | +| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int

Constraints:
Min value = 1
Max value = 2147483647 | + +### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-1) | +| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-1) | +| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-1) | +| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-1)[] | +| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-1) | +| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' | +| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-1) | +| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-1)[] | +| createMode | Enum to indicate the mode of account creation. | 'Default'
'Restore' | +| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string | +| databaseAccountOfferType | The offer type for the database | 'Standard' (required) | +| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string | +| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool | +| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool | +| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool | +| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool | +| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool | +| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool | +| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool | +| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool | +| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool | +| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-1)[] | +| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool | +| keyVaultKeyUri | The URI of the key vault | string | +| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-1)[] (required) | +| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'
'Tls11'
'Tls12' | +| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'
'None' | +| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] | +| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'
'Enabled'
'SecuredByPerimeter' | +| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-1) | +| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-1)[] | + +### DatabaseRestoreResource + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| collectionNames | The names of the collections available for restore. | string[] | +| databaseName | The name of the database available for restore. | string | + +### GremlinDatabaseRestoreResource + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| databaseName | The name of the gremlin database available for restore. | string | +| graphNames | The names of the graphs available for restore. | string[] | + +### IpAddressOrRange + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string | + +### Location + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int

Constraints:
Min value = 0 | +| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool | +| locationName | The name of the region. | string | + +### ManagedServiceIdentity + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' | +| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-1) | + +### ManagedServiceIdentityUserAssignedIdentities + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### PeriodicModeBackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-1) | +| type | Describes the mode of backups. | 'Periodic' (required) | + +### PeriodicModeProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int

Constraints:
Min value = 0 | +| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int

Constraints:
Min value = 0 | +| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'
'Local'
'Zone' | + +### RestoreParameters + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-1)[] | +| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-1)[] | +| restoreMode | Describes the mode of the restore. | 'PointInTime' | +| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string | +| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string | +| tablesToRestore | List of specific tables available for restore. | string[] | + +### Tags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### VirtualNetworkRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string | +| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool | + + +::: zone-end + +::: zone pivot="deployment-language-terraform" + +## Terraform (AzAPI provider) resource definition + +The databaseAccounts resource type can be deployed with operations that target: + +* **Resource groups** + +For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md). + +## Resource format + +To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Terraform to your template. + +```terraform resource "azapi_resource" "symbolicname" { type = "Microsoft.DocumentDB/databaseAccounts@2024-05-15" name = "string" @@ -997,26 +997,26 @@ resource "azapi_resource" "symbolicname" { ] } } -} -``` -### BackupPolicy objects - -Set the **type** property to specify the type of object. - -For **Continuous**, use: - -```terraform +} +``` +### BackupPolicy objects + +Set the **type** property to specify the type of object. + +For **Continuous**, use: + +```terraform { continuousModeProperties = { tier = "string" } type = "Continuous" -} -``` - -For **Periodic**, use: - -```terraform +} +``` + +For **Periodic**, use: + +```terraform { periodicModeProperties = { backupIntervalInMinutes = int @@ -1024,210 +1024,210 @@ For **Periodic**, use: backupStorageRedundancy = "string" } type = "Periodic" -} -``` - -## Property Values -### Microsoft.DocumentDB/databaseAccounts - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-2) | -| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'
'MongoDB'
'Parse' | -| location | The location of the resource group to which the resource belongs. | string | -| name | The resource name | string

Constraints:
Min length = 3
Max length = 50
Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) | -| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-2) (required) | -| tags | Resource tags | Dictionary of tag names and values. | -| type | The resource type | "Microsoft.DocumentDB/databaseAccounts@2024-05-15" | - -### AnalyticalStorageConfiguration - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'
'WellDefined' | - -### ApiProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'
'3.6'
'4.0'
'4.2'
'5.0'
'6.0' | - -### BackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-2) | -| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-2). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-2). | 'Continuous'
'Periodic' (required) | - -### BackupPolicyMigrationState - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| startTime | Time at which the backup policy migration started (ISO-8601 format). | string | -| status | Describes the status of migration between backup policy types. | 'Completed'
'Failed'
'InProgress'
'Invalid' | -| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'
'Periodic' | - -### Capability - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string | - -### Capacity - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int

Constraints:
Min value = -1 | - -### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### ConsistencyPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required) | -| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 5
Max value = 86400 | -| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 1
Max value = 2147483647 | - -### ContinuousModeBackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-2) | -| type | Describes the mode of backups. | 'Continuous' (required) | - -### ContinuousModeProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'
'Continuous7Days' | - -### CorsPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string | -| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string | -| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) | -| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string | -| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int

Constraints:
Min value = 1
Max value = 2147483647 | - -### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-2) | -| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-2) | -| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-2) | -| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-2)[] | -| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-2) | -| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' | -| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-2) | -| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-2)[] | -| createMode | Enum to indicate the mode of account creation. | 'Default'
'Restore' | -| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string | -| databaseAccountOfferType | The offer type for the database | 'Standard' (required) | -| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string | -| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool | -| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool | -| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool | -| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool | -| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool | -| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool | -| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool | -| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool | -| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool | -| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-2)[] | -| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool | -| keyVaultKeyUri | The URI of the key vault | string | -| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-2)[] (required) | -| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'
'Tls11'
'Tls12' | -| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'
'None' | -| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] | -| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'
'Enabled'
'SecuredByPerimeter' | -| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-2) | -| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-2)[] | - -### DatabaseRestoreResource - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| collectionNames | The names of the collections available for restore. | string[] | -| databaseName | The name of the database available for restore. | string | - -### GremlinDatabaseRestoreResource - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| databaseName | The name of the gremlin database available for restore. | string | -| graphNames | The names of the graphs available for restore. | string[] | - -### IpAddressOrRange - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string | - -### Location - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int

Constraints:
Min value = 0 | -| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool | -| locationName | The name of the region. | string | - -### ManagedServiceIdentity - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' | -| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-2) | - -### ManagedServiceIdentityUserAssignedIdentities - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### PeriodicModeBackupPolicy - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-2) | -| type | Describes the mode of backups. | 'Periodic' (required) | - -### PeriodicModeProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int

Constraints:
Min value = 0 | -| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int

Constraints:
Min value = 0 | -| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'
'Local'
'Zone' | - -### RestoreParameters - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-2)[] | -| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-2)[] | -| restoreMode | Describes the mode of the restore. | 'PointInTime' | -| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string | -| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string | -| tablesToRestore | List of specific tables available for restore. | string[] | - -### Tags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### VirtualNetworkRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string | -| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool | - - -::: zone-end +} +``` + +## Property Values +### Microsoft.DocumentDB/databaseAccounts + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-2) | +| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'
'MongoDB'
'Parse' | +| location | The location of the resource group to which the resource belongs. | string | +| name | The resource name | string

Constraints:
Min length = 3
Max length = 50
Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) | +| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-2) (required) | +| tags | Resource tags | Dictionary of tag names and values. | +| type | The resource type | "Microsoft.DocumentDB/databaseAccounts@2024-05-15" | + +### AnalyticalStorageConfiguration + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'
'WellDefined' | + +### ApiProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'
'3.6'
'4.0'
'4.2'
'5.0'
'6.0' | + +### BackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-2) | +| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-2). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-2). | 'Continuous'
'Periodic' (required) | + +### BackupPolicyMigrationState + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| startTime | Time at which the backup policy migration started (ISO-8601 format). | string | +| status | Describes the status of migration between backup policy types. | 'Completed'
'Failed'
'InProgress'
'Invalid' | +| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'
'Periodic' | + +### Capability + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string | + +### Capacity + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int

Constraints:
Min value = -1 | + +### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### ConsistencyPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required) | +| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 5
Max value = 86400 | +| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int

Constraints:
Min value = 1
Max value = 2147483647 | + +### ContinuousModeBackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-2) | +| type | Describes the mode of backups. | 'Continuous' (required) | + +### ContinuousModeProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'
'Continuous7Days' | + +### CorsPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string | +| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string | +| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) | +| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string | +| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int

Constraints:
Min value = 1
Max value = 2147483647 | + +### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-2) | +| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-2) | +| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-2) | +| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-2)[] | +| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-2) | +| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' | +| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-2) | +| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-2)[] | +| createMode | Enum to indicate the mode of account creation. | 'Default'
'Restore' | +| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string | +| databaseAccountOfferType | The offer type for the database | 'Standard' (required) | +| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string | +| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool | +| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool | +| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool | +| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool | +| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool | +| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool | +| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool | +| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool | +| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool | +| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-2)[] | +| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool | +| keyVaultKeyUri | The URI of the key vault | string | +| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-2)[] (required) | +| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'
'Tls11'
'Tls12' | +| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'
'None' | +| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] | +| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'
'Enabled'
'SecuredByPerimeter' | +| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-2) | +| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-2)[] | + +### DatabaseRestoreResource + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| collectionNames | The names of the collections available for restore. | string[] | +| databaseName | The name of the database available for restore. | string | + +### GremlinDatabaseRestoreResource + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| databaseName | The name of the gremlin database available for restore. | string | +| graphNames | The names of the graphs available for restore. | string[] | + +### IpAddressOrRange + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string | + +### Location + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int

Constraints:
Min value = 0 | +| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool | +| locationName | The name of the region. | string | + +### ManagedServiceIdentity + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' | +| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-2) | + +### ManagedServiceIdentityUserAssignedIdentities + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### PeriodicModeBackupPolicy + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-2) | +| type | Describes the mode of backups. | 'Periodic' (required) | + +### PeriodicModeProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int

Constraints:
Min value = 0 | +| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int

Constraints:
Min value = 0 | +| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'
'Local'
'Zone' | + +### RestoreParameters + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-2)[] | +| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-2)[] | +| restoreMode | Describes the mode of the restore. | 'PointInTime' | +| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string | +| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string | +| tablesToRestore | List of specific tables available for restore. | string[] | + +### Tags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### VirtualNetworkRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string | +| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool | + + +::: zone-end diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md index b278497..bc39679 100644 --- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md +++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md @@ -1,55 +1,55 @@ ---- -title: Microsoft.KeyVault/vaults 2023-07-01 -description: Azure Microsoft.KeyVault/vaults syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2023-07-01 -zone_pivot_groups: deployment-languages-reference -ms.service: azure-resource-manager -ms.topic: reference ---- -# Microsoft.KeyVault vaults 2023-07-01 - -> [!div class="op_single_selector" title1="API Versions:"] -> - [Latest](../vaults.md) -> - [2024-04-01-preview](../2024-04-01-preview/vaults.md) -> - [2023-07-01](../2023-07-01/vaults.md) -> - [2023-02-01](../2023-02-01/vaults.md) -> - [2022-11-01](../2022-11-01/vaults.md) -> - [2022-07-01](../2022-07-01/vaults.md) -> - [2022-02-01-preview](../2022-02-01-preview/vaults.md) -> - [2021-11-01-preview](../2021-11-01-preview/vaults.md) -> - [2021-10-01](../2021-10-01/vaults.md) -> - [2021-06-01-preview](../2021-06-01-preview/vaults.md) -> - [2021-04-01-preview](../2021-04-01-preview/vaults.md) -> - [2020-04-01-preview](../2020-04-01-preview/vaults.md) -> - [2019-09-01](../2019-09-01/vaults.md) -> - [2018-02-14](../2018-02-14/vaults.md) -> - [2018-02-14-preview](../2018-02-14-preview/vaults.md) -> - [2016-10-01](../2016-10-01/vaults.md) -> - [2015-06-01](../2015-06-01/vaults.md) - -## Remarks - +--- +title: Microsoft.KeyVault/vaults 2023-07-01 +description: Azure Microsoft.KeyVault/vaults syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2023-07-01 +zone_pivot_groups: deployment-languages-reference +ms.service: azure-resource-manager +ms.topic: reference +--- +# Microsoft.KeyVault vaults 2023-07-01 + +> [!div class="op_single_selector" title1="API Versions:"] +> - [Latest](../vaults.md) +> - [2024-04-01-preview](../2024-04-01-preview/vaults.md) +> - [2023-07-01](../2023-07-01/vaults.md) +> - [2023-02-01](../2023-02-01/vaults.md) +> - [2022-11-01](../2022-11-01/vaults.md) +> - [2022-07-01](../2022-07-01/vaults.md) +> - [2022-02-01-preview](../2022-02-01-preview/vaults.md) +> - [2021-11-01-preview](../2021-11-01-preview/vaults.md) +> - [2021-10-01](../2021-10-01/vaults.md) +> - [2021-06-01-preview](../2021-06-01-preview/vaults.md) +> - [2021-04-01-preview](../2021-04-01-preview/vaults.md) +> - [2020-04-01-preview](../2020-04-01-preview/vaults.md) +> - [2019-09-01](../2019-09-01/vaults.md) +> - [2018-02-14](../2018-02-14/vaults.md) +> - [2018-02-14-preview](../2018-02-14-preview/vaults.md) +> - [2016-10-01](../2016-10-01/vaults.md) +> - [2015-06-01](../2015-06-01/vaults.md) + +## Remarks + For guidance on using key vaults for secure values, see [Manage secrets by using Bicep](/azure/azure-resource-manager/bicep/scenarios-secrets). For a quickstart on creating a secret, see [Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template](/azure/key-vault/secrets/quick-create-template). -For a quickstart on creating a key, see [Quickstart: Create an Azure key vault and a key by using ARM template](/azure/key-vault/keys/quick-create-template). - - -::: zone pivot="deployment-language-bicep" - -## Bicep resource definition - -The vaults resource type can be deployed with operations that target: - -* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group) - -For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md). - -## Resource format - -To create a Microsoft.KeyVault/vaults resource, add the following Bicep to your template. - -```bicep +For a quickstart on creating a key, see [Quickstart: Create an Azure key vault and a key by using ARM template](/azure/key-vault/keys/quick-create-template). + + +::: zone pivot="deployment-language-bicep" + +## Bicep resource definition + +The vaults resource type can be deployed with operations that target: + +* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group) + +For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md). + +## Resource format + +To create a Microsoft.KeyVault/vaults resource, add the following Bicep to your template. + +```bicep resource symbolicname 'Microsoft.KeyVault/vaults@2023-07-01' = { location: 'string' name: 'string' @@ -110,162 +110,162 @@ resource symbolicname 'Microsoft.KeyVault/vaults@2023-07-01' = { tags: { {customized property}: 'string' } -} -``` -## Property Values -### Microsoft.KeyVault/vaults - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| location | The supported Azure location where the key vault should be created. | string (required) | -| name | The resource name | string

Constraints:
Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) | -| properties | Properties of the vault | [VaultProperties](#vaultproperties) (required) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | - -### AccessPolicyEntry - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| applicationId | Application ID of the client making request on behalf of a principal | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` | -| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) | -| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions) (required) | -| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | - -### IPRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) | +} +``` +## Usage Examples +### Azure Verified Modules -### NetworkRuleSet - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. | 'AzureServices'
'None' | -| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'
'Deny' | -| ipRules | The list of IP address rules. | [IPRule](#iprule)[] | -| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule)[] | - -### Permissions - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| certificates | Permissions to certificates | String array containing any of:
'all'
'backup'
'create'
'delete'
'deleteissuers'
'get'
'getissuers'
'import'
'list'
'listissuers'
'managecontacts'
'manageissuers'
'purge'
'recover'
'restore'
'setissuers'
'update' | -| keys | Permissions to keys | String array containing any of:
'all'
'backup'
'create'
'decrypt'
'delete'
'encrypt'
'get'
'getrotationpolicy'
'import'
'list'
'purge'
'recover'
'release'
'restore'
'rotate'
'setrotationpolicy'
'sign'
'unwrapKey'
'update'
'verify'
'wrapKey' | -| secrets | Permissions to secrets | String array containing any of:
'all'
'backup'
'delete'
'get'
'list'
'purge'
'recover'
'restore'
'set' | -| storage | Permissions to storage accounts | String array containing any of:
'all'
'backup'
'delete'
'deletesas'
'get'
'getsas'
'list'
'listsas'
'purge'
'recover'
'regeneratekey'
'restore'
'set'
'setsas'
'update' | - -### Sku - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| family | SKU family name | 'A' (required) | -| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'
'standard' (required) | +The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. -### VaultCreateOrUpdateParametersTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | +> [!div class="mx-tableFixed"] +> | Module | Description | +> | ----- | ----- | +> | [Key Vault](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/key-vault/vault) | AVM Resource Module for Key Vault | -### VaultProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry)[] | -| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'
'recover' | -| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool | -| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool | -| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool | -| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool | -| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool | -| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool | -| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset) | -| provisioningState | Provisioning state of the vault. | 'RegisteringDns'
'Succeeded' | -| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string | -| sku | SKU details | [Sku](#sku) (required) | -| softDeleteRetentionInDays | softDelete data retention days. It accepts >=7 and <=90. | int | -| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | -| vaultUri | The URI of the vault for performing operations on keys and secrets. | string | - -### VirtualNetworkRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) | -| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool | +### Azure Quickstart Samples -## Usage Examples -### Azure Verified Modules - -The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Module | Description | -> | ----- | ----- | -> | [Key Vault](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/key-vault/vault) | AVM Resource Module for Key Vault | +The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type. -### Azure Quickstart Samples - -The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type. - -> [!div class="mx-tableFixed"] -> | Bicep File | Description | -> | ----- | ----- | -> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic/main.bicep) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. | -> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller/main.bicep) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault | -> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. | -> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. | -> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger/main.bicep) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. | -> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | -> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | -> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk/main.bicep) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. | -> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. | -> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create/main.bicep) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters | -> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create/main.bicep) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. | -> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip/main.bicep) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. | -> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create/main.bicep) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. | -> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create/main.bicep) | This template creates an Azure Key Vault and a secret. | -> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac/main.bicep) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets | -> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. | -> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption/main.bicep) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. | -> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. | -> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | -> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | -> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates/main.bicep) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. | -> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create/main.bicep) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. | -> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment/main.bicep) | This template creates a key vault, managed identity, and role assignment. | -> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint/main.bicep) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. | -> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. | -> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao/main.bicep) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | -> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture/main.bicep) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. | -> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub/main.bicep) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | -> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. | -> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. | -> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium/main.bicep) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering | +> [!div class="mx-tableFixed"] +> | Bicep File | Description | +> | ----- | ----- | +> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic/main.bicep) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. | +> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller/main.bicep) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault | +> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. | +> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. | +> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger/main.bicep) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. | +> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | +> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | +> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk/main.bicep) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. | +> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. | +> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create/main.bicep) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters | +> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create/main.bicep) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. | +> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip/main.bicep) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. | +> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create/main.bicep) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. | +> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create/main.bicep) | This template creates an Azure Key Vault and a secret. | +> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac/main.bicep) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets | +> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. | +> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption/main.bicep) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. | +> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. | +> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | +> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | +> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates/main.bicep) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. | +> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create/main.bicep) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. | +> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment/main.bicep) | This template creates a key vault, managed identity, and role assignment. | +> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint/main.bicep) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. | +> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. | +> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao/main.bicep) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | +> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture/main.bicep) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. | +> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub/main.bicep) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | +> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. | +> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. | +> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium/main.bicep) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering | - -::: zone-end - -::: zone pivot="deployment-language-arm-template" - -## ARM template resource definition - -The vaults resource type can be deployed with operations that target: - -* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group) - -For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md). - -## Resource format - -To create a Microsoft.KeyVault/vaults resource, add the following JSON to your template. - -```json +## Property Values +### Microsoft.KeyVault/vaults + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| location | The supported Azure location where the key vault should be created. | string (required) | +| name | The resource name | string

Constraints:
Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) | +| properties | Properties of the vault | [VaultProperties](#vaultproperties) (required) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | + +### AccessPolicyEntry + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| applicationId | Application ID of the client making request on behalf of a principal | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` | +| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) | +| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions) (required) | +| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | + +### IPRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) | + +### NetworkRuleSet + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. | 'AzureServices'
'None' | +| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'
'Deny' | +| ipRules | The list of IP address rules. | [IPRule](#iprule)[] | +| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule)[] | + +### Permissions + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| certificates | Permissions to certificates | String array containing any of:
'all'
'backup'
'create'
'delete'
'deleteissuers'
'get'
'getissuers'
'import'
'list'
'listissuers'
'managecontacts'
'manageissuers'
'purge'
'recover'
'restore'
'setissuers'
'update' | +| keys | Permissions to keys | String array containing any of:
'all'
'backup'
'create'
'decrypt'
'delete'
'encrypt'
'get'
'getrotationpolicy'
'import'
'list'
'purge'
'recover'
'release'
'restore'
'rotate'
'setrotationpolicy'
'sign'
'unwrapKey'
'update'
'verify'
'wrapKey' | +| secrets | Permissions to secrets | String array containing any of:
'all'
'backup'
'delete'
'get'
'list'
'purge'
'recover'
'restore'
'set' | +| storage | Permissions to storage accounts | String array containing any of:
'all'
'backup'
'delete'
'deletesas'
'get'
'getsas'
'list'
'listsas'
'purge'
'recover'
'regeneratekey'
'restore'
'set'
'setsas'
'update' | + +### Sku + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| family | SKU family name | 'A' (required) | +| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'
'standard' (required) | + +### VaultCreateOrUpdateParametersTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### VaultProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry)[] | +| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'
'recover' | +| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool | +| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool | +| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool | +| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool | +| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool | +| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool | +| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset) | +| provisioningState | Provisioning state of the vault. | 'RegisteringDns'
'Succeeded' | +| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string | +| sku | SKU details | [Sku](#sku) (required) | +| softDeleteRetentionInDays | softDelete data retention days. It accepts >=7 and <=90. | int | +| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | +| vaultUri | The URI of the vault for performing operations on keys and secrets. | string | + +### VirtualNetworkRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) | +| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool | + + +::: zone-end + +::: zone pivot="deployment-language-arm-template" + +## ARM template resource definition + +The vaults resource type can be deployed with operations that target: + +* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group) + +For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md). + +## Resource format + +To create a Microsoft.KeyVault/vaults resource, add the following JSON to your template. + +```json { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2023-07-01", @@ -320,171 +320,171 @@ To create a Microsoft.KeyVault/vaults resource, add the following JSON to your t "tags": { "{customized property}": "string" } -} -``` -## Property Values -### Microsoft.KeyVault/vaults - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| apiVersion | The api version | '2023-07-01' | -| location | The supported Azure location where the key vault should be created. | string (required) | -| name | The resource name | string

Constraints:
Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) | -| properties | Properties of the vault | [VaultProperties](#vaultproperties-1) (required) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | -| type | The resource type | 'Microsoft.KeyVault/vaults' | - -### AccessPolicyEntry - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| applicationId | Application ID of the client making request on behalf of a principal | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` | -| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) | -| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-1) (required) | -| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | - -### IPRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) | +} +``` +## Usage Examples +### Azure Quickstart Templates -### NetworkRuleSet - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. | 'AzureServices'
'None' | -| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'
'Deny' | -| ipRules | The list of IP address rules. | [IPRule](#iprule-1)[] | -| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-1)[] | - -### Permissions - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| certificates | Permissions to certificates | String array containing any of:
'all'
'backup'
'create'
'delete'
'deleteissuers'
'get'
'getissuers'
'import'
'list'
'listissuers'
'managecontacts'
'manageissuers'
'purge'
'recover'
'restore'
'setissuers'
'update' | -| keys | Permissions to keys | String array containing any of:
'all'
'backup'
'create'
'decrypt'
'delete'
'encrypt'
'get'
'getrotationpolicy'
'import'
'list'
'purge'
'recover'
'release'
'restore'
'rotate'
'setrotationpolicy'
'sign'
'unwrapKey'
'update'
'verify'
'wrapKey' | -| secrets | Permissions to secrets | String array containing any of:
'all'
'backup'
'delete'
'get'
'list'
'purge'
'recover'
'restore'
'set' | -| storage | Permissions to storage accounts | String array containing any of:
'all'
'backup'
'delete'
'deletesas'
'get'
'getsas'
'list'
'listsas'
'purge'
'recover'
'regeneratekey'
'restore'
'set'
'setsas'
'update' | - -### Sku - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| family | SKU family name | 'A' (required) | -| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'
'standard' (required) | +The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. -### VaultCreateOrUpdateParametersTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | +> [!div class="mx-tableFixed"] +> | Template | Description | +> | ----- | ----- | +> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Faks-nat-agic%2Fazuredeploy.json) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. | +> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Faks-application-gateway-ingress-controller%2Fazuredeploy.json) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault | +> | [App Service Environment with Azure SQL backend](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/asev2-appservice-sql-vpngw)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fasev2-appservice-sql-vpngw%2Fazuredeploy.json) | This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. | +> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fprivate-webapp-with-app-gateway-and-apim%2Fazuredeploy.json) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. | +> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-basics%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-cmk%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-entraid-passthrough%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. | +> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faistudio-cmk-service-side-encryption%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | +> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Ffunction-http-trigger%2Fazuredeploy.json) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. | +> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | +> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure-v1-legacy-mode%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | +> | [Azure Machine Learning Workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/machine-learning-workspace/0.9)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2Fmachine-learning-workspace%2F0.9%2Fazuredeploy.json) | This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging | +> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.storage%2Fstorage-blob-encryption-with-cmk%2Fazuredeploy.json) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. | +> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fbasic-agent-identity%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. | +> | [Connect to a Key Vault via private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-private-endpoint)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-private-endpoint%2Fazuredeploy.json) | This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. | +> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-secret-create%2Fazuredeploy.json) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters | +> | [Create a KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/Microsoft.KeyVault/vaults/1.0)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2FMicrosoft.KeyVault%2Fvaults%2F1.0%2Fazuredeploy.json) | This module creates a KeyVault resource with apiVersion 2019-09-01. | +> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fnetwork-security-perimeter-create%2Fazuredeploy.json) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. | +> | [Create a new encrypted windows vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image%2Fazuredeploy.json) | This template creates a new encrypted windows vm using the server 2k12 gallery image. | +> | [Create a Private AKS Cluster with a Public DNS Zone](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/private-aks-cluster-with-public-dns-zone)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fprivate-aks-cluster-with-public-dns-zone%2Fazuredeploy.json) | This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. | +> | [Create AML workspace with multiple Datasets & Datastores](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-dataset-create-workspace-multiple-dataset-datastore)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-dataset-create-workspace-multiple-dataset-datastore%2Fazuredeploy.json) | This template creates Azure Machine Learning workspace with multiple datasets & datastores. | +> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-private-ip%2Fazuredeploy.json) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. | +> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.apimanagement%2Fapi-management-key-vault-create%2Fazuredeploy.json) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. | +> | [Create an Application Gateway V2 with Key Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/application-gateway-key-vault-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fapplication-gateway-key-vault-create%2Fazuredeploy.json) | This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. | +> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. | +> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create-rbac%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets | +> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. | +> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk-service-side-encryption%2Fazuredeploy.json) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. | +> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. | +> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet-v1-legacy-mode%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | +> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | +> | [Create and encrypt a new Windows VMSS with jumpbox](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-vmss-windows-jumpbox)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-vmss-windows-jumpbox%2Fazuredeploy.json) | This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs. | +> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.resources%2Fdeployment-script-azcli-agw-certificates%2Fazuredeploy.json) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. | +> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-with-logging-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. | +> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-managed-identity-role-assignment%2Fazuredeploy.json) | This template creates a key vault, managed identity, and role assignment. | +> | [Create new encrypted managed disks win-vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image-managed-disks)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image-managed-disks%2Fazuredeploy.json) | This template creates a new encrypted managed disks windows vm using the server 2k12 gallery image. | +> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fprivate-endpoint%2Fazuredeploy.json) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. | +> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. | +> | [creates an Azure Stack HCI 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/create-cluster-2-node-switched-custom-storageip-2411.3)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster-2-node-switched-custom-storageip-2411.3%2Fazuredeploy.json) | This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP | +> | [creates an Azure Stack HCI 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/create-cluster-2-node-switched-custom-storageip)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster-2-node-switched-custom-storageip%2Fazuredeploy.json) | This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP | +> | [creates an Azure Stack HCI 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/create-cluster-for-fairfax)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster-for-fairfax%2Fazuredeploy.json) | This template creates an Azure Stack HCI 23H2 cluster using an ARM template. | +> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-networking-aoao%2Fazuredeploy.json) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | +> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fsports-analytics-architecture%2Fazuredeploy.json) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. | +> | [Enable encryption on a running Windows VM](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-windows-vm)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-windows-vm%2Fazuredeploy.json) | This template enables encryption on a running windows vm. | +> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.costmanagement%2Ffinops-hub%2Fazuredeploy.json) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | +> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fnetwork-secured-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. | +> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fstandard-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. | +> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fazurefirewall-premium%2Fazuredeploy.json) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering | +> | [This template encrypts a running Windows VMSS](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-vmss-windows)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-vmss-windows%2Fazuredeploy.json) | This template enables encryption on a running Windows VM Scale Set | +> | [upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/upgrade-cluster)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fupgrade-cluster%2Fazuredeploy.json) | This template upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster using an ARM template. | -### VaultProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-1)[] | -| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'
'recover' | -| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool | -| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool | -| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool | -| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool | -| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool | -| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool | -| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-1) | -| provisioningState | Provisioning state of the vault. | 'RegisteringDns'
'Succeeded' | -| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string | -| sku | SKU details | [Sku](#sku-1) (required) | -| softDeleteRetentionInDays | softDelete data retention days. It accepts >=7 and <=90. | int | -| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | -| vaultUri | The URI of the vault for performing operations on keys and secrets. | string | - -### VirtualNetworkRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) | -| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool | +## Property Values +### Microsoft.KeyVault/vaults -## Usage Examples -### Azure Quickstart Templates - -The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Template | Description | -> | ----- | ----- | -> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Faks-nat-agic%2Fazuredeploy.json) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. | -> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Faks-application-gateway-ingress-controller%2Fazuredeploy.json) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault | -> | [App Service Environment with Azure SQL backend](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/asev2-appservice-sql-vpngw)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fasev2-appservice-sql-vpngw%2Fazuredeploy.json) | This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. | -> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fprivate-webapp-with-app-gateway-and-apim%2Fazuredeploy.json) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. | -> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-basics%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-cmk%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-entraid-passthrough%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. | -> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faistudio-cmk-service-side-encryption%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. | -> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Ffunction-http-trigger%2Fazuredeploy.json) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. | -> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | -> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure-v1-legacy-mode%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. | -> | [Azure Machine Learning Workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/machine-learning-workspace/0.9)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2Fmachine-learning-workspace%2F0.9%2Fazuredeploy.json) | This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging | -> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.storage%2Fstorage-blob-encryption-with-cmk%2Fazuredeploy.json) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. | -> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fbasic-agent-identity%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. | -> | [Connect to a Key Vault via private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-private-endpoint)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-private-endpoint%2Fazuredeploy.json) | This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. | -> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-secret-create%2Fazuredeploy.json) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters | -> | [Create a KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/Microsoft.KeyVault/vaults/1.0)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2FMicrosoft.KeyVault%2Fvaults%2F1.0%2Fazuredeploy.json) | This module creates a KeyVault resource with apiVersion 2019-09-01. | -> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fnetwork-security-perimeter-create%2Fazuredeploy.json) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. | -> | [Create a new encrypted windows vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image%2Fazuredeploy.json) | This template creates a new encrypted windows vm using the server 2k12 gallery image. | -> | [Create a Private AKS Cluster with a Public DNS Zone](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/private-aks-cluster-with-public-dns-zone)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fprivate-aks-cluster-with-public-dns-zone%2Fazuredeploy.json) | This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. | -> | [Create AML workspace with multiple Datasets & Datastores](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-dataset-create-workspace-multiple-dataset-datastore)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-dataset-create-workspace-multiple-dataset-datastore%2Fazuredeploy.json) | This template creates Azure Machine Learning workspace with multiple datasets & datastores. | -> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-private-ip%2Fazuredeploy.json) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. | -> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.apimanagement%2Fapi-management-key-vault-create%2Fazuredeploy.json) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. | -> | [Create an Application Gateway V2 with Key Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/application-gateway-key-vault-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fapplication-gateway-key-vault-create%2Fazuredeploy.json) | This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. | -> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. | -> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create-rbac%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets | -> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. | -> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk-service-side-encryption%2Fazuredeploy.json) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. | -> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. | -> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet-v1-legacy-mode%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | -> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. | -> | [Create and encrypt a new Windows VMSS with jumpbox](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-vmss-windows-jumpbox)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-vmss-windows-jumpbox%2Fazuredeploy.json) | This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs. | -> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.resources%2Fdeployment-script-azcli-agw-certificates%2Fazuredeploy.json) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. | -> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-with-logging-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. | -> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-managed-identity-role-assignment%2Fazuredeploy.json) | This template creates a key vault, managed identity, and role assignment. | -> | [Create new encrypted managed disks win-vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image-managed-disks)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image-managed-disks%2Fazuredeploy.json) | This template creates a new encrypted managed disks windows vm using the server 2k12 gallery image. | -> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fprivate-endpoint%2Fazuredeploy.json) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. | -> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. | -> | [creates an Azure Stack HCI 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/create-cluster-2-node-switched-custom-storageip-2411.3)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster-2-node-switched-custom-storageip-2411.3%2Fazuredeploy.json) | This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP | -> | [creates an Azure Stack HCI 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/create-cluster-2-node-switched-custom-storageip)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster-2-node-switched-custom-storageip%2Fazuredeploy.json) | This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP | -> | [creates an Azure Stack HCI 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/create-cluster-for-fairfax)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fcreate-cluster-for-fairfax%2Fazuredeploy.json) | This template creates an Azure Stack HCI 23H2 cluster using an ARM template. | -> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-networking-aoao%2Fazuredeploy.json) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | -> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fsports-analytics-architecture%2Fazuredeploy.json) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. | -> | [Enable encryption on a running Windows VM](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-windows-vm)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-windows-vm%2Fazuredeploy.json) | This template enables encryption on a running windows vm. | -> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.costmanagement%2Ffinops-hub%2Fazuredeploy.json) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | -> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fnetwork-secured-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. | -> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fstandard-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. | -> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fazurefirewall-premium%2Fazuredeploy.json) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering | -> | [This template encrypts a running Windows VMSS](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-vmss-windows)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-vmss-windows%2Fazuredeploy.json) | This template enables encryption on a running Windows VM Scale Set | -> | [upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azurestackhci/upgrade-cluster)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azurestackhci%2Fupgrade-cluster%2Fazuredeploy.json) | This template upgrades an Azure Stack HCI 22H2 cluster to 23H2 cluster using an ARM template. | +| Name | Description | Value | +| ---- | ----------- | ------------ | +| apiVersion | The api version | '2023-07-01' | +| location | The supported Azure location where the key vault should be created. | string (required) | +| name | The resource name | string

Constraints:
Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) | +| properties | Properties of the vault | [VaultProperties](#vaultproperties-1) (required) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | +| type | The resource type | 'Microsoft.KeyVault/vaults' | - -::: zone-end - -::: zone pivot="deployment-language-terraform" - -## Terraform (AzAPI provider) resource definition - -The vaults resource type can be deployed with operations that target: - -* **Resource groups** - -For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md). - -## Resource format - -To create a Microsoft.KeyVault/vaults resource, add the following Terraform to your template. - -```terraform +### AccessPolicyEntry + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| applicationId | Application ID of the client making request on behalf of a principal | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` | +| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) | +| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-1) (required) | +| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | + +### IPRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) | + +### NetworkRuleSet + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. | 'AzureServices'
'None' | +| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'
'Deny' | +| ipRules | The list of IP address rules. | [IPRule](#iprule-1)[] | +| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-1)[] | + +### Permissions + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| certificates | Permissions to certificates | String array containing any of:
'all'
'backup'
'create'
'delete'
'deleteissuers'
'get'
'getissuers'
'import'
'list'
'listissuers'
'managecontacts'
'manageissuers'
'purge'
'recover'
'restore'
'setissuers'
'update' | +| keys | Permissions to keys | String array containing any of:
'all'
'backup'
'create'
'decrypt'
'delete'
'encrypt'
'get'
'getrotationpolicy'
'import'
'list'
'purge'
'recover'
'release'
'restore'
'rotate'
'setrotationpolicy'
'sign'
'unwrapKey'
'update'
'verify'
'wrapKey' | +| secrets | Permissions to secrets | String array containing any of:
'all'
'backup'
'delete'
'get'
'list'
'purge'
'recover'
'restore'
'set' | +| storage | Permissions to storage accounts | String array containing any of:
'all'
'backup'
'delete'
'deletesas'
'get'
'getsas'
'list'
'listsas'
'purge'
'recover'
'regeneratekey'
'restore'
'set'
'setsas'
'update' | + +### Sku + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| family | SKU family name | 'A' (required) | +| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'
'standard' (required) | + +### VaultCreateOrUpdateParametersTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### VaultProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-1)[] | +| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'
'recover' | +| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool | +| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool | +| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool | +| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool | +| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool | +| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool | +| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-1) | +| provisioningState | Provisioning state of the vault. | 'RegisteringDns'
'Succeeded' | +| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string | +| sku | SKU details | [Sku](#sku-1) (required) | +| softDeleteRetentionInDays | softDelete data retention days. It accepts >=7 and <=90. | int | +| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | +| vaultUri | The URI of the vault for performing operations on keys and secrets. | string | + +### VirtualNetworkRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) | +| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool | + + +::: zone-end + +::: zone pivot="deployment-language-terraform" + +## Terraform (AzAPI provider) resource definition + +The vaults resource type can be deployed with operations that target: + +* **Resource groups** + +For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md). + +## Resource format + +To create a Microsoft.KeyVault/vaults resource, add the following Terraform to your template. + +```terraform resource "azapi_resource" "symbolicname" { type = "Microsoft.KeyVault/vaults@2023-07-01" name = "string" @@ -549,100 +549,100 @@ resource "azapi_resource" "symbolicname" { vaultUri = "string" } } -} -``` -## Property Values -### Microsoft.KeyVault/vaults - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| location | The supported Azure location where the key vault should be created. | string (required) | -| name | The resource name | string

Constraints:
Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) | -| properties | Properties of the vault | [VaultProperties](#vaultproperties-2) (required) | -| tags | Resource tags | Dictionary of tag names and values. | -| type | The resource type | "Microsoft.KeyVault/vaults@2023-07-01" | - -### AccessPolicyEntry - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| applicationId | Application ID of the client making request on behalf of a principal | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` | -| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) | -| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-2) (required) | -| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | - -### IPRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) | +} +``` +## Usage Examples +### Azure Verified Modules -### NetworkRuleSet - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. | 'AzureServices'
'None' | -| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'
'Deny' | -| ipRules | The list of IP address rules. | [IPRule](#iprule-2)[] | -| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-2)[] | - -### Permissions - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| certificates | Permissions to certificates | String array containing any of:
'all'
'backup'
'create'
'delete'
'deleteissuers'
'get'
'getissuers'
'import'
'list'
'listissuers'
'managecontacts'
'manageissuers'
'purge'
'recover'
'restore'
'setissuers'
'update' | -| keys | Permissions to keys | String array containing any of:
'all'
'backup'
'create'
'decrypt'
'delete'
'encrypt'
'get'
'getrotationpolicy'
'import'
'list'
'purge'
'recover'
'release'
'restore'
'rotate'
'setrotationpolicy'
'sign'
'unwrapKey'
'update'
'verify'
'wrapKey' | -| secrets | Permissions to secrets | String array containing any of:
'all'
'backup'
'delete'
'get'
'list'
'purge'
'recover'
'restore'
'set' | -| storage | Permissions to storage accounts | String array containing any of:
'all'
'backup'
'delete'
'deletesas'
'get'
'getsas'
'list'
'listsas'
'purge'
'recover'
'regeneratekey'
'restore'
'set'
'setsas'
'update' | - -### Sku - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| family | SKU family name | 'A' (required) | -| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'
'standard' (required) | +The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. -### VaultCreateOrUpdateParametersTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | +> [!div class="mx-tableFixed"] +> | Module | Description | +> | ----- | ----- | +> | [Key Vault](https://github.com/Azure/terraform-azurerm-avm-res-keyvault-vault) | AVM Resource Module for Key Vault | -### VaultProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-2)[] | -| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'
'recover' | -| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool | -| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool | -| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool | -| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool | -| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool | -| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool | -| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-2) | -| provisioningState | Provisioning state of the vault. | 'RegisteringDns'
'Succeeded' | -| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string | -| sku | SKU details | [Sku](#sku-2) (required) | -| softDeleteRetentionInDays | softDelete data retention days. It accepts >=7 and <=90. | int | -| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | -| vaultUri | The URI of the vault for performing operations on keys and secrets. | string | - -### VirtualNetworkRule - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) | -| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool | +## Property Values +### Microsoft.KeyVault/vaults -## Usage Examples -### Azure Verified Modules - -The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Module | Description | -> | ----- | ----- | -> | [Key Vault](https://github.com/Azure/terraform-azurerm-avm-res-keyvault-vault) | AVM Resource Module for Key Vault | +| Name | Description | Value | +| ---- | ----------- | ------------ | +| location | The supported Azure location where the key vault should be created. | string (required) | +| name | The resource name | string

Constraints:
Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) | +| properties | Properties of the vault | [VaultProperties](#vaultproperties-2) (required) | +| tags | Resource tags | Dictionary of tag names and values. | +| type | The resource type | "Microsoft.KeyVault/vaults@2023-07-01" | - -::: zone-end +### AccessPolicyEntry + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| applicationId | Application ID of the client making request on behalf of a principal | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` | +| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) | +| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-2) (required) | +| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | + +### IPRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) | + +### NetworkRuleSet + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. | 'AzureServices'
'None' | +| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'
'Deny' | +| ipRules | The list of IP address rules. | [IPRule](#iprule-2)[] | +| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-2)[] | + +### Permissions + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| certificates | Permissions to certificates | String array containing any of:
'all'
'backup'
'create'
'delete'
'deleteissuers'
'get'
'getissuers'
'import'
'list'
'listissuers'
'managecontacts'
'manageissuers'
'purge'
'recover'
'restore'
'setissuers'
'update' | +| keys | Permissions to keys | String array containing any of:
'all'
'backup'
'create'
'decrypt'
'delete'
'encrypt'
'get'
'getrotationpolicy'
'import'
'list'
'purge'
'recover'
'release'
'restore'
'rotate'
'setrotationpolicy'
'sign'
'unwrapKey'
'update'
'verify'
'wrapKey' | +| secrets | Permissions to secrets | String array containing any of:
'all'
'backup'
'delete'
'get'
'list'
'purge'
'recover'
'restore'
'set' | +| storage | Permissions to storage accounts | String array containing any of:
'all'
'backup'
'delete'
'deletesas'
'get'
'getsas'
'list'
'listsas'
'purge'
'recover'
'regeneratekey'
'restore'
'set'
'setsas'
'update' | + +### Sku + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| family | SKU family name | 'A' (required) | +| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'
'standard' (required) | + +### VaultCreateOrUpdateParametersTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### VaultProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-2)[] | +| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'
'recover' | +| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool | +| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool | +| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool | +| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool | +| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool | +| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool | +| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-2) | +| provisioningState | Provisioning state of the vault. | 'RegisteringDns'
'Succeeded' | +| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string | +| sku | SKU details | [Sku](#sku-2) (required) | +| softDeleteRetentionInDays | softDelete data retention days. It accepts >=7 and <=90. | int | +| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string

Constraints:
Min length = 36
Max length = 36
Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) | +| vaultUri | The URI of the vault for performing operations on keys and secrets. | string | + +### VirtualNetworkRule + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) | +| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool | + + +::: zone-end diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md index d6a7058..63dd785 100644 --- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md +++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md @@ -58,27 +58,6 @@ resource symbolicname 'Microsoft.Resources/resourceGroups@2024-07-01' = { } } ``` -## Property Values -### Microsoft.Resources/resourceGroups - -| Name | Description | Value | -| ---- | ----------- | ------------ | -| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) | -| managedBy | The ID of the resource that manages this resource group. | string | -| name | The resource name | string

Constraints:
Min length = 1
Max length = 90
Pattern = `^[-\w\._\(\)]+$` (required) | -| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties) | -| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | - -### ResourceGroupProperties - -| Name | Description | Value | -| ---- | ----------- | ------------ | - -### ResourceGroupTags - -| Name | Description | Value | -| ---- | ----------- | ------------ | - ## Usage Examples ### Bicep Samples @@ -118,6 +97,27 @@ The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep s > | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup/main.bicep) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template. It can be used for an Enterprise Agreement billing mode only. The official documentation shows modifications needed for other types of accounts. | > | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity/main.bicep) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. | +## Property Values +### Microsoft.Resources/resourceGroups + +| Name | Description | Value | +| ---- | ----------- | ------------ | +| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) | +| managedBy | The ID of the resource that manages this resource group. | string | +| name | The resource name | string

Constraints:
Min length = 1
Max length = 90
Pattern = `^[-\w\._\(\)]+$` (required) | +| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties) | +| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) | + +### ResourceGroupProperties + +| Name | Description | Value | +| ---- | ----------- | ------------ | + +### ResourceGroupTags + +| Name | Description | Value | +| ---- | ----------- | ------------ | + ::: zone-end @@ -149,6 +149,21 @@ To create a Microsoft.Resources/resourceGroups resource, add the following JSON } } ``` +## Usage Examples +### Azure Quickstart Templates + +The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Template | Description | +> | ----- | ----- | +> | [ Configure Deployment Environments service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/deployment-environments)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.devcenter%2Fdeployment-environments%2Fazuredeploy.json) | This template provides a way to configure Deployment Environments. | +> | [Create a new Datadog Organization](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.datadog/datadog)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.datadog%2Fdatadog%2Fazuredeploy.json) | This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. | +> | [Create a resourceGroup](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup. Currently, this template can be deployed via the Azure Portal. | +> | [Create a resourceGroup, apply a lock and RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg-lock-role-assignment)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg-lock-role-assignment%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. | +> | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmanagementgroup-deployments%2Fcreate-subscription-resourcegroup%2Fazuredeploy.json) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template. It can be used for an Enterprise Agreement billing mode only. The official documentation shows modifications needed for other types of accounts. | +> | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fmicrosoft.network%2Fvirtual-network-manager-connectivity%2Fazuredeploy.json) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. | + ## Property Values ### Microsoft.Resources/resourceGroups @@ -172,21 +187,6 @@ To create a Microsoft.Resources/resourceGroups resource, add the following JSON | Name | Description | Value | | ---- | ----------- | ------------ | -## Usage Examples -### Azure Quickstart Templates - -The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Template | Description | -> | ----- | ----- | -> | [ Configure Deployment Environments service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/deployment-environments)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.devcenter%2Fdeployment-environments%2Fazuredeploy.json) | This template provides a way to configure Deployment Environments. | -> | [Create a new Datadog Organization](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.datadog/datadog)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.datadog%2Fdatadog%2Fazuredeploy.json) | This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. | -> | [Create a resourceGroup](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup. Currently, this template can be deployed via the Azure Portal. | -> | [Create a resourceGroup, apply a lock and RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg-lock-role-assignment)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg-lock-role-assignment%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. | -> | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmanagementgroup-deployments%2Fcreate-subscription-resourcegroup%2Fazuredeploy.json) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template. It can be used for an Enterprise Agreement billing mode only. The official documentation shows modifications needed for other types of accounts. | -> | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity)

[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fmicrosoft.network%2Fvirtual-network-manager-connectivity%2Fazuredeploy.json) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. | - ::: zone-end @@ -220,6 +220,16 @@ resource "azapi_resource" "symbolicname" { } } ``` +## Usage Examples +### Azure Verified Modules + +The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. + +> [!div class="mx-tableFixed"] +> | Module | Description | +> | ----- | ----- | +> | [Resource Group](https://github.com/Azure/terraform-azurerm-avm-res-resources-resourcegroup) | AVM Resource Module for Resource Group | + ## Property Values ### Microsoft.Resources/resourceGroups @@ -242,15 +252,5 @@ resource "azapi_resource" "symbolicname" { | Name | Description | Value | | ---- | ----------- | ------------ | -## Usage Examples -### Azure Verified Modules - -The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type. - -> [!div class="mx-tableFixed"] -> | Module | Description | -> | ----- | ----- | -> | [Resource Group](https://github.com/Azure/terraform-azurerm-avm-res-resources-resourcegroup) | AVM Resource Module for Resource Group | - ::: zone-end diff --git a/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj b/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj index e4643fc..ad7b0f7 100644 --- a/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj +++ b/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj @@ -6,6 +6,9 @@ true true + + win-arm64 + false diff --git a/src/TemplateRefGenerator.Tests/packages.lock.json b/src/TemplateRefGenerator.Tests/packages.lock.json index e677134..7c45a2a 100644 --- a/src/TemplateRefGenerator.Tests/packages.lock.json +++ b/src/TemplateRefGenerator.Tests/packages.lock.json @@ -382,6 +382,59 @@ "Microsoft.NET.Test.Sdk": "[17.13.0, )" } } + }, + "net8.0/win-arm64": { + "Microsoft.Testing.Extensions.CodeCoverage": { + "type": "Transitive", + "resolved": "17.13.1", + "contentHash": "Ok2HWJdOTzErMqLlWQZ/i2Fw05VWmgh1yhUWFYJAtUmCv6uJSgz/qAiriRgpTjZRWaKbb7HDaGfMgKSNcmaVfw==", + "dependencies": { + "Microsoft.DiaSymReader": "2.0.0", + "Microsoft.Extensions.DependencyModel": "6.0.1", + "Microsoft.Testing.Platform": "1.4.3", + "Newtonsoft.Json": "13.0.3", + "System.Reflection.Metadata": "8.0.0" + } + }, + "Microsoft.Win32.SystemEvents": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "hqTM5628jSsQiv+HGpiq3WKBl2c8v1KZfby2J6Pr7pEPlK9waPdgEO6b8A/+/xn/yZ9ulv8HuqK71ONy2tg67A==" + }, + "System.Drawing.Common": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "NfuoKUiP2nUWwKZN6twGqXioIe1zVD0RIj2t976A+czLHr2nY454RwwXs6JU9Htc6mwqL6Dn/nEL3dpVf2jOhg==", + "dependencies": { + "Microsoft.Win32.SystemEvents": "6.0.0" + } + }, + "System.Security.AccessControl": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "AUADIc0LIEQe7MzC+I0cl0rAT8RrTAKFHl53yHjEUzNVIaUlhFY11vc2ebiVJzVBuOzun6F7FBA+8KAbGTTedQ==" + }, + "System.Security.Cryptography.ProtectedData": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "rp1gMNEZpvx9vP0JW0oHLxlf8oSiQgtno77Y4PLUBjSiDYoD77Y8uXHr1Ea5XG4/pIKhqAdxZ8v8OTUtqo9PeQ==" + }, + "System.Text.Encodings.Web": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "Vg8eB5Tawm1IFqj4TVK1czJX89rhFxJo9ELqc/Eiq0eXy13RK00eubyU6TJE6y+GQXjyV5gSfiewDUZjQgSE0w==", + "dependencies": { + "System.Runtime.CompilerServices.Unsafe": "6.0.0" + } + }, + "System.Windows.Extensions": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "IXoJOXIqc39AIe+CIR7koBtRGMiCt/LPM3lI+PELtDIy9XdyeSrwXFdWV9dzJ2Awl0paLWUaknLxFQ5HpHZUog==", + "dependencies": { + "System.Drawing.Common": "6.0.0" + } + } } } } \ No newline at end of file diff --git a/src/TemplateRefGenerator/TemplateRefGenerator.csproj b/src/TemplateRefGenerator/TemplateRefGenerator.csproj index 8205f69..642eb25 100644 --- a/src/TemplateRefGenerator/TemplateRefGenerator.csproj +++ b/src/TemplateRefGenerator/TemplateRefGenerator.csproj @@ -3,6 +3,9 @@ Exe net8.0 enable + + win-arm64 + false diff --git a/src/TemplateRefGenerator/packages.lock.json b/src/TemplateRefGenerator/packages.lock.json index 6b9b2f3..87dbb24 100644 --- a/src/TemplateRefGenerator/packages.lock.json +++ b/src/TemplateRefGenerator/packages.lock.json @@ -85,6 +85,7 @@ "resolved": "9.0.0", "contentHash": "uksk86YlnzAdyfVNu3wICU0X5iXVe9LF7Q3UkngNliHWEvM5gvAlOUr+jmd9JwmbJWISH5+i1vyXE02lEVz7WQ==" } - } + }, + "net8.0/win-arm64": {} } } \ No newline at end of file diff --git a/src/TestHelpers/TestHelpers.csproj b/src/TestHelpers/TestHelpers.csproj index 2c0a14c..15988a4 100644 --- a/src/TestHelpers/TestHelpers.csproj +++ b/src/TestHelpers/TestHelpers.csproj @@ -2,6 +2,9 @@ net8.0 enable + + win-arm64 + false diff --git a/src/TestHelpers/packages.lock.json b/src/TestHelpers/packages.lock.json index 80e3184..0b4a49b 100644 --- a/src/TestHelpers/packages.lock.json +++ b/src/TestHelpers/packages.lock.json @@ -260,6 +260,39 @@ "System.Drawing.Common": "6.0.0" } } + }, + "net8.0/win-arm64": { + "Microsoft.Win32.SystemEvents": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "hqTM5628jSsQiv+HGpiq3WKBl2c8v1KZfby2J6Pr7pEPlK9waPdgEO6b8A/+/xn/yZ9ulv8HuqK71ONy2tg67A==" + }, + "System.Drawing.Common": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "NfuoKUiP2nUWwKZN6twGqXioIe1zVD0RIj2t976A+czLHr2nY454RwwXs6JU9Htc6mwqL6Dn/nEL3dpVf2jOhg==", + "dependencies": { + "Microsoft.Win32.SystemEvents": "6.0.0" + } + }, + "System.Security.AccessControl": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "AUADIc0LIEQe7MzC+I0cl0rAT8RrTAKFHl53yHjEUzNVIaUlhFY11vc2ebiVJzVBuOzun6F7FBA+8KAbGTTedQ==" + }, + "System.Security.Cryptography.ProtectedData": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "rp1gMNEZpvx9vP0JW0oHLxlf8oSiQgtno77Y4PLUBjSiDYoD77Y8uXHr1Ea5XG4/pIKhqAdxZ8v8OTUtqo9PeQ==" + }, + "System.Windows.Extensions": { + "type": "Transitive", + "resolved": "6.0.0", + "contentHash": "IXoJOXIqc39AIe+CIR7koBtRGMiCt/LPM3lI+PELtDIy9XdyeSrwXFdWV9dzJ2Awl0paLWUaknLxFQ5HpHZUog==", + "dependencies": { + "System.Drawing.Common": "6.0.0" + } + } } } } \ No newline at end of file From 1bc21d24d90eaf7501354fa588ec139a4a8981a0 Mon Sep 17 00:00:00 2001 From: Steven <87738005+stemaMSFT@users.noreply.github.com> Date: Thu, 14 Aug 2025 16:35:40 -0700 Subject: [PATCH 3/3] reverting to x64 --- .../TemplateRefGenerator.Tests.csproj | 3 -- .../packages.lock.json | 53 ------------------- .../TemplateRefGenerator.csproj | 3 -- src/TemplateRefGenerator/packages.lock.json | 3 +- src/TestHelpers/TestHelpers.csproj | 3 -- src/TestHelpers/packages.lock.json | 33 ------------ 6 files changed, 1 insertion(+), 97 deletions(-) diff --git a/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj b/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj index ad7b0f7..e4643fc 100644 --- a/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj +++ b/src/TemplateRefGenerator.Tests/TemplateRefGenerator.Tests.csproj @@ -6,9 +6,6 @@ true true - - win-arm64 - false diff --git a/src/TemplateRefGenerator.Tests/packages.lock.json b/src/TemplateRefGenerator.Tests/packages.lock.json index 7c45a2a..e677134 100644 --- a/src/TemplateRefGenerator.Tests/packages.lock.json +++ b/src/TemplateRefGenerator.Tests/packages.lock.json @@ -382,59 +382,6 @@ "Microsoft.NET.Test.Sdk": "[17.13.0, )" } } - }, - "net8.0/win-arm64": { - "Microsoft.Testing.Extensions.CodeCoverage": { - "type": "Transitive", - "resolved": "17.13.1", - "contentHash": "Ok2HWJdOTzErMqLlWQZ/i2Fw05VWmgh1yhUWFYJAtUmCv6uJSgz/qAiriRgpTjZRWaKbb7HDaGfMgKSNcmaVfw==", - "dependencies": { - "Microsoft.DiaSymReader": "2.0.0", - "Microsoft.Extensions.DependencyModel": "6.0.1", - "Microsoft.Testing.Platform": "1.4.3", - "Newtonsoft.Json": "13.0.3", - "System.Reflection.Metadata": "8.0.0" - } - }, - "Microsoft.Win32.SystemEvents": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "hqTM5628jSsQiv+HGpiq3WKBl2c8v1KZfby2J6Pr7pEPlK9waPdgEO6b8A/+/xn/yZ9ulv8HuqK71ONy2tg67A==" - }, - "System.Drawing.Common": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "NfuoKUiP2nUWwKZN6twGqXioIe1zVD0RIj2t976A+czLHr2nY454RwwXs6JU9Htc6mwqL6Dn/nEL3dpVf2jOhg==", - "dependencies": { - "Microsoft.Win32.SystemEvents": "6.0.0" - } - }, - "System.Security.AccessControl": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "AUADIc0LIEQe7MzC+I0cl0rAT8RrTAKFHl53yHjEUzNVIaUlhFY11vc2ebiVJzVBuOzun6F7FBA+8KAbGTTedQ==" - }, - "System.Security.Cryptography.ProtectedData": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "rp1gMNEZpvx9vP0JW0oHLxlf8oSiQgtno77Y4PLUBjSiDYoD77Y8uXHr1Ea5XG4/pIKhqAdxZ8v8OTUtqo9PeQ==" - }, - "System.Text.Encodings.Web": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "Vg8eB5Tawm1IFqj4TVK1czJX89rhFxJo9ELqc/Eiq0eXy13RK00eubyU6TJE6y+GQXjyV5gSfiewDUZjQgSE0w==", - "dependencies": { - "System.Runtime.CompilerServices.Unsafe": "6.0.0" - } - }, - "System.Windows.Extensions": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "IXoJOXIqc39AIe+CIR7koBtRGMiCt/LPM3lI+PELtDIy9XdyeSrwXFdWV9dzJ2Awl0paLWUaknLxFQ5HpHZUog==", - "dependencies": { - "System.Drawing.Common": "6.0.0" - } - } } } } \ No newline at end of file diff --git a/src/TemplateRefGenerator/TemplateRefGenerator.csproj b/src/TemplateRefGenerator/TemplateRefGenerator.csproj index 642eb25..8205f69 100644 --- a/src/TemplateRefGenerator/TemplateRefGenerator.csproj +++ b/src/TemplateRefGenerator/TemplateRefGenerator.csproj @@ -3,9 +3,6 @@ Exe net8.0 enable - - win-arm64 - false diff --git a/src/TemplateRefGenerator/packages.lock.json b/src/TemplateRefGenerator/packages.lock.json index 87dbb24..6b9b2f3 100644 --- a/src/TemplateRefGenerator/packages.lock.json +++ b/src/TemplateRefGenerator/packages.lock.json @@ -85,7 +85,6 @@ "resolved": "9.0.0", "contentHash": "uksk86YlnzAdyfVNu3wICU0X5iXVe9LF7Q3UkngNliHWEvM5gvAlOUr+jmd9JwmbJWISH5+i1vyXE02lEVz7WQ==" } - }, - "net8.0/win-arm64": {} + } } } \ No newline at end of file diff --git a/src/TestHelpers/TestHelpers.csproj b/src/TestHelpers/TestHelpers.csproj index 15988a4..2c0a14c 100644 --- a/src/TestHelpers/TestHelpers.csproj +++ b/src/TestHelpers/TestHelpers.csproj @@ -2,9 +2,6 @@ net8.0 enable - - win-arm64 - false diff --git a/src/TestHelpers/packages.lock.json b/src/TestHelpers/packages.lock.json index 0b4a49b..80e3184 100644 --- a/src/TestHelpers/packages.lock.json +++ b/src/TestHelpers/packages.lock.json @@ -260,39 +260,6 @@ "System.Drawing.Common": "6.0.0" } } - }, - "net8.0/win-arm64": { - "Microsoft.Win32.SystemEvents": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "hqTM5628jSsQiv+HGpiq3WKBl2c8v1KZfby2J6Pr7pEPlK9waPdgEO6b8A/+/xn/yZ9ulv8HuqK71ONy2tg67A==" - }, - "System.Drawing.Common": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "NfuoKUiP2nUWwKZN6twGqXioIe1zVD0RIj2t976A+czLHr2nY454RwwXs6JU9Htc6mwqL6Dn/nEL3dpVf2jOhg==", - "dependencies": { - "Microsoft.Win32.SystemEvents": "6.0.0" - } - }, - "System.Security.AccessControl": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "AUADIc0LIEQe7MzC+I0cl0rAT8RrTAKFHl53yHjEUzNVIaUlhFY11vc2ebiVJzVBuOzun6F7FBA+8KAbGTTedQ==" - }, - "System.Security.Cryptography.ProtectedData": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "rp1gMNEZpvx9vP0JW0oHLxlf8oSiQgtno77Y4PLUBjSiDYoD77Y8uXHr1Ea5XG4/pIKhqAdxZ8v8OTUtqo9PeQ==" - }, - "System.Windows.Extensions": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "IXoJOXIqc39AIe+CIR7koBtRGMiCt/LPM3lI+PELtDIy9XdyeSrwXFdWV9dzJ2Awl0paLWUaknLxFQ5HpHZUog==", - "dependencies": { - "System.Drawing.Common": "6.0.0" - } - } } } } \ No newline at end of file