You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -33,14 +33,15 @@ Deployment stacks provide the following benefits:
33
33
34
34
- Implicitly created resources aren't managed by the stack. Therefore, no deny assignments or cleanup is possible.
35
35
- Deny assignments don't support tags.
36
-
- Deny assignments is not supported within the management group scope.
36
+
- Deny assignments are not supported at the management group scope. However, they are supported in a management group stack if the deployment is pointed at the subscription scope.
37
37
- Deployment stacks cannot delete Key vault secrets. If you're removing key vault secrets from a template, make sure to also execute the deployment stack update/delete command with detach mode.
38
38
39
39
### Known issues
40
40
41
41
- Deleting resource groups currently bypasses deny assignments. When creating a deployment stack in the resource group scope, the Bicep file doesn't contain the definition for the resource group. Despite the deny assignment setting, it's possible to delete the resource group and its contained stack. However, if a [lock](../management/lock-resources.md) is active on any resource within the group, the delete operation will fail.
42
-
-[What-if](./deploy-what-if.md)isn't available in the preview.
42
+
-The [What-if](./deploy-what-if.md)support is not yet available.
43
43
- A management group-scoped stack is restricted from deploying to another management group. It can only deploy to the management group of the stack itself or to a child subscription.
44
+
- The PowerShell command help lists a `DeleteResourcesAndResourcesGroups` value for the `ActionOnUnmanage` switch. When this value is used, the command detaches the managed resources and the resource groups. This value will be removed in the next update. Do not use this value.
@@ -337,13 +350,15 @@ For more information, see [Create deployment stacks](#create-deployment-stacks).
337
350
338
351
A detached resource (or unmanaged resource) refers to a resource that isn't tracked or managed by the deployment stack but still exists within Azure.
339
352
340
-
To instruct Azure to delete unmanaged resources, update the stack with the create stack command with one of the following delete flags. For more information, see [Create deployment stack](#create-deployment-stacks).
353
+
To instruct Azure to delete unmanaged resources, update the stack with the create stack command with the following switch. For more information, see [Create deployment stack](#create-deployment-stacks).
341
354
342
355
# [PowerShell](#tab/azure-powershell)
343
356
344
-
-`DeleteAll`: use delete rather than detach for managed resources and resource groups.
345
-
-`DeleteResources`: use delete rather than detach for managed resources only.
346
-
-`DeleteResourceGroups`: use delete rather than detach for managed resource groups only. It's invalid to use `DeleteResourceGroups` by itself. `DeleteResourceGroups` must be used together with `DeleteResources`.
357
+
Use the `ActionOnUnmanage` switch to define what happens to resources that are no longer managed after a stack is updated or deleted. Allowed values are:
358
+
359
+
-`deleteAll`: use delete rather than detach for managed resources and resource groups.
360
+
-`deleteResources`: use delete rather than detach for managed resources only.
361
+
-`detachAll`: detach the managed resources and resource groups.
-`delete-all`: use delete rather than detach for managed resources and resource groups.
362
-
-`delete-resources`: use delete rather than detach for managed resources only.
363
-
-`delete-resource-groups`: use delete rather than detach for managed resource groups only. It"s invalid to use `delete-resource-groups` by itself. `delete-resource-groups` must be used together with `delete-resources`.
375
+
Use the `action-on-unmanage` switch to define what happens to resources that are no longer managed after a stack is updated or deleted. Allowed values are:
376
+
377
+
-`deleteAll`: use delete rather than detach for managed resources and resource groups.
378
+
-`deleteResources`: use delete rather than detach for managed resources only.
379
+
-`detachAll`: detach the managed resources and resource groups.
364
380
365
381
For example:
366
382
@@ -369,9 +385,8 @@ az stack sub create `
369
385
--name '<deployment-stack-name>' `
370
386
--location '<location>' `
371
387
--template-file '<bicep-file-name>' `
372
-
--deny-settings-mode 'none' `
373
-
--delete-resource-groups `
374
-
--delete-resources
388
+
--action-on-unmanage 'deleteAll' `
389
+
--deny-settings-mode 'none'
375
390
```
376
391
377
392
# [Portal](#tab/azure-portal)
@@ -381,25 +396,25 @@ Currently not implemented.
381
396
---
382
397
383
398
> [!WARNING]
384
-
> When deleting resource groups with either the `DeleteAll` or `DeleteResourceGroups` properties, the managed resource groups and all the resources contained within them will also be deleted.
399
+
> When deleting resource groups with the action-on-unmanage switch set to `DeleteAll`, the managed resource groups and all the resources contained within them will also be deleted.
385
400
386
401
## Delete deployment stacks
387
402
388
403
# [PowerShell](#tab/azure-powershell)
389
404
390
-
If you run the delete commands without the delete flags, the unmanaged resources will be detached but not deleted. To delete the unmanaged resources, use the following switches:
405
+
The `ActionOnUnmanage` switch defines the action to the resources that are no longer managed. The switch has the following values:
391
406
392
407
-`DeleteAll`: Delete both the resources and the resource groups.
393
408
-`DeleteResources`: Delete the resources only.
394
-
-`DeleteResourceGroups`: Delete the resource groups only.
409
+
-`DetachAll`: Detach the resources.
395
410
396
411
# [CLI](#tab/azure-cli)
397
412
398
-
If you run the delete commands without the delete flags, the unmanaged resources will be detached but not deleted. To delete the unmanaged resources, use the following switches:
413
+
The `action-on-unmanage` switch defines the action to the resources that are no longer managed. The switch has the following values:
399
414
400
415
-`delete-all`: Delete both the resources and the resource groups.
401
416
-`delete-resources`: Delete the resources only.
402
-
-`delete-resource-groups`: Delete the resource groups only.
417
+
-`detach-all`: Detach the resources.
403
418
404
419
# [Portal](#tab/azure-portal)
405
420
@@ -419,7 +434,7 @@ To delete deployment stack resources at the resource group scope:
During public preview, the deployment stack service doesn't yet have an Azure portal graphical user interface (GUI). To view the managed resources inside a deployment stack, use the following Azure Powershell/Azure CLI commands:
520
+
The deployment stack service doesn't yet have an Azure portal graphical user interface (GUI). To view the managed resources inside a deployment stack, use the following Azure Powershell/Azure CLI commands:
506
521
507
522
To view managed resources at the resource group scope:
0 commit comments