Skip to content

Commit 683dadc

Browse files
Merge pull request #271672 from mumian/0409-ds-vnet
Add the storage account requirement for accessing vnet for deployment…
2 parents 0cdd138 + 769d04f commit 683dadc

File tree

1 file changed

+7
-6
lines changed

1 file changed

+7
-6
lines changed

articles/azure-resource-manager/templates/deployment-script-template.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ title: Use deployment scripts in templates | Microsoft Docs
33
description: Use deployment scripts in Azure Resource Manager templates.
44
ms.custom: devx-track-arm-template
55
ms.topic: conceptual
6-
ms.date: 12/12/2023
6+
ms.date: 04/09/2024
77
---
88

99
# Use deployment scripts in ARM templates
@@ -660,7 +660,7 @@ The identity that your deployment script uses needs to be authorized to work wit
660660
With Microsoft.Resources/deploymentScripts version 2023-08-01, you can run deployment scripts in private networks with some additional configurations.
661661

662662
- Create a user-assigned managed identity, and specify it in the `identity` property. To assign the identity, see [Identity](#identity).
663-
- Create a storage account, and specify the deployment script to use the existing storage account. To specify an existing storage account, see [Use existing storage account](#use-existing-storage-account). Some additional configuration is required for the storage account.
663+
- Create a storage account with [`allowSharedKeyAccess`](/azure/templates/microsoft.storage/storageaccounts) set to `true` , and specify the deployment script to use the existing storage account. To specify an existing storage account, see [Use existing storage account](#use-existing-storage-account). Some additional configuration is required for the storage account.
664664

665665
1. Open the storage account in the [Azure portal](https://portal.azure.com).
666666
1. From the left menu, select **Access Control (IAM)**, and then select the **Role assignments** tab.
@@ -708,7 +708,7 @@ The following ARM template shows how to configure the environment for running a
708708
"resources": [
709709
{
710710
"type": "Microsoft.Network/virtualNetworks",
711-
"apiVersion": "2023-05-01",
711+
"apiVersion": "2023-09-01",
712712
"name": "[parameters('vnetName')]",
713713
"location": "[parameters('location')]",
714714
"properties": {
@@ -761,15 +761,16 @@ The following ARM template shows how to configure the environment for running a
761761
}
762762
],
763763
"defaultAction": "Deny"
764-
}
764+
},
765+
"allowSharedKeyAccess": true
765766
},
766767
"dependsOn": [
767768
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
768769
]
769770
},
770771
{
771772
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
772-
"apiVersion": "2023-01-31",
773+
"apiVersion": "2023-07-31-preview",
773774
"name": "[parameters('userAssignedIdentityName')]",
774775
"location": "[parameters('location')]"
775776
},
@@ -779,7 +780,7 @@ The following ARM template shows how to configure the environment for running a
779780
"scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('storageAccountName'))]",
780781
"name": "[guid(tenantResourceId('Microsoft.Authorization/roleDefinitions', '69566ab7-960f-475b-8e7c-b3118f30c6bd'), resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')))]",
781782
"properties": {
782-
"principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2023-01-31').principalId]",
783+
"principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2023-07-31-preview').principalId]",
783784
"roleDefinitionId": "[tenantResourceId('Microsoft.Authorization/roleDefinitions', '69566ab7-960f-475b-8e7c-b3118f30c6bd')]",
784785
"principalType": "ServicePrincipal"
785786
},

0 commit comments

Comments
 (0)