-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/service-bus/namespace/README.md b/modules/service-bus/namespace/README.md
index c84e9b9ed5..65c1ff3a6b 100644
--- a/modules/service-bus/namespace/README.md
+++ b/modules/service-bus/namespace/README.md
@@ -9,6 +9,7 @@ This module deploys a Service Bus Namespace.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -82,275 +83,6 @@ This module deploys a Service Bus Namespace.
| `zoneRedundant` | bool | `False` | | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. |
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-
-
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: '
-
-### Parameter Usage: `networkAcl`
-
-Configure networing options on premium SKU only.
-
-Parameter JSON format
-
-```json
-"networkAclConfig": {
- "value" : {
- "publicNetworkAccess": "Disabled",
- "allowTrustedServices": true
- }
-}
-
-
-```
-
-Bicep format
-
-```bicep
-networkingAclConfig: {
- publicNetworkAccess: "Disabled"
- allowTrustedServices: true
-}
-
-```
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-
- ## Outputs | Output Name | Type | Description | @@ -1083,3 +815,239 @@ module namespace './service-bus/namespace/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+Parameter JSON format
+
+```json
+"privateEndpoints": {
+ "value": [
+ // Example showing all available fields
+ {
+ "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+ "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+ "service": "Bicep format
+
+```bicep
+privateEndpoints: [
+ // Example showing all available fields
+ {
+ name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+ subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+ service: '
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+
diff --git a/modules/service-fabric/cluster/README.md b/modules/service-fabric/cluster/README.md
index 8c91416501..6a3174bddd 100644
--- a/modules/service-fabric/cluster/README.md
+++ b/modules/service-fabric/cluster/README.md
@@ -9,6 +9,7 @@ This module deploys a Service Fabric Cluster.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -66,159 +67,6 @@ This module deploys a Service Fabric Cluster.
| `waveUpgradePaused` | bool | `False` | | Boolean to pause automatic runtime version upgrades to the cluster. |
-### Parameter Usage: `notifications`
-
-Parameter JSON format
-
-```json
-"notifications": {
- "value": [
- {
- "isEnabled": true, // Required. Indicates if the notification is enabled.
- "notificationCategory": "WaveProgress", // Required. The category of notification. Possible values include: "WaveProgress".
- "notificationLevel": "Critical", // Required. The level of notification. Possible values include: "Critical", "All".
- "notificationTargets": [
- {
- "notificationChannel": "EmailUser", // Required. The notification channel indicates the type of receivers subscribed to the notification, either user or subscription. Possible values include: "EmailUser", "EmailSubscription".
- "receivers": [
- "SomeReceiver" // Required. List of targets that subscribe to the notification.
- ]
- }
- ]
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-notifications: [
- {
- isEnabled: true // Required. Indicates if the notification is enabled.
- notificationCategory: 'WaveProgress' // Required. The category of notification. Possible values include: 'WaveProgress'.
- notificationLevel: 'Critical' // Required. The level of notification. Possible values include: 'Critical' 'All'.
- notificationTargets: [
- {
- notificationChannel: 'EmailUser' // Required. The notification channel indicates the type of receivers subscribed to the notification either user or subscription. Possible values include: 'EmailUser' 'EmailSubscription'.
- receivers: [
- 'SomeReceiver' // Required. List of targets that subscribe to the notification.
- ]
- }
- ]
- }
-]
-```
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-
- ## Outputs | Output Name | Type | Description | @@ -848,3 +696,159 @@ module cluster './service-fabric/cluster/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `notifications`
+
+Parameter JSON format
+
+```json
+"notifications": {
+ "value": [
+ {
+ "isEnabled": true, // Required. Indicates if the notification is enabled.
+ "notificationCategory": "WaveProgress", // Required. The category of notification. Possible values include: "WaveProgress".
+ "notificationLevel": "Critical", // Required. The level of notification. Possible values include: "Critical", "All".
+ "notificationTargets": [
+ {
+ "notificationChannel": "EmailUser", // Required. The notification channel indicates the type of receivers subscribed to the notification, either user or subscription. Possible values include: "EmailUser", "EmailSubscription".
+ "receivers": [
+ "SomeReceiver" // Required. List of targets that subscribe to the notification.
+ ]
+ }
+ ]
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+notifications: [
+ {
+ isEnabled: true // Required. Indicates if the notification is enabled.
+ notificationCategory: 'WaveProgress' // Required. The category of notification. Possible values include: 'WaveProgress'.
+ notificationLevel: 'Critical' // Required. The level of notification. Possible values include: 'Critical' 'All'.
+ notificationTargets: [
+ {
+ notificationChannel: 'EmailUser' // Required. The notification channel indicates the type of receivers subscribed to the notification either user or subscription. Possible values include: 'EmailUser' 'EmailSubscription'.
+ receivers: [
+ 'SomeReceiver' // Required. List of targets that subscribe to the notification.
+ ]
+ }
+ ]
+ }
+]
+```
+
+
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+
diff --git a/modules/signal-r-service/web-pub-sub/README.md b/modules/signal-r-service/web-pub-sub/README.md
index e0cc720580..d595076366 100644
--- a/modules/signal-r-service/web-pub-sub/README.md
+++ b/modules/signal-r-service/web-pub-sub/README.md
@@ -9,6 +9,7 @@ This module deploys a SignalR Web PubSub Service.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -50,311 +51,6 @@ This module deploys a SignalR Web PubSub Service.
| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: '
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-
-
-### Parameter Usage: `networkAcls`
-
-Using this object you can configure the service's firewall. Note, that the `defaultAction` either allows all / denies all communication via the `publicNetwork` and `privateEndpoints`. You can subsequently allow/deny individual actions using the corresponding arrays.
-
-Either block supports any array of values:
-
-- 'ClientConnection'
-- 'RESTAPI'
-- 'ServerConnection'
-- 'Trace'
-
-Parameter JSON format
-
-```json
-"networkAcls": {
- "value": {
- "defaultAction": "Deny",
- "privateEndpoints": [
- {
- "name": "pe-[[namePrefix]]-az-pubsub-x-001-webpubsub-0",
- "allow": [
- "ServerConnection",
- "Trace"
- ],
- "deny": []
- }
- ],
- "publicNetwork": {
- "allow": [
- "RESTAPI",
- "Trace"
- ],
- "deny": []
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-networkAcls: {
- defaultAction: 'Deny'
- privateEndpoints: [
- {
- name: 'pe-[[namePrefix]]-az-pubsub-x-001-webpubsub-0'
- allow: [
- 'ServerConnection'
- 'Trace'
- ],
- deny: []
- }
- ]
- publicNetwork: {
- allow: [
- 'RESTAPI'
- 'Trace'
- ]
- deny: []
- }
-}
-```
-
-
- ## Outputs | Output Name | Type | Description | @@ -713,3 +409,240 @@ module webPubSub './signal-r-service/web-pub-sub/main.bicep' = {
+
+
+## Notes
+
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+Parameter JSON format
+
+```json
+"privateEndpoints": {
+ "value": [
+ // Example showing all available fields
+ {
+ "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+ "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+ "service": "Bicep format
+
+```bicep
+privateEndpoints: [
+ // Example showing all available fields
+ {
+ name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+ subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+ service: '
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+
diff --git a/modules/sql/managed-instance/README.md b/modules/sql/managed-instance/README.md
index 9ed0a0f15f..f4585d78dc 100644
--- a/modules/sql/managed-instance/README.md
+++ b/modules/sql/managed-instance/README.md
@@ -9,6 +9,7 @@ This module deploys a SQL Managed Instance.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -27,18 +28,6 @@ This module deploys a SQL Managed Instance.
| `Microsoft.Sql/managedInstances/securityAlertPolicies` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/managedInstances/securityAlertPolicies) |
| `Microsoft.Sql/managedInstances/vulnerabilityAssessments` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/managedInstances/vulnerabilityAssessments) |
-### Deployment prerequisites
-
-#### Networking
-
-SQL Managed Instance is deployed on a virtual network to a subnet that is delagated to the SQL MI service. This network is required to satisfy the requirements explained [here](https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql#network-requirements).
-
-SQL MI requires that the subnet have a Route Table and NSG assigned to it. The SQL MI service will automatically add Routes to the Route Table and Rules to the NSG once the SQL MI has been deployed. As a result, the parameter file for the Route Table and NSG will have to be updated afterwards with the created Routes & Rules, otherwise redeployment of the Route Table & NSG via Bicep/ARM will fail.
-
-#### Azure AD Authentication
-
-SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell#provision-azure-ad-admin-sql-managed-instance). This requires a Service Principal to be assigned and granted Reader rights to Azure AD by an AD Admin. To do so via this module, the `servicePrincipal` parameter must be set to `SystemAssigned` and deploy the SQL MI. Afterwards an Azure AD Admin must go to the SQL MI Azure Active Directory admin page in the Azure Portal and assigned the Reader rights. Next the `administratorsObj` must be configured in the parameter file and be redeployed.
-
## Parameters
**Required parameters**
@@ -101,171 +90,6 @@ SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://learn.
| `zoneRedundant` | bool | `False` | | Whether or not multi-az is enabled. |
-### Parameter Usage : `userAssignedIdentities`
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-
- ## Outputs | Output Name | Type | Description | @@ -703,3 +527,183 @@ module managedInstance './sql/managed-instance/main.bicep' = {
+
+
+## Notes
+
+### Considerations
+
+#### Networking
+
+SQL Managed Instance is deployed on a virtual network to a subnet that is delagated to the SQL MI service. This network is required to satisfy the requirements explained [here](https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql#network-requirements).
+
+SQL MI requires that the subnet have a Route Table and NSG assigned to it. The SQL MI service will automatically add Routes to the Route Table and Rules to the NSG once the SQL MI has been deployed. As a result, the parameter file for the Route Table and NSG will have to be updated afterwards with the created Routes & Rules, otherwise redeployment of the Route Table & NSG via Bicep/ARM will fail.
+
+#### Azure AD Authentication
+
+SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell#provision-azure-ad-admin-sql-managed-instance). This requires a Service Principal to be assigned and granted Reader rights to Azure AD by an AD Admin. To do so via this module, the `servicePrincipal` parameter must be set to `SystemAssigned` and deploy the SQL MI. Afterwards an Azure AD Admin must go to the SQL MI Azure Active Directory admin page in the Azure Portal and assigned the Reader rights. Next the `administratorsObj` must be configured in the parameter file and be redeployed.
+
+### Parameter Usage : `userAssignedIdentities`
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+
diff --git a/modules/sql/managed-instance/database/README.md b/modules/sql/managed-instance/database/README.md index b347af31a0..4feb82d887 100644 --- a/modules/sql/managed-instance/database/README.md +++ b/modules/sql/managed-instance/database/README.md @@ -8,6 +8,7 @@ This module deploys a SQL Managed Instance Database. - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) ## Resource types @@ -19,10 +20,6 @@ This module deploys a SQL Managed Instance Database. | `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) | | `Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies` | [2022-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) | -### Deployment prerequisites - -The SQL Managed Instance Database is deployed on a SQL Managed Instance. - ## Parameters **Required parameters** @@ -65,6 +62,21 @@ The SQL Managed Instance Database is deployed on a SQL Managed Instance. | `tags` | object | `{object}` | | Tags of the resource. | +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed database. | +| `resourceGroupName` | string | The resource group the database was deployed into. | +| `resourceId` | string | The resource ID of the deployed database. | + +## Cross-referenced modules + +_None_ + +## Notes + ### Parameter Usage: `tags` Tag names and tag values can be provided as needed. A tag can be left without a value. @@ -105,16 +117,3 @@ tags: {
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed database. |
-| `resourceGroupName` | string | The resource group the database was deployed into. |
-| `resourceId` | string | The resource ID of the deployed database. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/modules/sql/server/README.md b/modules/sql/server/README.md
index 18c05a8ea2..b6a4646090 100644
--- a/modules/sql/server/README.md
+++ b/modules/sql/server/README.md
@@ -9,6 +9,7 @@ This module deploys an Azure SQL Server.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -73,502 +74,229 @@ This module deploys an Azure SQL Server.
| `vulnerabilityAssessmentsObj` | object | `{object}` | | The vulnerability assessment configuration. |
-### Parameter Usage: `roleAssignments`
+## Outputs
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed SQL server. |
+| `resourceGroupName` | string | The resource group of the deployed SQL server. |
+| `resourceId` | string | The resource ID of the deployed SQL server. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-Parameter JSON format
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
+| Reference | Type |
+| :-- | :-- |
+| `network/private-endpoint` | Local reference |
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
Parameter JSON format
+via JSON Parameter file
```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "sqlsadmin"
+ },
+ // Non-required parameters
+ "administrators": {
+ "value": {
+ "azureADOnlyAuthentication": true,
+ "login": "myspn",
+ "principalType": "Application",
+ "sid": "
+ +
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-
-
-### Parameter Usage: `administrators`
-
-Configure Azure Active Directory Authentication method for server administrator.
-
-
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed SQL server. |
-| `resourceGroupName` | string | The resource group of the deployed SQL server. |
-| `resourceId` | string | The resource ID of the deployed SQL server. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
-
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
+
+### Parameter Usage: `administrators`
+
+Configure Azure Active Directory Authentication method for server administrator.
+
-
-
-### Parameter Usage: `networkAcls`
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -398,11 +110,6 @@ userAssignedIdentities: {
| `resourceId` | string | The resource ID of the deployed storage account. |
| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-## Considerations
-
-This is a generic module for deploying a Storage Account. Any customization for different storage needs (such as a diagnostic or other storage account) need to be done through the Archetype.
-The hierarchical namespace of the storage account (see parameter `enableHierarchicalNamespace`), can be only set at creation time.
-
## Cross-referenced modules
This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
@@ -1374,3 +1081,244 @@ module storageAccount './storage/storage-account/main.bicep' = {
+
+
+## Notes
+
+### Considerations
+
+This is a generic module for deploying a Storage Account. Any customization for different storage needs (such as a diagnostic or other storage account) need to be done through the Archetype.
+The hierarchical namespace of the storage account (see parameter `enableHierarchicalNamespace`), can be only set at creation time.
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
diff --git a/modules/storage/storage-account/management-policy/README.md b/modules/storage/storage-account/management-policy/README.md
index 471cefa283..063b8d60fa 100644
--- a/modules/storage/storage-account/management-policy/README.md
+++ b/modules/storage/storage-account/management-policy/README.md
@@ -36,87 +36,6 @@ This module deploys a Storage Account Management Policy.
| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-### Parameter Usage: `rules`
-
-
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/synapse/workspace/key/README.md b/modules/synapse/workspace/key/README.md
index eb2930be2a..f540c885ba 100644
--- a/modules/synapse/workspace/key/README.md
+++ b/modules/synapse/workspace/key/README.md
@@ -7,7 +7,6 @@ This module deploys a Synapse Workspaces Key.
- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
-- [Template references](#Template-references)
- [Cross-referenced modules](#Cross-referenced-modules)
## Resource Types
@@ -48,10 +47,6 @@ This module deploys a Synapse Workspaces Key.
| `resourceGroupName` | string | The resource group of the deployed key. |
| `resourceId` | string | The resource ID of the deployed key. |
-## Template references
-
-- [Workspaces/Keys](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/workspaces/keys)
-
## Cross-referenced modules
_None_
diff --git a/modules/virtual-machine-images/image-template/README.md b/modules/virtual-machine-images/image-template/README.md
index 03c7dc9eb8..f0c979df4b 100644
--- a/modules/virtual-machine-images/image-template/README.md
+++ b/modules/virtual-machine-images/image-template/README.md
@@ -9,6 +9,7 @@ This module deploys a Virtual Machine Image Template that can be consumed by Azu
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -60,115 +61,394 @@ This module deploys a Virtual Machine Image Template that can be consumed by Azu
| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to generate a unique image template name. |
-### Parameter Usage: `imageSource`
+## Outputs
-Tag names and tag values can be provided as needed. A tag can be left without a value.
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The full name of the deployed image template. |
+| `namePrefix` | string | The prefix of the image template name provided as input. |
+| `resourceGroupName` | string | The resource group the image template was deployed into. |
+| `resourceId` | string | The resource ID of the image template. |
+| `runThisCommand` | string | The command to run in order to trigger the image build. |
-#### Platform Image
+## Cross-referenced modules
-
-#### Managed Image
-
-#### Shared Image
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
+
+
+## Notes
+
+### Parameter Usage: `imageSource`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+#### Platform Image
+
+
+
+#### Managed Image
+
+
+
+#### Shared Image
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The full name of the deployed image template. |
-| `namePrefix` | string | The prefix of the image template name provided as input. |
-| `resourceGroupName` | string | The resource group the image template was deployed into. |
-| `resourceId` | string | The resource ID of the image template. |
-| `runThisCommand` | string | The command to run in order to trigger the image build. |
-
-## Cross-referenced modules
-
-_None_
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
-
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
-
-
-
-
-
-
-
diff --git a/modules/web/hosting-environment/README.md b/modules/web/hosting-environment/README.md
index 54a3e74821..bcaf7288a6 100644
--- a/modules/web/hosting-environment/README.md
+++ b/modules/web/hosting-environment/README.md
@@ -9,6 +9,7 @@ This module deploys an App Service Environment.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -71,174 +72,6 @@ This module deploys an App Service Environment.
| `zoneRedundant` | bool | `False` | | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. |
-### Parameter Usage: `clusterSettings`
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -568,3 +401,139 @@ module hostingEnvironment './web/hosting-environment/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
diff --git a/modules/web/serverfarm/README.md b/modules/web/serverfarm/README.md
index 21bd28da66..c3fa426a14 100644
--- a/modules/web/serverfarm/README.md
+++ b/modules/web/serverfarm/README.md
@@ -9,6 +9,7 @@ This module deploys an App Service Plan.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -53,143 +54,6 @@ This module deploys an App Service Plan.
| `zoneRedundant` | bool | `False` | | When true, this App Service Plan will perform availability zone balancing. |
-### Parameter Usage: `sku`
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -322,3 +186,106 @@ module serverfarm './web/serverfarm/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
diff --git a/modules/web/site/README.md b/modules/web/site/README.md
index 089772fd28..0591052d17 100644
--- a/modules/web/site/README.md
+++ b/modules/web/site/README.md
@@ -9,6 +9,7 @@ This module deploys a Web or Function App.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -91,339 +92,6 @@ This module deploys a Web or Function App.
| `vnetRouteAllEnabled` | bool | `False` | | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. |
-### Parameter Usage: `appSettingsKeyValuePairs`
-
-AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
-For all other app settings key-value pairs use this object.
-
-
-
-### Parameter Usage: `authSettingV2Configuration`
-
-The auth settings V2 configuration.
-
-
-
-### Parameter Usage: `siteConfig`
-
-The site config.
-
-
-
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -1075,128 +743,403 @@ module site './web/site/main.bicep' = {
"slots": {
"value": [
{
- "diagnosticEventHubAuthorizationRuleId": "
+
+
+
+
+
+
+## Notes
+
+
+### Parameter Usage: `appSettingsKeyValuePairs`
+
+AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
+For all other app settings key-value pairs use this object.
+
+
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
-
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the site config. |
-| `resourceGroupName` | string | The resource group the site config was deployed into. |
-| `resourceId` | string | The resource ID of the site config. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/modules/web/site/config--authsettingsv2/README.md b/modules/web/site/config--authsettingsv2/README.md
index 827a7b7b85..94dad58be5 100644
--- a/modules/web/site/config--authsettingsv2/README.md
+++ b/modules/web/site/config--authsettingsv2/README.md
@@ -37,37 +37,6 @@ This module deploys a Site Auth Settings V2 Configuration.
| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-### Parameter Usage: `authSettingV2Configuration`
-
-The auth settings V2 configuration.
-
-
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/web/site/slot/README.md b/modules/web/site/slot/README.md
index 3e3340731a..abfd53c9aa 100644
--- a/modules/web/site/slot/README.md
+++ b/modules/web/site/slot/README.md
@@ -8,6 +8,7 @@ This module deploys a Web or Function App Deployment Slot.
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
## Resource types
@@ -89,65 +90,44 @@ This module deploys a Web or Function App Deployment Slot.
| `vnetRouteAllEnabled` | bool | `False` | | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. |
-### Parameter Usage: `appSettingsKeyValuePairs`
-
-AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
-For all other app settings key-value pairs use this object.
-
-
-### Parameter Usage: `authSettingV2Configuration`
+### Parameter Usage: `appSettingsKeyValuePairs`
-The auth settings V2 configuration.
+AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
+For all other app settings key-value pairs use this object.
-
-### Parameter Usage: `siteConfig`
-
-The site config.
-
-
@@ -429,21 +381,3 @@ userAssignedIdentities: {
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the slot. |
-| `resourceGroupName` | string | The resource group the slot was deployed into. |
-| `resourceId` | string | The resource ID of the slot. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
diff --git a/modules/web/site/slot/config--appsettings/README.md b/modules/web/site/slot/config--appsettings/README.md
index 1b098e1a68..e41825e801 100644
--- a/modules/web/site/slot/config--appsettings/README.md
+++ b/modules/web/site/slot/config--appsettings/README.md
@@ -8,6 +8,7 @@ This module deploys a Site Slot App Setting.
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
## Resource Types
@@ -41,6 +42,20 @@ This module deploys a Site Slot App Setting.
| `storageAccountResourceId` | string | `''` | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. |
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the slot config. |
+| `resourceGroupName` | string | The resource group the slot config was deployed into. |
+| `resourceId` | string | The resource ID of the slot config. |
+
+## Cross-referenced modules
+
+_None_
+
+## Notes
+
### Parameter Usage: `appSettingsKeyValuePairs`
AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
@@ -52,16 +67,12 @@ For all other app settings key-value pairs use this object.
```json
"appSettingsKeyValuePairs": {
- "value": [
- {
- "name": "key1",
- "value": "val1"
- },
- {
- "name": "key2",
- "value": "val2"
- }
- ]
+ "value": {
+ "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
+ "EASYAUTH_SECRET": "https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
+ "FUNCTIONS_EXTENSION_VERSION": "~4",
+ "FUNCTIONS_WORKER_RUNTIME": "dotnet"
+ }
}
```
@@ -72,29 +83,16 @@ For all other app settings key-value pairs use this object.
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the slot config. |
-| `resourceGroupName` | string | The resource group the slot config was deployed into. |
-| `resourceId` | string | The resource ID of the slot config. |
-
-## Cross-referenced modules
-
-_None_
+
+
diff --git a/modules/web/site/slot/config--authsettingsv2/README.md b/modules/web/site/slot/config--authsettingsv2/README.md
index 1af48618ea..ecd2214ba4 100644
--- a/modules/web/site/slot/config--authsettingsv2/README.md
+++ b/modules/web/site/slot/config--authsettingsv2/README.md
@@ -38,37 +38,6 @@ This module deploys a Site Auth Settings V2 Configuration.
| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-### Parameter Usage: `authSettingV2Configuration`
-
-The auth settings V2 configuration.
-
-
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/web/static-site/README.md b/modules/web/static-site/README.md
index b58b5ceebf..b471b37790 100644
--- a/modules/web/static-site/README.md
+++ b/modules/web/static-site/README.md
@@ -9,6 +9,7 @@ This module deploys a Static Web App.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -59,272 +60,6 @@ This module deploys a Static Web App.
| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
-### Parameter Usage: `customDomains`
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -566,3 +301,239 @@ module staticSite './web/static-site/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
Parameter JSON format
-
-```json
-"administrators": {
- "value": {
- "azureADOnlyAuthentication": true
- "login": "John Doe", // if application can be anything
- "sid": "[[objectId]]", // if application, the object ID
- "principalType" : "User", // options: "User", "Group", "Application"
- "tenantId": "[[tenantId]]"
- }
-}
-```
-
-Bicep format
-
-```bicep
-administrators: {
- azureADOnlyAuthentication: true
- login: 'John Doe' // if application can be anything
- sid: '[[objectId]]' // if application the object ID
- 'principalType' : 'User' // options: 'User' 'Group' 'Application'
- tenantId: '[[tenantId]]'
-}
-```
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: 'Example 1: Admin
-
-via Bicep module
-
-```bicep
-module server './sql/server/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-sqlsadmin'
- params: {
- // Required parameters
- name: 'sqlsadmin'
- // Non-required parameters
- administrators: {
- azureADOnlyAuthentication: true
- login: 'myspn'
- principalType: 'Application'
- sid: 'via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "sqlsadmin"
- },
- // Non-required parameters
- "administrators": {
- "value": {
- "azureADOnlyAuthentication": true,
- "login": "myspn",
- "principalType": "Application",
- "sid": "Example 2: Common
-
-via Bicep module
-
-```bicep
-module server './sql/server/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-sqlscom'
- params: {
- // Required parameters
- name: 'sqlscom'
- // Non-required parameters
- administratorLogin: 'adminUserName'
- administratorLoginPassword: 'via JSON Parameter file
+via JSON Parameter file
```json
{
@@ -647,11 +375,162 @@ module server './sql/server/main.bicep' = {
"location": {
"value": "Example 3: Pe
+
+via Bicep module
+
+```bicep
+module server './sql/server/main.bicep' = {
+ name: '${uniqueString(deployment().name, location)}-test-sqlspe'
+ params: {
+ // Required parameters
+ name: 'sqlspe'
+ // Non-required parameters
+ administratorLogin: 'adminUserName'
+ administratorLoginPassword: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "sqlspe"
+ },
+ // Non-required parameters
+ "administratorLogin": {
+ "value": "adminUserName"
+ },
+ "administratorLoginPassword": {
+ "value": "Example 4: Secondary
+
+via Bicep module
+
+```bicep
+module server './sql/server/main.bicep' = {
+ name: '${uniqueString(deployment().name, location)}-test-sqlsec'
+ params: {
+ // Required parameters
+ name: 'sqlsec-sec'
+ // Non-required parameters
+ administratorLogin: 'adminUserName'
+ administratorLoginPassword: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "sqlsec-sec"
},
- "virtualNetworkRules": {
+ // Non-required parameters
+ "administratorLogin": {
+ "value": "adminUserName"
+ },
+ "administratorLoginPassword": {
+ "value": "Example 3: Pe
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+via Bicep module
+Parameter JSON format
-```bicep
-module server './sql/server/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-sqlspe'
- params: {
- // Required parameters
- name: 'sqlspe'
- // Non-required parameters
- administratorLogin: 'adminUserName'
- administratorLoginPassword: 'via JSON Parameter file
+Bicep format
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "sqlspe"
- },
- // Non-required parameters
- "administratorLogin": {
- "value": "adminUserName"
- },
- "administratorLoginPassword": {
- "value": "Example 4: Secondary
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
via Bicep module
+Parameter JSON format
-```bicep
-module server './sql/server/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-sqlsec'
- params: {
- // Required parameters
- name: 'sqlsec-sec'
- // Non-required parameters
- administratorLogin: 'adminUserName'
- administratorLoginPassword: 'via JSON Parameter file
+Bicep format
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "sqlsec-sec"
- },
- // Non-required parameters
- "administratorLogin": {
- "value": "adminUserName"
- },
- "administratorLoginPassword": {
- "value": "Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"networkAcls": {
- "value": {
- "bypass": "AzureServices",
- "defaultAction": "Deny",
- "virtualNetworkRules": [
- {
- "action": "Allow",
- "id": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001"
- }
- ],
- "ipRules": [
- {
- "action": "Allow",
- "value": "1.1.1.1"
- }
- ]
- }
-}
-```
-
-Bicep format
-
-```bicep
-networkAcls: {
- bypass: 'AzureServices'
- defaultAction: 'Deny'
- virtualNetworkRules: [
- {
- action: 'Allow'
- id: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- }
- ]
- ipRules: [
- {
- action: 'Allow'
- value: '1.1.1.1'
- }
- ]
-}
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: 'Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"privateEndpoints": {
+ "value": [
+ // Example showing all available fields
+ {
+ "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+ "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+ "service": "Bicep format
+
+```bicep
+privateEndpoints: [
+ // Example showing all available fields
+ {
+ name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+ subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+ service: 'Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+Parameter JSON format
-
-```json
-"rules": {
- "value": [
- {
- "enabled": true,
- "name": "retention-policy",
- "type": "Lifecycle",
- "definition": {
- "actions": {
- "baseBlob": {
- "tierToArchive": {
- "daysAfterModificationGreaterThan": 30
- },
- "delete": {
- "daysAfterModificationGreaterThan": 1096
- }
- },
- "snapshot": {
- "delete": {
- "daysAfterCreationGreaterThan": 1096
- }
- }
- },
- "filters": {
- "blobTypes": [
- "blockBlob"
- ]
- }
- }
- }
- ]
-}
-```
-Bicep format
-
-```bicep
-rules: [
- {
- enabled: true
- name: 'retention-policy'
- type: 'Lifecycle'
- definition: {
- actions: {
- baseBlob: {
- tierToArchive: {
- daysAfterModificationGreaterThan: 30
- }
- delete: {
- daysAfterModificationGreaterThan: 1096
- }
- }
- snapshot: {
- delete: {
- daysAfterCreationGreaterThan: 1096
- }
- }
- }
- filters: {
- blobTypes: [
- 'blockBlob'
- ]
- }
- }
- }
-]
-```
-
-Parameter JSON format
+## Deployment examples
-```json
-"source": {
- "type": "PlatformImage",
- "publisher": "MicrosoftWindowsDesktop",
- "offer": "Windows-10",
- "sku": "19h2-evd",
- "version": "latest"
-}
-```
+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-Example 1: Common
Bicep format
+via Bicep module
```bicep
-source: {
- type: 'PlatformImage'
- publisher: 'MicrosoftWindowsDesktop'
- offer: 'Windows-10'
- sku: '19h2-evd'
- version: 'latest'
+module imageTemplate './virtual-machine-images/image-template/main.bicep' = {
+ name: '${uniqueString(deployment().name, location)}-test-vmiitcom'
+ params: {
+ // Required parameters
+ customizationSteps: [
+ {
+ restartTimeout: '10m'
+ type: 'WindowsRestart'
+ }
+ ]
+ imageSource: {
+ offer: 'Windows-11'
+ publisher: 'MicrosoftWindowsDesktop'
+ sku: 'win11-22h2-avd'
+ type: 'PlatformImage'
+ version: 'latest'
+ }
+ name: 'vmiitcom001'
+ userMsiName: 'Parameter JSON format
+via JSON Parameter file
```json
-"source": {
- "type": "ManagedImage",
- "imageId": "/subscriptions/Bicep format
-
-```bicep
-source: {
- type: 'ManagedImage'
- imageId: '/subscriptions/Parameter JSON format
-
-```json
-"source": {
- "type": "SharedImageVersion",
- "imageVersionID": "/subscriptions/Example 2: Min
Bicep format
+via Bicep module
```bicep
-source: {
- type: 'SharedImageVersion'
- imageVersionID: '/subscriptions/Parameter JSON format
+via JSON Parameter file
```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "customizationSteps": {
+ "value": [
+ {
+ "restartTimeout": "30m",
+ "type": "WindowsRestart"
+ }
+ ]
+ },
+ "imageSource": {
+ "value": {
+ "offer": "Windows-10",
+ "publisher": "MicrosoftWindowsDesktop",
+ "sku": "win10-22h2-ent",
+ "type": "PlatformImage",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "vmiitmin001"
+ },
+ "userMsiName": {
+ "value": "Parameter JSON format
+
+```json
+"source": {
+ "type": "PlatformImage",
+ "publisher": "MicrosoftWindowsDesktop",
+ "offer": "Windows-10",
+ "sku": "19h2-evd",
+ "version": "latest"
+}
+```
+
+Bicep format
+
+```bicep
+source: {
+ type: 'PlatformImage'
+ publisher: 'MicrosoftWindowsDesktop'
+ offer: 'Windows-10'
+ sku: '19h2-evd'
+ version: 'latest'
+}
+```
+
+Parameter JSON format
+
+```json
+"source": {
+ "type": "ManagedImage",
+ "imageId": "/subscriptions/Bicep format
+
+```bicep
+source: {
+ type: 'ManagedImage'
+ imageId: '/subscriptions/Parameter JSON format
+
+```json
+"source": {
+ "type": "SharedImageVersion",
+ "imageVersionID": "/subscriptions/Bicep format
+
+```bicep
+source: {
+ type: 'SharedImageVersion'
+ imageVersionID: '/subscriptions/Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
"Contact": "test.user@testcompany.com",
"PurchaseOrder": "1234",
"CostCenter": "7890",
@@ -322,279 +602,3 @@ userAssignedIdentities: {
Example 1: Common
-
-via Bicep module
-
-```bicep
-module imageTemplate './virtual-machine-images/image-template/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-vmiitcom'
- params: {
- // Required parameters
- customizationSteps: [
- {
- restartTimeout: '10m'
- type: 'WindowsRestart'
- }
- ]
- imageSource: {
- offer: 'Windows-11'
- publisher: 'MicrosoftWindowsDesktop'
- sku: 'win11-22h2-avd'
- type: 'PlatformImage'
- version: 'latest'
- }
- name: 'vmiitcom001'
- userMsiName: 'via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "customizationSteps": {
- "value": [
- {
- "restartTimeout": "10m",
- "type": "WindowsRestart"
- }
- ]
- },
- "imageSource": {
- "value": {
- "offer": "Windows-11",
- "publisher": "MicrosoftWindowsDesktop",
- "sku": "win11-22h2-avd",
- "type": "PlatformImage",
- "version": "latest"
- }
- },
- "name": {
- "value": "vmiitcom001"
- },
- "userMsiName": {
- "value": "Example 2: Min
-
-via Bicep module
-
-```bicep
-module imageTemplate './virtual-machine-images/image-template/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-vmiitmin'
- params: {
- // Required parameters
- customizationSteps: [
- {
- restartTimeout: '30m'
- type: 'WindowsRestart'
- }
- ]
- imageSource: {
- offer: 'Windows-10'
- publisher: 'MicrosoftWindowsDesktop'
- sku: 'win10-22h2-ent'
- type: 'PlatformImage'
- version: 'latest'
- }
- name: 'vmiitmin001'
- userMsiName: 'via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "customizationSteps": {
- "value": [
- {
- "restartTimeout": "30m",
- "type": "WindowsRestart"
- }
- ]
- },
- "imageSource": {
- "value": {
- "offer": "Windows-10",
- "publisher": "MicrosoftWindowsDesktop",
- "sku": "win10-22h2-ent",
- "type": "PlatformImage",
- "version": "latest"
- }
- },
- "name": {
- "value": "vmiitmin001"
- },
- "userMsiName": {
- "value": "Parameter JSON format
-
-```json
-"clusterSettings": {
- "value": [
- {
- "name": "DisableTls1.0",
- "value": "1"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-clusterSettings: [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+Parameter JSON format
-
-```json
-"sku": {
- "value": {
- "name": "P1v2",
- "tier": "PremiumV2",
- "size": "P1v2",
- "family": "Pv2",
- "capacity": 1
- }
-}
-```
-
-Bicep format
-
-```bicep
-sku: {
- name: 'P1v2'
- tier: 'PremiumV2'
- size: 'P1v2'
- family: 'Pv2'
- capacity: 1
-}
-```
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
-
-```json
-"appSettingsKeyValuePairs": {
- "value": {
- "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
- "EASYAUTH_SECRET": "https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
- "FUNCTIONS_EXTENSION_VERSION": "~4",
- "FUNCTIONS_WORKER_RUNTIME": "dotnet"
- }
-}
-```
-
-Bicep format
-
-```bicep
-appSettingsKeyValuePairs: {
- AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
- EASYAUTH_SECRET: 'https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password'
- FUNCTIONS_EXTENSION_VERSION: '~4'
- FUNCTIONS_WORKER_RUNTIME: 'dotnet'
-}
-```
-
-Parameter JSON format
-
-```json
-"siteConfig": {
- "value": [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
- ]
-}
-```
-
-Bicep format
-
-```bicep
-siteConfig: [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
-]
-```
-
-Parameter JSON format
-
-```json
-"siteConfig": {
- "value": [
- // Check out https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=bicep#siteconfig for possible properties
- ]
-}
-```
-
-Bicep format
-
-```bicep
-siteConfig: [
- // Check out https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=bicep#siteconfig for possible properties
-]
-```
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: 'Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Example 4: Webappmin
+
+via Bicep module
+
+```bicep
+module site './web/site/main.bicep' = {
+ name: '${uniqueString(deployment().name, location)}-test-wswamin'
+ params: {
+ // Required parameters
+ kind: 'app'
+ name: 'wswamin001'
+ serverFarmResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "app"
+ },
+ "name": {
+ "value": "wswamin001"
+ },
+ "serverFarmResourceId": {
+ "value": "Parameter JSON format
+
+```json
+"appSettingsKeyValuePairs": {
+ "value": {
+ "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
+ "EASYAUTH_SECRET": "https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
+ "FUNCTIONS_EXTENSION_VERSION": "~4",
+ "FUNCTIONS_WORKER_RUNTIME": "dotnet"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+appSettingsKeyValuePairs: {
+ AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
+ EASYAUTH_SECRET: 'https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password'
+ FUNCTIONS_EXTENSION_VERSION: '~4'
+ FUNCTIONS_WORKER_RUNTIME: 'dotnet'
+}
+```
+
+Parameter JSON format
+
+```json
+"privateEndpoints": {
+ "value": [
+ // Example showing all available fields
+ {
+ "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+ "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+ "service": "Bicep format
+
+```bicep
+privateEndpoints: [
+ // Example showing all available fields
+ {
+ name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+ subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+ service: 'Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
},
{
- "name": "slot2"
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
}
- ]
- },
- "systemAssignedIdentity": {
- "value": true
- },
- "userAssignedIdentities": {
- "value": {
- "Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
Example 4: Webappmin
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
via Bicep module
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
```bicep
-module site './web/site/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-wswamin'
- params: {
- // Required parameters
- kind: 'app'
- name: 'wswamin001'
- serverFarmResourceId: 'via JSON Parameter file
+Parameter JSON format
```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "kind": {
- "value": "app"
- },
- "name": {
- "value": "wswamin001"
- },
- "serverFarmResourceId": {
- "value": "Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
}
```
diff --git a/modules/web/site/config--appsettings/README.md b/modules/web/site/config--appsettings/README.md
index 7400841fc1..3be5e82252 100644
--- a/modules/web/site/config--appsettings/README.md
+++ b/modules/web/site/config--appsettings/README.md
@@ -8,6 +8,7 @@ This module deploys a Site App Setting.
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
## Resource Types
@@ -40,6 +41,20 @@ This module deploys a Site App Setting.
| `storageAccountResourceId` | string | `''` | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. |
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the site config. |
+| `resourceGroupName` | string | The resource group the site config was deployed into. |
+| `resourceId` | string | The resource ID of the site config. |
+
+## Cross-referenced modules
+
+_None_
+
+## Notes
+
### Parameter Usage: `appSettingsKeyValuePairs`
AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
@@ -85,15 +100,3 @@ appSettingsKeyValuePairs: [
Parameter JSON format
-
-```json
-"siteConfig": {
- "value": [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
- ]
-}
-```
-
-Bicep format
-
-```bicep
-siteConfig: [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
-]
-```
-
-Parameter JSON format
+## Outputs
-```json
-"appSettingsKeyValuePairs": {
- "value": [
- {
- "name": "key1",
- "value": "val1"
- },
- {
- "name": "key2",
- "value": "val2"
- }
- ]
-}
-```
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the slot. |
+| `resourceGroupName` | string | The resource group the slot was deployed into. |
+| `resourceId` | string | The resource ID of the slot. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-Bicep format
+| Reference | Type |
+| :-- | :-- |
+| `network/private-endpoint` | Local reference |
-```bicep
-appSettingsKeyValuePairs: [
- {
- name: 'key1'
- value: 'val1'
- }
- {
- name: 'key2'
- value: 'val2'
- }
-]
-```
+## Notes
-Parameter JSON format
```json
-"siteConfig": {
- "value": [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
- ]
+"appSettingsKeyValuePairs": {
+ "value": {
+ "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
+ "EASYAUTH_SECRET": "https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
+ "FUNCTIONS_EXTENSION_VERSION": "~4",
+ "FUNCTIONS_WORKER_RUNTIME": "dotnet"
+ }
}
```
@@ -158,42 +138,14 @@ The auth settings V2 configuration.
Bicep format
```bicep
-siteConfig: [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
-]
-```
-
-Parameter JSON format
-
-```json
-"siteConfig": {
- "value": [
- // Check out https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=bicep#siteconfig for possible properties
- ]
+appSettingsKeyValuePairs: {
+ AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
+ EASYAUTH_SECRET: 'https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password'
+ FUNCTIONS_EXTENSION_VERSION: '~4'
+ FUNCTIONS_WORKER_RUNTIME: 'dotnet'
}
```
-Bicep format
-
-```bicep
-siteConfig: [
- // Check out https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=bicep#siteconfig for possible properties
-]
-```
-
Parameter JSON format
-
-```json
-"siteConfig": {
- "value": [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
- ]
-}
-```
-
-Bicep format
-
-```bicep
-siteConfig: [
- // Check out https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties
-]
-```
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: 'Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Parameter JSON format
-
-```json
-"customDomains": {
- "value": [
- "[[namePrefix]]domain1.domain",
- "[[namePrefix]]domain2.domain.domain",
- "[[namePrefix]]domain3.domain.domain.domain"
- ]
-}
-```
-
-Bicep format
-
-```bicep
-customDomains: [
- 'carmldomain1.domain'
- 'carmldomain2.domain.domain'
- 'carmldomain3.domain.domain.domain'
-]
-```
-
-Parameter JSON format
+
+```json
+"privateEndpoints": {
+ "value": [
+ // Example showing all available fields
+ {
+ "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+ "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+ "service": "Bicep format
+
+```bicep
+privateEndpoints: [
+ // Example showing all available fields
+ {
+ name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+ subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+ service: 'Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+