+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "nplscom001"
+ },
+ // Non-required parameters
+ "autoApproval": {
+ "value": {
+ "subscriptions": [
+ "*"
+ ]
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "
+ +
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "nplsmin001"
+ },
+ // Non-required parameters
+ "enableDefaultTelemetry": {
+ "value": "
+ + +## Notes + ### Parameter Usage: `ipConfigurations` This property refers to the NAT (Network Address Translation) IP configuration for the Private Link service. The NAT IP can be chosen from any subnet in a service provider's virtual network. Private Link service performs destination side NAT-ing on the Private Link traffic. This ensures that there is no IP conflict between source (consumer side) and destination (service provider) address space. On the destination side (service provider side), the NAT IP address will show up as Source IP for all packets received by your service and destination IP for all packets sent by your service. @@ -117,43 +375,6 @@ ipConfigurations: [
-### Parameter Usage: `loadBalancerFrontendIpConfigurations`
-
-Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations.
-
-Parameter JSON format
-
-```json
-"loadBalancerFrontendIpConfigurations": {
- "value": [
- // Example showing reference to the font end IP configuration of the load balancer
- {
- "id": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-[[namePrefix]]-az-lb-internal-001/frontendIPConfigurations/privateIPConfig1"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-loadBalancerFrontendIpConfigurations: [
- // Example showing reference to the font end IP configuration of the load balancer
- {
- id: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-[[namePrefix]]-az-lb-internal-001/frontendIPConfigurations/privateIPConfig1'
- }
-]
-```
-
-
- ### Parameter Usage: `extendedLocation` This is the Edge Zone ID of the Edge Zone corresponding to the region in which the resource is deployed. More information is available here: [Azure Edge Zone ID](https://learn.microsoft.com/en-us/azure/public-multi-access-edge-compute-mec/key-concepts#azure-edge-zone-id). @@ -228,85 +449,8 @@ autoApproval: [ // Example to auto-approve a specific set of subscriptions. This should always be a subset of the subscriptions provided under "visibility" autoApproval: [ - '12345678-1234-1234-1234-123456781234' // Subscription 1 - '87654321-1234-1234-1234-123456781234' // Subscription 2 -] -``` - - -
-
-### Parameter Usage: `visibility`
-
-Visibility is the property that controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions.
-
-Parameter JSON format
-
-```json
-"visibility": {
- "value"
- // Example showing usage of visibility param
- "subscriptions": [
- "12345678-1234-1234-1234-123456781234", // Subscription 1
- "87654321-1234-1234-1234-123456781234", // Subscription 2
- "12341234-1234-1234-1234-123456781234" // Subscription 3
- ]
-}
-```
-
-Bicep format
-
-```bicep
-visibility: {
- subscriptions: [
- '12345678-1234-1234-1234-123456781234' // Subscription 1
- '87654321-1234-1234-1234-123456781234' // Subscription 2
- '12341234-1234-1234-1234-123456781234' // Subscription 3
- ]
-}
-```
-
-
-
-### Parameter Usage: `enableProxyProtocol`
-
-This property lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header.
-
-### Parameter Usage: `fqdns`
-
-This property lets you set the fqdn(s) to access the Private Link service.
-Parameter JSON format
-
-```json
-"fqdns": {
- // Example to set FQDNs for the Private Link service
- "value": [
- "pls01.azure.privatelinkservice", // FQDN 1
- "pls01-duplicate.azure.privatelinkserivce" // FQDN 2
- ]
-}
-```
-
-Bicep format
-
-```bicep
-fqdns: [
- // Example to set FQDNs for the Private Link service
- 'pls01.azure.privatelinkservice'
- 'pls01-duplicate.azure.privatelinkservice'
+ '12345678-1234-1234-1234-123456781234' // Subscription 1
+ '87654321-1234-1234-1234-123456781234' // Subscription 2
]
```
@@ -412,257 +556,3 @@ tags: {
- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private link service. | -| `resourceGroupName` | string | The resource group the private link service was deployed into. | -| `resourceId` | string | The resource ID of the private link service. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "nplscom001"
- },
- // Non-required parameters
- "autoApproval": {
- "value": {
- "subscriptions": [
- "*"
- ]
- }
- },
- "enableDefaultTelemetry": {
- "value": "
- -
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "nplsmin001"
- },
- // Non-required parameters
- "enableDefaultTelemetry": {
- "value": "
diff --git a/modules/network/private-link-service/main.bicep b/modules/network/private-link-service/main.bicep
index cc1f2dccdc..e9f91ecae5 100644
--- a/modules/network/private-link-service/main.bicep
+++ b/modules/network/private-link-service/main.bicep
@@ -25,7 +25,7 @@ param extendedLocation object = {}
@description('Optional. The auto-approval list of the private link service.')
param autoApproval object = {}
-@description('Optional. Whether the private link service is enabled for proxy protocol or not.')
+@description('Optional. Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header.')
param enableProxyProtocol bool = false
@description('Optional. The list of Fqdn.')
@@ -34,10 +34,10 @@ param fqdns array = []
@description('Optional. An array of private link service IP configurations.')
param ipConfigurations array = []
-@description('Optional. An array of references to the load balancer IP configurations.')
+@description('Optional. An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations.')
param loadBalancerFrontendIpConfigurations array = []
-@description('Optional. The visibility list of the private link service.')
+@description('Optional. Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions.')
param visibility object = {}
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
diff --git a/modules/network/private-link-service/main.json b/modules/network/private-link-service/main.json
index d355611b6c..fedfe30695 100644
--- a/modules/network/private-link-service/main.json
+++ b/modules/network/private-link-service/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5269294083779286611"
+ "version": "0.22.6.54827",
+ "templateHash": "15026904267969319263"
},
"name": "Private Link Services",
"description": "This module deploys a Private Link Service.",
@@ -62,7 +62,7 @@
"type": "bool",
"defaultValue": false,
"metadata": {
- "description": "Optional. Whether the private link service is enabled for proxy protocol or not."
+ "description": "Optional. Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header."
}
},
"fqdns": {
@@ -83,14 +83,14 @@
"type": "array",
"defaultValue": [],
"metadata": {
- "description": "Optional. An array of references to the load balancer IP configurations."
+ "description": "Optional. An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations."
}
},
"visibility": {
"type": "object",
"defaultValue": {},
"metadata": {
- "description": "Optional. The visibility list of the private link service."
+ "description": "Optional. Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions."
}
},
"enableDefaultTelemetry": {
@@ -187,8 +187,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5533654870046410263"
+ "version": "0.22.6.54827",
+ "templateHash": "535852805558824015"
}
},
"parameters": {
diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md
index 0d634f3add..345da52329 100644
--- a/modules/network/route-table/README.md
+++ b/modules/network/route-table/README.md
@@ -9,6 +9,7 @@ This module deploys a User Defined Route Table (UDR).
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -39,195 +40,6 @@ This module deploys a User Defined Route Table (UDR).
| `tags` | object | `{object}` | | Tags of the resource. |
-### Parameter Usage: `routes`
-
-The `routes` parameter accepts a JSON Array of Route objects to deploy to the Route Table.
-
-Here's an example of specifying a few routes:
-
-Parameter JSON format
-
-```json
-"routes": {
- "value": [
- {
- "name": "tojumpboxes",
- "properties": {
- "addressPrefix": "172.16.0.48/28",
- "nextHopType": "VnetLocal"
- }
- },
- {
- "name": "tosharedservices",
- "properties": {
- "addressPrefix": "172.16.0.64/27",
- "nextHopType": "VnetLocal"
- }
- },
- {
- "name": "toonprem",
- "properties": {
- "addressPrefix": "10.0.0.0/8",
- "nextHopType": "VirtualNetworkGateway"
- }
- },
- {
- "name": "tonva",
- "properties": {
- "addressPrefix": "172.16.0.0/18",
- "nextHopType": "VirtualAppliance",
- "nextHopIpAddress": "172.16.0.20"
- }
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-routes: [
- {
- name: 'tojumpboxes'
- properties: {
- addressPrefix: '172.16.0.48/28'
- nextHopType: 'VnetLocal'
- }
- }
- {
- name: 'tosharedservices'
- properties: {
- addressPrefix: '172.16.0.64/27'
- nextHopType: 'VnetLocal'
- }
- }
- {
- name: 'toonprem'
- properties: {
- addressPrefix: '10.0.0.0/8'
- nextHopType: 'VirtualNetworkGateway'
- }
- }
- {
- name: 'tonva'
- properties: {
- addressPrefix: '172.16.0.0/18'
- nextHopType: 'VirtualAppliance'
- nextHopIpAddress: '172.16.0.20'
- }
- }
-]
-```
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-
- ## Outputs | Output Name | Type | Description | @@ -395,3 +207,106 @@ module routeTable './network/route-table/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+
diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index 3511923eee..592e9cd99b 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -9,6 +9,7 @@ This module deploys a Traffic Manager Profile. - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Deployment examples](#Deployment-examples) +- [Notes](#Notes) ## Resource types @@ -52,6 +53,178 @@ This module deploys a Traffic Manager Profile. | `ttl` | int | `60` | | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the traffic manager was deployed into. | +| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | +| `resourceId` | string | The resource ID of the traffic manager. | + +## Cross-referenced modules + +_None_ + +## Deployment examples + +The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "
+ +
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "
+
+
+## Notes
+
### Parameter Usage: `monitorConfig`
- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the traffic manager was deployed into. | -| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | -| `resourceId` | string | The resource ID of the traffic manager. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "
- -
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "
diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/README.md b/modules/network/virtual-hub/hub-virtual-network-connection/README.md
index 6039a55267..bd663aeb43 100644
--- a/modules/network/virtual-hub/hub-virtual-network-connection/README.md
+++ b/modules/network/virtual-hub/hub-virtual-network-connection/README.md
@@ -39,10 +39,6 @@ This module deploys a Virtual Hub Virtual Network Connection.
| `routingConfiguration` | object | `{object}` | Routing Configuration indicating the associated and propagated route tables for this connection. |
-### Parameter Usage: `hubVirtualNetworkConnections`
-
-...
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md
index 8eaf06c0d0..f40b952857 100644
--- a/modules/network/virtual-network-gateway/README.md
+++ b/modules/network/virtual-network-gateway/README.md
@@ -9,6 +9,7 @@ This module deploys a Virtual Network Gateway.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -74,173 +75,6 @@ This module deploys a Virtual Network Gateway.
| `vpnType` | string | `'RouteBased'` | `[PolicyBased, RouteBased]` | Specifies the VPN type. |
-### Parameter Usage: `subnets`
-
-The `subnets` parameter accepts a JSON Array of `subnet` objects to deploy to the Virtual Network.
-
-Here's an example of specifying a couple Subnets to deploy:
-
-Parameter JSON format
-
-```json
-"subnets": {
- "value": [
- {
- "name": "app",
- "properties": {
- "addressPrefix": "10.1.0.0/24",
- "networkSecurityGroup": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'app-nsg')]"
- },
- "routeTable": {
- "id": "[resourceId('Microsoft.Network/routeTables', 'app-udr')]"
- }
- }
- },
- {
- "name": "data",
- "properties": {
- "addressPrefix": "10.1.1.0/24"
- }
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-subnets: [
- {
- name: 'app'
- properties: {
- addressPrefix: '10.1.0.0/24'
- networkSecurityGroup: {
- id: '[resourceId('Microsoft.Network/networkSecurityGroups' 'app-nsg')]'
- }
- routeTable: {
- id: '[resourceId('Microsoft.Network/routeTables' 'app-udr')]'
- }
- }
- }
- {
- name: 'data'
- properties: {
- addressPrefix: '10.1.1.0/24'
- }
- }
-]
-```
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-
- ## Outputs | Output Name | Type | Description | @@ -790,3 +624,105 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
+
+
+## Notes
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+
diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md
index 2664550387..420481c523 100644
--- a/modules/network/virtual-network/README.md
+++ b/modules/network/virtual-network/README.md
@@ -6,10 +6,10 @@ This module deploys a Virtual Network (vNet).
- [Resource types](#Resource-types)
- [Parameters](#Parameters)
-- [Considerations](#Considerations)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -56,290 +56,6 @@ This module deploys a Virtual Network (vNet).
| `vnetEncryptionEnforcement` | string | `'AllowUnencrypted'` | `[AllowUnencrypted, DropUnencrypted]` | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. |
-### Parameter Usage: `subnets`
-
-Below you can find an example for the subnet property's usage. For all remaining properties, please refer to the _[subnet](subnet/README.md)_ readme.
-
-Template JSON format
-
-```json
-"subnets": {
- "value": [
- {
- "name": "GatewaySubnet",
- "addressPrefix": "10.0.255.0/24"
- },
- {
- "name": "[[namePrefix]]-az-subnet-x-001",
- "addressPrefix": "10.0.0.0/24",
- "networkSecurityGroupId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-[[namePrefix]]-az-nsg-x-001",
- "serviceEndpoints": [
- {
- "service": "Microsoft.Storage"
- },
- {
- "service": "Microsoft.Sql"
- }
- ],
- "routeTableId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-[[namePrefix]]-az-udr-x-001",
- "delegations": [
- {
- "name": "netappDel",
- "properties": {
- "serviceName": "Microsoft.Netapp/volumes"
- }
- }
- ],
- "privateEndpointNetworkPolicies": "Disabled",
- "privateLinkServiceNetworkPolicies": "Enabled"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-subnets: [
- {
- name: 'GatewaySubnet'
- addressPrefix: '10.0.255.0/24'
- }
- {
- name: '[[namePrefix]]-az-subnet-x-001'
- addressPrefix: '10.0.0.0/24'
- networkSecurityGroupId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-[[namePrefix]]-az-nsg-x-001'
- serviceEndpoints: [
- {
- service: 'Microsoft.Storage'
- }
- {
- service: 'Microsoft.Sql'
- }
- ]
- routeTableId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-[[namePrefix]]-az-udr-x-001'
- delegations: [
- {
- name: 'netappDel'
- properties: {
- serviceName: 'Microsoft.Netapp/volumes'
- }
- }
- ]
- privateEndpointNetworkPolicies: 'Disabled'
- privateLinkServiceNetworkPolicies: 'Enabled'
- }
-]
-```
-
-
-
-### Parameter Usage: `virtualNetworkPeerings`
-
-As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following ***additional*** properties on top of what is documented in _[virtualNetworkPeering](virtual-network-peering/README.md)_.
-
-| Parameter Name | Type | Default Value | Possible Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network |
-| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be
-
-### Parameter Usage: `addressPrefixes`
-
-The `addressPrefixes` parameter accepts a JSON Array of string values containing the IP Address Prefixes for the Virtual Network (vNet).
-
-Here's an example of specifying a single Address Prefix:
-
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-## Considerations
-
-The network security group and route table resources must reside in the same resource group as the virtual network.
-
## Outputs
| Output Name | Type | Description |
@@ -737,3 +453,125 @@ module virtualNetwork './network/virtual-network/main.bicep' = {
+
+
+## Notes
+
+### Considerations
+
+The network security group and route table resources must reside in the same resource group as the virtual network.
+
+### Parameter Usage: `peerings`
+
+As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following ***additional*** properties on top of what is documented in _[virtualNetworkPeering](virtual-network-peering/README.md)_.
+
+| Parameter Name | Type | Default Value | Possible Values | Description |
+| :-- | :-- | :-- | :-- | :-- |
+| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network |
+| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md
index 2fcd6f1dff..1d0e363cf6 100644
--- a/modules/network/virtual-network/subnet/README.md
+++ b/modules/network/virtual-network/subnet/README.md
@@ -6,9 +6,9 @@ This module deploys a Virtual Network Subnet.
- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
-- [Considerations](#Considerations)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
## Resource Types
@@ -51,91 +51,21 @@ This module deploys a Virtual Network Subnet.
| `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. |
-### Parameter Usage: `delegations`
-
-
-
-### Parameter Usage: `serviceEndpoints`
-
-
+## Notes
### Parameter Usage: `roleAssignments`
@@ -196,20 +126,6 @@ roleAssignments: [
-## Considerations
+### Considerations
The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled".
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the virtual network peering. |
-| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. |
-| `resourceId` | string | The resource ID of the virtual network peering. |
-| `subnetAddressPrefix` | string | The address prefix for the subnet. |
-| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/modules/network/virtual-network/virtual-network-peering/README.md b/modules/network/virtual-network/virtual-network-peering/README.md
index 059f1d9ef1..f5dd0935e8 100644
--- a/modules/network/virtual-network/virtual-network-peering/README.md
+++ b/modules/network/virtual-network/virtual-network-peering/README.md
@@ -15,13 +15,6 @@ This module deploys a Virtual Network Peering.
| :-- | :-- |
| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/virtualNetworkPeerings) |
-### Resource dependency
-
-The following resources are required to be able to deploy this resource.
-
-- Local Virtual Network (Identified by the `localVnetName` parameter).
-- Remote Virtual Network (Identified by the `remoteVirtualNetworkId` parameter)
-
## Parameters
**Required parameters**
diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md
index 283bbfe3cd..dae2760dda 100644
--- a/modules/network/vpn-gateway/README.md
+++ b/modules/network/vpn-gateway/README.md
@@ -9,6 +9,7 @@ This module deploys a VPN Gateway.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -44,124 +45,6 @@ This module deploys a VPN Gateway.
| `vpnGatewayScaleUnit` | int | `2` | | The scale unit for this VPN gateway. |
-### Parameter Usage: `bgpSettings`
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -371,3 +254,124 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `bgpSettings`
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md
index fd46c20e02..624aacd235 100644
--- a/modules/network/vpn-gateway/vpn-connection/README.md
+++ b/modules/network/vpn-gateway/vpn-connection/README.md
@@ -8,6 +8,7 @@ This module deploys a VPN Gateway VPN Connection.
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
## Resource Types
@@ -50,6 +51,20 @@ This module deploys a VPN Gateway VPN Connection.
| `vpnLinkConnections` | array | `[]` | | List of all VPN site link connections to the gateway. |
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the VPN connection. |
+| `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. |
+| `resourceId` | string | The resource ID of the VPN connection. |
+
+## Cross-referenced modules
+
+_None_
+
+## Notes
+
### Parameter Usage: `routingConfiguration`
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the VPN connection. |
-| `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. |
-| `resourceId` | string | The resource ID of the VPN connection. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md
index 36cd83eb33..885dd54c32 100644
--- a/modules/network/vpn-site/README.md
+++ b/modules/network/vpn-site/README.md
@@ -9,6 +9,7 @@ This module deploys a VPN Site.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -50,271 +51,6 @@ This module deploys a VPN Site.
| `vpnSiteLinks` | array | `[]` | | List of all VPN site links. |
-### Parameter Usage `o365Policy`
-
-
-
-### Parameter Usage `deviceProperties`
-
-
-
-### Parameter Usage `bgpProperties`
-
-The BGP properties. Note: This is a deprecated property, please use the corresponding `VpnSiteLinks` property instead.
-
-
-
-### Parameter Usage `vpnSiteLinks`
-
-An array of links. Should be used instead of the top-level `ipAddress` & `bgpProperties` properties. If using links, one default link with same name and properties as VpnSite itself is mandatory.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -566,3 +302,140 @@ module vpnSite './network/vpn-site/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage `deviceProperties`
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md
index 6c7f72648d..ef62355818 100644
--- a/modules/operational-insights/workspace/README.md
+++ b/modules/operational-insights/workspace/README.md
@@ -9,6 +9,7 @@ This module deploys a Log Analytics Workspace.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -76,408 +77,6 @@ This module deploys a Log Analytics Workspace.
| `useResourcePermissions` | bool | `False` | | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. |
-### Parameter Usage: `gallerySolutions`
-
-Ref cross-referenced _[solution](../../operations-management/solution/README.md)_
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -1462,3 +1061,139 @@ module workspace './operational-insights/workspace/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
diff --git a/modules/policy-insights/remediation/README.md b/modules/policy-insights/remediation/README.md
index b99ddb0e37..cb7a763830 100644
--- a/modules/policy-insights/remediation/README.md
+++ b/modules/policy-insights/remediation/README.md
@@ -6,10 +6,10 @@ This module deploys a Policy Insights Remediation.
- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
-- [Module Usage Guidance](#Module-Usage-Guidance)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -43,117 +43,6 @@ This module deploys a Policy Insights Remediation.
| `subscriptionId` | string | `''` | | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. |
-### Parameter Usage: `managementGroupId`
-
-To deploy resource to a Management Group, provide the `managementGroupId` as an input parameter to the module.
-
-
-
-> `managementGroupId` is an optional parameter. If not provided, the deployment will use the management group defined in the current deployment scope (i.e. `managementGroup().name`).
-
-### Parameter Usage: `subscriptionId`
-
-To deploy resource to an Azure Subscription, provide the `subscriptionId` as an input parameter to the module. **Example**:
-
-
-
-### Parameter Usage: `resourceGroupName`
-
-To deploy resource to a Resource Group, provide the `subscriptionId` and `resourceGroupName` as an input parameter to the module. **Example**:
-
-
-
-> The `subscriptionId` is used to enable deployment to a Resource Group Scope, allowing the use of the `resourceGroup()` function from a Management Group Scope. [Additional Details](https://github.com/Azure/bicep/pull/1420).
-
-## Module Usage Guidance
-
-In general, resources under the `Microsoft.PolicyInsights` namespace allows deploying resources at multiple scopes (management groups, subscriptions, resource groups). The `main.bicep` root module is simply an orchestrator module that targets sub-modules for different scopes as seen in the parameter usage section. All sub-modules for this namespace have folders that represent the target scope. For example, if the orchestrator module in the [root](main.bicep) needs to target 'subscription' level scopes. It will look at the relative path ['/subscription/main.bicep'](./subscription/main.bicep) and use this sub-module for the actual deployment, while still passing the same parameters from the root module.
-
-The above method is useful when you want to use a single point to interact with the module but rely on parameter combinations to achieve the target scope. But what if you want to incorporate this module in other modules with lower scopes? This would force you to deploy the module in scope `managementGroup` regardless and further require you to provide its ID with it. If you do not set the scope to management group, this would be the error that you can expect to face:
-
-```bicep
-Error BCP134: Scope "subscription" is not valid for this module. Permitted scopes: "managementGroup"
-```
-
-The solution is to have the option of directly targeting the sub-module that achieves the required scope. For example, if you have your own Bicep file wanting to create resources at the subscription level, and also use some of the modules from the `Microsoft.PolicyInsights` namespace, then you can directly use the sub-module ['/subscription/main.bicep'](./subscription/main.bicep) as a path within your repository, or reference that same published module from the bicep registry. CARML also published the sub-modules so you would be able to reference it like the following:
-
-**Bicep Registry Reference**
-```bicep
-module remediation 'br:bicepregistry.azurecr.io/bicep/modules/policyinsights.remediations.subscription:version' = {}
-```
-**Local Path Reference**
-```bicep
-module remediation 'yourpath/module/Authorization.policyinsights/subscription/main.bicep' = {}
-
## Outputs
| Output Name | Type | Description |
@@ -562,3 +451,119 @@ module remediation './policy-insights/remediation/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `managementGroupId`
+
+To deploy resource to a Management Group, provide the `managementGroupId` as an input parameter to the module.
+
+
+
+> `managementGroupId` is an optional parameter. If not provided, the deployment will use the management group defined in the current deployment scope (i.e. `managementGroup().name`).
+
+### Parameter Usage: `subscriptionId`
+
+To deploy resource to an Azure Subscription, provide the `subscriptionId` as an input parameter to the module. **Example**:
+
+
+
+### Parameter Usage: `resourceGroupName`
+
+To deploy resource to a Resource Group, provide the `subscriptionId` and `resourceGroupName` as an input parameter to the module. **Example**:
+
+
+
+> The `subscriptionId` is used to enable deployment to a Resource Group Scope, allowing the use of the `resourceGroup()` function from a Management Group Scope. [Additional Details](https://github.com/Azure/bicep/pull/1420).
+
+
+### Module Usage Guidance
+
+In general, resources under the `Microsoft.PolicyInsights` namespace allows deploying resources at multiple scopes (management groups, subscriptions, resource groups). The `main.bicep` root module is simply an orchestrator module that targets sub-modules for different scopes as seen in the parameter usage section. All sub-modules for this namespace have folders that represent the target scope. For example, if the orchestrator module in the [root](main.bicep) needs to target 'subscription' level scopes. It will look at the relative path ['/subscription/main.bicep'](./subscription/main.bicep) and use this sub-module for the actual deployment, while still passing the same parameters from the root module.
+
+The above method is useful when you want to use a single point to interact with the module but rely on parameter combinations to achieve the target scope. But what if you want to incorporate this module in other modules with lower scopes? This would force you to deploy the module in scope `managementGroup` regardless and further require you to provide its ID with it. If you do not set the scope to management group, this would be the error that you can expect to face:
+
+```bicep
+Error BCP134: Scope "subscription" is not valid for this module. Permitted scopes: "managementGroup"
+```
+
+The solution is to have the option of directly targeting the sub-module that achieves the required scope. For example, if you have your own Bicep file wanting to create resources at the subscription level, and also use some of the modules from the `Microsoft.PolicyInsights` namespace, then you can directly use the sub-module ['/subscription/main.bicep'](./subscription/main.bicep) as a path within your repository, or reference that same published module from the bicep registry. CARML also published the sub-modules so you would be able to reference it like the following:
+
+**Bicep Registry Reference**
+```bicep
+module remediation 'br:bicepregistry.azurecr.io/bicep/modules/policyinsights.remediations.subscription:version' = {}
+```
+**Local Path Reference**
+```bicep
+module remediation 'yourpath/module/Authorization.policyinsights/subscription/main.bicep' = {}
+```
diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md
index 3bf4b14d20..fdb0a41276 100644
--- a/modules/recovery-services/vault/README.md
+++ b/modules/recovery-services/vault/README.md
@@ -9,6 +9,7 @@ This module deploys a Recovery Services Vault.
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource Types
@@ -70,847 +71,6 @@ This module deploys a Recovery Services Vault.
| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-### Parameter Usage: `backupStorageConfig`
-
-
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `backupPolicies`
-
-Array of backup policies. They need to be properly formatted and can be VM backup policies, SQL on VM backup policies or fileshare policies. The following example shows all three types of backup policies.
-
-
-
-### Parameter Usage: `replicationFabrics`
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -1810,3 +970,239 @@ module vault './recovery-services/vault/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+
diff --git a/modules/recovery-services/vault/backup-policy/README.md b/modules/recovery-services/vault/backup-policy/README.md
index 619df0c550..8490913844 100644
--- a/modules/recovery-services/vault/backup-policy/README.md
+++ b/modules/recovery-services/vault/backup-policy/README.md
@@ -37,188 +37,6 @@ This module deploys a Recovery Services Vault Backup Policy.
| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-### Parameter Usage: `backupPolicyProperties`
-
-Object continaining the configuration for backup policies. It needs to be properly formatted and can be VM backup policies, SQL on VM backup policies or fileshare policies. The following example shows a VM backup policy.
-
-
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/recovery-services/vault/replication-fabric/README.md b/modules/recovery-services/vault/replication-fabric/README.md
index 8ffb07971f..e11ecc23d5 100644
--- a/modules/recovery-services/vault/replication-fabric/README.md
+++ b/modules/recovery-services/vault/replication-fabric/README.md
@@ -42,57 +42,6 @@ This module deploys a Replication Fabric for Azure to Azure disaster recovery sc
| `replicationContainers` | array | `[]` | Replication containers to create. |
-### Parameter Usage: `replicationContainers`
-
-
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md
index 13b7cc85d3..23b6656e50 100644
--- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md
+++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md
@@ -41,53 +41,6 @@ This module deploys a Recovery Services Vault Replication Protection Container.
| `replicationContainerMappings` | array | `[]` | Replication containers mappings to create. |
-### Parameter Usage: `replicationContainerMappings`
-
-
-
## Outputs
| Output Name | Type | Description |
diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md
index 2e02259112..78a07ec984 100644
--- a/modules/resources/deployment-script/README.md
+++ b/modules/resources/deployment-script/README.md
@@ -7,9 +7,9 @@ This module deploys a Deployment Script.
- [Resource types](#Resource-types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
-- [Considerations](#Considerations)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -57,80 +57,6 @@ This module deploys a Deployment Script.
| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. |
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-
-
## Outputs
| Output Name | Type | Description |
@@ -141,10 +67,6 @@ userAssignedIdentities: {
| `resourceGroupName` | string | The resource group the deployment script was deployed into. |
| `resourceId` | string | The resource ID of the deployment script. |
-## Considerations
-
-This module requires a User Assigned Identity (MSI, managed service identity) to exist, and this MSI has to have contributor rights on the subscription - that allows the Deployment Script to create the required Storage Account and the Azure Container Instance.
-
## Cross-referenced modules
_None_
@@ -379,3 +301,80 @@ module deploymentScript './resources/deployment-script/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md
index 66370e303a..f0f88d7331 100644
--- a/modules/resources/resource-group/README.md
+++ b/modules/resources/resource-group/README.md
@@ -6,10 +6,10 @@ This module deploys a Resource Group.
- [Resource types](#Resource-types)
- [Parameters](#Parameters)
-- [Considerations](#Considerations)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
- [Deployment examples](#Deployment-examples)
+- [Notes](#Notes)
## Resource types
@@ -39,110 +39,6 @@ This module deploys a Resource Group.
| `tags` | object | `{object}` | | Tags of the storage account resource. |
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-
-
-## Considerations
-
-This module requires a User Assigned Identity (MSI, managed service identity) to exist, and this MSI has to have contributor rights on the subscription - that allows the Deployment Script to create the required Storage Account and the Azure Container Instance.
-
## Outputs
| Output Name | Type | Description |
@@ -291,3 +187,106 @@ module resourceGroup './resources/resource-group/main.bicep' = {
+
+
+## Notes
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+
Parameter JSON format
-
-```json
-"virtualNetworkPeerings": {
- "value": [
- {
- "remoteVirtualNetworkId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-[[namePrefix]]-az-vnet-x-peer01",
- "allowForwardedTraffic": true,
- "allowGatewayTransit": false,
- "allowVirtualNetworkAccess": true,
- "useRemoteGateways": false,
- "remotePeeringEnabled": true,
- "remotePeeringName": "customName",
- "remotePeeringAllowVirtualNetworkAccess": true,
- "remotePeeringAllowForwardedTraffic": true
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-virtualNetworkPeerings: [
- {
- remoteVirtualNetworkId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-[[namePrefix]]-az-vnet-x-peer01'
- allowForwardedTraffic: true
- allowGatewayTransit: false
- allowVirtualNetworkAccess: true
- useRemoteGateways: false
- remotePeeringEnabled: true
- remotePeeringName: 'customName'
- remotePeeringAllowVirtualNetworkAccess: true
- remotePeeringAllowForwardedTraffic: true
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"addressPrefixes": {
- "value": [
- "10.1.0.0/16"
- ]
-}
-```
-
-Bicep format
-
-```bicep
-addressPrefixes: [
- '10.1.0.0/16'
-]
-```
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
-
-```json
-"delegations": [
- {
- "name": "sqlMiDel",
- "properties": {
- "serviceName": "Microsoft.Sql/managedInstances"
- }
- }
-]
-```
-
-Bicep format
-
-```bicep
-delegations: [
- {
- name: 'sqlMiDel'
- properties: {
- serviceName: 'Microsoft.Sql/managedInstances'
- }
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"serviceEndpoints": [
- {
- "service": "Microsoft.EventHub"
- },
- {
- "service": "Microsoft.Sql"
- },
- {
- "service": "Microsoft.Storage"
- },
- {
- "service": "Microsoft.KeyVault"
- }
-]
-```
-
-Bicep format
+## Cross-referenced modules
-```bicep
-serviceEndpoints: [
- {
- name: 'Microsoft.EventHub'
- }
- {
- name: 'Microsoft.Sql'
- }
- {
- name: 'Microsoft.Storage'
- }
- {
- name: 'Microsoft.KeyVault'
- }
-]
-```
+_None_
-Parameter JSON format
-
-```json
-"bgpSettings": {
- "asn": 65515,
- "peerWeight": 0,
- "bgpPeeringAddresses": [
- {
- "ipconfigurationId": "Instance0",
- "defaultBgpIpAddresses": [
- "10.0.0.12"
- ],
- "customBgpIpAddresses": [],
- "tunnelIpAddresses": [
- "20.84.35.53",
- "10.0.0.4"
- ]
- },
- {
- "ipconfigurationId": "Instance1",
- "defaultBgpIpAddresses": [
- "10.0.0.13"
- ],
- "customBgpIpAddresses": [],
- "tunnelIpAddresses": [
- "20.84.34.225",
- "10.0.0.5"
- ]
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-bgpSettings: {
- asn: 65515
- peerWeight: 0
- bgpPeeringAddresses: [
- {
- ipconfigurationId: 'Instance0'
- defaultBgpIpAddresses: [
- '10.0.0.12'
- ]
- customBgpIpAddresses: []
- tunnelIpAddresses: [
- '20.84.35.53'
- '10.0.0.4'
- ]
- }
- {
- ipconfigurationId: 'Instance1'
- defaultBgpIpAddresses: [
- '10.0.0.13'
- ]
- customBgpIpAddresses: []
- tunnelIpAddresses: [
- '20.84.34.225'
- '10.0.0.5'
- ]
- }
- ]
-}
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
+
+```json
+"bgpSettings": {
+ "asn": 65515,
+ "peerWeight": 0,
+ "bgpPeeringAddresses": [
+ {
+ "ipconfigurationId": "Instance0",
+ "defaultBgpIpAddresses": [
+ "10.0.0.12"
+ ],
+ "customBgpIpAddresses": [],
+ "tunnelIpAddresses": [
+ "20.84.35.53",
+ "10.0.0.4"
+ ]
+ },
+ {
+ "ipconfigurationId": "Instance1",
+ "defaultBgpIpAddresses": [
+ "10.0.0.13"
+ ],
+ "customBgpIpAddresses": [],
+ "tunnelIpAddresses": [
+ "20.84.34.225",
+ "10.0.0.5"
+ ]
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+bgpSettings: {
+ asn: 65515
+ peerWeight: 0
+ bgpPeeringAddresses: [
+ {
+ ipconfigurationId: 'Instance0'
+ defaultBgpIpAddresses: [
+ '10.0.0.12'
+ ]
+ customBgpIpAddresses: []
+ tunnelIpAddresses: [
+ '20.84.35.53'
+ '10.0.0.4'
+ ]
+ }
+ {
+ ipconfigurationId: 'Instance1'
+ defaultBgpIpAddresses: [
+ '10.0.0.13'
+ ]
+ customBgpIpAddresses: []
+ tunnelIpAddresses: [
+ '20.84.34.225'
+ '10.0.0.5'
+ ]
+ }
+ ]
+}
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
-
-```json
-"o365Policy": {
- "value": {
- "breakOutCategories": {
- "optimize": true,
- "allow": true,
- "default": true
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-o365Policy: {
- breakOutCategories: {
- optimize: true
- allow: true
- default: true
- }
-}
-```
-
-Parameter JSON format
-
-```json
-"deviceProperties": {
- "value": {
- "deviceModel": "morty",
- "deviceVendor": "contoso",
- "linkSpeedInMbps": 0
- }
-}
-```
-
-Bicep format
-
-```bicep
-deviceProperties: {
- deviceModel: 'morty'
- deviceVendor: 'contoso'
- linkSpeedInMbps: 0
-}
-```
-
-Parameter JSON format
-
-```json
-"bgpProperties": {
- "value": {
- "asn": 65010,
- "bgpPeeringAddress": "1.1.1.1",
- "peerWeight": 0
- }
-}
-```
-
-Bicep format
-
-```bicep
-bgpProperties: {
- asn: 65010
- bgpPeeringAddress: '1.1.1.1'
- peerWeight: 0
-}
-```
-
-Parameter JSON format
-
-```json
-"vpnSiteLinks": {
- "value": [
- {
- "name": "[[namePrefix]]-az-vSite-x-001",
- "properties": {
- "bgpProperties": {
- "asn": 65010,
- "bgpPeeringAddress": "1.1.1.1"
- },
- "ipAddress": "1.2.3.4",
- "linkProperties": {
- "linkProviderName": "contoso",
- "linkSpeedInMbps": 5
- }
- }
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-vpnSiteLinks: [
- {
- name: '[[namePrefix]]-az-vSite-x-001'
- properties: {
- bgpProperties: {
- asn: 65010
- bgpPeeringAddress: '1.1.1.1'
- }
- ipAddress: '1.2.3.4'
- linkProperties: {
- linkProviderName: 'contoso'
- linkSpeedInMbps: 5
- }
- }
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
+
+```json
+"deviceProperties": {
+ "value": {
+ "deviceModel": "morty",
+ "deviceVendor": "contoso",
+ "linkSpeedInMbps": 0
+ }
+}
+```
+
+Bicep format
+
+```bicep
+deviceProperties: {
+ deviceModel: 'morty'
+ deviceVendor: 'contoso'
+ linkSpeedInMbps: 0
+}
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
-
-```json
-"gallerySolutions": {
- "value": [
- {
- "name": "AgentHealthAssessment",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AlertManagement",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AntiMalware",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AzureActivity",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AzureAutomation",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AzureCdnCoreAnalytics",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AzureDataFactoryAnalytics",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AzureNSGAnalytics",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "AzureSQLAnalytics",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "ChangeTracking",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "Containers",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "InfrastructureInsights",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "KeyVaultAnalytics",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "LogicAppsManagement",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "NetworkMonitoring",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "Security",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "SecurityCenterFree",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "ServiceFabric",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "ServiceMap",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "SQLAssessment",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "Updates",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "VMInsights",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "WireData2",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- },
- {
- "name": "WaaSUpdateInsights",
- "product": "OMSGallery",
- "publisher": "Microsoft"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-gallerySolutions: [
- {
- name: 'AgentHealthAssessment'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AlertManagement'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AntiMalware'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AzureActivity'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AzureAutomation'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AzureCdnCoreAnalytics'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AzureDataFactoryAnalytics'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AzureNSGAnalytics'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'AzureSQLAnalytics'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'ChangeTracking'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'Containers'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'InfrastructureInsights'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'KeyVaultAnalytics'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'LogicAppsManagement'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'NetworkMonitoring'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'Security'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'SecurityCenterFree'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'ServiceFabric'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'ServiceMap'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'SQLAssessment'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'Updates'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'VMInsights'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'WireData2'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
- {
- name: 'WaaSUpdateInsights'
- product: 'OMSGallery'
- publisher: 'Microsoft'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+Parameter JSON format
-
-```json
-"managementGroupId": {
- "value": "contoso-group"
-}
-```
-
-Bicep format
-
-```bicep
-managementGroupId: 'contoso-group'
-```
-
-Parameter JSON format
-
-```json
-"subscriptionId": {
- "value": "12345678-b049-471c-95af-123456789012"
-}
-```
-
-Bicep format
-
-```bicep
-subscriptionId: '12345678-b049-471c-95af-123456789012'
-```
-
-Parameter JSON format
-
-```json
-"subscriptionId": {
- "value": "12345678-b049-471c-95af-123456789012"
-},
-"resourceGroupName": {
- "value": "target-resourceGroup"
-}
-```
-
-Bicep format
-
-```bicep
-subscriptionId: '12345678-b049-471c-95af-123456789012'
-resourceGroupName: 'target-resourceGroup'
-```
-
-Parameter JSON format
+
+```json
+"managementGroupId": {
+ "value": "contoso-group"
+}
+```
+
+Bicep format
+
+```bicep
+managementGroupId: 'contoso-group'
+```
+
+Parameter JSON format
+
+```json
+"subscriptionId": {
+ "value": "12345678-b049-471c-95af-123456789012"
+}
+```
+
+Bicep format
+
+```bicep
+subscriptionId: '12345678-b049-471c-95af-123456789012'
+```
+
+Parameter JSON format
+
+```json
+"subscriptionId": {
+ "value": "12345678-b049-471c-95af-123456789012"
+},
+"resourceGroupName": {
+ "value": "target-resourceGroup"
+}
+```
+
+Bicep format
+
+```bicep
+subscriptionId: '12345678-b049-471c-95af-123456789012'
+resourceGroupName: 'target-resourceGroup'
+```
+
+Parameter JSON format
-
-```json
-"backupStorageConfig": {
- "value": {
- "storageModelType": "GeoRedundant",
- "crossRegionRestoreFlag": true
- }
-}
-```
-
-Bicep format
-
-```bicep
-backupStorageConfig: {
- value: {
- storageModelType: 'GeoRedundant'
- crossRegionRestoreFlag: true
- }
-}
-```
-
-Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"backupPolicies": {
- "value": [
- {
- "name": "VMpolicy",
- "type": "Microsoft.RecoveryServices/vaults/backupPolicies",
- "properties": {
- "backupManagementType": "AzureIaasVM",
- "instantRPDetails": {},
- "schedulePolicy": {
- "schedulePolicyType": "SimpleSchedulePolicy",
- "scheduleRunFrequency": "Daily",
- "scheduleRunTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "scheduleWeeklyFrequency": 0
- },
- "retentionPolicy": {
- "retentionPolicyType": "LongTermRetentionPolicy",
- "dailySchedule": {
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 180,
- "durationType": "Days"
- }
- },
- "weeklySchedule": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 12,
- "durationType": "Weeks"
- }
- },
- "monthlySchedule": {
- "retentionScheduleFormatType": "Weekly",
- "retentionScheduleWeekly": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "weeksOfTheMonth": [
- "First"
- ]
- },
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 60,
- "durationType": "Months"
- }
- },
- "yearlySchedule": {
- "retentionScheduleFormatType": "Weekly",
- "monthsOfYear": [
- "January"
- ],
- "retentionScheduleWeekly": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "weeksOfTheMonth": [
- "First"
- ]
- },
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 10,
- "durationType": "Years"
- }
- }
- },
- "instantRpRetentionRangeInDays": 2,
- "timeZone": "UTC",
- "protectedItemsCount": 0
- }
- },
- {
- "name": "sqlpolicy",
- "type": "Microsoft.RecoveryServices/vaults/backupPolicies",
- "properties": {
- "backupManagementType": "AzureWorkload",
- "workLoadType": "SQLDataBase",
- "settings": {
- "timeZone": "UTC",
- "issqlcompression": true,
- "isCompression": true
- },
- "subProtectionPolicy": [
- {
- "policyType": "Full",
- "schedulePolicy": {
- "schedulePolicyType": "SimpleSchedulePolicy",
- "scheduleRunFrequency": "Weekly",
- "scheduleRunDays": [
- "Sunday"
- ],
- "scheduleRunTimes": [
- "2019-11-07T22:00:00Z"
- ],
- "scheduleWeeklyFrequency": 0
- },
- "retentionPolicy": {
- "retentionPolicyType": "LongTermRetentionPolicy",
- "weeklySchedule": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "retentionTimes": [
- "2019-11-07T22:00:00Z"
- ],
- "retentionDuration": {
- "count": 104,
- "durationType": "Weeks"
- }
- },
- "monthlySchedule": {
- "retentionScheduleFormatType": "Weekly",
- "retentionScheduleWeekly": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "weeksOfTheMonth": [
- "First"
- ]
- },
- "retentionTimes": [
- "2019-11-07T22:00:00Z"
- ],
- "retentionDuration": {
- "count": 60,
- "durationType": "Months"
- }
- },
- "yearlySchedule": {
- "retentionScheduleFormatType": "Weekly",
- "monthsOfYear": [
- "January"
- ],
- "retentionScheduleWeekly": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "weeksOfTheMonth": [
- "First"
- ]
- },
- "retentionTimes": [
- "2019-11-07T22:00:00Z"
- ],
- "retentionDuration": {
- "count": 10,
- "durationType": "Years"
- }
- }
- }
- },
- {
- "policyType": "Differential",
- "schedulePolicy": {
- "schedulePolicyType": "SimpleSchedulePolicy",
- "scheduleRunFrequency": "Weekly",
- "scheduleRunDays": [
- "Monday"
- ],
- "scheduleRunTimes": [
- "2017-03-07T02:00:00Z"
- ],
- "scheduleWeeklyFrequency": 0
- },
- "retentionPolicy": {
- "retentionPolicyType": "SimpleRetentionPolicy",
- "retentionDuration": {
- "count": 30,
- "durationType": "Days"
- }
- }
- },
- {
- "policyType": "Log",
- "schedulePolicy": {
- "schedulePolicyType": "LogSchedulePolicy",
- "scheduleFrequencyInMins": 120
- },
- "retentionPolicy": {
- "retentionPolicyType": "SimpleRetentionPolicy",
- "retentionDuration": {
- "count": 15,
- "durationType": "Days"
- }
- }
- }
- ],
- "protectedItemsCount": 0
- }
- },
- {
- "name": "filesharepolicy",
- "type": "Microsoft.RecoveryServices/vaults/backupPolicies",
- "properties": {
- "backupManagementType": "AzureStorage",
- "workloadType": "AzureFileShare",
- "schedulePolicy": {
- "schedulePolicyType": "SimpleSchedulePolicy",
- "scheduleRunFrequency": "Daily",
- "scheduleRunTimes": [
- "2019-11-07T04:30:00Z"
- ],
- "scheduleWeeklyFrequency": 0
- },
- "retentionPolicy": {
- "retentionPolicyType": "LongTermRetentionPolicy",
- "dailySchedule": {
- "retentionTimes": [
- "2019-11-07T04:30:00Z"
- ],
- "retentionDuration": {
- "count": 30,
- "durationType": "Days"
- }
- }
- },
- "timeZone": "UTC",
- "protectedItemsCount": 0
- }
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-backupPolicies: [
- {
- name: 'VMpolicy'
- type: 'Microsoft.RecoveryServices/vaults/backupPolicies'
- properties: {
- backupManagementType: 'AzureIaasVM'
- instantRPDetails: {}
- schedulePolicy: {
- schedulePolicyType: 'SimpleSchedulePolicy'
- scheduleRunFrequency: 'Daily'
- scheduleRunTimes: [
- '2019-11-07T07:00:00Z'
- ]
- scheduleWeeklyFrequency: 0
- }
- retentionPolicy: {
- retentionPolicyType: 'LongTermRetentionPolicy'
- dailySchedule: {
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 180
- durationType: 'Days'
- }
- }
- weeklySchedule: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 12
- durationType: 'Weeks'
- }
- }
- monthlySchedule: {
- retentionScheduleFormatType: 'Weekly'
- retentionScheduleWeekly: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- weeksOfTheMonth: [
- 'First'
- ]
- }
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 60
- durationType: 'Months'
- }
- }
- yearlySchedule: {
- retentionScheduleFormatType: 'Weekly'
- monthsOfYear: [
- 'January'
- ]
- retentionScheduleWeekly: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- weeksOfTheMonth: [
- 'First'
- ]
- }
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 10
- durationType: 'Years'
- }
- }
- }
- instantRpRetentionRangeInDays: 2
- timeZone: 'UTC'
- protectedItemsCount: 0
- }
- }
- {
- name: 'sqlpolicy'
- type: 'Microsoft.RecoveryServices/vaults/backupPolicies'
- properties: {
- backupManagementType: 'AzureWorkload'
- workLoadType: 'SQLDataBase'
- settings: {
- timeZone: 'UTC'
- issqlcompression: true
- isCompression: true
- }
- subProtectionPolicy: [
- {
- policyType: 'Full'
- schedulePolicy: {
- schedulePolicyType: 'SimpleSchedulePolicy'
- scheduleRunFrequency: 'Weekly'
- scheduleRunDays: [
- 'Sunday'
- ]
- scheduleRunTimes: [
- '2019-11-07T22:00:00Z'
- ]
- scheduleWeeklyFrequency: 0
- }
- retentionPolicy: {
- retentionPolicyType: 'LongTermRetentionPolicy'
- weeklySchedule: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- retentionTimes: [
- '2019-11-07T22:00:00Z'
- ]
- retentionDuration: {
- count: 104
- durationType: 'Weeks'
- }
- }
- monthlySchedule: {
- retentionScheduleFormatType: 'Weekly'
- retentionScheduleWeekly: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- weeksOfTheMonth: [
- 'First'
- ]
- }
- retentionTimes: [
- '2019-11-07T22:00:00Z'
- ]
- retentionDuration: {
- count: 60
- durationType: 'Months'
- }
- }
- yearlySchedule: {
- retentionScheduleFormatType: 'Weekly'
- monthsOfYear: [
- 'January'
- ]
- retentionScheduleWeekly: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- weeksOfTheMonth: [
- 'First'
- ]
- }
- retentionTimes: [
- '2019-11-07T22:00:00Z'
- ]
- retentionDuration: {
- count: 10
- durationType: 'Years'
- }
- }
- }
- }
- {
- policyType: 'Differential'
- schedulePolicy: {
- schedulePolicyType: 'SimpleSchedulePolicy'
- scheduleRunFrequency: 'Weekly'
- scheduleRunDays: [
- 'Monday'
- ]
- scheduleRunTimes: [
- '2017-03-07T02:00:00Z'
- ]
- scheduleWeeklyFrequency: 0
- }
- retentionPolicy: {
- retentionPolicyType: 'SimpleRetentionPolicy'
- retentionDuration: {
- count: 30
- durationType: 'Days'
- }
- }
- }
- {
- policyType: 'Log'
- schedulePolicy: {
- schedulePolicyType: 'LogSchedulePolicy'
- scheduleFrequencyInMins: 120
- }
- retentionPolicy: {
- retentionPolicyType: 'SimpleRetentionPolicy'
- retentionDuration: {
- count: 15
- durationType: 'Days'
- }
- }
- }
- ]
- protectedItemsCount: 0
- }
- }
- {
- name: 'filesharepolicy'
- type: 'Microsoft.RecoveryServices/vaults/backupPolicies'
- properties: {
- backupManagementType: 'AzureStorage'
- workloadType: 'AzureFileShare'
- schedulePolicy: {
- schedulePolicyType: 'SimpleSchedulePolicy'
- scheduleRunFrequency: 'Daily'
- scheduleRunTimes: [
- '2019-11-07T04:30:00Z'
- ]
- scheduleWeeklyFrequency: 0
- }
- retentionPolicy: {
- retentionPolicyType: 'LongTermRetentionPolicy'
- dailySchedule: {
- retentionTimes: [
- '2019-11-07T04:30:00Z'
- ]
- retentionDuration: {
- count: 30
- durationType: 'Days'
- }
- }
- }
- timeZone: 'UTC'
- protectedItemsCount: 0
- }
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"replicationFabrics": {
- "value": [
- {
- "location": "NorthEurope",
- "replicationContainers": [
- {
- "name": "ne-container1",
- "replicationContainerMappings": [
- {
- "policyName": "Default_values",
- "targetContainerFabricName": "WestEurope-Fabric",
- "targetContainerName": "we-conainer2"
- }
- ]
- }
- ]
- },
- {
- "name": "WestEurope-Fabric", //Optional
- "location": "WestEurope",
- "replicationContainers": [
- {
- "name": "we-conainer2"
- }
- ]
- }
- ]
-},
-```
-
-### Parameter Usage: `replicationPolicies`
-
-Parameter JSON format
-
-```json
-"replicationPolicies": {
- "value": [
- {
- "name": "Default_values"
- },
- {
- "name": "Custom_values",
- "appConsistentFrequencyInMinutes": 240,
- "crashConsistentFrequencyInMinutes": 7,
- "multiVmSyncStatus": "Disable",
- "recoveryPointHistory": 2880
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-replicationPolicies: [
- {
- name: 'Default_values'
- }
- {
- name: 'Custom_values'
- appConsistentFrequencyInMinutes: 240
- crashConsistentFrequencyInMinutes: 7
- multiVmSyncStatus: 'Disable'
- recoveryPointHistory: 2880
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Parameter JSON format
-
-```json
-"privateEndpoints": {
- "value": [
- // Example showing all available fields
- {
- "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
- "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
- "service": "Bicep format
-
-```bicep
-privateEndpoints: [
- // Example showing all available fields
- {
- name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
- subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
- service: 'Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+Parameter JSON format
+
+```json
+"privateEndpoints": {
+ "value": [
+ // Example showing all available fields
+ {
+ "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+ "subnetResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+ "service": "Bicep format
+
+```bicep
+privateEndpoints: [
+ // Example showing all available fields
+ {
+ name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+ subnetResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+ service: 'Parameter JSON format
-
-```json
-"backupPolicyProperties": {
- "value": {
- "backupManagementType": "AzureIaasVM",
- "instantRPDetails": {},
- "schedulePolicy": {
- "schedulePolicyType": "SimpleSchedulePolicy",
- "scheduleRunFrequency": "Daily",
- "scheduleRunTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "scheduleWeeklyFrequency": 0
- },
- "retentionPolicy": {
- "retentionPolicyType": "LongTermRetentionPolicy",
- "dailySchedule": {
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 180,
- "durationType": "Days"
- }
- },
- "weeklySchedule": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 12,
- "durationType": "Weeks"
- }
- },
- "monthlySchedule": {
- "retentionScheduleFormatType": "Weekly",
- "retentionScheduleWeekly": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "weeksOfTheMonth": [
- "First"
- ]
- },
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 60,
- "durationType": "Months"
- }
- },
- "yearlySchedule": {
- "retentionScheduleFormatType": "Weekly",
- "monthsOfYear": [
- "January"
- ],
- "retentionScheduleWeekly": {
- "daysOfTheWeek": [
- "Sunday"
- ],
- "weeksOfTheMonth": [
- "First"
- ]
- },
- "retentionTimes": [
- "2019-11-07T07:00:00Z"
- ],
- "retentionDuration": {
- "count": 10,
- "durationType": "Years"
- }
- }
- },
- "instantRpRetentionRangeInDays": 2,
- "timeZone": "UTC",
- "protectedItemsCount": 0
- }
-}
-```
-
-Bicep format
-
-```bicep
-backupPolicyProperties: {
- backupManagementType: 'AzureIaasVM'
- instantRPDetails: {}
- schedulePolicy: {
- schedulePolicyType: 'SimpleSchedulePolicy'
- scheduleRunFrequency: 'Daily'
- scheduleRunTimes: [
- '2019-11-07T07:00:00Z'
- ]
- scheduleWeeklyFrequency: 0
- }
- retentionPolicy: {
- retentionPolicyType: 'LongTermRetentionPolicy'
- dailySchedule: {
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 180
- durationType: 'Days'
- }
- }
- weeklySchedule: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 12
- durationType: 'Weeks'
- }
- }
- monthlySchedule: {
- retentionScheduleFormatType: 'Weekly'
- retentionScheduleWeekly: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- weeksOfTheMonth: [
- 'First'
- ]
- }
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 60
- durationType: 'Months'
- }
- }
- yearlySchedule: {
- retentionScheduleFormatType: 'Weekly'
- monthsOfYear: [
- 'January'
- ]
- retentionScheduleWeekly: {
- daysOfTheWeek: [
- 'Sunday'
- ]
- weeksOfTheMonth: [
- 'First'
- ]
- }
- retentionTimes: [
- '2019-11-07T07:00:00Z'
- ]
- retentionDuration: {
- count: 10
- durationType: 'Years'
- }
- }
- }
- instantRpRetentionRangeInDays: 2
- timeZone: 'UTC'
- protectedItemsCount: 0
-}
-```
-
-Parameter JSON format
-
-```json
-"replicationContainers": {
- "value": [
- {
- "name": "we-container1",
- "replicationContainerMappings": [ //optional
- {
- "policyName": "Default_values",
- "targetContainerName": "we-container2"
- }
- ]
- },
- {
- "name": "we-container2"
- },
- ]
-}
-```
-
-Bicep format
-
-```bicep
-replicationContainers: [
- {
- name: 'we-container1'
- replicationContainerMappings: [ //optional
- {
- policyName: 'Default_values'
- targetContainerName: 'we-container2'
- }
- ]
- }
- {
- name: 'we-container2'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"replicationContainerMappings": {
- "value": [
- {
- "targetProtectionContainerId": "/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container1",
- "policyId": "/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationPolicies/Default_values"
- },
- {
- "name": null, //Optional
- "policyName": "Default_values",
- "targetContainerFabricName": "WestEurope",
- "targetContainerName": "we-container"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-replicationContainerMappings: [
- {
- targetProtectionContainerId: '/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container1'
- policyId: '/Subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/[[namePrefix]]-az-rsv-dr-001/replicationPolicies/Default_values'
- }
- {
- name: null //Optional
- policyName: 'Default_values'
- targetContainerFabricName: 'WestEurope'
- targetContainerName: 'we-container'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
-
-```json
-"userAssignedIdentities": {
- "value": {
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
- "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
- }
-}
-```
-
-Bicep format
-
-```bicep
-userAssignedIdentities: {
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
- '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/[[subscriptionId]]/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+Parameter JSON format
-
-```json
-"roleAssignments": {
- "value": [
- {
- "roleDefinitionIdOrName": "Reader",
- "description": "Reader Role Assignment",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012", // object 1
- "78945612-1234-1234-1234-123456789012" // object 2
- ]
- },
- {
- "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
- "principalIds": [
- "12345678-1234-1234-1234-123456789012" // object 1
- ],
- "principalType": "ServicePrincipal"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- description: 'Reader Role Assignment'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- '78945612-1234-1234-1234-123456789012' // object 2
- ]
- }
- {
- roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
- principalIds: [
- '12345678-1234-1234-1234-123456789012' // object 1
- ]
- principalType: 'ServicePrincipal'
- }
-]
-```
-
-Parameter JSON format
-
-```json
-"tags": {
- "value": {
- "Environment": "Non-Prod",
- "Contact": "test.user@testcompany.com",
- "PurchaseOrder": "1234",
- "CostCenter": "7890",
- "ServiceName": "DeploymentValidation",
- "Role": "DeploymentValidation"
- }
-}
-```
-
-Bicep format
-
-```bicep
-tags: {
- Environment: 'Non-Prod'
- Contact: 'test.user@testcompany.com'
- PurchaseOrder: '1234'
- CostCenter: '7890'
- ServiceName: 'DeploymentValidation'
- Role: 'DeploymentValidation'
-}
-```
-
-Parameter JSON format
+
+```json
+"roleAssignments": {
+ "value": [
+ {
+ "roleDefinitionIdOrName": "Reader",
+ "description": "Reader Role Assignment",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012", // object 1
+ "78945612-1234-1234-1234-123456789012" // object 2
+ ]
+ },
+ {
+ "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+ "principalIds": [
+ "12345678-1234-1234-1234-123456789012" // object 1
+ ],
+ "principalType": "ServicePrincipal"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ description: 'Reader Role Assignment'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ '78945612-1234-1234-1234-123456789012' // object 2
+ ]
+ }
+ {
+ roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+ principalIds: [
+ '12345678-1234-1234-1234-123456789012' // object 1
+ ]
+ principalType: 'ServicePrincipal'
+ }
+]
+```
+
+Parameter JSON format
+
+```json
+"tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "Contact": "test.user@testcompany.com",
+ "PurchaseOrder": "1234",
+ "CostCenter": "7890",
+ "ServiceName": "DeploymentValidation",
+ "Role": "DeploymentValidation"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+tags: {
+ Environment: 'Non-Prod'
+ Contact: 'test.user@testcompany.com'
+ PurchaseOrder: '1234'
+ CostCenter: '7890'
+ ServiceName: 'DeploymentValidation'
+ Role: 'DeploymentValidation'
+}
+```
+
+