Bicep Module Documentation
← Back to Overview
Module app-service-plan
appServicePlan
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| skuName | 'B1' 'B2' 'B3' 'D1' 'F1' 'FREE' 'I1' 'I1v2' 'I2' 'I2v2' 'I3' 'I3v2' 'I4v2' 'I5v2' 'I6v2' 'P0V3' 'P1MV3' 'P1V2' 'P1V3' 'P2MV3' 'P2V2' 'P2V3' 'P3MV3' 'P3V2' 'P3V3' 'P4MV3' 'P5MV3' 'S1' 'S2' 'S3' 'SHARED' 'WS1' 'WS2' 'WS3' 'Y1' |
Name of the resource SKU (default: B1) |
| skuCapacity | int | Current number of instances assigned to the resource (default: 1) |
| kind (required) | 'FunctionApp' 'Windows' 'elastic' 'linux' 'xenon' |
Kind of the App Service plan |
| elasticScaleEnabled | bool | ServerFarm supports ElasticScale. Apps in this plan will scale as if the ServerFarm was ElasticPremium sku. |
| hostingEnvironmentProfileId | string | Resource ID of the App Service Environment to use for the App Service plan. |
| hyperV | bool | If Hyper-V container app service plan true, false otherwise. |
| isSpot | bool | If true, this App Service Plan owns spot instances. |
| kubeEnvironmentProfileId | string | Resource ID of the Kubernetes Environment to use for the App Service plan. |
| maximumElasticWorkerCount | int | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. |
| perSiteScaling | bool | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. |
| spotExpirationTime | string | The time when the server farm expires. Valid only if it is a spot server farm. |
| targetWorkerCount | int | Scaling worker size ID. |
| targetWorkerSizeId | int | Scaling worker count. |
| workerTierName | string | Target worker tier assigned to the App Service plan. |
| zoneRedundant | bool | If true, this App Service Plan will perform availability zone balancing. If false, this App Service Plan will not perform availability zone balancing. |
| webCertificates | webCertificate[] | Add certificates to app service plan. |
| diagnosticSettings | diagnosticSetting[] | Diagnostic Settings for the resource. |
webCertificate
| Property | Value | Description |
|---|---|---|
| naming (required) | naming | |
| canonicalName | string | CNAME of the certificate to be issued via free certificate. |
| domainValidationMethod | string | Method of domain validation for free cert. |
| hostNames | string[] | Host names the certificate applies to. |
| keyVaultId | string | Key Vault Csm resource Id. |
| keyVaultSecretName | string | Key Vault secret name. |
| password | securestring | Certificate password. |
| pfxBlob | string | Pfx blob. |
diagnosticLogSettings
Set the resourceType property to specify the type of object.
For Custom, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'Custom' | |
| category | string | Name of a Diagnostic Log category for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. |
| categoryGroup | string | Name of a Diagnostic Log category group for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. |
| enabled | bool | a value indicating whether this log is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this log. |
Set the resourceType property to specify the type of object.
For App Service Plan, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'App Service Plan' |
Set the resourceType property to specify the type of object.
For Azure Firewall, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'Azure Firewall' | |
| category | 'AZFWApplicationRule' 'AZFWApplicationRuleAggregation' 'AZFWDnsQuery' 'AZFWFatFlow' 'AZFWFlowTrace' 'AZFWFqdnResolveFailure' 'AZFWIdpsSignature' 'AZFWNatRule' 'AZFWNatRuleAggregation' 'AZFWNetworkRule' 'AZFWNetworkRuleAggregation' 'AZFWThreatIntel' 'AzureFirewallApplicationRule' 'AzureFirewallDnsProxy' 'AzureFirewallNetworkRule' |
Name of a Diagnostic Log category for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. |
| categoryGroup | string | Name of a Diagnostic Log category group for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. |
| enabled | bool | a value indicating whether this log is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this log. |
Set the resourceType property to specify the type of object.
For Application Gateway, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'Application Gateway' | |
| category | 'ApplicationGatewayAccessLog' 'ApplicationGatewayFirewallLog' 'ApplicationGatewayPerformanceLog' |
Name of a Diagnostic Log category for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. |
| categoryGroup | string | Name of a Diagnostic Log category group for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. |
| enabled | bool | a value indicating whether this log is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this log. |
retentionPolicy
| Property | Value | Description |
|---|---|---|
| days (required) | int | the number of days for the retention in days. A value of 0 will retain the events indefinitely. |
| enabled (required) | bool | a value indicating whether the retention policy is enabled. |
diagnosticMetricSettings
Set the resourceType property to specify the type of object.
For Custom, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'Custom' | |
| category | string | Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. |
| enabled (required) | bool | a value indicating whether this category is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this category. |
| timeGrain | string | the timegrain of the metric in ISO8601 format. |
Set the resourceType property to specify the type of object.
For App Service Plan, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'App Service Plan' | |
| category (required) | 'AllMetrics' | Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. |
| enabled | bool | a value indicating whether this category is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this category. |
| timeGrain | string | the timegrain of the metric in ISO8601 format. |
Set the resourceType property to specify the type of object.
For Azure Firewall, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'Azure Firewall' | |
| category (required) | 'AllMetrics' | Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. |
| enabled | bool | a value indicating whether this category is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this category. |
| timeGrain | string | the timegrain of the metric in ISO8601 format. |
Set the resourceType property to specify the type of object.
For Application Gateway, use:
| Property | Value | Description |
|---|---|---|
| resourceType (required) | 'Application Gateway' | |
| category (required) | 'AllMetrics' | Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. |
| enabled | bool | a value indicating whether this category is enabled. (default: Enabled) |
| retentionPolicy | retentionPolicy | the retention policy for this category. |
| timeGrain | string | the timegrain of the metric in ISO8601 format. |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
diagnosticSetting
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| eventHubAuthorizationRuleId | string | The resource Id for the event hub authorization rule. |
| eventHubName | string | The name of the event hub. If none is specified, the default event hub will be selected. |
| logAnalyticsDestinationType | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type constructed as follows: {normalized service identity}_{normalized category name}. Possible values are: Dedicated and null (null is default.) |
| logs | diagnosticLogSettings[] | The list of logs settings. |
| marketplacePartnerId | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
| metrics | diagnosticMetricSettings[] | The list of metric settings. |
| serviceBusRuleId | string | The service bus rule Id of the diagnostic setting. This is here to maintain backwards compatibility. |
| storageAccountId | string | The resource ID of the storage account to which you would like to send Diagnostic Logs. |
| workspaceId | string | The full ARM resource ID of the Log Analytics workspace to which you would like to send Diagnostic Logs. Example: /subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2 |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
Changelog
4.0.2 (2025-10-06)
Bug Fixes
- update api version and secure input for certificate password
4.0.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
4.0.0 (2025-09-24)
⚠ BREAKING CHANGES
- remove deprecated outputs
Bug Fixes
- remove deprecated outputs
3.4.2 (2025-06-26)
Bug Fixes
- make certificate settings optional
3.4.2 (2025-06-20)
Bug Fixes
- make certificate settings optional
3.4.1 (2025-06-16)
Bug Fixes
- add Consumption plan
3.4.0 (2025-05-26)
Features
- add sourcecontrols
3.3.0 (2025-05-14)
Features
- add certificate outputs
3.2.1 (2025-05-14)
Bug Fixes
- make webCertificate canonicalName optional to allow PFX/KV certificates
3.2.0 (2025-03-26)
Features
- add resourceName output
3.1.0 (2025-03-24)
Features
- revise descriptions
3.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter