Bicep Module Documentation
← Back to Overview
Module front-door
cdnProfile
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| skuName | 'Premium_AzureFrontDoor' 'Standard_AzureFrontDoor' |
The pricing tier (defines Azure Front Door Standard or Premium or a CDN provider, feature list and rate) of the profile. |
| identity | identity | |
| originResponseTimeoutSeconds | int | Send and receive timeout on forwarding request to the origin. When timeout is reached, the request fails and returns. |
| afdEndpoints | afdEndpoint[] | |
| customDomains | cdnProfileCustomDomain[] | |
| originGroups | cdnOriginGroup[] | |
| ruleSets | cdnRuleSet[] | |
| secrets | cdnSecret[] | |
| securityPolicies | cdnSecurityPolicy[] | |
| wafPolicies | frontDoorWafPolicy[] |
identity
| Property | Value | Description |
|---|---|---|
| type | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
The types of identities associated with this resource. (default: none) |
| userAssignedIdentities | string[] | Resource IDs of User Assigned Identities to associate with this resource |
afdEndpoint
| Property | Value | Description |
|---|---|---|
| naming (required) | naming | |
| autoGeneratedDomainNameLabelScope | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
Indicates the endpoint name reuse scope. The default value is TenantReuse. |
| enabledState | 'Disabled' 'Enabled' |
Whether to enable use of this rule. Permitted values are Enabled or Disabled (default:enabled) |
| routes | afdEndpointRoute[] | AFD Endpoint routes |
afdEndpointRoute
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| cacheConfiguration | cacheConfiguration | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. |
| customDomainNames (required) | string[] | Domains referenced by this endpoint. |
| enabledState | 'Disabled' 'Enabled' |
Whether to enable use of this rule. Permitted values are Enabled or Disabled (default: enabled) |
| forwardingProtocol (required) | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
Protocol this rule will use when forwarding traffic to backends. |
| httpsRedirect | 'Disabled' 'Enabled' |
Whether to automatically redirect HTTP traffic to HTTPS traffic. Note that this is a easy way to set up this rule and it will be the first rule that gets executed. |
| linkToDefaultDomain | 'Disabled' 'Enabled' |
whether this route will be linked to the default endpoint domain. |
| originGroupName (required) | string | A reference to the origin group. |
| originPath | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. |
| patternsToMatch | string[] | The route patterns of the rule. (default: /*) |
| ruleSetNames | string[] | rule sets referenced by this endpoint. |
| supportedProtocols (required) | Array containing any of: 'Http' 'Https' |
List of supported protocols for this route. |
compressionSettings
| Property | Value | Description |
|---|---|---|
| contentTypesToCompress (required) | string[] | List of content types on which compression applies. The value should be a valid MIME type. |
| isCompressionEnabled (required) | bool | Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content wont be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB. |
cacheConfiguration
| Property | Value | Description |
|---|---|---|
| cacheBehaviour (required) | 'HonorOrigin' 'OverrideAlways' 'OverrideIfOriginMissing' |
Caching behavior for the requests |
| cacheDuration (required) | string | The duration for which the content needs to be cached. Allowed format is [d.]hh:mm:ss |
| isCompressionEnabled (required) | 'Disabled' 'Enabled' |
Indicates whether content compression is enabled. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content wont be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB. |
| queryParameters (required) | string | query parameters to include or exclude (comma separated). |
| queryStringCachingBehavior (required) | 'IgnoreQueryString' 'IgnoreSpecifiedQueryStrings' 'IncludeSpecifiedQueryStrings' 'UseQueryString' |
Defines how Frontdoor caches requests that include query strings. You can ignore any query strings when caching, ignore specific query strings, cache every request with a unique URL, or cache specific query strings. |
cdnProfileCustomDomain
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| azureDnsZoneId | string | Resource reference to the Azure DNS zone |
| hostName (required) | string | The host name of the domain. Must be a domain name. |
| preValidatedCustomDomainResourceId | string | Resource reference to the Azure resource where custom domain ownership was prevalidated |
| certificateType | 'AzureFirstPartyManagedCertificate' 'CustomerCertificate' 'ManagedCertificate' |
Defines the source of the SSL certificate. |
| minimumTlsVersion | 'TLS10' 'TLS12' |
TLS protocol version that will be used for Https |
| secretId | string | Resource reference to the secret. ie. subs/rg/profile/secret |
cdnOriginGroup
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| probeIntervalInSeconds | int | The number of seconds between health probes.Default is 240sec. |
| probePath | string | The path relative to the origin that is used to determine the health of the origin. |
| probeProtocol (required) | 'Http' 'Https' |
Protocol to use for health probe. |
| probeRequestType (required) | 'GET' 'HEAD' |
The type of health probe request that is made. |
| additionalLatencyInMilliseconds | int | The additional latency in milliseconds for probes to fall into the lowest latency bucket |
| sampleSize | int | The number of samples to consider for load balancing decisions |
| successfulSamplesRequired | int | The number of samples within the sample period that must succeed |
| sessionAffinityState | 'Disabled' 'Enabled' |
Whether to allow session affinity on this host. Valid options are Enabled or Disabled |
| origins (required) | cdnOriginGroupOrigin[] |
cdnOriginGroupOrigin
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| enabledState | 'Disabled' 'Enabled' |
Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. (default: Enabled) |
| enforceCertificateNameCheck | bool | Whether to enable certificate name check at origin level (default:true) |
| hostName (required) | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. |
| httpPort | int | The value of the HTTP port. Must be between 1 and 65535. (default: 80) |
| httpsPort | int | The value of the HTTPS port. Must be between 1 and 65535. (default: 443) |
| originHostHeader | string | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint |
| priority | int | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5 |
| sharedPrivateLinkResource | sharedPrivateLinkResource | The properties of the private link resource for private origin. |
| weight | int | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000 |
privateLink
| Property | Value | Description |
|---|---|---|
| id (required) | string |
sharedPrivateLinkResource
| Property | Value | Description |
|---|---|---|
| groupId | string | The group id from the provider of resource the shared private link resource is for. |
| privateLink (required) | privateLink | The resource id of the resource the shared private link resource is for. |
| privateLinkLocation | string | The location of the shared private link resource |
| requestMessage | string | The request message for requesting approval of the shared private link resource. |
cdnRuleSet
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| rules | cdnRulesetRule[] |
cdnRulesetRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| actions (required) | cdnRulesetRuleAction[] | A list of actions that are executed when all the conditions of a rule are satisfied. |
| conditions (required) | cdnRulesetRuleCondition[] | A list of conditions that must be matched for the actions to be executed |
| matchProcessingBehavior (required) | 'Continue' 'Stop' |
If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. |
| order (required) | int | The order in which the rules are applied for the endpoint. Possible values {0,1,2,3,………}. A rule with a lesser order will be applied before a rule with a greater order. Rule with order 0 is a special rule. It does not require any condition and actions listed in it will always be applied. |
cdnRulesetRuleAction
Set the name property to specify the type of object.
For CacheExpiration, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'CacheExpiration' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For CacheKeyQueryString, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'CacheKeyQueryString' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For ModifyRequestHeader, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'ModifyRequestHeader' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For ModifyResponseHeader, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'ModifyResponseHeader' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For OriginGroupOverride, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'OriginGroupOverride' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For RouteConfigurationOverride, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RouteConfigurationOverride' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For UrlRedirect, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'UrlRedirect' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For UrlRewrite, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'UrlRewrite' | |
| parameters (required) | parameters | Defines the parameters for the action. |
Set the name property to specify the type of object.
For UrlSigning, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'UrlSigning' | |
| parameters (required) | parameters | Defines the parameters for the action. |
parameters
| Property | Value | Description |
|---|---|---|
| matchValues (required) | string[] | The match value for the condition of the delivery rule |
| negateCondition | bool | Describes if this is negate condition or not |
| operator (required) | 'Any' 'BeginsWith' 'Contains' 'EndsWith' 'Equal' 'GreaterThan' 'GreaterThanOrEqual' 'LessThan' 'LessThanOrEqual' 'RegEx' 'Wildcard' |
Describes operator to be matched |
| transforms (required) | Array containing any of: 'Lowercase' 'RemoveNulls' 'Trim' 'Uppercase' 'UrlDecode' 'UrlEncode' |
List of transforms |
| typeName (required) | 'DeliveryRuleUrlPathMatchConditionParameters' |
originGroup
| Property | Value | Description |
|---|---|---|
| id (required) | string |
originGroupOverride
| Property | Value | Description |
|---|---|---|
| forwardingProtocol (required) | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
Protocol this rule will use when forwarding traffic to backends. |
| originGroup (required) | originGroup | defines the OriginGroup that would override the DefaultOriginGroup on route. |
cdnUrlSigningParamIdentifier
| Property | Value | Description |
|---|---|---|
| paramIndicator (required) | 'Expires' 'KeyId' 'Signature' |
Indicates the purpose of the parameter |
| paramName (required) | string | Parameter name |
cdnRulesetRuleCondition
Set the name property to specify the type of object.
For ClientPort, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'ClientPort' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For Cookies, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'Cookies' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For HostName, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'HostName' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For HttpVersion, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'HttpVersion' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For IsDevice, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'IsDevice' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For PostArgs, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'PostArgs' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For QueryString, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'QueryString' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For RemoteAddress, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RemoteAddress' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For RequestBody, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RequestBody' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For RequestHeader, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RequestHeader' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For RequestMethod, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RequestMethod' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For RequestScheme, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RequestScheme' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For RequestUri, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'RequestUri' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For ServerPort, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'ServerPort' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For SocketAddr, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'SocketAddr' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For SslProtocol, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'SslProtocol' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For UrlFileExtension, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'UrlFileExtension' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For UrlFileName, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'UrlFileName' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
Set the name property to specify the type of object.
For UrlPath, use:
| Property | Value | Description |
|---|---|---|
| name (required) | 'UrlPath' | |
| parameters (required) | parameters | Defines the parameters for the condition. |
cdnSecret
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| parameters (required) | cdnSecretParameters | object which contains secret parameters |
cdnSecretParameters
Set the type property to specify the type of object.
For AzureFirstPartyManagedCertificate, use:
| Property | Value | Description |
|---|---|---|
| type (required) | 'AzureFirstPartyManagedCertificate' |
Set the type property to specify the type of object.
For CustomerCertificate, use:
| Property | Value | Description |
|---|---|---|
| type (required) | 'CustomerCertificate' | |
| secretSource (required) | secretSource | Resource reference to the Azure Key Vault certificate. Expected to be in format of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{certificateName} |
| secretVersion | string | Version of the secret to be used |
| subjectAlternativeNames | string[] | The list of SANs. |
| useLatestVersion | bool | Whether to use the latest version for the certificate |
Set the type property to specify the type of object.
For ManagedCertificate, use:
| Property | Value | Description |
|---|---|---|
| type (required) | 'ManagedCertificate' |
Set the type property to specify the type of object.
For UrlSigningKey, use:
| Property | Value | Description |
|---|---|---|
| type (required) | 'UrlSigningKey' | |
| keyId | string | Defines the customer defined key Id. This id will exist in the incoming request to indicate the key used to form the hash. |
| secretSource (required) | secretSource | Resource reference to the Azure Key Vault certificate. Expected to be in format of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}/secrets/{certificateName} |
| secretVersion | string | Version of the secret to be used |
secretSource
| Property | Value | Description |
|---|---|---|
| id (required) | string |
cdnSecurityPolicy
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| associations (required) | cdnSecurityPolicyWAFAssociation[] | Waf associations |
| wafPolicyName (required) | string | WAF Policy ID |
cdnSecurityPolicyWAFAssociation
| Property | Value | Description |
|---|---|---|
| domainNames (required) | string[] | List of domains. |
frontDoorWafPolicy
| Property | Value | Description |
|---|---|---|
| wafPolicyName (required) | string | Name of th WAF policy, name must begin with a letter and contain only letters and numbers |
| skuName | 'Premium_AzureFrontDoor' 'Standard_AzureFrontDoor' |
The pricing tier of web application firewall policy (default: Standard_AzureFrontDoor) |
| customRules | frontDoorWafCustomRule[] | Describes custom rules inside the policy. |
| managedRules | frontDoorWafManagedRule[] | Describes managed rules inside the policy. Only available if sku is Premium |
| policySettings | policySettings | Describes settings for the policy |
policySettings
| Property | Value | Description |
|---|---|---|
| customBlockResponseBody | string | If the action type is block, customer can override the response body. The body must be specified in base64 encoding. |
| customBlockResponseStatusCode | int | If the action type is block, customer can override the response status code. |
| enabledState | 'Disabled' 'Enabled' |
Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified. (default: Enabled) |
| mode | 'Detection' 'Prevention' |
Describes if it is in detection mode or prevention mode at policy level. (default: Prevention) |
| redirectUri | string | If action type is redirect, this field represents redirect URL for the client. |
| requestBodyCheck | 'Disabled' 'Enabled' |
Describes if policy managed rules will inspect the request body content. (default: Enabled) |
frontDoorWafCustomRule
| Property | Value | Description |
|---|---|---|
| action (required) | 'Allow' 'Block' 'Log' 'Redirect' |
Describes what action to be applied when rule matches. |
| enabledState | 'Disabled' 'Enabled' |
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified. |
| matchConditions (required) | frontDoorWafCustomRuleMatchCondition[] | List of match conditions. |
| name (required) | string | Describes the name of the rule. |
| priority (required) | int | Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. |
| rateLimitDurationInMinutes | int | Time window for resetting the rate limit count. Default is 1 minute. |
| rateLimitThreshold | int | Number of allowed requests per client within the time window. |
| ruleType (required) | 'MatchRule' 'RateLimitRule' |
Describes type of rule. |
frontDoorWafCustomRuleMatchCondition
| Property | Value | Description |
|---|---|---|
| matchValue (required) | string[] | List of possible match values. |
| matchVariable (required) | 'Cookies' 'PostArgs' 'QueryString' 'RemoteAddr' 'RequestBody' 'RequestHeader' 'RequestMethod' 'RequestUri' 'SocketAddr' |
Request variable to compare with. |
| negateCondition | bool | Describes if the result of this condition should be negated. |
| operator (required) | 'Any' 'BeginsWith' 'Contains' 'EndsWith' 'Equal' 'GeoMatch' 'GreaterThan' 'GreaterThanOrEqual' 'IPMatch' 'LessThan' 'LessThanOrEqual' 'RegEx' |
Comparison type to use for matching with the variable value. |
| selector | string | Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null. |
| transforms | Array containing any of: 'Lowercase' 'RemoveNulls' 'Trim' 'Uppercase' 'UrlDecode' 'UrlEncode' |
List of transforms. |
frontDoorWafManagedRule
| Property | Value | Description |
|---|---|---|
| exclusions | frontDoorWafManagedRuleExclusion[] | Describes the exclusions that are applied to all rules in the set. |
| ruleGroupOverrides | frontDoorWafManagedRuleGroupOverride[] | Defines the rule group overrides to apply to the rule set. |
| ruleSetAction (required) | 'Block' 'Log' 'Redirect' |
Defines the rule set action. |
| ruleSetType (required) | 'DefaultRuleSet' 'DefaultRuleSet_preview' 'Microsoft_DefaultRuleSet' |
Defines the rule set type to use. |
| ruleSetVersion (required) | '0.1' '1.0' '1.1' '2.0' '2.1' |
Defines the version of the rule set to use. |
frontDoorWafManagedRuleExclusion
| Property | Value | Description |
|---|---|---|
| matchVariable (required) | 'QueryStringArgNames' 'RequestBodyJsonArgNames' 'RequestBodyPostArgNames' 'RequestCookieNames' 'RequestHeaderNames' |
The variable type to be excluded. |
| selector (required) | string | Selector value for which elements in the collection this exclusion applies to. |
| selectorMatchOperator (required) | 'Contains' 'EndsWith' 'Equals' 'EqualsAny' 'StartsWith' |
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. |
frontDoorWafManagedRuleGroupOverride
| Property | Value | Description |
|---|---|---|
| exclusions | frontDoorWafManagedRuleExclusion[] | Describes the exclusions that are applied to all rules in the group. |
| ruleGroupName (required) | string | Describes the managed rule group to override. |
| rules | frontDoorWafManagedRuleGroupOverrideRule[] | List of rules that will be disabled. If none specified, all rules in the group will be disabled. |
frontDoorWafManagedRuleGroupOverrideRule
| Property | Value | Description |
|---|---|---|
| action (required) | 'Allow' 'Block' 'Log' 'Redirect' |
Describes the override action to be applied when rule matches. |
| enabledState | 'Disabled' 'Enabled' |
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified. |
| exclusions (required) | frontDoorWafManagedRuleExclusion[] | Describes the exclusions that are applied to this specific rule. |
| ruleId (required) | string | Identifier for the managed rule. |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
Changelog
6.2.0 (2025-10-06)
Features
- update resource api versions
6.1.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
6.1.0 (2025-03-26)
Features
- add resourceName output
6.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter
5.0.0 (2025-01-03)
⚠ BREAKING CHANGES
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.
Features
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.