Bicep Module Documentation
← Back to Overview
Module gallery
gallery
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| isSoftDeleteEnabled | bool | Contains information about the soft deletion policy of the gallery. |
| images | galleryImage[] | Images in the gallery |
| applications | galleryApplication[] | Applications in the gallery |
galleryImage
| Property | Value | Description |
|---|---|---|
| function (required) | string | Function of the resource [can be app, db, security,...] |
| architecture | 'Arm64' 'x64' |
The architecture of the image. Applicable to OS disks only. (default: x64) |
| description (required) | string | The description of this gallery image definition resource. This property is updatable. |
| disallowed | disallowed | Describes the disallowed disk types. |
| eula | string | The Eula agreement for the gallery image definition. |
| features | galleryImageFeature[] | A list of gallery image features. |
| hyperVGeneration (required) | 'V1' 'V2' |
The hypervisor generation of the Virtual Machine. Applicable to OS disks only. |
| identifier (required) | identifier | This is the gallery image definition identifier. |
| osState | 'Generalized' 'Specialized' |
This property allows the user to specify whether the virtual machines created under this image are Generalized or Specialized. (default: generalized) |
| osType | 'Linux' 'Windows' |
This property allows you to specify the type of the OS that is included in the disk when creating a VM from a managed image. (default: windows) |
| privacyStatementUri | string | The privacy statement uri. |
| purchasePlan | purchasePlan | Describes the gallery image definition purchase plan. This is used by marketplace images. |
| recommended | recommended | The properties describe the recommended machine configuration for this Image Definition. These properties are updatable. |
| releaseNoteUri | string | The release note uri. |
| versions | galleryImageVersion[] | Image versions |
disallowed
| Property | Value | Description |
|---|---|---|
| diskTypes (required) | string[] | A list of disk types. |
identifier
| Property | Value | Description |
|---|---|---|
| offer (required) | string | The name of the gallery image definition offer. |
| publisher (required) | string | The name of the gallery image definition publisher. |
| sku (required) | string | The name of the gallery image definition SKU. |
purchasePlan
| Property | Value | Description |
|---|---|---|
| name (required) | string | The plan ID. |
| product (required) | string | The product ID. |
| publisher (required) | string | The publisher ID. |
memory
| Property | Value | Description |
|---|---|---|
| min (required) | int | |
| max (required) | int |
vCPUs
| Property | Value | Description |
|---|---|---|
| min (required) | int | |
| max (required) | int |
recommended
| Property | Value | Description |
|---|---|---|
| memory (required) | memory | |
| vCPUs (required) | vCPUs |
galleryImageFeature
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the gallery image feature. |
| value (required) | string | The value of the gallery image feature. |
galleryImageVersion
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name. Valid characters: Numbers and periods. (Each segment is converted to an int32. So each segment has a max value of 2,147,483,647.) |
| publishingProfile | publishingProfile | The publishing profile of a gallery image Version. |
| safetyProfile | safetyProfile | This is the safety profile of the Gallery Image Version. |
| storageProfile (required) | storageProfile | This is the storage profile of a Gallery Image Version. |
publishingProfile
| Property | Value | Description |
|---|---|---|
| advancedSettings | object | Optional. Additional settings to pass to the vm-application-manager extension. For advanced use only. |
| customActions | galleryApplicationCustomAction[] | A list of custom actions that can be performed with this Gallery Application Version. |
| enableHealthCheck | bool | Optional. Whether or not this application reports health. |
| endOfLifeDate | string | The end of life date of the gallery image version. This property can be used for decommissioning purposes. This property is updatable. |
| excludeFromLatest | bool | If set to true, Virtual Machines deployed from the latest version of the Image Definition wont use this Image Version. |
| manageActions (required) | manageActions | |
| replicaCount | int | The number of replicas of the Image Version to be created per region. This property would take effect for a region when regionalReplicaCount is not specified. This property is updatable. |
| replicationMode | 'Full' 'Shallow' |
Optional parameter which specifies the mode to be used for replication. This property is not updatable. |
| settings | settings | Additional settings for the VM app that contains the target package and config file name when it is deployed to target VM or VM scale set. |
| source (required) | source | The source image from which the Image Version is going to be created. |
| storageAccountType (required) | 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
Specifies the storage account type to be used to store the image. This property is not updatable. |
| targetExtendedLocations | galleryTargetExtendedLocation[] | The target extended locations where the Image Version is going to be replicated to. This property is updatable. |
| targetRegions | galleryVersionTargetRegion[] | The target regions where the Image Version is going to be replicated to. This property is updatable. |
safetyProfile
| Property | Value | Description |
|---|---|---|
| allowDeletionOfReplicatedLocations (required) | bool | Indicates whether or not removing this Gallery Image Version from replicated regions is allowed. |
source
| Property | Value | Description |
|---|---|---|
| defaultConfigurationLink | string | Optional. The defaultConfigurationLink of the artifact, must be a readable storage page blob. |
| mediaLink (required) | string | Required. The mediaLink of the artifact, must be a readable storage page blob. |
osDiskImage
| Property | Value | Description |
|---|---|---|
| hostCaching (required) | 'None' 'ReadOnly' 'ReadWrite' |
The host caching of the disk. Valid values are None, ReadOnly, and ReadWrite |
| source (required) | source | The source for the disk image. |
storageProfile
| Property | Value | Description |
|---|---|---|
| dataDiskImages | galleryDataDiskImage[] | A list of data disk images. |
| osDiskImage (required) | osDiskImage | This is the OS disk image. |
| source | source | The source of the gallery artifact version. |
galleryTargetExtendedLocation
| Property | Value | Description |
|---|---|---|
| encryption | encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. |
| extendedLocation (required) | extendedLocation | The name of the extended location. |
| extendedLocationReplicaCount (required) | int | The number of replicas of the Image Version to be created per extended location. This property is updatable. |
| name (required) | string | The name of the region. |
| storageAccountType (required) | 'Premium_LRS' 'StandardSSD_LRS' 'Standard_LRS' 'Standard_ZRS' |
Specifies the storage account type to be used to store the image. This property is not updatable. |
encryption
| Property | Value | Description |
|---|---|---|
| dataDiskImages | galleryImageVersionDataDiskImageEncryption[] | A list of encryption specifications for data disk images. |
| osDiskImage (required) | galleryImageVersionTargetOsDiskImage | Contains encryption settings for an OS disk image. |
extendedLocation
| Property | Value | Description |
|---|---|---|
| name (required) | string | |
| type (required) | 'EdgeZone' 'Unknown' |
It is type of the extended location. |
galleryVersionTargetRegion
| Property | Value | Description |
|---|---|---|
| encryption | encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. |
| excludeFromLatest | bool | Contains the flag setting to hide an image when users specify version=latest |
| name (required) | string | The name of the region. |
| regionalReplicaCount (required) | int | The number of replicas of the Image Version to be created per region. This property is updatable. |
| storageAccountType (required) | 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
Specifies the storage account type to be used to store the image. This property is not updatable. |
galleryImageVersionDataDiskImageEncryption
| Property | Value | Description |
|---|---|---|
| diskEncryptionSetId | string | A relative URI containing the resource ID of the disk encryption set. |
| lun (required) | int | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. |
galleryImageVersionTargetOsDiskImage
| Property | Value | Description |
|---|---|---|
| diskEncryptionSetId (required) | string | A relative URI containing the resource ID of the disk encryption set. |
| securityProfile (required) | securityProfile | This property specifies the security profile of an OS disk image. |
securityProfile
| Property | Value | Description |
|---|---|---|
| confidentialVMEncryptionType (required) | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' |
confidential VM encryption types |
| secureVMDiskEncryptionSetId (required) | string | secure VM disk encryption set id |
galleryDataDiskImage
| Property | Value | Description |
|---|---|---|
| hostCaching | 'None' 'ReadOnly' 'ReadWrite' |
The host caching of the disk. Valid values are None, ReadOnly, and ReadWrite |
| lun (required) | int | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. |
| source (required) | source | The source for the disk image. |
galleryApplication
| Property | Value | Description |
|---|---|---|
| function (required) | string | Function of the resource [can be app, db, security,...] |
| customActions | galleryApplicationCustomAction[] | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. |
| description (required) | string | The description of this gallery Application Definition resource. This property is updatable. |
| endOfLifeDate | string | The end of life date of the gallery Application Definition. This property can be used for decommissioning purposes. This property is updatable. |
| eula | string | The Eula agreement for the gallery Application Definition. |
| privacyStatementUri | string | The privacy statement uri. |
| releaseNoteUri | string | The release note uri. |
| supportedOSType (required) | 'Linux' 'Windows' |
This property allows you to specify the supported type of the OS that application is built for. |
| versions | galleryApplicationVersion[] | Application versions |
galleryApplicationCustomAction
| Property | Value | Description |
|---|---|---|
| description | string | Description to help the users understand what this custom action does. |
| name (required) | string | The name of the custom action. Must be unique within the Gallery Application Version. |
| parameters | galleryApplicationCustomActionParameter[] | The parameters that this custom action uses |
| script (required) | string | The script to run when executing this custom action. |
galleryApplicationCustomActionParameter
| Property | Value | Description |
|---|---|---|
| defaultValue | string | The default value of the parameter. Only applies to string types |
| description | string | A description to help users understand what this parameter means |
| name (required) | string | The name of the custom action. Must be unique within the Gallery Application Version. |
| required | bool | Indicates whether this parameter must be passed when running the custom action. |
| type (required) | 'ConfigurationDataBlob' 'LogOutputBlob' 'String' |
Specifies the type of the custom action parameter. Possible values are: String, ConfigurationDataBlob or LogOutputBlob |
galleryApplicationVersion
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name. Valid characters: Numbers and periods. (Each segment is converted to an int32. So each segment has a max value of 2,147,483,647.) |
| publishingProfile (required) | publishingProfile | The publishing profile of a gallery image version. |
| safetyProfile | safetyProfile | The safety profile of the Gallery Application Version. |
manageActions
| Property | Value | Description |
|---|---|---|
| install (required) | string | Required. The path and arguments to install the gallery application. This is limited to 4096 characters. |
| remove (required) | string | Required. The path and arguments to remove the gallery application. This is limited to 4096 characters. |
| update | string | Optional. The path and arguments to update the gallery application. If not present, then update operation will invoke remove command on the previous version and install command on the current version of the gallery application. This is limited to 4096 characters. |
settings
| Property | Value | Description |
|---|---|---|
| configFileName | string | Optional. The name to assign the downloaded config file on the VM. This is limited to 4096 characters. If not specified, the config file will be named the Gallery Application name appended with _config. |
| packageFileName | string | Optional. The name to assign the downloaded package file on the VM. This is limited to 4096 characters. If not specified, the package file will be named the same as the Gallery Application name. |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
Changelog
2.2.0 (2025-10-06)
Features
- update resource api versions
2.1.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
2.1.0 (2025-03-26)
Features
- add resourceName output
2.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter