Bicep Module Documentation
← Back to Overview
Module load-balancer
loadBalancer
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| skuName | 'Basic' 'Gateway' 'Standard' |
Name of a load balancer SKU. (default: Standard) |
| skuTier | 'Global' 'Regional' |
Tier of a load balancer SKU. (default: Regional) |
| backendAddressPools | loadBalancerBackendAddressPool[] | Collection of backend address pools used by a load balancer. |
| frontendIPConfigurations | loadBalancerFrontendIPConfiguration[] | Object representing the frontend IPs to be used for the load balancer. |
| inboundNatPools | loadBalancerInboundNatPool[] | Defines an external port range for inbound NAT to a single backend port on NICs associated with a load balancer. Inbound NAT rules are created automatically for each NIC associated with the Load Balancer using an external port from this range. Defining an Inbound NAT pool on your Load Balancer is mutually exclusive with defining inbound NAT rules. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an inbound NAT pool. They have to reference individual inbound NAT rules. |
| inboundNatRules | loadBalancerInboundNatRule[] | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. |
| loadBalancingRules | loadBalancerLoadBalancingRule[] | Object collection representing the load balancing rules Gets the provisioning. |
| outboundRules | loadBalancerOutboundRule[] | The outbound rules. |
| probes | loadBalancerProbe[] | Collection of probe objects used in the load balancer. |
loadBalancerBackendAddressPool
| Property | Value | Description |
|---|---|---|
| name (required) | string | Name of the backend address pool |
| drainPeriodInSeconds | int | Amount of seconds Load Balancer waits for before sending RESET to client and backend address. |
| syncMode | 'Automatic' 'Manual' |
Backend address synchronous mode for the backend pool (default: automatic) |
| virtualNetworkId | string | Virtual network of load balancer backend address pool. |
loadBalancerBackendAddress
| Property | Value | Description |
|---|---|---|
| name (required) | string | Name of the backend address. |
| adminState | 'Down' 'None' 'Up' |
A list of administrative states which once set can override health probe so that Load Balancer will always forward new connections to backend, or deny new connections and reset existing connections. (default: Up) |
| ipAddress (required) | string | IP Address belonging to the referenced virtual network. |
| loadBalancerFrontendIPConfigurationName | string | Reference to the frontend ip address configuration defined in regional loadbalancer. |
| subnetId | string | Reference to an existing subnet. |
| virtualNetworkId | string | Reference to an existing virtual network. |
loadBalancerFrontendIPConfiguration
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. |
| gatewayLoadBalancerId | string | The reference to gateway load balancer frontend IP. |
| privateIPAddress | string | The private IP address of the IP configuration. |
| privateIPAddressVersion | 'IPv4' 'IPv6' |
Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. |
| privateIPAllocationMethod | 'Dynamic' 'Static' |
The Private IP allocation method. |
| enablePublicIPAddress | bool | Deploy a public IP address for this IP config |
| ddosProtectionMode | 'Disabled' 'Enabled' 'VirtualNetworkInherited' |
DDoS Protection plan for public IP, Enabled = configure per IP (default = VirtualNetworkInherited) |
| publicIPPrefixId | string | The reference to the Public IP Prefix resource. |
| subnetId | string | The reference to the subnet resource. |
| zones | string[] | A list of availability zones denoting the IP allocated for the resource needs to come from. |
loadBalancerInboundNatPool
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the resource that is unique within the set of inbound NAT pools used by the load balancer. This name can be used to access the resource. |
| backendPort (required) | int | The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. |
| enableFloatingIP | bool | Configures a virtual machines endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. |
| enableTcpReset | bool | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. |
| frontendIPConfigurationName (required) | string | A reference to frontend IP addresses. |
| frontendPortRangeEnd (required) | int | The last port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65535. |
| frontendPortRangeStart (required) | int | The first port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65534. |
| idleTimeoutInMinutes | int | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. |
| protocol (required) | 'All' 'Tcp' 'Udp' |
The reference to the transport protocol used by the inbound NAT pool. |
loadBalancerInboundNatRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. |
| backendAddressPoolName | string | A reference to backendAddressPool resource. |
| backendPort (required) | int | The port used for the internal endpoint. Acceptable values range from 1 to 65535. |
| enableFloatingIP | bool | Configures a virtual machines endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. |
| enableTcpReset | bool | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. |
| frontendIPConfigurationName (required) | string | A reference to frontend IP addresses. |
| frontendPort | int | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. |
| frontendPortRangeEnd | int | The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. Acceptable values range from 1 to 65534. |
| frontendPortRangeStart | int | The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. Acceptable values range from 1 to 65534. |
| idleTimeoutInMinutes | int | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. |
| protocol (required) | 'All' 'Tcp' 'Udp' |
The reference to the transport protocol used by the load balancing rule. |
loadBalancerLoadBalancingRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the resource that is unique within the set of load balancing rules used by the load balancer. This name can be used to access the resource. |
| backendAddressPoolName (required) | string | A reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs. |
| backendPort (required) | int | The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables "Any Port". |
| disableOutboundSnat | bool | Configures SNAT for the VMs in the backend pool to use the publicIP address specified in the frontend of the load balancing rule. (defaul: true) |
| enableFloatingIP | bool | Configures a virtual machines endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. |
| enableTcpReset | bool | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. |
| frontendIPConfigurationName (required) | string | A reference to frontend IP addresses. |
| frontendPort (required) | int | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 0 and 65534. Note that value 0 enables "Any Port". |
| idleTimeoutInMinutes | int | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. |
| loadDistribution | 'Default' 'SourceIP' 'SourceIPProtocol' |
The load distribution policy for this rule. |
| probeName (required) | string | The reference to the load balancer probe used by the load balancing rule. |
| protocol (required) | 'All' 'Tcp' 'Udp' |
The reference to the transport protocol used by the load balancing rule. |
loadBalancerOutboundRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the resource that is unique within the set of outbound rules used by the load balancer. This name can be used to access the resource. |
| allocatedOutboundPorts | int | The number of outbound ports to be used for NAT. |
| backendAddressPoolName (required) | string | A reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs. |
| enableTcpReset | bool | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. |
| frontendIPConfigurationNames (required) | string[] | The Frontend IP addresses of the load balancer. |
| idleTimeoutInMinutes | int | The timeout for the TCP idle connection. |
| protocol (required) | 'All' 'Tcp' 'Udp' |
The protocol for the outbound rule in load balancer. |
loadBalancerProbe
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the resource that is unique within the set of probes used by the load balancer. This name can be used to access the resource. |
| intervalInSeconds | int | The interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5. |
| numberOfProbes | int | The number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. |
| port (required) | int | The port for communicating the probe. Possible values range from 1 to 65535, inclusive. |
| probeThreshold | int | The number of consecutive successful or failed probes in order to allow or deny traffic from being delivered to this endpoint. After failing the number of consecutive probes equal to this value, the endpoint will be taken out of rotation and require the same number of successful consecutive probes to be placed back in rotation. |
| protocol (required) | 'Http' 'Https' 'Tcp' |
The protocol of the end point. If Tcp is specified, a received ACK is required for the probe to be successful. If Http or Https is specified, a 200 OK response from the specifies URI is required for the probe to be successful. |
| requestPath | string | The URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value. |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
Changelog
5.1.0 (2025-10-06)
Features
- update resource api version
5.0.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
5.0.0 (2025-09-24)
⚠ BREAKING CHANGES
- remove deprecated outputs
Bug Fixes
- remove deprecated outputs
4.3.0 (2025-03-26)
Features
- add resourceName output
4.2.2 (2025-02-25)
Bug Fixes
- public load balancer zone redundancy