Bicep Module Documentation
← Back to Overview
Module mysql-server
mySqlServer
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| identity | identity | |
| sku (required) | sku | The SKU (pricing tier) of the server. |
| adminUsername | string | The administrator's login name of a server. Can only be specified when the server is being created (and is required for creation). |
| keyVaultId | string | Key Vault ID where to get the admin password. |
| keyVaultSecretName | string | Name of the Key Vault Secret in the Key Vault. |
| availabilityZone | string | Availability Zone to deploy to server into. |
| backup | backup | Backup properties of the server. |
| createMode | 'Default' 'GeoRestore' 'PointInTimeRestore' 'Replica' |
The mode to create a new MySQL server. |
| dataEncryption | dataEncryption | The Data Encryption for CMK. |
| highAvailability | highAvailability | High availability properties of the server. |
| maintenancePolicy | maintenancePolicy | Maintenance policy of a server. |
| maintenanceWindow | maintenanceWindow | Maintenance window properties of the server. |
| network | network | Network properties of the server. This Network property is required to be passed only in case you want the server to be a Private Access (i.e. VNet integrated) server. |
| replicationRole | 'None' 'Replica' 'Source' |
Replication role of the server. |
| restorePointInTime | string | Restore point creation time (ISO8601 format), specifying the time to restore from. |
| sourceServerResourceId | string | The source MySQL server id. |
| storage (required) | storage | Storage properties of the server. |
| serverParameters | object | Server parameters (i.e. MySql Configurations) to be configured on the server. |
| version (required) | string | Major version of MySQL. 8.0.21 stands for MySQL 8.0, 5.7.44 stands for MySQL 5.7. |
| databases | mySqlDatabase[] | The databases to be created within the server. |
| firewallRules | mySqlFirewallRule[] | Firewall rules to be configured for a public accessible server. |
| administrators | mySqlAdministrator[] | Entra ID administrators |
| privateLink | privateLink | Settings for the Private Endpoint and Private Link for this resource |
identity
| Property | Value | Description |
|---|---|---|
| type | 'None' 'UserAssigned' |
The types of identities associated with this resource. (default: none) |
| userAssignedIdentities | string[] | Resource IDs of User Assigned Identities to associate with this resource |
sku
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. |
| tier (required) | 'Burstable' 'GeneralPurpose' 'MemoryOptimized' |
The tier of the particular SKU, e.g. Burstable. |
backup
| Property | Value | Description |
|---|---|---|
| backupIntervalHours (required) | int | Backup interval hours for the server. |
| backupRetentionDays (required) | int | Backup retention days for the server. |
| geoRedundantBackup (required) | 'Disabled' 'Enabled' |
A value indicating whether Geo-Redundant backup is enabled on the server. |
dataEncryption
| Property | Value | Description |
|---|---|---|
| geoBackupKeyURI | string | URI for the key in Key Vault for data encryption for geo-backup of the server. |
| geoBackupUserAssignedIdentityId | string | Resource ID for the User Assigned Identity to be used for data encryption for geo-backup of the server. |
| primaryKeyURI | string | URI for the key in Key Vault for data encryption of the primary server. |
| primaryUserAssignedIdentityId | string | Resource ID for the User Assigned Identity to be used for data encryption of the primary server. |
| type (required) | 'AzureKeyVault' 'SystemManaged' |
Data encryption type to depict if it is System Managed vs Azure Key vault. |
highAvailability
| Property | Value | Description |
|---|---|---|
| mode (required) | 'Disabled' 'SameZone' 'ZoneRedundant' |
The HA mode for the server. |
| standbyAvailabilityZone | string | Availability Zone to be used for the standby. |
maintenancePolicy
| Property | Value | Description |
|---|---|---|
| patchStrategy (required) | 'Regular' 'VirtualCanary' |
The patch strategy of this server. |
maintenanceWindow
| Property | Value | Description |
|---|---|---|
| customWindow | string | Indicates whether custom window is enabled or disabled. |
| dayOfWeek | int | Day of week for maintenance window. |
| startHour | int | Start hour for maintenance window. |
| startMinute | int | Start minute for maintenance window. |
network
| Property | Value | Description |
|---|---|---|
| delegatedSubnetResourceId | string | Resource ID of the delegated subnet. The subnet needs a delegation to Microsoft.DBforMySQL/flexibleServers. This is required to be passed during create, in case we want the server to be VNET injected, i.e. Private access server. During update, pass this only if we want to update the value for Private DNS zone. |
| privateDnsZoneResourceId | string | Resource ID of the Private DNS Zone. This is required to be passed during create, in case we want the server to be VNET injected, i.e. Private access server. During update, pass this only if we want to update the value for Private DNS zone. |
| publicNetworkAccess | 'Disabled' 'Enabled' |
Public network access is enabled or not |
storage
| Property | Value | Description |
|---|---|---|
| autoGrow | 'Disabled' 'Enabled' |
Flag to enable / disable Storage Auto grow for the server. |
| autoIoScaling | 'Disabled' 'Enabled' |
Enable IO Auto Scaling or not. |
| iops | int | Storage IOPS for a server. |
| logOnDisk | 'Disabled' 'Enabled' |
Enable Log On Disk or not. |
| storageRedundancy (required) | 'LocalRedundancy' 'ZoneRedundancy' |
The redundant type of the server storage. The parameter is used for server creation. |
| storageSizeGB (required) | int | Max storage size allowed for a server. |
mySqlAdministrator
| Property | Value | Description |
|---|---|---|
| identityResourceId (required) | string | The resource id of the identity used for AAD Authentication. |
| login (required) | string | Login name of the server administrator. |
| sid (required) | string | SID (object ID) of the server administrator. |
| tenantId (required) | string | The tenant ID of the administrator. |
mySqlDatabase
| Property | Value | Description |
|---|---|---|
| name (required) | string | The name of the database. |
| charset | string | The charset of the database. |
| collation | string | The collation of the database. |
mySqlFirewallRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | |
| startIpAddress (required) | string | |
| endIpAddress (required) | string |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
privateLink
| Property | Value | Description |
|---|---|---|
| pepNaming | naming | Name of the private endpoint |
| nicNaming | naming | Name of the network interface of the private endpoint |
| privateLinkNaming | naming | Name of the private link connection |
| subnets (required) | subnets[] | Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created |
| dnsZoneIds (required) | string[] | List of DNS zone ids that need to be linked |
subnets
| Property | Value | Description |
|---|---|---|
| resourceGroupName | string | Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet) |
| id (required) | string | Id of the subnet |
| location | string | Location if Vnet is in different location |
Changelog
1.1.0 (2025-10-06)
Features
- update resource api versions
1.0.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
1.0.0 (2025-07-28)
⚠ BREAKING CHANGES
- add initial version
Features
- add initial version