Bicep Module Documentation
← Back to Overview
Module service-bus
serviceBus
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| skuName | 'Basic' 'Premium' 'Standard' |
Name of the Sku. (default: Standard) |
| skuCapacity | int | Messaging units for your service bus premium namespace. Valid capacities are {1, 2, 4, 8, 16} multiples of your properties.premiumMessagingPartitions setting. For example, If properties.premiumMessagingPartitions is 1 then possible capacity values are 1, 2, 4, 8, and 16. If properties.premiumMessagingPartitions is 4 then possible capacity values are 4, 8, 16, 32 and 64 |
| identity | identity | |
| disableLocalAuth | bool | This property disables SAS authentication for the Service Bus namespace. (default: false) |
| encryption | encryption | Properties of BYOK Encryption description |
| minimumTlsVersion | '1.0' '1.1' '1.2' |
The minimum TLS version for the cluster to support (default: 1.2) |
| premiumMessagingPartitions | '1' '2' '4' |
The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4 |
| publicNetworkAccess | 'Disabled' 'Enabled' 'SecuredByPerimeter' |
This determines if traffic is allowed over public network. By default it is enabled. |
| zoneRedundancy | bool | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. |
| authorizationRules | serviceBusAuthorizationRule[] | Authorization Rules (Shared Access Policies) in the resource |
| queues | serviceBusQueue[] | Queues in the resource |
| topics | serviceBusTopic[] | Topics in the resource |
| privateLink | privateLink | Settings for the private endpoint and private link for this resource |
identity
| Property | Value | Description |
|---|---|---|
| userAssignedIdentity (required) | string |
encryption
| Property | Value | Description |
|---|---|---|
| keySource (required) | 'Microsoft.KeyVault' | Enumerates the possible value of keySource for Encryption |
| keyVaultProperties (required) | serviceBusKeyVaultProperties[] | Properties of KeyVault |
| requireInfrastructureEncryption | bool | Enable Infrastructure Encryption (Double Encryption) |
serviceBusKeyVaultProperties
| Property | Value | Description |
|---|---|---|
| identity | identity | |
| keyName (required) | string | Name of the Key from KeyVault |
| keyVaultUri (required) | string | Uri of KeyVault |
| keyVersion (required) | string | Version of KeyVault |
serviceBusAuthorizationRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| rights (required) | Array containing any of: 'Listen' 'Manage' 'Send' |
The rights associated with the rule. |
serviceBusQueue
| Property | Value | Description |
|---|---|---|
| naming (required) | naming | The resource naming |
| autoDeleteOnIdle | string | ISO 8061 timeSpan idle interval after which the queue is automatically deleted. The minimum duration is 5 minutes. |
| deadLetteringOnMessageExpiration | bool | A value that indicates whether this queue has dead letter support when a message expires. |
| defaultMessageTimeToLive | string | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. |
| duplicateDetectionHistoryTimeWindow | string | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. |
| enableBatchedOperations | bool | Value that indicates whether server-side batched operations are enabled. |
| enableExpress | bool | A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage. |
| enablePartitioning | bool | A value that indicates whether the queue is to be partitioned across multiple message brokers. |
| forwardDeadLetteredMessagesTo | string | Queue/Topic name to forward the Dead Letter message |
| forwardTo | string | Queue/Topic name to forward the messages |
| lockDuration | string | ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. |
| maxDeliveryCount | int | The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. |
| maxMessageSizeInKilobytes | int | Maximum size (in KB) of the message payload that can be accepted by the queue. This property is only used in Premium today and default is 1024. |
| maxSizeInMegabytes | int | The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024. |
| requiresDuplicateDetection | bool | A value indicating if this queue requires duplicate detection. |
| requiresSession | bool | A value that indicates whether the queue supports the concept of sessions. |
| authorizationRules | serviceBusAuthorizationRule[] |
serviceBusTopic
| Property | Value | Description |
|---|---|---|
| naming (required) | naming | The resource naming |
| autoDeleteOnIdle | string | ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. |
| defaultMessageTimeToLive | string | ISO 8601 Default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. |
| duplicateDetectionHistoryTimeWindow | string | ISO8601 timespan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. |
| enableBatchedOperations | bool | Value that indicates whether server-side batched operations are enabled. |
| enableExpress | bool | Value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. |
| enablePartitioning | bool | Value that indicates whether the topic to be partitioned across multiple message brokers is enabled. |
| maxMessageSizeInKilobytes | int | Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. |
| maxSizeInMegabytes | int | Maximum size of the topic in megabytes, which is the size of the memory allocated for the topic. Default is 1024. |
| requiresDuplicateDetection | bool | Value indicating if this topic requires duplicate detection. |
| supportOrdering | bool | Value that indicates whether the topic supports ordering. |
| authorizationRules | serviceBusAuthorizationRule[] | |
| subscriptions | serviceBusTopicSubscription[] |
serviceBusTopicSubscription
| Property | Value | Description |
|---|---|---|
| naming (required) | naming | The resource naming |
| autoDeleteOnIdle | string | ISO 8061 timeSpan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. |
| clientAffineProperties | clientAffineProperties | Properties specific to client affine subscriptions. |
| deadLetteringOnFilterEvaluationExceptions | bool | Value that indicates whether a subscription has dead letter support on filter evaluation exceptions. |
| deadLetteringOnMessageExpiration | bool | Value that indicates whether a subscription has dead letter support when a message expires. |
| defaultMessageTimeToLive | string | ISO 8061 Default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. |
| duplicateDetectionHistoryTimeWindow | string | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. |
| enableBatchedOperations | bool | Value that indicates whether server-side batched operations are enabled. |
| forwardDeadLetteredMessagesTo | string | Queue/Topic name to forward the Dead Letter message |
| forwardTo | string | Queue/Topic name to forward the messages |
| isClientAffine | bool | Value that indicates whether the subscription has an affinity to the client id. |
| lockDuration | string | ISO 8061 lock duration timespan for the subscription. The default value is 1 minute. |
| maxDeliveryCount | int | Number of maximum deliveries. |
| requiresSession | bool | Value indicating if a subscription supports the concept of sessions. |
| rules | serviceBusTopicSubscriptionRule[] | Rules in the resource |
clientAffineProperties
| Property | Value | Description |
|---|---|---|
| clientId (required) | string | Indicates the Client ID of the application that created the client-affine subscription. |
| isDurable (required) | bool | For client-affine subscriptions, this value indicates whether the subscription is durable or not. |
| isShared (required) | bool | For client-affine subscriptions, this value indicates whether the subscription is shared or not. |
serviceBusTopicSubscriptionRule
| Property | Value | Description |
|---|---|---|
| name (required) | string | The resource name |
| action | action | Represents the filter actions which are allowed for the transformation of a message that have been matched by a filter expression. |
| correlationFilter | correlationFilter | Properties of correlationFilter |
| filterType (required) | 'CorrelationFilter' 'SqlFilter' |
Filter type that is evaluated against a BrokeredMessage. |
| sqlFilter | sqlFilter | Properties of sqlFilter |
action
| Property | Value | Description |
|---|---|---|
| requiresPreprocessing (required) | bool | Value that indicates whether the rule action requires preprocessing. |
| sqlExpression (required) | string | SQL expression. e.g. MyProperty=ABC |
correlationFilter
| Property | Value | Description |
|---|---|---|
| contentType | string | Content type of the message. |
| correlationId | string | Identifier of the correlation. |
| label | string | Application specific label. |
| messageId | string | Identifier of the message. |
| properties | object | dictionary object for custom filters |
| replyTo | string | Address of the queue to reply to. |
| replyToSessionId | string | Session identifier to reply to. |
| requiresPreprocessing | bool | Value that indicates whether the rule action requires preprocessing. |
| sessionId | string | Session identifier. |
| to | string | Address to send to. |
sqlFilter
| Property | Value | Description |
|---|---|---|
| requiresPreprocessing | bool | Value that indicates whether the rule action requires preprocessing. |
| sqlExpression (required) | string | SQL expression. e.g. MyProperty=ABC |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
privateLink
| Property | Value | Description |
|---|---|---|
| pepNaming | naming | Name of the private endpoint |
| nicNaming | naming | Name of the network interface of the private endpoint |
| privateLinkNaming | naming | Name of the private link connection |
| subnets (required) | subnets[] | Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created |
| dnsZoneIds (required) | string[] | List of DNS zone ids that need to be linked |
subnets
| Property | Value | Description |
|---|---|---|
| resourceGroupName | string | Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet) |
| id (required) | string | Id of the subnet |
| location | string | Location if Vnet is in different location |
Changelog
7.3.0 (2025-10-06)
Features
- update resource api version
7.2.1 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
7.2.0 (2025-09-01)
Features
- add secure outputs
7.1.1 (2025-04-11)
Bug Fixes
- naming connected resources when forceFunctionAsFullName or forceDefaultNaming is true
7.1.0 (2025-03-26)
Features
- add resourceName output
7.0.0 (2025-01-03)
⚠ BREAKING CHANGES
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.
Features
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.