Bicep Module Documentation
← Back to Overview
Module sql-managed-instance
sqlManagedInstance
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| sku (required) | sku | SKU properties |
| identity | identity | |
| adminUsername (required) | string | Administrator username for the managed instance. Can only be specified when the managed instance is being created (and is required for creation). |
| keyVaultId (required) | string | Keyvault for storing the password |
| keyVaultSecretName | string | Name of the key vault secret in the key vault |
| administrators | administrators | The Azure Active Directory administrator of the instance. This can only be used at instance create time. If used for instance update, it will be ignored or it will result in an error. For updates individual APIs will need to be used |
| collation | string | Collation of the managed instance. (default:SQL_Latin1_General_CP1_CI_AS) |
| dnsZonePartner | string | The resource id of another managed instance whose DNS zone this managed instance will share after creation. |
| instancePoolId | string | The Id of the instance pool this managed server belongs to. |
| keyId | string | A CMK URI of the key to use for encryption. |
| licenseType (required) | 'BasePrice' 'LicenseIncluded' |
The license type. Possible values areLicenseIncluded (regular price inclusive of a new SQL license) and BasePrice (discounted AHB price for bringing your own SQL licenses). |
| maintenanceConfigurationId | string | Specifies maintenance configuration id to apply to this managed instance. |
| managedInstanceCreateMode | 'Default' 'PointInTimeRestore' |
Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. |
| minimalTlsVersion | '1.0' '1.1' '1.2' |
Minimal TLS version. Allowed values: None, 1.0, 1.1, 1.2 (default: 1.2) |
| primaryUserAssignedIdentityId | string | The resource id of a user assigned identity to be used by default. |
| proxyOverride | 'Default' 'Proxy' 'Redirect' |
Connection type used for connecting to the instance. |
| publicDataEndpointEnabled | bool | Whether or not the public data endpoint is enabled. (default: false) |
| requestedBackupStorageRedundancy | 'Geo' 'GeoZone' 'Local' 'Zone' |
The storage account type to be used to store backups for this instance. The options are Local (LocallyRedundantStorage), Zone (ZoneRedundantStorage), Geo (GeoRedundantStorage) and GeoZone(GeoZoneRedundantStorage) (defaul: Geo) |
| restorePointInTime | string | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. |
| servicePrincipalType | 'None' 'SystemAssigned' |
The managed instances service principal. (default: none) |
| sourceManagedInstanceId | string | The resource identifier of the source managed instance associated with create operation of this instance. |
| storageSizeInGB | int | Storage size in GB. Minimum value: 32. Maximum value: 16384. Increments of 32 GB allowed only. Maximum value depends on the selected hardware family and number of vCores. (default: 32) |
| subnetId (required) | string | Subnet resource ID for the managed instance. |
| timeZoneId | 'Eastern Standard Time' 'GMT Standard Time' 'Pacific Standard Time' 'Romance Standard Time' 'UTC' |
Id of the timezone. Allowed values are timezones supported by Windows. (default: Romance Standard Time) |
| vCores | '16' '32' '4' '40' '64' '8' '80' |
The number of vCores. Allowed values: 4, 8, 16, 24, 32, 40, 64, 80. (default: 4) |
| zoneRedundant | bool | Whether or not the multi-az is enabled. |
| sqlDatabases (required) | sqlManagedInstanceDatabase[] | Databases in the SQL Managed Instance |
| privateLink | privateLink | Settings for the private endpoint and private link for this resource |
sku
| Property | Value | Description |
|---|---|---|
| name (required) | 'BC_G8IH' 'BC_G8IM' 'BC_Gen5' 'GP_G8IH' 'GP_G8IM' 'GP_Gen5' |
Managed instance SKU. Allowed values for sku.name: GP_Gen5, GP_G8IM, GP_G8IH, BC_Gen5, BC_G8IM, BC_G8IH |
| capacity | int | Capacity of the particular SKU. |
| family | string | If the service has different generations of hardware, for the same SKU, then that can be captured here. |
| size | string | Size of the particular SKU |
| tier | string | The tier or edition of the particular SKU, e.g. Basic, Premium. |
identity
| Property | Value | Description |
|---|---|---|
| type | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
The types of identities associated with this resource. (default: none) |
| userAssignedIdentities | string[] | Resource IDs of User Assigned Identities to associate with this resource |
administrators
| Property | Value | Description |
|---|---|---|
| azureADOnlyAuthentication | bool | Azure Active Directory only Authentication enabled. |
| login (required) | string | Login name of the server administrator. |
| principalType (required) | 'Application' 'Group' 'User' |
Principal Type of the sever administrator. |
| sid | string | SID (object ID) of the server administrator. |
| tenantId | string | Tenant ID of the administrator. |
sqlManagedInstanceDatabase
| Property | Value | Description |
|---|---|---|
| naming (required) | naming | |
| autoCompleteRestore | bool | Whether to auto complete restore of this managed database. |
| catalogCollation | 'DATABASE_DEFAULT' 'SQL_Latin1_General_CP1_CI_AS' |
Collation of the metadata catalog. |
| collation | string | Collation of the managed database. (default: SQL_Latin1_General_CP1_CI_AS) |
| createMode | 'Default' 'PointInTimeRestore' 'Recovery' 'RestoreExternalBackup' 'RestoreLongTermRetentionBackup' |
Managed database create mode. |
| crossSubscriptionRestorableDroppedDatabaseId | string | The restorable cross-subscription dropped database resource id to restore when creating this database. |
| crossSubscriptionSourceDatabaseId | string | The resource identifier of the cross-subscription source database associated with create operation of this database. |
| crossSubscriptionTargetManagedInstanceId | string | Target managed instance id used in cross-subscription restore. |
| lastBackupName | string | Last backup file name for restore of this managed database. |
| longTermRetentionBackupResourceId | string | The name of the Long Term Retention backup to be used for restore of this managed database. |
| recoverableDatabaseId | string | The resource identifier of the recoverable database associated with create operation of this database. |
| restorableDroppedDatabaseId | string | The restorable dropped database resource id to restore when creating this database. |
| restorePointInTime | string | Conditional. If createMode is PointInTimeRestore, this value is required. Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. |
| sourceDatabaseId | string | The resource identifier of the source database associated with create operation of this database. |
| storageContainerIdentity | string | Conditional. If createMode is RestoreExternalBackup, this value is used. Specifies the identity used for storage container authentication. Can be SharedAccessSignature or ManagedIdentity; if not specified SharedAccessSignature is assumed. |
| storageContainerSasToken | string | Conditional. If createMode is RestoreExternalBackup and storageContainerIdentity is not ManagedIdentity, this value is required. Specifies the storage container sas token. |
| storageContainerUri | string | Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the uri of the storage container where backups for this restore are stored. |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
privateLink
| Property | Value | Description |
|---|---|---|
| pepNaming | naming | Name of the private endpoint |
| nicNaming | naming | Name of the network interface of the private endpoint |
| privateLinkNaming | naming | Name of the private link connection |
| subnets (required) | subnets[] | Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created |
| dnsZoneIds (required) | string[] | List of DNS zone ids that need to be linked |
subnets
| Property | Value | Description |
|---|---|---|
| resourceGroupName | string | Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet) |
| id (required) | string | Id of the subnet |
| location | string | Location if Vnet is in different location |
Changelog
8.2.0 (2025-10-06)
Features
- update resource api versions
8.1.2 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
8.1.1 (2025-04-11)
Bug Fixes
- naming connected resources when forceFunctionAsFullName or forceDefaultNaming is true
8.1.0 (2025-03-26)
Features
- add resourceName output
8.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter
7.0.0 (2025-01-03)
⚠ BREAKING CHANGES
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.
Features
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.