I'm tring to provision a LogicApp that has a connection to CosmosDB already setup. The CosmosDB resources get provisioned, but there's a failure with the connection.
Error:
{
"status": "Failed",
"error": {
"code": "ApiNotFound",
"message": "The API 'cosmosdb' could not be found."
} }
My ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"databaseAccounts_wkshp_cosmos_name": {
"defaultValue": "mycosmosdb",
"type": "String"
},
"backendLogicApp": {
"defaultValue": "t12msds5lg",
"type": "String"
},
"location": {
"defaultValue": "westus2",
"type": "String"
},
"cosmosConnection": {
"defaultValue": "cosmos",
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2019-05-01",
"name": "[parameters('backendLogicApp')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('cosmosConnection'))]"
],
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {},
"actions": {},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"cosmosdb": {
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('databaseAccounts_wkshp_cosmos_name'))]",
"connectionName": "cosmosdb",
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', parameters('location'), 'cosmosdb')]"
}
}
}
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2022-08-15",
"name": "[parameters('databaseAccounts_wkshp_cosmos_name')]",
"location": "[parameters('location')]",
"tags": {
"defaultExperience": "Core (SQL)",
"hidden-cosmos-mmspecial": ""
},
"kind": "GlobalDocumentDB",
"identity": {
"type": "None"
},
"properties": {
"publicNetworkAccess": "Enabled",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": false,
"virtualNetworkRules": [],
"disableKeyBasedMetadataWriteAccess": false,
"enableFreeTier": false,
"enableAnalyticalStorage": true,
"analyticalStorageConfiguration": {
"schemaType": "WellDefined"
},
"databaseAccountOfferType": "Standard",
"defaultIdentity": "FirstPartyIdentity",
"networkAclBypass": "None",
"disableLocalAuth": false,
"enablePartitionMerge": false,
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "West US",
"provisioningState": "Succeeded",
"failoverPriority": 0,
"isZoneRedundant": false
}
],
"cors": [],
"capabilities": [
{
"name": "EnableServerless"
}
],
"ipRules": [],
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 240,
"backupRetentionIntervalInHours": 8,
"backupStorageRedundancy": "Geo"
}
},
"networkAclBypassResourceIds": [],
"keysMetadata": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/SQLDatabase')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"resource": {
"id": "SQLDatabase"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/00000000-0000-0000-0000-000000000001')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"roleName": "Cosmos DB Built-in Data Reader",
"type": "BuiltInRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/00000000-0000-0000-0000-000000000002')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"roleName": "Cosmos DB Built-in Data Contributor",
"type": "BuiltInRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/SQLDatabase/transactionDb')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccounts_wkshp_cosmos_name'), 'SQLDatabase')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"resource": {
"id": "transactionDb",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/id"
],
"kind": "Hash",
"version": 2
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
},
"analyticalStorageTtl": -1
}
}
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('cosmosConnection')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"displayName": "Router",
"api": {
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', parameters('location'), 'cosmosdb')]"
},
"parameterValues": {
"connectionString": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name')), '2019-12-12').connectionStrings[0].connectionString]"
}
}
}
]
}
Try with below format for cosmos db connection,
"parameters": {
"$connections": {
"value": {
"documentdb": {
"connectionId": "[parameters('connections_documentdb_externalid')]",
"connectionName": "documentdb",
"id": "/subscriptions/xxxxx/providers/Microsoft.Web/locations/centralus/managedApis/documentdb"
}
}
}
}
I have created sample logic app which will retrieve documents from cosmos db and designer of logic app is,
Exported template from logic app and template with parameters file is downloaded.
Template.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_cosmoslapp_name": {
"defaultValue": "cosmoslapp",
"type": "String"
},
"connections_documentdb_externalid": {
"defaultValue": "/subscriptions/xxxxx/resourceGroups/so1/providers/Microsoft.Web/connections/documentdb",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_cosmoslapp_name')]",
"location": "centralus",
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Recurrence": {
"recurrence": {
"frequency": "Minute",
"interval": 3
},
"evaluatedRecurrence": {
"frequency": "Minute",
"interval": 3
},
"type": "Recurrence"
}
},
"actions": {
"Get_all_documents_(V3)": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "#parameters('$connections')['documentdb']['connectionId']"
}
},
"method": "get",
"path": "/v2/cosmosdb/#{encodeURIComponent('AccountNameFromSettings')}/dbs/#{encodeURIComponent('testdb')}/colls/#{encodeURIComponent('cid')}/docs"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"documentdb": {
"connectionId": "[parameters('connections_documentdb_externalid')]",
"connectionName": "documentdb",
"id": "/subscriptions/xxxx/providers/Microsoft.Web/locations/centralus/managedApis/documentdb"
}
}
}
}
}
}
]
}
Using custom deployment, deployed this template and another logic app created with same actions and connection to cosmos db also done.
Designer of new logic app,
Related
I need to create 8 database and couple of collections though ARM template.I was going through the user defined function here https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-user-defined-functions to make the template simpler, Is that something I can achieve instead of copy paste the same scripts? right now, its throwing an error
Template validation failed: Unexpected initial token 'String' when
populating object.
My current Function:
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "databaseName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "['test', '/', parameters('databaseName'))]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
}
}
}
}
}
}
}
],
Is that something we can achieve?
Update: Here is the simplified version
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"type": "string",
"defaultValue": "test",
"metadata": {
"description": "Cosmos DB account name"
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "Cosmos DB database name"
}
}
},
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "databaseName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "[concat('/test', '/', parameters('databaseName'))]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
}
}
}
}
}
}
}
],
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"name": "[parameters('accountName')]",
"apiVersion": "2020-04-01",
"location": "central us",
"kind": "MongoDB",
"properties": {
"isVirtualNetworkFilterEnabled": false,
"databaseAccountOfferType": "Standard",
"apiProperties": {
"serverVersion": "3.6"
}
}
},
"[contoso.uniqueName(parameters('databaseName'))]"
]
}
Looks like you're trying to create several mongodbDatabases within the databaseAccounts resource.
I recommend looking at the ARM copy element.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/copy-resources#resource-iteration
It would look roughly like:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"type": "string",
"defaultValue": "test",
"metadata": {
"description": "Cosmos DB account name"
}
},
"databaseNames": {
"type": "array",
"defaultValue": [
"contoso",
"fabrikam",
"coho"
],
"metadata": {
"description": "Cosmos DB database names array"
}
}
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"name": "[parameters('accountName')]",
"apiVersion": "2020-04-01",
"location": "central us",
"kind": "MongoDB",
"properties": {
"isVirtualNetworkFilterEnabled": false,
"databaseAccountOfferType": "Standard",
"apiProperties": {
"serverVersion": "3.6"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "[concat('/test', '/', parameters('databaseNames')[copyIndex()])]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseNames')[copyIndex()]]"
}
},
"copy": {
"name": "databaseCopy",
"count": "[length(parameters('databaseNames'))]"
}
}
]
}
I have a working ARM Template to deploy an Application Gateway with WAF Enabled, this is currently always enabling the Firewall and setting the Firewall Mode based on parameters.
We want to parameterize enabling the WAF so that an AGW can be deployed without WAF
The object in the properties looks like:
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
The parameter file has these set:
"firewallEnabled": false,
"Tier": "Standard",
"skuSize": "Standard_Medium",
However on deployment it errors out trying to enable the Firewall
New-AzResourceGroupDeployment : 11:28:27 AM - Error:
Code=ApplicationGatewayFirewallCannotBeEnabledForSelectedSku;
Message=Application Gateway
/subscriptions//providers/Microsoft.Network/applicationGatewa
ys/EXAMPLE-AGW does not support WebApplicationFirewall with the
selected SKU tier Standard
It looks like it's still trying to enable the firewall even though the "enabled:" property would be false, I would assume it would ignore the rest of the properties in the object but obviously not. Can anyone see what I'm doing wrong here?
Reason for Failure: As WebApplicationFirewall is not supported for Standard Tier AppGateway, the template VALIDATION will fail even if enabled is set to false as validation sees "webApplicationFirewallConfiguration" key itself as invalid for Standard Tier.
Fix: Use Nested Templates to create a child deployment of an Application Gateway template without "webApplicationFirewallConfiguration" if firewall is disabled, else the one with "webApplicationFirewallConfiguration" if firewall is enabled along with firewall mode value in the parameters file.
Working Sample: Please find below the root template for deployment along with two templates with firewall enabled and disabled as well. Then, it has two parameters file - one for firewall enabled and other for disabled one.
To try out this sample, follow the below steps:
Upload the two Child templates in a Blob Storage.
Make this Blob Container, where templates are uploaded, Public accessible or use SAS token while creating the template's url.
Update the variables "appGatewaysTemplateWaffalse" and "appGatewaysTemplateWaftrue" in root template with urls of uploaded child templates.
Go https://portal.azure.com/#create/Microsoft.Template -> "Build your own template in the editor".
Use this updated root template with urls and the parameter file (enabled or disabled) as desired.
Root Template (VNet + Child Deployment):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "virtual network address range"
}
},
"subnetName": {
"type": "string",
"defaultValue": "subnet1",
"metadata": {
"description": "Subnet Name"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/24",
"metadata": {
"description": "Subnet prefix"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]",
"appGatewaysTemplateWaffalse": "https://da2.blob.core.windows.net/templates/app-gateway-waf-false.json",
"appGatewaysTemplateWaftrue": "https://da2.blob.core.windows.net/templates/app-gateway-waf-true.json"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"name": "azure-appGateways-non-waf-deployment",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables(concat('appGatewaysTemplateWaf',string(parameters('applicationGateway').firewallEnabled)))]"
},
"parameters": {
"applicationGateway": {
"value": "[parameters('applicationGateway')]"
},
"location": {
"value": "[parameters('location')]"
},
"subnetRef": {
"value": "[variables('subnetRef')]"
}
}
}
}
]
}
Child Template without webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Child Template with webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
},
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Parameters with firewall disabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "false",
"skuTier": "Standard",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "Standard_Small",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}
Parameters with firewall enabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "true",
"firewallMode": "Detection",
"skuTier": "WAF",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "WAF_Medium",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}
Not sure why this is happening, but you can always do this:
"variables": {
"waffalse": {
"enabled": false
},
"waftrue": {
"enabled": true,
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
}
...
"webApplicationFirewallConfiguration": "[variables(concat('waf', string(parameters('applicationGateway').firewallEnabled)))]"
so use one variable or the other depending on condition
I'm looking for the option to enable diagnostic log settings (file level, not blob) on the template deployment stage.
I've found the following example on Github however, it doesn't work, saying "Microsoft.Web/sites/logs" is not a valid option".
Below is the part of my template:
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"location": "[resourcegroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Verbose"
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 100,
"retentionInDays": 90,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
Also, I've found the following discussion on a similar question but the topic starter stated that this piece of code works correctly in most cases.
If you want to enable diagnostic log settings during deployment Azure WebApp. You could use the follow demo code to do that. It works correctly on my side.
Deploy.json
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string"
},
"appServicePlanName": {
"type": "string"
},
"siteLocation": {
"type": "string"
},
"workerSize": {
"type": "string",
"allowedValues": [
"0",
"1",
"2"
],
"defaultValue": "1"
}
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('appServicePlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[parameters('siteLocation')]",
"sku": {
"name": "S1",
"tier": "Standard",
"capacity": 1
},
"properties": {
"name": "[parameters('appServicePlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[parameters('siteName')]",
"type": "Microsoft.Web/sites",
"location": "[parameters('siteLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]"
],
"properties": {
"serverFarmId": "[parameters('appServicePlanName')]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Verbose"
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 100,
"retentionInDays": 90,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
}
]
}
]
}
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"value": "xxxxxx"
},
"appServicePlanName": {
"value": "xxxx"
},
"siteLocation": {
"value": "East US"
},
"workerSize": {
"value": "1"
}
}
}
Check from the Azure portal.
I have defined below a fragment of an ARM template which creates a service bus topic, subscription, and rule/filter. The rule is applied along with the topic and subscription, but the value of the filter is 1=1. Why would the expression not be applied?
{
"apiVersion": "2017-04-01",
"name": "[concat(parameters('serviceBusNamespaceName'), '/TOPIC-NAME')]",
"type": "Microsoft.ServiceBus/namespaces/topics",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'))]"
],
"properties": {
"path": "TOPIC-NAME",
"duplicateDetectionHistoryTimeWindow": "00:10:00",
"enableBatchedOperations": false,
"enablePartitioning": true,
"enableSubscriptionPartitioning": false,
"filteringMessagesBeforePublishing": false,
"maxSizeInMegabytes": 5120
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "SUB-NAME",
"type": "subscriptions",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'), '/topics/TOPIC-NAME')]"
],
"properties": {},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "SUB-NAME",
"type": "Rules",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'), '/topics/TOPIC-NAME/subscriptions/SUB-NAME')]"
],
"properties": {
"filter": {
"sqlExpression": "MessageType = 'TYPE-OF-MESSAGE' AND MajorVersion = 1"
},
"action": {
"sqlExpression": "SET sys.Label='TYPE-OF-MESSAGE'"
}
}
}
]
}
]
}
Your subscription rule should be defined as follows:
"resources": [
{
"apiVersion": "2017-04-01",
"name": "SUB-NAME-FILTER",
"type": "Rules",
"dependsOn": [
"[parameters('serviceBusSubscriptionName')]"
],
"properties": {
"filterType": "SqlFilter",
"sqlFilter": {
"sqlExpression": "MessageType = 'TYPE-OF-MESSAGE' AND MajorVersion = 1"
"requiresPreprocessing": "false"
},
"action": {
"sqlExpression": "SET sys.Label='TYPE-OF-MESSAGE'"
}
}
}
]
I create the service bus filter with the following ARM template, it works correctly on my side. More details we could refer to Create a Service Bus namespace with topic, subscription, and rule using an Azure Resource Manager template
I check it with Azure service bus explore
Deploy.json
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serviceBusNamespaceName": {
"type": "string",
"metadata": {
"description": "Name of the Service Bus namespace"
}
},
"serviceBusTopicName": {
"type": "string",
"metadata": {
"description": "Name of the Topic"
}
},
"serviceBusSubscriptionName": {
"type": "string",
"metadata": {
"description": "Name of the Subscription"
}
},
"serviceBusRuleName": {
"type": "string",
"metadata": {
"description": "Name of the Rule"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"defaultSASKeyName": "RootManageSharedAccessKey",
"authRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('serviceBusNamespaceName'), variables('defaultSASKeyName'))]",
"sbVersion": "2017-04-01"
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusNamespaceName')]",
"type": "Microsoft.ServiceBus/Namespaces",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard"
},
"properties": {},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusTopicName')]",
"type": "Topics",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'))]"
],
"properties": {
"defaultMessageTimeToLive": "P10675199DT2H48M5.4775807S",
"maxSizeInMegabytes": "1024",
"requiresDuplicateDetection": "false",
"duplicateDetectionHistoryTimeWindow": "PT10M",
"enableBatchedOperations": "false",
"supportOrdering": "false",
"autoDeleteOnIdle": "P10675199DT2H48M5.4775807S",
"enablePartitioning": "false",
"enableExpress": "false"
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusSubscriptionName')]",
"type": "Subscriptions",
"dependsOn": [
"[parameters('serviceBusTopicName')]"
],
"properties": {
"lockDuration": "PT1M",
"requiresSession": "false",
"defaultMessageTimeToLive": "P10675199DT2H48M5.4775807S",
"deadLetteringOnMessageExpiration": "false",
"maxDeliveryCount": "10",
"enableBatchedOperations": "false",
"autoDeleteOnIdle": "P10675199DT2H48M5.4775807S"
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusRuleName')]",
"type": "Rules",
"dependsOn": [
"[parameters('serviceBusSubscriptionName')]"
],
"properties": {
"filterType": "SqlFilter",
"sqlFilter": {
"sqlExpression": "MessageType = 'TYPE-OF-MESSAGE' AND MajorVersion = 1",
"requiresPreprocessing": "false"
},
"action": {
"sqlExpression": "SET sys.Label='TYPE-OF-MESSAGE'"
},
"CorrelationFilter": {}
}
}
]
}
]
}
]
}
],
"outputs": {
"NamespaceConnectionString": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryConnectionString]"
},
"SharedAccessPolicyPrimaryKey": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryKey]"
}
}
}
Paramters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serviceBusNamespaceName": {
"value": "xxxx-test"
},
"serviceBusTopicName": {
"value": "armtopipc-test"
},
"serviceBusSubscriptionName": {
"value": "armsubscription-test"
},
"serviceBusRuleName": {
"value": "filterRule-test"
}
}
}
I have defined below a fragment of an ARM template which creates a service bus topic, subscription, and rule/filter. The rule is applied along with the topic and subscription, but the value of the filter is 1=1. Why would the expression not be applied?
{
"apiVersion": "2017-04-01",
"name": "[concat(parameters('serviceBusNamespaceName'), '/TOPIC-NAME')]",
"type": "Microsoft.ServiceBus/namespaces/topics",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'))]"
],
"properties": {
"path": "TOPIC-NAME",
"duplicateDetectionHistoryTimeWindow": "00:10:00",
"enableBatchedOperations": false,
"enablePartitioning": true,
"enableSubscriptionPartitioning": false,
"filteringMessagesBeforePublishing": false,
"maxSizeInMegabytes": 5120
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "SUB-NAME",
"type": "subscriptions",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'), '/topics/TOPIC-NAME')]"
],
"properties": {},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "SUB-NAME",
"type": "Rules",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'), '/topics/TOPIC-NAME/subscriptions/SUB-NAME')]"
],
"properties": {
"filter": {
"sqlExpression": "MessageType = 'TYPE-OF-MESSAGE' AND MajorVersion = 1"
},
"action": {
"sqlExpression": "SET sys.Label='TYPE-OF-MESSAGE'"
}
}
}
]
}
]
}
Your subscription rule should be defined as follows:
"resources": [
{
"apiVersion": "2017-04-01",
"name": "SUB-NAME-FILTER",
"type": "Rules",
"dependsOn": [
"[parameters('serviceBusSubscriptionName')]"
],
"properties": {
"filterType": "SqlFilter",
"sqlFilter": {
"sqlExpression": "MessageType = 'TYPE-OF-MESSAGE' AND MajorVersion = 1"
"requiresPreprocessing": "false"
},
"action": {
"sqlExpression": "SET sys.Label='TYPE-OF-MESSAGE'"
}
}
}
]
I create the service bus filter with the following ARM template, it works correctly on my side. More details we could refer to Create a Service Bus namespace with topic, subscription, and rule using an Azure Resource Manager template
I check it with Azure service bus explore
Deploy.json
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serviceBusNamespaceName": {
"type": "string",
"metadata": {
"description": "Name of the Service Bus namespace"
}
},
"serviceBusTopicName": {
"type": "string",
"metadata": {
"description": "Name of the Topic"
}
},
"serviceBusSubscriptionName": {
"type": "string",
"metadata": {
"description": "Name of the Subscription"
}
},
"serviceBusRuleName": {
"type": "string",
"metadata": {
"description": "Name of the Rule"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"defaultSASKeyName": "RootManageSharedAccessKey",
"authRuleResourceId": "[resourceId('Microsoft.ServiceBus/namespaces/authorizationRules', parameters('serviceBusNamespaceName'), variables('defaultSASKeyName'))]",
"sbVersion": "2017-04-01"
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusNamespaceName')]",
"type": "Microsoft.ServiceBus/Namespaces",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard"
},
"properties": {},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusTopicName')]",
"type": "Topics",
"dependsOn": [
"[concat('Microsoft.ServiceBus/namespaces/', parameters('serviceBusNamespaceName'))]"
],
"properties": {
"defaultMessageTimeToLive": "P10675199DT2H48M5.4775807S",
"maxSizeInMegabytes": "1024",
"requiresDuplicateDetection": "false",
"duplicateDetectionHistoryTimeWindow": "PT10M",
"enableBatchedOperations": "false",
"supportOrdering": "false",
"autoDeleteOnIdle": "P10675199DT2H48M5.4775807S",
"enablePartitioning": "false",
"enableExpress": "false"
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusSubscriptionName')]",
"type": "Subscriptions",
"dependsOn": [
"[parameters('serviceBusTopicName')]"
],
"properties": {
"lockDuration": "PT1M",
"requiresSession": "false",
"defaultMessageTimeToLive": "P10675199DT2H48M5.4775807S",
"deadLetteringOnMessageExpiration": "false",
"maxDeliveryCount": "10",
"enableBatchedOperations": "false",
"autoDeleteOnIdle": "P10675199DT2H48M5.4775807S"
},
"resources": [
{
"apiVersion": "2017-04-01",
"name": "[parameters('serviceBusRuleName')]",
"type": "Rules",
"dependsOn": [
"[parameters('serviceBusSubscriptionName')]"
],
"properties": {
"filterType": "SqlFilter",
"sqlFilter": {
"sqlExpression": "MessageType = 'TYPE-OF-MESSAGE' AND MajorVersion = 1",
"requiresPreprocessing": "false"
},
"action": {
"sqlExpression": "SET sys.Label='TYPE-OF-MESSAGE'"
},
"CorrelationFilter": {}
}
}
]
}
]
}
]
}
],
"outputs": {
"NamespaceConnectionString": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryConnectionString]"
},
"SharedAccessPolicyPrimaryKey": {
"type": "string",
"value": "[listkeys(variables('authRuleResourceId'), variables('sbVersion')).primaryKey]"
}
}
}
Paramters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serviceBusNamespaceName": {
"value": "xxxx-test"
},
"serviceBusTopicName": {
"value": "armtopipc-test"
},
"serviceBusSubscriptionName": {
"value": "armsubscription-test"
},
"serviceBusRuleName": {
"value": "filterRule-test"
}
}
}