Related
I'm trying to execute this instruction of Azure CLI:
az deployment sub create --name "ThisIsATest" --location northeurope
--template-file /Users/muzcateg/Documents/TeaBotframeworkVIP/DeploymentTemplates/template-with-new-rg.json
--parameters appId="7450874d-a8cb-4613-b021-621a34b21bbb" appSecret="ThisIsATest123456789" botId="ThisIsATest" botSku=F0 newAppServicePlanName="ThisIsATestServicePlan" newWebAppName="ThisIsATestWebApp" groupName="ThisIsATestResources" groupLocation="northeurope" newAppServicePlanLocation="northeurope"
--output json
And I'm getting this error:
{
'additionalProperties': {},
'code': 'InvalidTemplate',
'message': "Deployment template validation failed: 'The resource '/subscriptions/63c45336-738e-4431-b8cd-21097fd6a9f4/resourceGroups/ThisIsATestResources/providers/Microsoft.BotService/botServices/ThisIsATest/channels/MsTeamsChannel' at line '1' and column '2080' doesn't depend on parent resource '/subscriptions/63c45336-738e-4431-b8cd-21097fd6a9f4/resourceGroups/ThisIsATestResources/providers/Microsoft.BotService/botServices/ThisIsATest'. Please add dependency explicitly using the 'dependsOn' syntax. Please see https://aka.ms/arm-template/#resources for usage details.'.",
'target': None,
'details': None,
'additionalInfo': [{
'additionalProperties': {},
'type': 'TemplateViolation',
'info': {
'lineNumber': 1,
'linePosition': 2080,
'path': 'properties.template.resources[2].resources[0]'
}
}]
}
I'm using the standard template (template-with-new-rg.json) from the Botframework GIT examples, I have tried a lot of changes to see if I can make it work but with no success.
A colleague of mine is executing the instruction correctly in her PC, She is using CLI 2.7.0, I was using 2.8.0 and I change it to 2.7.0 too, we are supposed to have the same permissions in Azure.
Just in case, this is the template code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"groupLocation": {
"type": "string",
"metadata": {
"description": "Specifies the location of the Resource Group."
}
},
"groupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Resource Group."
}
},
"appId": {
"type": "string",
"metadata": {
"description": "Active Directory App ID, set as MicrosoftAppId in the Web App's Application Settings."
}
},
"appSecret": {
"type": "string",
"metadata": {
"description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings."
}
},
"botId": {
"type": "string",
"metadata": {
"description": "The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable."
}
},
"botSku": {
"type": "string",
"metadata": {
"description": "The pricing tier of the Bot Service Registration. Acceptable values are F0 and S1."
}
},
"newAppServicePlanName": {
"type": "string",
"metadata": {
"description": "The name of the App Service Plan."
}
},
"newAppServicePlanSku": {
"type": "object",
"defaultValue": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"metadata": {
"description": "The SKU of the App Service Plan. Defaults to Standard values."
}
},
"newAppServicePlanLocation": {
"type": "string",
"metadata": {
"description": "The location of the App Service Plan. Defaults to \"westus\"."
}
},
"newWebAppName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The globally unique name of the Web App. Defaults to the value passed in for \"botId\"."
}
}
},
"variables": {
"appServicePlanName": "[parameters('newAppServicePlanName')]",
"resourcesLocation": "[parameters('newAppServicePlanLocation')]",
"webAppName": "[if(empty(parameters('newWebAppName')), parameters('botId'), parameters('newWebAppName'))]",
"siteHost": "[concat(variables('webAppName'), '.azurewebsites.net')]",
"botEndpoint": "[concat('https://', variables('siteHost'), '/api/messages')]"
},
"resources": [
{
"name": "[parameters('groupName')]",
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('groupLocation')]",
"properties": {
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "storageDeployment",
"resourceGroup": "[parameters('groupName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('groupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"comments": "Create a new App Service Plan",
"type": "Microsoft.Web/serverfarms",
"name": "[variables('appServicePlanName')]",
"apiVersion": "2018-02-01",
"location": "[variables('resourcesLocation')]",
"sku": "[parameters('newAppServicePlanSku')]",
"properties": {
"name": "[variables('appServicePlanName')]"
}
},
{
"comments": "Create a Web App using the new App Service Plan",
"type": "Microsoft.Web/sites",
"apiVersion": "2015-08-01",
"location": "[variables('resourcesLocation')]",
"kind": "app",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
],
"name": "[variables('webAppName')]",
"properties": {
"name": "[variables('webAppName')]",
"serverFarmId": "[variables('appServicePlanName')]",
"siteConfig": {
"appSettings": [
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "10.14.1"
},
{
"name": "MicrosoftAppId",
"value": "[parameters('appId')]"
},
{
"name": "MicrosoftAppPassword",
"value": "[parameters('appSecret')]"
}
],
"cors": {
"allowedOrigins": [
"https://botservice.hosting.portal.azure.net",
"https://hosting.onecloud.azure-test.net/"
]
}
}
}
},
{
"apiVersion": "2017-12-01",
"type": "Microsoft.BotService/botServices",
"name": "[parameters('botId')]",
"location": "global",
"kind": "bot",
"sku": {
"name": "[parameters('botSku')]"
},
"properties": {
"name": "[parameters('botId')]",
"displayName": "[parameters('botId')]",
"endpoint": "[variables('botEndpoint')]",
"msaAppId": "[parameters('appId')]",
"developerAppInsightsApplicationId": null,
"developerAppInsightKey": null,
"publishingCredentials": null,
"storageResourceId": null
},
"resources": [
{
"name": "MsTeamsChannel",
"type": "channels",
"location": "global",
"apiVersion": "2018-07-12",
"kind": "bot",
"properties": {
"channelName": "MsTeamsChannel"
},
"dependsOn": [
"[resourceId('Microsoft.BotService/botServices', parameters('botId'))]"
]
}
],
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', variables('webAppName'))]"
]
}
],
"outputs": {}
}
}
}
]
}
Thanks in advance for any help.
The template just works on the old version of de Azure CLI in our case 2.0.7, so after lots of test and reading we end up deploying this JSON file with Azure CLI 2.7.0 and 2.8.0
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appId": {
"type": "string",
"metadata": {
"description": "Active Directory App ID, set as MicrosoftAppId in the Web App's Application Settings."
}
},
"appSecret": {
"type": "string",
"metadata": {
"description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Defaults to \"\"."
}
},
"botId": {
"type": "string",
"metadata": {
"description": "The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable."
}
},
"botSku": {
"defaultValue": "F0",
"type": "string",
"metadata": {
"description": "The pricing tier of the Bot Service Registration. Acceptable values are F0 and S1."
}
},
"newAppServicePlanName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The name of the new App Service Plan."
}
},
"newAppServicePlanSku": {
"type": "object",
"defaultValue": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"metadata": {
"description": "The SKU of the App Service Plan. Defaults to Standard values."
}
},
"appServicePlanLocation": {
"type": "string",
"metadata": {
"description": "The location of the App Service Plan."
}
},
"existingAppServicePlan": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Name of the existing App Service Plan used to create the Web App for the bot."
}
},
"existingAppServicePlanResourceGroup": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Name of the resource group for the existing App Service Plan used to create the Web App for the bot."
}
},
"newWebAppName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The globally unique name of the Web App. Defaults to the value passed in for \"botId\"."
}
}
},
"variables": {
"defaultAppServicePlanName": "[if(empty(parameters('existingAppServicePlan')), 'createNewAppServicePlan', parameters('existingAppServicePlan'))]",
"useExistingAppServicePlan": "[not(equals(variables('defaultAppServicePlanName'), 'createNewAppServicePlan'))]",
"servicePlanName": "[if(variables('useExistingAppServicePlan'), parameters('existingAppServicePlan'), parameters('newAppServicePlanName'))]",
"resourcesLocation": "[parameters('appServicePlanLocation')]",
"webAppName": "[if(empty(parameters('newWebAppName')), parameters('botId'), parameters('newWebAppName'))]",
"siteHost": "[concat(variables('webAppName'), '.azurewebsites.net')]",
"botEndpoint": "[concat('https://', variables('siteHost'), '/api/messages')]"
},
"resources": [
{
"comments": "Create a new App Service Plan if no existing App Service Plan name was passed in.",
"type": "Microsoft.Web/serverfarms",
"condition": "[not(variables('useExistingAppServicePlan'))]",
"name": "[variables('servicePlanName')]",
"apiVersion": "2018-02-01",
"location": "[variables('resourcesLocation')]",
"sku": "[parameters('newAppServicePlanSku')]",
"properties": {
"name": "[variables('servicePlanName')]"
}
},
{
"comments": "Create a Web App using an App Service Plan",
"type": "Microsoft.Web/sites",
"apiVersion": "2015-08-01",
"location": "[variables('resourcesLocation')]",
"kind": "app",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
],
"name": "[variables('webAppName')]",
"properties": {
"name": "[variables('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "10.14.1"
},
{
"name": "MicrosoftAppId",
"value": "[parameters('appId')]"
},
{
"name": "MicrosoftAppPassword",
"value": "[parameters('appSecret')]"
}
],
"cors": {
"allowedOrigins": [
"https://botservice.hosting.portal.azure.net",
"https://hosting.onecloud.azure-test.net/"
]
},
"webSocketsEnabled": true
}
}
},
{
"apiVersion": "2017-12-01",
"type": "Microsoft.BotService/botServices",
"name": "[parameters('botId')]",
"location": "global",
"kind": "bot",
"sku": {
"name": "[parameters('botSku')]"
},
"properties": {
"name": "[parameters('botId')]",
"displayName": "[parameters('botId')]",
"endpoint": "[variables('botEndpoint')]",
"msaAppId": "[parameters('appId')]",
"developerAppInsightsApplicationId": null,
"developerAppInsightKey": null,
"publishingCredentials": null,
"storageResourceId": null
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', variables('webAppName'))]"
]
}
]
}
Thanks to all.
Using ARM I created a function APP and an event grid topic.
Now, from the same ARM, I want to create a subscription to the topic, but to do it, I need to deploy functions into the function App before.
Is it possible to deploy my functions from the same ARM? Or Do I must to have two different ARMs, one to create all stuff (storage and topics) except functions related and another one the create all resources that need the functions deployed (event subscriptions)? In the second case, I will need to deploy functions in the middle.
I'm looking for one ARM to deploy the full infrastructure from zero (including functions in the function app). Is this possible? How?
According to my test, we can create these resources in one template. For example
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"eventGridTopicName": {
"type": "string",
"defaultValue": "EventGridTopic",
"metadata": {
"description": "The name of the Event Grid custom topic."
}
},
"eventGridSubscriptionName": {
"type": "string",
"defaultValue": "EventGridSub",
"metadata": {
"description": "The name of the Event Grid custom topic's subscription."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location in which the Event Grid resources should be deployed."
}
},
"appName": {
"type": "string",
"defaultValue": "Func",
"metadata": {
"description": "The name of the function app that you wish to create."
}
},
"functionName": {
"type": "string",
"defaultValue": "EventGridFunction",
"metadata": {
"description": "Function App Name"
}
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"runtime": {
"type": "string",
"defaultValue": "dotnet",
"allowedValues": [
"node",
"dotnet",
"java"
],
"metadata": {
"description": "The language worker runtime to load in the function app."
}
}
},
"variables": {
"eventGridTopic": "[concat(uniquestring(resourceGroup().id),parameters('EventGridTopicName'))]",
"eventGridSub": "[concat(uniquestring(resourceGroup().id),parameters('eventGridSubscriptionName'))]",
"functionUrl": "[concat('https://', variables('FunctionAppName'),'.azurewebsites.net/runtime/webhooks/eventgrid?functionName=', parameters('FunctionName'),'&code=')]",
"functionAppName": "[concat(uniquestring(resourceGroup().id),parameters('appName'))]",
"hostingPlanName": "[parameters('appName')]",
"applicationInsightsName": "[parameters('appName')]",
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'azfunction')]",
"functionWorkerRuntime": "[parameters('runtime')]"
},
"resources": [
// create event topic
{
"name": "[variables('eventGridTopic')]",
"type": "Microsoft.EventGrid/topics",
"location": "[parameters('location')]",
"apiVersion": "2020-04-01-preview",
},
// create event topic subscrition
{
"name": "[concat(variables('eventGridTopic'), '/Microsoft.EventGrid/', variables('eventGridSub'))]",
"type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
"location": "[parameters('location')]",
"apiVersion": "2020-04-01-preview",
"dependsOn": [
"[variables('eventGridTopic')]",
"[resourceId('Microsoft.Web/sites/functions/', variables('functionAppName'), parameters('functionName'))]"
],
"properties": {
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[resourceId('Microsoft.Web/sites/functions/', variables('functionAppName'), parameters('functionName'))]"
}
},
"filter": {
}
}
},
// create storage account
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-12-01",
"location": "[parameters('location')]",
"kind": "Storage",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
// create host plan
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-02-01",
"name": "[variables('hostingPlanName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Y1",
"tier": "Dynamic"
},
"properties": {
"name": "[variables('hostingPlanName')]",
"computeMode": "Dynamic"
}
},
// create function app
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/sites",
"name": "[variables('functionAppName')]",
"location": "[parameters('location')]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"[concat('microsoft.insights/components/', variables('applicationInsightsName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(variables('functionAppName'))]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('microsoft.insights/components/', variables('applicationInsightsName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "[variables('functionWorkerRuntime')]"
}
]
}
}
},
// create event gride trigger function
{
"apiVersion": "2019-08-01",
"name": "[concat(variables('functionAppName'),'/', parameters('functionName'))]",
"type": "Microsoft.Web/sites/functions",
"dependsOn":[ "[variables('functionAppName')]"],
"properties": {
"config": {
"bindings": [
{
"name": "eventGridEvent",
"direction": "in",
"type": "eventGridTrigger"
}
]
},
"files":{
// the code
"run.csx":"#r \"Microsoft.Azure.EventGrid\"\r\nusing Microsoft.Azure.EventGrid.Models;\r\n\r\npublic static void Run(EventGridEvent eventGridEvent, ILogger log)\r\n{\r\n log.LogInformation(eventGridEvent.Data.ToString());\r\n}"
}
}
},
// create application insight
{
"apiVersion": "2018-05-01-preview",
"name": "[variables('applicationInsightsName')]",
"type": "microsoft.insights/components",
"location": "East US",
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', variables('applicationInsightsName'))]": "Resource"
},
"properties": {
"ApplicationId": "[variables('applicationInsightsName')]",
"Request_Source": "IbizaWebAppExtensionCreate"
}
}
],
"outputs": {
}
}
For more details, please refer to the blog.
`
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"InputstorageAccount": {
"defaultValue": "inputstgdev",
"type": "String"
},
"GitrepoBranch": {
"type": "string",
"defaultValue": "master",
"metadata": {
"description": "Name of the branch to use when deploying (Default = master)."
}
},
"GitrepoURL": {
"type": "string",
"defaultValue": "https://github.com/FBoucher/AzUnzipEverything.git",
"metadata": {
"description": "URL to repo (Default = master)."
}
},
"InputcontainerName": {
"type": "string",
"defaultValue": "inputcontainer",
"metadata": {
"description": "Specifies the name of the blob container."
}
},
"OutputstorageAccount": {
"defaultValue": "outputstgdev",
"type": "String"
},
"OutputcontainerName": {
"type": "string",
"defaultValue": "outputcontainer",
"metadata": {
"description": "Specifies the name of the blob container."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('InputstorageAccount'), '/default/', parameters('InputcontainerName'))]",
"properties": {
"publicAccess": "None"
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('OutputstorageAccount'), '/default/', parameters('OutputcontainerName'))]",
"properties": {
"publicAccess": "None"
}
},
{
"name": "serviceplan",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "F1",
"capacity": 1
},
"tags": {
"displayName": "serviceplan"
},
"properties": {
"name": "serviceplan"
}
},
{
"name": "functionapp",
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', 'serviceplan')]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('InputstorageAccount'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serviceplan')]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('InputstorageAccount'), ';AccountKey=', listKeys(parameters('InputcontainerName'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('InputstorageAccount'), ';AccountKey=', listKeys(parameters('InputcontainerName'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('InputstorageAccount'), ';AccountKey=', listKeys(parameters('InputcontainerName'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower('functionapp')]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('microsoft.insights/components/', 'applicationInsightsName'), '2015-05-01').InstrumentationKey]"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
}
]
}
},
"resources":[
{
"apiVersion": "2015-08-01",
"name": "web",
"type": "sourcecontrols",
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', parameters('InputstorageAccount'))]"
],
"properties": {
"RepoUrl": "[parameters('GitrepoURL')]",
"branch": "[parameters('GitrepoBranch')]",
"publishRunbook": true,
"IsManualIntegration": true
}
}
]
}
]
}
`I have a storage account called STGaccount which I created with the Azure portal and would like to use ARM template to create a container called inputcontainer in this STGaccount. Each time I try to do so I get an error message saying that the storage account STGaccount I am trying to create with the ARM template already exist in the resource group....So i guess I am writing my ARM template in a way that it still creates a new storage account with a name similar to the one I already have in the resource group. What I actually want to do is to reference the already existing storage account in my ARM template such that i do not have to create a new one.
Thanks in advance as I look forward to your response
Try this ARM template, this will help you to create a container in the existing Storage account.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"defaultValue": "STGaccount",
"type": "String"
},
"containerName": {
"type": "string",
"defaultValue": "inputcontainer",
"metadata": {
"description": "Specifies the name of the blob container."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('containerName'))]",
"properties": {
"publicAccess": "None"
}
}
]
}
I am trying to deploy a Http triggered Azure Function App in Azure Government through ARM template. Initially I got the name conflict error There was a conflict. The remote name could not be resolved: 'sftestgovstorage.file.core.windows.net'. I tried to solve this error by following the link. After which I tried listing the function app keys and tried creating a new key. I am getting the error message Internal Server Error.
I even tried adding the WEBSITE_CONTENTAZUREFILECONNECTIONSTRING setting into configuration with the storage account connection string with suffix ;EndpointSuffix=core.usgovcloudapi.net. But I am still not able to list or create new function app keys.
I am using the following code to create a new function key
HttpClient _client = new HttpClient();
_client.DefaultRequestHeaders.Add("Authorization", "Bearer " + jwtToken);
var response = await
_client.PostAsync($"https://functionAppName.azurewebsites.us/admin/host/keys/{keyName}", null);
The ARM template used is
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"coreFunctionApp_appServicePlanName": {
"type": "string",
"metadata": {
"description": "Name of the app service plan to host core function app."
},
"defaultValue": "SL360-Prod-BAM-Appsvc"
},
"coreFunctionApp_applicationInsightsName": {
"type": "string",
"metadata": {
"description": "Name of the application insights for the core function
app."
},
"defaultValue": "SL360-Prod-BAM-AppInsights"
},
"coreFunctionAppName": {
"type": "string",
"metadata": {
"description": "Name of the core function app"
},
"defaultValue": "SL360-Prod-BAM-FunApp"
},
"BAMConnectionString": {
"type": "string",
"metadata": {
"description": "BAM Connection String"
},
"defaultValue": "SL360-BAMConnectionString"
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Name of the Storage account namespace"
},
"defaultValue": "SL360-Prod-BAM-Storage"
},
"storageContainerName": {
"type": "string",
"metadata": {
"description": "Name of the Storage account container"
},
"defaultValue": "SL360-Prod-BAM-Storage-container"
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
"variables": {
"storageAccountid": "
[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/',
parameters('storageAccountName'))]",
"serverFarmApiVersion": "2018-02-01",
"storageApiVersion": "
[providers('Microsoft.Storage','storageAccounts').apiVersions[0]]",
"sitesApiVersion": "2018-11-01",
"insightsApiVersion": "2015-05-01"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "[variables('storageApiVersion')]",
"kind": "Storage",
"location": "[resourceGroup().location]",
"name": "[parameters('storageAccountName')]",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"apiVersion": "[variables('serverFarmApiVersion')]",
"dependsOn": [],
"location": "[resourceGroup().location]",
"name": "[parameters('coreFunctionApp_appServicePlanName')]",
"properties": {
"name": "[parameters('coreFunctionApp_appServicePlanName')]",
"computeMode": "Dynamic"
},
"sku": {
"name": "Y1",
"tier": "Dynamic"
},
"type": "Microsoft.Web/serverfarms"
},
{
"apiVersion": "[variables('insightsApiVersion')]",
"location": "[resourceGroup().location]",
"name": "[parameters('coreFunctionApp_applicationInsightsName')]",
"properties": {
"Application_Type": "web",
"ApplicationId": "
[parameters('coreFunctionApp_applicationInsightsName')]"
},
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/providers/Microsoft.Web/sites/', parameters('coreFunctionAppName'))]": "Resource"
},
"type": "Microsoft.Insights/components"
}, {
"apiVersion": "[variables('sitesApiVersion')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms',
parameters('coreFunctionApp_appServicePlanName'))]",
"[resourceId('Microsoft.Insights/components',
parameters('coreFunctionApp_applicationInsightsName'))]",
"[resourceId('Microsoft.Storage/storageAccounts',
parameters('storageAccountName'))]"
],
"kind": "functionapp",
"location": "[resourceGroup().location]",
"name": "[parameters('coreFunctionAppName')]",
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms',
parameters('coreFunctionApp_appServicePlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',
parameters('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',
parameters('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "6.5.0"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(concat('microsoft.insights/components/',
parameters('coreFunctionApp_applicationInsightsName'))).InstrumentationKey]"
}
]
}
},
"type": "Microsoft.Web/sites"
},
],
"outputs":
"StorageAccessKey": {
"type": "string",
"value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts',
parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]"
}
}
}
Can anyone help me solve this issue?
Azure SQL Database Threat Detection feature has been in General Preview since November 2015.
https://azure.microsoft.com/en-us/blog/threat-detection-public-preview/
However, I could not find out how can one turn on this feature and its dependency (Azure SQL Database Auditing) in the ARM template, neither in the Azure Quickstart Templates nor Azure Resource Manager Schema GitHubs links.
azure-quickstart-templates
azure-resource-manager-schemas
Appreciate if anyone who knows can answer on this.
Thanks very much.
Here are 2 sample templates:
First one, enable Auditing and Threat Detection for the whole SQL server.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"metadata": {
"description": "The name of the new database server to create."
}
},
"serverLocation": {
"type": "string",
"metadata": {
"description": "The location of the database server."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The account name to use for the database server administrator."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password to use for the database server administrator."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Standard",
"metadata": {
"description": "The type of database to create. The available options are: Web, Business, Basic, Standard, and Premium."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "S0",
"metadata": {
"description": "The name corresponding to the performance level for edition. The available options are: Shared, Basic, S0, S1, S2, S3, P1, P2, and P3."
}
},
"eventTypesToAudit": {
"type": "string",
"defaultValue":"All",
"metadata": {
"description": "The event type to audit."
}
}
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
}
},
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('serverLocation')]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "firewallrules"
},
{
"apiVersion": "2014-04-01-preview",
"type": "auditingPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]"
],
"properties": {
"auditingState": "Enabled",
"storageAccountName": "<your-storage-account-name>",
"storageAccountKey": "<your-storage-account-key>",
"storageAccountResourceGroupName": "<your-storage-account-resource-group-name>",
"storageAccountSubscriptionId": "<your-storage-account-subscriptionid>",
"eventTypesToAudit": "parameters('eventTypesToAudit')"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "securityAlertPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/auditingPolicies/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": "",
"emailAddresses": "abcd#efgh.com",
"emailAccountAdmins": "true"
}
}
]
}
]
}
Second one, enable Auditing and Threat Detection only for a specific database.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"metadata": {
"description": "The name of the new database server to create."
}
},
"serverLocation": {
"type": "string",
"metadata": {
"description": "The location of the database server."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The account name to use for the database server administrator."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password to use for the database server administrator."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Standard",
"metadata": {
"description": "The type of database to create. The available options are: Web, Business, Basic, Standard, and Premium."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "S0",
"metadata": {
"description": "The name corresponding to the performance level for edition. The available options are: Shared, Basic, S0, S1, S2, S3, P1, P2, and P3."
}
},
"eventTypesToAudit": {
"type": "string",
"defaultValue":"All",
"metadata": {
"description": "The event type to audit."
}
}
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"resources":[
{
"apiVersion": "2014-04-01-preview",
"type": "auditingPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]"
],
"properties": {
"auditingState": "Enabled",
"storageAccountName": "<your-storage-account-name>",
"storageAccountKey": "<your-storage-account-key>",
"storageAccountResourceGroupName": "<your-storage-account-resource-group-name>",
"storageAccountSubscriptionId": "<your-storage-account-subscriptionid>",
"eventTypesToAudit": "parameters('eventTypesToAudit')"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "securityAlertPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'), '/auditingPolicies/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": "",
"emailAddresses": "abcd#efgh.com",
"emailAccountAdmins": "true"
}
}
]
},
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('serverLocation')]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "firewallrules"
}
]
}
]
}
Note: Please don't forget to replace the information for the storage account.
Actually, Yoav Rubin has already answered your question in comment of the blog. And, I have tested the answer, and have done some refinement.
There was a change in the last week which requires 2 more parameters to the securityAlertPolicies section:
"storageEndpoint": "https://<storage account name>.blob.core.windows.net/",
"storageAccountAccessKey": "<storage account key>"
This is so the service can write the alerts generated to your storage account as well.
The answer from Jack Zeng was close, but (at this point in time) you need auditingSettings to point to blob storage, since security alerting doesn't work with table storage. So add the following auditingSettings and securityAlertPolicies as child resources of the Microsoft.Sql/servers resource.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[parameters('sqlserverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"properties": {},
"resources": [
{
"apiVersion": "2015-05-01-preview",
"type": "auditingSettings",
"name": "Default",
"dependsOn": [
"[parameters('sqlserverName')]",
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"State": "Enabled",
"storageEndpoint": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"storageAccountSubscriptionId": "[subscription().subscriptionId]",
"eventTypesToAudit": "All"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "securityAlertPolicies",
"name": "DefaultSecurityAlert",
"dependsOn": [
"[parameters('sqlserverName')]",
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]",
"[concat('Microsoft.Sql/servers/', parameters('sqlserverName'), '/auditingSettings/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": "",
"emailAddresses": "[parameters('securityAlertPolicyEmails')]",
"emailAccountAdmins": "Enabled",
"retentionDays": "10",
"storageEndpoint": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]"
}
}
]
}
]
}
Sources:
The blob storage auditing config is from here: https://blogs.msdn.microsoft.com/azuresqldbsupport/2017/01/11/arm-template-turning-on-blob-auditing/
The threat detection resource config is from here (note that the storage auditing config from this example didn't work for me): https://blogs.msdn.microsoft.com/azuresqldbsupport/2017/01/11/arm-template-to-deploy-server-with-auditing-and-threat-detection-turned-on/