To create an API Connection to Azure Service Bus using Managed Identity I'm using the following template:
"resources": [
{
"type": "MICROSOFT.WEB/CONNECTIONS",
"apiVersion": "2018-07-01-preview",
"name": "[parameters('connections_servicebus_name')]",
"location": "[parameters('connections_servicebus_location')]",
"kind": "V1",
"properties": {
"alternativeParameterValues": {},
"displayName": "[parameters('connections_servicebus_displayname')]",
"api": {
"name": "[parameters('connections_servicebus_name')]",
"displayName": "[parameters('connections_servicebus_displayname')]",
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('connections_servicebus_location'), '/managedApis/', 'servicebus')]",
"type": "Microsoft.Web/locations/managedApis"
},
"customParameterValues": {},
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {}
}
}
}
]
that is actually working except for the fact that the 'NamespaceEndpoint' information (like: sb://mySBNS.servicebus.windows.net) is not provided anywhere and so the field appear empty on Azure portal:
After adding it manually, the connection and the LogicApp that is using it, start to work.
What is the json field to provide that information??
You can refer to this question for full details:
"parameterValueSet": {
"name": "managedIdentityAuth",
"values": {
"namespaceEndpoint": {
"value": "sb://<servicebus-namespace-name>.servicebus.windows.net/"
}
}
}
Related
I am trying to build an ARM template file for my Azure project. My requirement here is to,
Create a Log Analytics Workspace
Create an Automation Account
Create a variable in the Automation Account that stores the workspace id of Log Analytics Workspace.
This is pretty simple via portal but is there a way to do the same using ARM Templates?
I am using the below code but I get "Invalid JSON - Kindly check the value of the variable." error.
Here's the below ARM template snippet:
{
"type": "Microsoft.Automation/automationAccounts/variables",
"apiVersion": "2022-08-08",
"name": "[concat(parameters('automationAccount_name'), '/', parameters('automationAccount_logAnalytics_workspaceId_variable_name'))]",
"dependsOn": [
"[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccount_name'))]"
],
"properties": {
"isEncrypted": true,
"value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters(<workspace_name>))).customerId]",
"description": "The Workspace ID of Log Analytics Workspace."
}
}
With the help of this arm template, I created a template with few changes to link workspace and automation account by storing in a variable and was able to do it successfully as follows:
deploy.json:
"resources": [
{
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2020-08-01",
"name": "[parameters('workspace')]",
"location": "[parameters('location')]",
"properties": {
"sku": {
"name": "[parameters('sku')]"
}
}
},
{
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2020-01-13-preview",
"name": "[parameters('automationAccount')]",
"location": "[parameters('automationAccountLocation')]",
"dependsOn": [
"[parameters('workspace')]"
],
"properties": {
"sku": {
"name": "Basic"
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"apiVersion": "2020-08-01",
"name": "[concat(parameters('workspace'), '/' , 'Automation')]",
"location": "[parameters('location')]",
"dependsOn": [
"[parameters('workspace')]",
"[parameters('automationAccount')]"
],
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccount'))]"
}
}
]
}
Parameters.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sku": {
"value": "xxxx"
},
"workspace": {
"value": "myworkspace"
},
"automationAccount": {
"value": "myautomation"
}
}
}
Deployment succeeded:
Output after deployment:
This is a kind of newbee question on ARM templates.
I'm trying to add a private endpoint to an existing ADLS v2 storage account.
The problem is that I don't have the existing code and if I export the template I may miss something, like networking and firewall information.
Any advice on how to add a private endpoint to an existing storage account using an ARM template?
Thanks.
I tried in my environmnt and got below results:
Add a private endpoint to an existing storage account using an ARM template?
Yes, you can create private endpoint for azure ADLS account using ARM template.
Template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"privateEndpoints_venkat345_name": {
"defaultValue": "venkat345",
"type": "String"
},
"storageAccounts_venkat326_externalid": {
"defaultValue": "/subscriptions/xxxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Storage/storageAccounts/venkat326",
"type": "String"
},
"virtualNetworks_imr_externalid": {
"defaultValue": "/subscriptions/xxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Network/virtualNetworks/venkat",
"type": "String"
},
"privateDnsZones_privatelink_blob_core_windows_net_externalid": {
"defaultValue": "/subscriptions/xxxxxxxxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2022-05-01",
"name": "[parameters('privateEndpoints_venkat345_name')]",
"location": "eastus",
"tags": {
"Reason": "Repro",
"CreatedDate": "1/24/2023 4:31:05 AM",
"CreatedBy": "NA",
"OwningTeam": "NA"
},
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpoints_venkat345_name')]",
"id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_venkat345_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_venkat345_name')))]",
"properties": {
"privateLinkServiceId": "[parameters('storageAccounts_venkat326_externalid')]",
"groupIds": [
"blob"
],
"privateLinkServiceConnectionState": {
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
}
}
}
],
"manualPrivateLinkServiceConnections": [],
"customNetworkInterfaceName": "[concat(parameters('privateEndpoints_venkat345_name'), '-nic')]",
"subnet": {
"id": "[concat(parameters('virtualNetworks_venkat_externalid'), '/subnets/default')]"
},
"ipConfigurations": [],
"customDnsConfigs": []
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2022-05-01",
"name": "[concat(parameters('privateEndpoints_venkat345_name'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_venkat345_name'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "privatelink-blob-core-windows-net",
"properties": {
"privateDnsZoneId": "[parameters('privateDnsZones_privatelink_blob_core_windows_net_externalid')]"
}
}
]
}
}
]
}
You can deploy the template through the portal using custom Template deployment.
Portal -> Template deployments -> Custom deployments -> Build your own deployments.
Portal:
The above template deployed successfully, and it reflected in both in resource group and ADLS storage account.
Reference:
Use private endpoints - Azure Storage | Microsoft Learn
I'm trying to create Application Insights API keys from ARM template. I need to have the API key for write annotations created during resource deployment to have release annotations working during application deployment from Azure Devops.
I've tried to find information on how to get this working, but I can only find examples on how to use PowerShell or Azure REST API to create the keys.
What I need to get working is to create the API keys using the ARM template.
I have tried numerous attempts with json similar to this without success;
{
"name": "[variables('applicationInsightsName')]",
"type": "Microsoft.Insights/components",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"tags": {
"displayName": "[concat('Component ', variables('applicationInsightsName'))]"
},
"properties": {
"applicationId": "[variables('applicationInsightsName')]"
},
"resources": [
{
"name": "action",
"type": "apikeys",
"location": "[resourceGroup().location]",
"apiVersion": "2015-05-01",
"properties": {
"name": "Azure Devops Release Annotations",
"linkedWriteProperties": [
"[concat(resourceId('Microsoft.Insights/components', variables('applicationName')), '/annotations')]"
],
"linkedReadProperties": []
},
"dependsOn": [
"[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]"
]
}
]
}
The best information I've found so far is this, but it isn't much help.
Is it possible to have the API keys created using ARM templates?
No this is not possible, ARM Templates only mimic PUT requests, whereas the Microsoft.Insights/Components/ApiKeys/Action is a POST request.
I suggest an easy way. You are able to use outputs with reference InstrumentationKey. Then you able to use it everywhere: another resource, linked template or use outputs for the next steps by Azure DevOps.
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": "[concat('stackoverflow-', uniqueString(resourceGroup().name))]"
},
"type": {
"type": "string",
"defaultValue": "web"
},
"requestSource": {
"type": "string",
"defaultValue": "IbizaAIExtension"
}
},
"resources": [
{
"name": "[parameters('name')]",
"type": "microsoft.insights/components",
"location": "[resourceGroup().location]",
"apiVersion": "2014-08-01",
"properties": {
"ApplicationId": "[parameters('name')]",
"Application_Type": "[parameters('type')]",
"Flow_Type": "Redfield",
"Request_Source": "[parameters('requestSource')]"
}
}
],
"outputs":{
"APPINSIGHTS_INSTRUMENTATIONKEY":{
"type": "string",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('name')), '2014-08-01').InstrumentationKey]"
}
}
}
I used it many times.
I'm going around in circles since few days. I would like to link, via ARM Template, my resource "microsoft.insights/actionGroups" to a resource "Microsoft.Automation/automationAccounts/webhooks"
The webhook and the action group are both created via ARM Template. The problem is that when creating the webhook nothing can keep the uri produced by ARM. Then on my resource group the "automationRunbookReceivers" property requests the "serviceUri" parameter which is mandatory. If I refer to my webhook via the resource the uri I get is empty ...
resourceId ('Microsoft.Automation / automationAccounts / webhooks', parameters ('AzureAutomationName'), 'RunBookName')
how could I automate this process?
This is the templates I've used to generate my resources :
{
"name": "[concat(variables('automationAccountName'), '/WebHookName')]",
"type": "Microsoft.Automation/automationAccounts/webhooks",
"apiVersion": "2015-10-31",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', variables('automationAccountName'), '/runbooks/', 'RunBookName')]"
],
"properties": {
"isEnabled": "true",
"expiryTime": "2026-11-20",
"runbook": {
"name": "RunBookName"
}
}
},
{
"name": "[variables('ActionGroupName')]",
"type": "microsoft.insights/actionGroups",
"apiVersion": "2019-06-01",
"location": "Global",
"tags": {
"displayName": "ActionGroupName"
},
"properties": {
"groupShortName": "[variables('ActionGroupShortName')]",
"enabled": true,
"automationRunbookReceivers": [
{
"name": "MyRunBookReceiver",
"automationAccountId": "[resourceId('microsoft.insights/components', parameters('AzureTelemetryName'))]",
"runbookName": "RunBookName",
"webhookResourceId": "[resourceId('Microsoft.Automation/automationAccounts/webhooks', parameters('AzureAutomationName'), 'WebHookName')]",
"isGlobalRunbook": false,
"serviceUri": "listCallbackURL? resourceId? reference? other? ?????????"
}
]
}
}
I desperately need help!
Thank you!
[reference(resourceId('Microsoft.Automation/automationAccounts/webhooks', parameters('AzureAutomationName'), 'WebHookName'), '2015-10-31')].uri
return empty string
As far as I know, we only can see the url of webhook when we create it. You can use Powershell to create it and you can see url of outputs
#bit is correct - the webhook URI is only retrievable at the time of webhook creation and the property is nulled thereafter. Since you're creating both the actionGroup and the webhook in the same template, though, the deployment happens synchronously and you can refer to the webhook's URI using its .uri property.
The official Microsoft documentation has an example: https://learn.microsoft.com/en-us/azure/automation/automation-webhooks#create-runbook-and-webhook-with-arm-template
Your ARM template could be modified as follows:
{
"name": "[concat(variables('automationAccountName'), '/WebHookName')]",
"type": "Microsoft.Automation/automationAccounts/webhooks",
"apiVersion": "2015-10-31",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', variables('automationAccountName'), '/runbooks/', 'RunBookName')]"
],
"properties": {
"isEnabled": "true",
"expiryTime": "2026-11-20",
"runbook": {
"name": "RunBookName"
}
}
},
{
"name": "[variables('ActionGroupName')]",
"type": "microsoft.insights/actionGroups",
"apiVersion": "2019-06-01",
"location": "Global",
"tags": {
"displayName": "ActionGroupName"
},
"properties": {
"groupShortName": "[variables('ActionGroupShortName')]",
"enabled": true,
"automationRunbookReceivers": [
{
"name": "MyRunBookReceiver",
"automationAccountId": "[resourceId('microsoft.insights/components', parameters('AzureTelemetryName'))]",
"runbookName": "RunBookName",
"webhookResourceId": "[resourceId('Microsoft.Automation/automationAccounts/webhooks', parameters('AzureAutomationName'), 'WebHookName')]",
"isGlobalRunbook": false,
"serviceUri": "[reference(concat(variables('automationAccountName'), '/WebHookName')).uri]"
}
]
}
}
As an aside, that Microsoft doc uses an "outputs": { } object to emit the webhook URI. That's a really bad idea because the plaintext value of the URI will be recorded in the resource group deployment metadata. If you need to create the webhook and its clients asynchronously, one solution is to store the webhook URI in a Key Vault secret in the template that creates the webhook, and then consume the Key Vault secret value when deploying the webhook client.
I have created below ARM template for creating "BizTalk Transform Service "(API APP) which is using in Logic Apps.
{
"type": "Microsoft.Web/sites",
"apiVersion": "2015-08-01",
"name": "[parameters('apiapps_customertransformation_name')]",
"location": "[resourceGroup().location]",
"kind": "apiApp",
"tags": {
"packageId": "TransformService"
},
"properties": {
"name": "[parameters('apiapps_customertransformation_name')]",
"gatewaySiteName": "[parameters('gatewayName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('svcPlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "EMA_MicroserviceId",
"value": "[parameters('apiapps_customertransformation_name')]"
},
{
"name": "EMA_Secret",
"value": "[parameters('gatewayToAPIappSecret')]"
},
{
"name": "EMA_RuntimeUrl",
"value": "[concat('https://', parameters('gatewayName'), '.azurewebsites.net')]"
},
{
"name": "WEBSITE_START_SCM_ON_SITE_CREATION",
"value": "1"
}
]
}
}
},
{
"type": "Microsoft.AppService/apiapps",
"apiVersion": "2015-03-01-preview",
"name": "[parameters('apiapps_customertransformation_name')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "APIApp"
},
"properties": {
"package": {
"id": "TransformService"
},
"updatePolicy": "Auto",
"accessLevel": "PublicAnonymous",
"host": {
"resourceName": "[parameters('apiapps_customertransformation_name')]",
"resourceType": "Microsoft.Web/sites"
},
"gateway": {
"resourceName": "[parameters('gatewayName')]",
"resourceType": "Microsoft.AppService/gateways"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('apiapps_customertransformation_name'))]"
]
}
I am able to successfully created the API in Azure Portal, but when I try to add the Map component in Transform API. It says not found.
Can you please let me know how to enable map component?
Or is there any way to directly create a Map component while deploying ARM Template?
Seem that you are trying to use the preview_V1 transform, i would suggest not to use that as it will be deprecated soon.
Try the preview_V2 "Xml Transform" function in LogicApp itself.
Checkout this documentation to get startedXml Transform in LogicApps
LogicApp Documentation https://azure.microsoft.com/en-us/documentation/articles/app-service-logic-what-are-logic-apps/