Azure ARM Template user defined function - azure

I need to create 8 database and couple of collections though ARM template.I was going through the user defined function here https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-user-defined-functions to make the template simpler, Is that something I can achieve instead of copy paste the same scripts? right now, its throwing an error
Template validation failed: Unexpected initial token 'String' when
populating object.
My current Function:
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "databaseName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "['test', '/', parameters('databaseName'))]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
}
}
}
}
}
}
}
],
Is that something we can achieve?
Update: Here is the simplified version
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"type": "string",
"defaultValue": "test",
"metadata": {
"description": "Cosmos DB account name"
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "Cosmos DB database name"
}
}
},
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "databaseName",
"type": "string"
}
],
"output": {
"type": "object",
"value": {
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "[concat('/test', '/', parameters('databaseName'))]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseName')]"
}
}
}
}
}
}
}
],
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"name": "[parameters('accountName')]",
"apiVersion": "2020-04-01",
"location": "central us",
"kind": "MongoDB",
"properties": {
"isVirtualNetworkFilterEnabled": false,
"databaseAccountOfferType": "Standard",
"apiProperties": {
"serverVersion": "3.6"
}
}
},
"[contoso.uniqueName(parameters('databaseName'))]"
]
}


Looks like you're trying to create several mongodbDatabases within the databaseAccounts resource.
I recommend looking at the ARM copy element.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/copy-resources#resource-iteration
It would look roughly like:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"type": "string",
"defaultValue": "test",
"metadata": {
"description": "Cosmos DB account name"
}
},
"databaseNames": {
"type": "array",
"defaultValue": [
"contoso",
"fabrikam",
"coho"
],
"metadata": {
"description": "Cosmos DB database names array"
}
}
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"name": "[parameters('accountName')]",
"apiVersion": "2020-04-01",
"location": "central us",
"kind": "MongoDB",
"properties": {
"isVirtualNetworkFilterEnabled": false,
"databaseAccountOfferType": "Standard",
"apiProperties": {
"serverVersion": "3.6"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
"name": "[concat('/test', '/', parameters('databaseNames')[copyIndex()])]",
"apiVersion": "2020-04-01",
"dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/', 'test')]" ],
"properties": {
"resource": {
"id": "[parameters('databaseNames')[copyIndex()]]"
}
},
"copy": {
"name": "databaseCopy",
"count": "[length(parameters('databaseNames'))]"
}
}
]
}

Related

ARM Template: Api not found error with LogicApp connection

I'm tring to provision a LogicApp that has a connection to CosmosDB already setup. The CosmosDB resources get provisioned, but there's a failure with the connection.
Error:
{
"status": "Failed",
"error": {
"code": "ApiNotFound",
"message": "The API 'cosmosdb' could not be found."
} }
My ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"databaseAccounts_wkshp_cosmos_name": {
"defaultValue": "mycosmosdb",
"type": "String"
},
"backendLogicApp": {
"defaultValue": "t12msds5lg",
"type": "String"
},
"location": {
"defaultValue": "westus2",
"type": "String"
},
"cosmosConnection": {
"defaultValue": "cosmos",
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2019-05-01",
"name": "[parameters('backendLogicApp')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('cosmosConnection'))]"
],
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {},
"actions": {},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"cosmosdb": {
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('databaseAccounts_wkshp_cosmos_name'))]",
"connectionName": "cosmosdb",
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', parameters('location'), 'cosmosdb')]"
}
}
}
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2022-08-15",
"name": "[parameters('databaseAccounts_wkshp_cosmos_name')]",
"location": "[parameters('location')]",
"tags": {
"defaultExperience": "Core (SQL)",
"hidden-cosmos-mmspecial": ""
},
"kind": "GlobalDocumentDB",
"identity": {
"type": "None"
},
"properties": {
"publicNetworkAccess": "Enabled",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": false,
"virtualNetworkRules": [],
"disableKeyBasedMetadataWriteAccess": false,
"enableFreeTier": false,
"enableAnalyticalStorage": true,
"analyticalStorageConfiguration": {
"schemaType": "WellDefined"
},
"databaseAccountOfferType": "Standard",
"defaultIdentity": "FirstPartyIdentity",
"networkAclBypass": "None",
"disableLocalAuth": false,
"enablePartitionMerge": false,
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "West US",
"provisioningState": "Succeeded",
"failoverPriority": 0,
"isZoneRedundant": false
}
],
"cors": [],
"capabilities": [
{
"name": "EnableServerless"
}
],
"ipRules": [],
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 240,
"backupRetentionIntervalInHours": 8,
"backupStorageRedundancy": "Geo"
}
},
"networkAclBypassResourceIds": [],
"keysMetadata": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/SQLDatabase')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"resource": {
"id": "SQLDatabase"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/00000000-0000-0000-0000-000000000001')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"roleName": "Cosmos DB Built-in Data Reader",
"type": "BuiltInRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/00000000-0000-0000-0000-000000000002')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"roleName": "Cosmos DB Built-in Data Contributor",
"type": "BuiltInRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/SQLDatabase/transactionDb')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccounts_wkshp_cosmos_name'), 'SQLDatabase')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"resource": {
"id": "transactionDb",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/id"
],
"kind": "Hash",
"version": 2
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
},
"analyticalStorageTtl": -1
}
}
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('cosmosConnection')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"displayName": "Router",
"api": {
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', parameters('location'), 'cosmosdb')]"
},
"parameterValues": {
"connectionString": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name')), '2019-12-12').connectionStrings[0].connectionString]"
}
}
}
]
}

Try with below format for cosmos db connection,
"parameters": {
"$connections": {
"value": {
"documentdb": {
"connectionId": "[parameters('connections_documentdb_externalid')]",
"connectionName": "documentdb",
"id": "/subscriptions/xxxxx/providers/Microsoft.Web/locations/centralus/managedApis/documentdb"
}
}
}
}
I have created sample logic app which will retrieve documents from cosmos db and designer of logic app is,
Exported template from logic app and template with parameters file is downloaded.
Template.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_cosmoslapp_name": {
"defaultValue": "cosmoslapp",
"type": "String"
},
"connections_documentdb_externalid": {
"defaultValue": "/subscriptions/xxxxx/resourceGroups/so1/providers/Microsoft.Web/connections/documentdb",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_cosmoslapp_name')]",
"location": "centralus",
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Recurrence": {
"recurrence": {
"frequency": "Minute",
"interval": 3
},
"evaluatedRecurrence": {
"frequency": "Minute",
"interval": 3
},
"type": "Recurrence"
}
},
"actions": {
"Get_all_documents_(V3)": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "#parameters('$connections')['documentdb']['connectionId']"
}
},
"method": "get",
"path": "/v2/cosmosdb/#{encodeURIComponent('AccountNameFromSettings')}/dbs/#{encodeURIComponent('testdb')}/colls/#{encodeURIComponent('cid')}/docs"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"documentdb": {
"connectionId": "[parameters('connections_documentdb_externalid')]",
"connectionName": "documentdb",
"id": "/subscriptions/xxxx/providers/Microsoft.Web/locations/centralus/managedApis/documentdb"
}
}
}
}
}
}
]
}
Using custom deployment, deployed this template and another logic app created with same actions and connection to cosmos db also done.
Designer of new logic app,

ARM Template : Get the SKU of IOT hub

Using the "reference" keyword I am able to access my iot hub and list its properties. However I cannot find any reference to the SKU. How can I list the sku name/tier of an iot hub to output?

If you want to get the iot hub's sku inarm template, you can use the arm template function "reference" :
[reference(resourceId('Microsoft.Devices/IotHubs', 'hubname'),'2018-04-01','Full')]
for example
template
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"hubname": {
"type": "String"
},
"location": {
"type": "String"
},
"sku_name": {
"type": "String"
},
"sku_units": {
"type": "String"
},
"d2c_partitions": {
"type": "String"
},
"features": {
"type": "String"
},
"tags": {
"type": "Object"
},
"cloudEnvironment": {
"defaultValue": "public",
"allowedValues": [
"public",
"china",
"usgov"
],
"type": "String",
"metadata": {
"description": "Cloud environment to deploy (i.e. usgov/china/ ...)"
}
}
},
"resources": [
{
"type": "Microsoft.Devices/IotHubs",
"apiVersion": "2020-07-10-preview",
"name": "[parameters('hubname')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"sku": {
"name": "[parameters('sku_name')]",
"capacity": "[parameters('sku_units')]"
},
"properties": {
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": 1,
"partitionCount": "[parameters('d2c_partitions')]"
}
},
"features": "[parameters('features')]"
}
},
{
"type": "Microsoft.Security/IoTSecuritySolutions",
"apiVersion": "2019-08-01",
"name": "[parameters('hubname')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Devices/IotHubs', parameters('hubname'))]"
],
"properties": {
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"disabledDataSources": [],
"displayName": "[parameters('hubname')]",
"iotHubs": [
"[resourceId('Microsoft.Devices/IotHubs', parameters('hubname'))]"
],
"recommendationsConfiguration": []
}
}
],
"outputs": {
"iot": {
"type": "Object",
"value": "[reference(resourceId('Microsoft.Devices/IotHubs', parameters('hubname')),'2018-04-01','Full').sku]"
}
}
}
parameter
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hubname": {
"value": "testiot05"
},
"location": {
"value": "eastasia"
},
"sku_name": {
"value": "S1"
},
"sku_units": {
"value": "1"
},
"d2c_partitions": {
"value": "4"
},
"features": {
"value": "None"
},
"tags": {
"value": {}
},
"cloudEnvironment": {
"value": "public"
}
}
}

ARM template fails when creating event hub in multiple regions with multiple auth rules

I have an ARM template that creates Event Hub namespaces in two regions (eastus and westus2) with a event hub and multiple auth rules (on the even hub). This was working until ~16-Nov-2020 12:00PM.
Arm template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location-region1": {
"type": "string",
"defaultValue": "eastus",
"metadata": {
"description": "Name of an azure region"
}
},
"location-region2": {
"type": "string",
"defaultValue": "westus2",
"metadata": {
"description": "Name of an Azure region"
}
},
"appName": {
"type": "string",
"defaultValue": "jklm",
"metadata": {
"description": "Short name of the app or service"
}
},
"uniqueSuffix": {
"type": "string",
"defaultValue": "tst",
"metadata": {
"description": "Unique Suffix to use for the azure resources of the app or service"
}
},
"environment": {
"type": "string",
"defaultValue": "int",
"allowedValues": [
"poc",
"dev",
"int",
"uat",
"prod"
],
"metadata": {
"description": "The name of the environment"
}
},
"progressRecordsEventHubName": {
"type": "string",
"defaultValue": "progressrecords"
}
},
"variables": {
"eventHubNMApiVersion": "2018-01-01-preview",
"eventHubApiVersion": "2017-04-01",
"parentResourceGroupName": "[resourceGroup().name]",
"regionCount": 2,
"location": [
"[parameters('location-region1')]",
"[parameters('location-region2')]"
],
"appName": "[concat(parameters('appName'),'-',parameters('uniqueSuffix'),'-')]",
"copy": [
{
"name": "regionSuffix",
"count": "[variables('regionCount')]",
"input": "[concat('r',copyIndex('regionSuffix',1))]"
},
{
"name": "eventHubName",
"count": "[variables('regionCount')]",
"input": "[concat(variables('appName'),'ehub-',variables('regionSuffix')[copyIndex('eventHubName')],'-',parameters('environment'))]"
}
]
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces",
"apiVersion": "[variables('eventHubNMApiVersion')]",
"name": "[variables('eventHubName')[copyIndex()]]",
"copy": {
"name": "resourceLoop",
"count": "[variables('regionCount')]"
},
"location": "[variables('location')[copyIndex()]]",
"sku": {
"name": "Standard",
"tier": "Standard",
"capacity": 1
},
"properties": {
"zoneRedundant": false,
"isAutoInflateEnabled": true,
"maximumThroughputUnits": 1,
"kafkaEnabled": true
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs",
"apiVersion": "[variables('eventHubApiVersion')]",
"name": "[concat(variables('eventHubName')[copyIndex()], '/',parameters('progressRecordsEventHubName'))]",
"location": "[variables('location')[copyIndex()]]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubName')[copyIndex()])]"
],
"properties": {
"messageRetentionInDays": 3,
"partitionCount": 1,
"status": "Active"
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
"apiVersion": "[variables('eventHubApiVersion')]",
"name": "[concat(variables('eventHubName')[copyIndex('resourceLoop')], '/',parameters('progressRecordsEventHubName'),'/Listen')]",
"location": "[variables('location')[copyIndex()]]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces/eventhubs', variables('eventHubName')[copyIndex()],parameters('progressRecordsEventHubName'))]"
],
"properties": {
"rights": [
"Listen"
]
}
},
{
"type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
"apiVersion": "[variables('eventHubApiVersion')]",
"name": "[concat(variables('eventHubName')[copyIndex('resourceLoop')], '/',parameters('progressRecordsEventHubName'),'/Send')]",
"location": "[variables('location')[copyIndex()]]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces/eventhubs', variables('eventHubName')[copyIndex()], parameters('progressRecordsEventHubName'))]"
],
"properties": {
"rights": [
"Send"
]
}
}
]
}
]
}
],
"functions": [
],
"outputs": {}
}
Now this template fails when I run Test-AzureRmResourceGroupDeployment (add -Debug to see real error)
Error:
Test-AzureRmResourceGroupDeployment : Encountered internal server error. Diagnostic information: timestamp '20201119T072227Z' ......
After some troubleshooting I identified that removing the second auth rule in the template fixes the issue.
I actually need more than 1 auth rule. What could be causing the above template to fail? I can't seem to find anything wrong with it.
Below you can find successful template - With 1 auth rule on the Event Hub
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location-region1": {
"type": "string",
"defaultValue": "eastus"
},
"location-region2": {
"type": "string",
"defaultValue": "westus2"
},
"appName": {
"type": "string",
"defaultValue": "jklm",
"metadata": {
"description": "Short name of the app or service"
}
},
"uniqueSuffix": {
"type": "string",
"defaultValue": "tst",
"metadata": {
"description": "Unique Suffix to use for the azure resources of the app or service"
}
},
"environment": {
"type": "string",
"defaultValue": "int",
"allowedValues": [
"poc",
"dev",
"int",
"uat",
"prod"
],
"metadata": {
"description": "The name of the environment"
}
},
"progressRecordsEventHubName": {
"type": "string",
"defaultValue": "progressrecords"
}
},
"variables": {
"eventHubNMApiVersion": "2018-01-01-preview",
"eventHubApiVersion": "2017-04-01",
"parentResourceGroupName": "[resourceGroup().name]",
"regionCount": 2,
"location": [
"[parameters('location-region1')]",
"[parameters('location-region2')]"
],
"appName": "[concat(parameters('appName'),'-',parameters('uniqueSuffix'),'-')]",
"copy": [
{
"name": "regionSuffix",
"count": "[variables('regionCount')]",
"input": "[concat('r',copyIndex('regionSuffix',1))]"
},
{
"name": "eventHubName",
"count": "[variables('regionCount')]",
"input": "[concat(variables('appName'),'ehub-',variables('regionSuffix')[copyIndex('eventHubName')],'-',parameters('environment'))]"
}
]
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces",
"apiVersion": "[variables('eventHubNMApiVersion')]",
"name": "[variables('eventHubName')[copyIndex()]]",
"copy": {
"name": "resourceLoop",
"count": "[variables('regionCount')]"
},
"location": "[variables('location')[copyIndex()]]",
"sku": {
"name": "Standard",
"tier": "Standard",
"capacity": 1
},
"properties": {
"zoneRedundant": false,
"isAutoInflateEnabled": true,
"maximumThroughputUnits": 1,
"kafkaEnabled": true
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs",
"apiVersion": "[variables('eventHubApiVersion')]",
"name": "[concat(variables('eventHubName')[copyIndex()], '/',parameters('progressRecordsEventHubName'))]",
"location": "[variables('location')[copyIndex()]]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubName')[copyIndex()])]"
],
"properties": {
"messageRetentionInDays": 3,
"partitionCount": 1,
"status": "Active"
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
"apiVersion": "[variables('eventHubApiVersion')]",
"name": "[concat(variables('eventHubName')[copyIndex('resourceLoop')], '/',parameters('progressRecordsEventHubName'),'/Listen')]",
"location": "[variables('location')[copyIndex()]]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces/eventhubs', variables('eventHubName')[copyIndex()],parameters('progressRecordsEventHubName'))]"
],
"properties": {
"rights": [
"Listen"
]
}
}
]
}
]
}
],
"functions": [
],
"outputs": {}
}

Worked with Azure support on this. There was an issue on the Azure side. It auto resolved today (11/19/2020). Template no longer fails with multiple auth rules.

This article may be useful: https://www.rickvandenbosch.net/blog/error-creating-service-bus-authorization-rules-using-arm/.
I think the template is not expecting the same resource twice, because these Listen, Send authorization rules can be combined like below:
"resources": [
{
"type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
"apiVersion": "[variables('eventHubApiVersion')]",
"name": "[concat(variables('eventHubName')[copyIndex('resourceLoop')], '/',parameters('progressRecordsEventHubName'),'/Listen')]",
"location": "[variables('location')[copyIndex()]]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces/eventhubs', variables('eventHubName')[copyIndex()],parameters('progressRecordsEventHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Send"
]
}
},

Application Gateway ARM Template - Parameter for Enabling Firewall

I have a working ARM Template to deploy an Application Gateway with WAF Enabled, this is currently always enabling the Firewall and setting the Firewall Mode based on parameters.
We want to parameterize enabling the WAF so that an AGW can be deployed without WAF
The object in the properties looks like:
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
The parameter file has these set:
"firewallEnabled": false,
"Tier": "Standard",
"skuSize": "Standard_Medium",
However on deployment it errors out trying to enable the Firewall
New-AzResourceGroupDeployment : 11:28:27 AM - Error:
Code=ApplicationGatewayFirewallCannotBeEnabledForSelectedSku;
Message=Application Gateway
/subscriptions//providers/Microsoft.Network/applicationGatewa
ys/EXAMPLE-AGW does not support WebApplicationFirewall with the
selected SKU tier Standard
It looks like it's still trying to enable the firewall even though the "enabled:" property would be false, I would assume it would ignore the rest of the properties in the object but obviously not. Can anyone see what I'm doing wrong here?

Reason for Failure: As WebApplicationFirewall is not supported for Standard Tier AppGateway, the template VALIDATION will fail even if enabled is set to false as validation sees "webApplicationFirewallConfiguration" key itself as invalid for Standard Tier.
Fix: Use Nested Templates to create a child deployment of an Application Gateway template without "webApplicationFirewallConfiguration" if firewall is disabled, else the one with "webApplicationFirewallConfiguration" if firewall is enabled along with firewall mode value in the parameters file.
Working Sample: Please find below the root template for deployment along with two templates with firewall enabled and disabled as well. Then, it has two parameters file - one for firewall enabled and other for disabled one.
To try out this sample, follow the below steps:
Upload the two Child templates in a Blob Storage.
Make this Blob Container, where templates are uploaded, Public accessible or use SAS token while creating the template's url.
Update the variables "appGatewaysTemplateWaffalse" and "appGatewaysTemplateWaftrue" in root template with urls of uploaded child templates.
Go https://portal.azure.com/#create/Microsoft.Template -> "Build your own template in the editor".
Use this updated root template with urls and the parameter file (enabled or disabled) as desired.
Root Template (VNet + Child Deployment):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "virtual network address range"
}
},
"subnetName": {
"type": "string",
"defaultValue": "subnet1",
"metadata": {
"description": "Subnet Name"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/24",
"metadata": {
"description": "Subnet prefix"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]",
"appGatewaysTemplateWaffalse": "https://da2.blob.core.windows.net/templates/app-gateway-waf-false.json",
"appGatewaysTemplateWaftrue": "https://da2.blob.core.windows.net/templates/app-gateway-waf-true.json"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"name": "azure-appGateways-non-waf-deployment",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables(concat('appGatewaysTemplateWaf',string(parameters('applicationGateway').firewallEnabled)))]"
},
"parameters": {
"applicationGateway": {
"value": "[parameters('applicationGateway')]"
},
"location": {
"value": "[parameters('location')]"
},
"subnetRef": {
"value": "[variables('subnetRef')]"
}
}
}
}
]
}
Child Template without webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Child Template with webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
},
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Parameters with firewall disabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "false",
"skuTier": "Standard",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "Standard_Small",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}
Parameters with firewall enabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "true",
"firewallMode": "Detection",
"skuTier": "WAF",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "WAF_Medium",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}

Not sure why this is happening, but you can always do this:
"variables": {
"waffalse": {
"enabled": false
},
"waftrue": {
"enabled": true,
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
}
...
"webApplicationFirewallConfiguration": "[variables(concat('waf', string(parameters('applicationGateway').firewallEnabled)))]"
so use one variable or the other depending on condition

Parameters as array copy() not working in resource

I am trying to send array of email values as parameters and trying to deploy 'Action group' using 'Copy' in the resource template .My Action group template is getting deployed without errors but email fields are empty. I was passing two email values as parameters. I'm stuck with this for a day. It would be great if someone throw some lights on where i am going wrong.
Template.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroupName": {
"type": "string",
"defaultValue": "newActionGroup",
"metadata": {
"description": "Unique name (within the Resource Group) for the Action group."
}
},
"actionGroupShortName": {
"type": "string",
"defaultValue": "newActionGroup",
"metadata": {
"description": "Short name (maximum 12 characters) for the Action group."
}
},
"emailReceiverName": {
"type": "array",
"metadata": {
"description": "email receiver service Name."
}
},
"emailReceiverAddress": {
"type": "array",
"metadata": {
"description": "email receiver address."
}
}
},
"variables": {
"customemailReceiverName": "[array(parameters('emailReceiverName'))]",
"customemailReceiverAddress": "[parameters('emailReceiverAddress')]"
},
"resources": [
{
"type": "Microsoft.Insights/actionGroups",
"name": "[parameters('actionGroupName')]",
"apiVersion": "2018-03-01",
"location": "Global",
"properties": {
"groupShortName": "[parameters('actionGroupShortName')]",
"copy": [
{
"name": "counts",
"count": "[length(parameters('emailReceiverName'))]",
"input": {
"emailReceivers": [
{
"name": "[parameters('emailReceiverName')[copyIndex('counts')]",
"emailAddress": "[parameters('emailReceiverAddress')[copyIndex('counts')]]"
}
]
}
}
]
}
}
] }
Parameter.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroupName": {
"value": "actiongroupslb"
},
"actionGroupShortName": {
"value": "agSLB"
},
"emailReceiverName": {
"value": ["siva","siva1"]
},
"emailReceiverAddress": {
"value": ["siva#gmail.com","svaji#gmail.com"]
}
}
}
Action group created with missing email values

Here's whats working for me:
{
"type": "Microsoft.Insights/actionGroups",
"apiVersion": "2018-03-01",
"name": "[variables('actionGroups')[copyIndex()].Name]",
"copy": {
"name": "ActionGroupCopy",
"count": "[length(parameters('emailReceiverName'))]"
},
"location": "Global",
"properties": {
"groupShortName": "[variables('actionGroups')[copyIndex()].Name]",
"enabled": true,
"emailReceivers": [
{
"name": "[variables('actionGroups')[copyIndex()].EmailName]",
"emailAddress": "[variables('actionGroups')[copyIndex()].EmailAddress]"
}
]
}
},
Here's the variable:
"actionGroups": [
{
"Name": "teamname",
"EmailAddress": "email#domain.com",
"EmailName": "emailname"
},
{
"Name": "teamname1",
"EmailAddress": "email1#domain.com",
"EmailName": "emailname1"
}
],
If you need multiple receivers, use the resource property copy function, not resource:
{
"type": "Microsoft.Insights/actionGroups",
"apiVersion": "2018-03-01",
"name": "name",
"location": "Global",
"properties": {
"groupShortName": "name",
"enabled": true,
"copy": [
{
"name": "emailReceivers",
"count": "[length(parameters('emailReceiverName'))]",
"input": {
"name": "[parameters('emailReceiverName')[copyIndex('emailReceivers')]]",
"emailAddress": "[parameters('emailReceiverAddress')[copyIndex('emailReceivers')]]"
}
}
]
}
},
this is assuming they map 1-to-1

Resources