How to Add Blob lifecycle rule to ARM template - azure

I have an already created ARM template based on my existing resource group,
recently I added a new configuration to my blob storage in my account storage, I needed to manage its life cycle, which was fortunately available on the azure portal by adding a rule :
or by adding this json code:
{
"rules": [
{
"name": "ruleFoo",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": {
"blobTypes": [ "blockBlob" ],
"prefixMatch": [ "container1/foo" ]
},
"actions": {
"baseBlob": {
"tierToCool": { "daysAfterModificationGreaterThan": 30 },
"tierToArchive": { "daysAfterModificationGreaterThan": 90 },
"delete": { "daysAfterModificationGreaterThan": 2555 }
},
"snapshot": {
"delete": { "daysAfterCreationGreaterThan": 90 }
}
}
}
}
]
}
but what's not clear to me is in which part of my blob service section
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "[variables('storageAccount_version')]",
"name": "[concat(variables('storageAccount_name'), '/default')]",
"tags": {
"displayName": "Storage Account - Blob Service"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccount_name'))]"
],
"properties": {
"cors": {
"corsRules": []
},
"deleteRetentionPolicy": {
"enabled": false
}
}
},
I would appreciate any help! thanks !


The following template creates storage account and it's blob lifecycle.
The key is to name the lifecycle resource with storage account name prefix and add
the dependsOn section.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "ajstoragetest444"
}
},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"location": "westeurope",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
}
},
{
"name": "[concat(parameters('storageAccountName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/managementPolicies",
"apiVersion": "2019-06-01",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"policy": {
"rules": [
{
"name": "ruleFoo",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": {
"blobTypes": [
"blockBlob"
],
"prefixMatch": [
"container1/foo"
]
},
"actions": {
"baseBlob": {
"tierToCool": {
"daysAfterModificationGreaterThan": 30
},
"tierToArchive": {
"daysAfterModificationGreaterThan": 90
},
"delete": {
"daysAfterModificationGreaterThan": 2555
}
},
"snapshot": {
"delete": {
"daysAfterCreationGreaterThan": 90
}
}
}
}
}
]
}
}
}
]
}


Please take a look at this article, and note the name: default in the example below, this is the ONLY allowed name for storageAccounts/managementPolicies:
{
"name": "default",
"type": "Microsoft.Storage/storageAccounts/managementPolicies",
"apiVersion": "2019-04-01",
"properties": {
"policy": {
"rules": [
{
"enabled": "boolean",
"name": "string",
"type": "Lifecycle",
"definition": {
"actions": {
"baseBlob": {
"tierToCool": {
"daysAfterModificationGreaterThan": "number"
},
"tierToArchive": {
"daysAfterModificationGreaterThan": "number"
},
"delete": {
"daysAfterModificationGreaterThan": "number"
}
},
"snapshot": {
"delete": {
"daysAfterCreationGreaterThan": "number"
}
}
},
"filters": {
"prefixMatch": [
"string"
],
"blobTypes": [
"string"
]
}
}
}
]
}
}
}

Related

ARM Template: Api not found error with LogicApp connection

I'm tring to provision a LogicApp that has a connection to CosmosDB already setup. The CosmosDB resources get provisioned, but there's a failure with the connection.
Error:
{
"status": "Failed",
"error": {
"code": "ApiNotFound",
"message": "The API 'cosmosdb' could not be found."
} }
My ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"databaseAccounts_wkshp_cosmos_name": {
"defaultValue": "mycosmosdb",
"type": "String"
},
"backendLogicApp": {
"defaultValue": "t12msds5lg",
"type": "String"
},
"location": {
"defaultValue": "westus2",
"type": "String"
},
"cosmosConnection": {
"defaultValue": "cosmos",
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2019-05-01",
"name": "[parameters('backendLogicApp')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', parameters('cosmosConnection'))]"
],
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {},
"actions": {},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"cosmosdb": {
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('databaseAccounts_wkshp_cosmos_name'))]",
"connectionName": "cosmosdb",
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', parameters('location'), 'cosmosdb')]"
}
}
}
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2022-08-15",
"name": "[parameters('databaseAccounts_wkshp_cosmos_name')]",
"location": "[parameters('location')]",
"tags": {
"defaultExperience": "Core (SQL)",
"hidden-cosmos-mmspecial": ""
},
"kind": "GlobalDocumentDB",
"identity": {
"type": "None"
},
"properties": {
"publicNetworkAccess": "Enabled",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": false,
"virtualNetworkRules": [],
"disableKeyBasedMetadataWriteAccess": false,
"enableFreeTier": false,
"enableAnalyticalStorage": true,
"analyticalStorageConfiguration": {
"schemaType": "WellDefined"
},
"databaseAccountOfferType": "Standard",
"defaultIdentity": "FirstPartyIdentity",
"networkAclBypass": "None",
"disableLocalAuth": false,
"enablePartitionMerge": false,
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "West US",
"provisioningState": "Succeeded",
"failoverPriority": 0,
"isZoneRedundant": false
}
],
"cors": [],
"capabilities": [
{
"name": "EnableServerless"
}
],
"ipRules": [],
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 240,
"backupRetentionIntervalInHours": 8,
"backupStorageRedundancy": "Geo"
}
},
"networkAclBypassResourceIds": [],
"keysMetadata": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/SQLDatabase')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"resource": {
"id": "SQLDatabase"
}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/00000000-0000-0000-0000-000000000001')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"roleName": "Cosmos DB Built-in Data Reader",
"type": "BuiltInRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/00000000-0000-0000-0000-000000000002')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"roleName": "Cosmos DB Built-in Data Contributor",
"type": "BuiltInRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2022-08-15",
"name": "[concat(parameters('databaseAccounts_wkshp_cosmos_name'), '/SQLDatabase/transactionDb')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccounts_wkshp_cosmos_name'), 'SQLDatabase')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"resource": {
"id": "transactionDb",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/id"
],
"kind": "Hash",
"version": 2
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
},
"analyticalStorageTtl": -1
}
}
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('cosmosConnection')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name'))]"
],
"properties": {
"displayName": "Router",
"api": {
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', parameters('location'), 'cosmosdb')]"
},
"parameterValues": {
"connectionString": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccounts_wkshp_cosmos_name')), '2019-12-12').connectionStrings[0].connectionString]"
}
}
}
]
}

Try with below format for cosmos db connection,
"parameters": {
"$connections": {
"value": {
"documentdb": {
"connectionId": "[parameters('connections_documentdb_externalid')]",
"connectionName": "documentdb",
"id": "/subscriptions/xxxxx/providers/Microsoft.Web/locations/centralus/managedApis/documentdb"
}
}
}
}
I have created sample logic app which will retrieve documents from cosmos db and designer of logic app is,
Exported template from logic app and template with parameters file is downloaded.
Template.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workflows_cosmoslapp_name": {
"defaultValue": "cosmoslapp",
"type": "String"
},
"connections_documentdb_externalid": {
"defaultValue": "/subscriptions/xxxxx/resourceGroups/so1/providers/Microsoft.Web/connections/documentdb",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('workflows_cosmoslapp_name')]",
"location": "centralus",
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Recurrence": {
"recurrence": {
"frequency": "Minute",
"interval": 3
},
"evaluatedRecurrence": {
"frequency": "Minute",
"interval": 3
},
"type": "Recurrence"
}
},
"actions": {
"Get_all_documents_(V3)": {
"runAfter": {},
"type": "ApiConnection",
"inputs": {
"host": {
"connection": {
"name": "#parameters('$connections')['documentdb']['connectionId']"
}
},
"method": "get",
"path": "/v2/cosmosdb/#{encodeURIComponent('AccountNameFromSettings')}/dbs/#{encodeURIComponent('testdb')}/colls/#{encodeURIComponent('cid')}/docs"
}
}
},
"outputs": {}
},
"parameters": {
"$connections": {
"value": {
"documentdb": {
"connectionId": "[parameters('connections_documentdb_externalid')]",
"connectionName": "documentdb",
"id": "/subscriptions/xxxx/providers/Microsoft.Web/locations/centralus/managedApis/documentdb"
}
}
}
}
}
}
]
}
Using custom deployment, deployed this template and another logic app created with same actions and connection to cosmos db also done.
Designer of new logic app,

Azure Template Spec Deploy shows error as "You will need to Agree to the terms of service below to create this resource successfully"

The Vnet, Subnet, NSG, Virtual Machine, etc. are created in a Resource group on one Subscription and downloaded template via Export template option in Resource Group.
This template is imported to another subcription and stored as Template Spec and updated new subcription id instead old subscription.
if I deploy this template, I am getting the following error in the Review + create tab.
"You will need to Agree to the terms of service below to create this resource successfully."
Please find the screenshot.
There is no checkbox and not sure if I have to update the template to avoid this issue.
Please advise.
Please find the template in github
I am not able to export the template and use that either in the same subscription or other subscription. Since I am practicing Azure every time I have to start from begining.
I want to save the resource as a template, delete it and use it again when I practice next time. Please advise for this use case.
How
Thanks

We have tried the same to create Virtual machines ,vnet, NSG, Nic etc. from our end after exporting the template and it works fine .
NOTE 1:- When we are exporting the template for Vms there is zone in it. Make sure that you have removed when you are trying to deploy from your environment tools.
Template that we used, You can also try the same sample script in your environment with providing your requirements name and details many times for hands-on:-
example.json:-
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"networkInterfaceName1": {
"type": "string"
},
"enableAcceleratedNetworking": {
"type": "bool"
},
"networkSecurityGroupName": {
"type": "string"
},
"networkSecurityGroupRules": {
"type": "array"
},
"subnetName": {
"type": "string"
},
"virtualNetworkName": {
"type": "string"
},
"addressPrefixes": {
"type": "array"
},
"subnets": {
"type": "array"
},
"publicIpAddressName1": {
"type": "string"
},
"publicIpAddressType": {
"type": "string"
},
"publicIpAddressSku": {
"type": "string"
},
"pipDeleteOption": {
"type": "string"
},
"virtualMachineName": {
"type": "string"
},
"virtualMachineName1": {
"type": "string"
},
"virtualMachineComputerName1": {
"type": "string"
},
"virtualMachineRG": {
"type": "string"
},
"osDiskType": {
"type": "string"
},
"osDiskDeleteOption": {
"type": "string"
},
"virtualMachineSize": {
"type": "string"
},
"nicDeleteOption": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"adminPassword": {
"type": "secureString"
},
"patchMode": {
"type": "string"
},
"enableHotpatching": {
"type": "bool"
}
},
"variables": {
"nsgId": "[resourceId(resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]",
"vnetName": "[parameters('virtualNetworkName')]",
"vnetId": "[resourceId(resourceGroup().name,'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
"subnetRef": "[concat(variables('vnetId'), '/subnets/', parameters('subnetName'))]"
},
"resources": [
{
"name": "[parameters('networkInterfaceName1')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-03-01",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]",
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
"[concat('Microsoft.Network/publicIpAddresses/', parameters('publicIpAddressName1'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic",
"publicIpAddress": {
"id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', parameters('publicIpAddressName1'))]",
"properties": {
"deleteOption": "[parameters('pipDeleteOption')]"
}
}
}
}
],
"enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]",
"networkSecurityGroup": {
"id": "[variables('nsgId')]"
}
}
},
{
"name": "[parameters('networkSecurityGroupName')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-02-01",
"location": "[parameters('location')]",
"properties": {
"securityRules": "[parameters('networkSecurityGroupRules')]"
}
},
{
"name": "[parameters('virtualNetworkName')]",
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-11-01",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": "[parameters('addressPrefixes')]"
},
"subnets": "[parameters('subnets')]"
}
},
{
"name": "[parameters('publicIpAddressName1')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "2020-08-01",
"location": "[parameters('location')]",
"properties": {
"publicIpAllocationMethod": "[parameters('publicIpAddressType')]"
},
"sku": {
"name": "[parameters('publicIpAddressSku')]"
},
"zones": [
"1"
]
},
{
"name": "[parameters('virtualMachineName1')]",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-07-01",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', parameters('networkInterfaceName1'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('virtualMachineSize')]"
},
"storageProfile": {
"osDisk": {
"createOption": "fromImage",
"managedDisk": {
"storageAccountType": "[parameters('osDiskType')]"
},
"deleteOption": "[parameters('osDiskDeleteOption')]"
},
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2019-datacenter-gensecond",
"version": "latest"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName1'))]",
"properties": {
"deleteOption": "[parameters('nicDeleteOption')]"
}
}
]
},
"osProfile": {
"computerName": "[parameters('virtualMachineComputerName1')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]",
"windowsConfiguration": {
"enableAutomaticUpdates": true,
"provisionVmAgent": true,
"patchSettings": {
"enableHotpatching": "[parameters('enableHotpatching')]",
"patchMode": "[parameters('patchMode')]"
}
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true
}
}
}
}
],
"outputs": {
"adminUsername": {
"type": "string",
"value": "[parameters('adminUsername')]"
}
}
}
deploy.parameter.json:-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "westus2"
},
"networkInterfaceName1": {
"value": "ajt_z1"
},
"enableAcceleratedNetworking": {
"value": true
},
"networkSecurityGroupName": {
"value": "ajxxx-nsg"
},
"networkSecurityGroupRules": {
"value": []
},
"subnetName": {
"value": "default"
},
"virtualNetworkName": {
"value": "ajxxxx"
},
"addressPrefixes": {
"value": [
"10.0.0.0/16"
]
},
"subnets": {
"value": [
{
"name": "default",
"properties": {
"addressPrefix": "10.0.0.0/24"
}
}
]
},
"publicIpAddressName1": {
"value": "ajx-ip"
},
"publicIpAddressType": {
"value": "Static"
},
"publicIpAddressSku": {
"value": "Standard"
},
"pipDeleteOption": {
"value": "Detach"
},
"virtualMachineName": {
"value": "ajxxxxxx"
},
"virtualMachineName1": {
"value": "ajxxxxxx"
},
"virtualMachineComputerName1": {
"value": "ajxxxxxx"
},
"virtualMachineRG": {
"value": "ajxxxxxx"
},
"osDiskType": {
"value": "Premium_LRS"
},
"osDiskDeleteOption": {
"value": "Delete"
},
"virtualMachineSize": {
"value": "Standard_D2s_v3"
},
"nicDeleteOption": {
"value": "Detach"
},
"adminUsername": {
"value": "xxxistrator1"
},
"adminPassword": {
"value": "xxxxrator#1"
},
"patchMode": {
"value": "AutomaticByOS"
},
"enableHotpatching": {
"value": false
}
}
}
OUTPUT DETAILS:-
NOTE:-2 So if the resource is being created and you are again try to create the same resource with the same name ,It will through error which is genuine.make sure that we are changing the resource name accordingly
For more information please refer the below links:-
-MICROSOFT DOCUMENTATION:- Create and deploy Virtual machine and its resources using ARM

How to enforce that Delete Retention is configured on Azure Storage by using a deployIfNotExists policy?

I would like to create a policy that automatically applies a delete retention policy of 14 days to every new storage created. I think that this is possible by using a deployIfNotExists policy, but I was not able to find a sample JSON or anything on the Internet.

I spoke with Microsoft, and they uploaded an example that worked fine. This would be the json extracted from Community-Policy:
{
"properties": {
"displayName": "Deploy Soft-Delete for Blobs",
"mode": "All",
"description": "This policy enables soft-delete for blobs.",
"parameters": {
"retentionInDays": {
"type": "Integer",
"minValue": 1,
"maxValue": 365,
"defaultValue": 7,
"metadata": {
"displayName": "Retention in days",
"description": "This defines how long the deleted object should be retained for. Allowed values are 1 to 365."
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "kind",
"in": [
"Storage",
"StorageV2",
"BlobStorage",
"BlockBlobStorage"
]
}
]
},
"then": {
"effect": "DeployIfNotExists",
"details": {
"type": "Microsoft.Storage/storageAccounts/blobServices",
"existenceCondition": {
"field": "Microsoft.Storage/storageAccounts/blobServices/default.deleteRetentionPolicy.enabled",
"equals": true
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
},
"retentionInDays": {
"type": "int"
}
},
"variables": {},
"resources": [
{
"name": "[concat(parameters('storageAccountName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2019-06-01",
"properties": {
"deleteRetentionPolicy": {
"enabled": true,
"days": "[parameters('retentionInDays')]"
}
}
}
],
"outputs": {}
},
"parameters": {
"storageAccountName": {
"value": "[field('name')]"
},
"retentionInDays": {
"value": "[parameters('retentionInDays')]"
}
}
}
}
}
}
}
}
}

You can try the code below(by the way, no time to test it at my side):
{
"mode":"All",
"policyRule":{
"if":{
"field":"type",
"equals":"Microsoft.Storage/storageAccounts"
},
"then":{
"effect":"deployIfNotExists",
"details":{
"type":"Microsoft.Storage/storageAccounts",
"roleDefinitionIds":[
"xxx"
],
"deployment":{
"properties":{
"mode":"incremental",
"template":{
"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"storageAccountName":{
"type":"String",
"metadata":{
"description":"storageAccountName"
}
},
"location":{
"type":"String",
"metadata":{
"description":"location"
}
}
},
"variables":{
},
"resources":[
{
"type":"Microsoft.Storage/storageAccounts",
"apiVersion":"2019-06-01",
"name":"[parameters('storageAccountName')]",
"location":"[parameters('location')]",
"resources":[
{
"name":"default",
"type":"Microsoft.Storage/storageAccounts/managementPolicies",
"apiVersion":"2019-06-01",
"properties":{
"policy":{
"rules":[
"xxx"
]
}
}
}
]
}
],
"outputs":{
}
},
"parameters":{
"storageAccountName":{
"value":"[field('Name')]"
},
"location":{
"value":"[field('location')]"
}
}
}
}
}
}
},
"parameters":{
}
}
Here is the details of the json format of Life cycle management.

Why does setting CosmosDB throughputSettings result in "Entity with the specified id does not exist in the system"?

While trying to deploy a CosmosDB instance with 2 collections ("MyCollection1", "MyCollection2") I keep getting the error:
NotFound: Entity with the specified id does not exist in the system
So I keep searching for "resourceId" in my custom ARM template (please see below) but cannot find the erorr cause.
I don't understand, why does not the pipeline at least print the line number for me?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"defaultValue": "my-cosmosdb",
"type": "String"
}
},
"variables": {
"resourceName": "[concat(resourceGroup().name, '-', parameters('accountName'))]",
"resourceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]",
"apiVersion": "[providers('Microsoft.DocumentDB', 'databaseAccounts').apiVersions[0]]"
},
"outputs": {
"CosmosDbConnectionString": {
"type": "string",
"value": "[concat('AccountEndpoint=https://', variables('resourceName'), '.documents.azure.com:443/;AccountKey=', listKeys(variables('resourceId'), variables('apiVersion')).primaryMasterKey, ';')]"
},
"DatabaseName": {
"type": "string",
"value": "MyDB"
},
"CollectionName1": {
"type": "string",
"value": "MyCollection1"
},
"CollectionName2": {
"type": "string",
"value": "MyCollection2"
}
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2020-03-01",
"name": "[variables('resourceName')]",
"location": "[resourceGroup().location]",
"tags": {
"defaultExperience": "DocumentDB"
},
"kind": "GlobalDocumentDB",
"properties": {
"publicNetworkAccess": "Enabled",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": false,
"virtualNetworkRules": [],
"disableKeyBasedMetadataWriteAccess": false,
"databaseAccountOfferType": "Standard",
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "[resourceGroup().location]",
"provisioningState": "Succeeded",
"failoverPriority": 0,
"isZoneRedundant": false
}
],
"capabilities": []
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyDB"
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/MyCollection1')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyCollection1",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
}
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/MyCollection2')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyCollection2",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
}
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
]
}
UPDATE:
I have removed the part creating collections and the error is still there.
UPDATE 2:
The following part seemingly causes the error, but why?
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
What is wrong with the dependsOn entry "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]?
UPDATE 3:
Trying to deploy the complete ARM template listed above manually results in:

Try setting your throughput in the options for your database.
UPDATE: You cannot specify throughput on a resource that did not have it when initially provisioned. Databases and containers provisioned without throughput cannot be updated later to have it. Conversely, a resource provisioned with throughput, cannot be updated to remove. You must delete and recreate the resource. This will require migrating your data.
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyDB"
},
"options": { "throughput": "[parameters('throughput')]" }
}
},
btw, there are lots of samples you can use to start with here Cosmos DB templates

The following has worked for me, I had to replace "sqlDatabases/throughputSettings" by "sqlDatabases/containers/throughputSettings":
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/', variables('DatabaseName'), '/', variables('CollectionName1'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers', variables('resourceName'), variables('databaseName'), variables('CollectionName1'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), variables('databaseName'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
And then similar entry for CollectionName2

Application Gateway ARM Template - Parameter for Enabling Firewall

I have a working ARM Template to deploy an Application Gateway with WAF Enabled, this is currently always enabling the Firewall and setting the Firewall Mode based on parameters.
We want to parameterize enabling the WAF so that an AGW can be deployed without WAF
The object in the properties looks like:
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
The parameter file has these set:
"firewallEnabled": false,
"Tier": "Standard",
"skuSize": "Standard_Medium",
However on deployment it errors out trying to enable the Firewall
New-AzResourceGroupDeployment : 11:28:27 AM - Error:
Code=ApplicationGatewayFirewallCannotBeEnabledForSelectedSku;
Message=Application Gateway
/subscriptions//providers/Microsoft.Network/applicationGatewa
ys/EXAMPLE-AGW does not support WebApplicationFirewall with the
selected SKU tier Standard
It looks like it's still trying to enable the firewall even though the "enabled:" property would be false, I would assume it would ignore the rest of the properties in the object but obviously not. Can anyone see what I'm doing wrong here?

Reason for Failure: As WebApplicationFirewall is not supported for Standard Tier AppGateway, the template VALIDATION will fail even if enabled is set to false as validation sees "webApplicationFirewallConfiguration" key itself as invalid for Standard Tier.
Fix: Use Nested Templates to create a child deployment of an Application Gateway template without "webApplicationFirewallConfiguration" if firewall is disabled, else the one with "webApplicationFirewallConfiguration" if firewall is enabled along with firewall mode value in the parameters file.
Working Sample: Please find below the root template for deployment along with two templates with firewall enabled and disabled as well. Then, it has two parameters file - one for firewall enabled and other for disabled one.
To try out this sample, follow the below steps:
Upload the two Child templates in a Blob Storage.
Make this Blob Container, where templates are uploaded, Public accessible or use SAS token while creating the template's url.
Update the variables "appGatewaysTemplateWaffalse" and "appGatewaysTemplateWaftrue" in root template with urls of uploaded child templates.
Go https://portal.azure.com/#create/Microsoft.Template -> "Build your own template in the editor".
Use this updated root template with urls and the parameter file (enabled or disabled) as desired.
Root Template (VNet + Child Deployment):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "virtual network name"
}
},
"vnetAddressPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "virtual network address range"
}
},
"subnetName": {
"type": "string",
"defaultValue": "subnet1",
"metadata": {
"description": "Subnet Name"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/24",
"metadata": {
"description": "Subnet prefix"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]",
"appGatewaysTemplateWaffalse": "https://da2.blob.core.windows.net/templates/app-gateway-waf-false.json",
"appGatewaysTemplateWaftrue": "https://da2.blob.core.windows.net/templates/app-gateway-waf-true.json"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"name": "azure-appGateways-non-waf-deployment",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables(concat('appGatewaysTemplateWaf',string(parameters('applicationGateway').firewallEnabled)))]"
},
"parameters": {
"applicationGateway": {
"value": "[parameters('applicationGateway')]"
},
"location": {
"value": "[parameters('location')]"
},
"subnetRef": {
"value": "[variables('subnetRef')]"
}
}
}
}
]
}
Child Template without webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Child Template with webApplicationFirewallConfiguration:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"type": "object",
"metadata": {
"description": "Application gateway specific information"
}
},
"subnetRef": {
"type": "string",
"defaultValue": "subnet id",
"metadata": {
"description": "Subnet Id"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {},
"resources": [
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGateway').applicationGatewayName]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[parameters('applicationGateway').applicationGatewaySize]",
"tier": "[parameters('applicationGateway').skuTier]",
"capacity": "[parameters('applicationGateway').applicationGatewayInstanceCount]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('applicationGateway').frontendPort]"
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": "[parameters('applicationGateway').backendIPAddresses]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('applicationGateway').backendPort]",
"Protocol": "Http",
"CookieBasedAffinity": "[parameters('applicationGateway').cookieBasedAffinity]"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIpConfiguration": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('applicationGateway').firewallEnabled]",
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
},
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateway').applicationGatewayName), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
]
}
}
]
}
Parameters with firewall disabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "false",
"skuTier": "Standard",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "Standard_Small",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}
Parameters with firewall enabled:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateway": {
"value": {
"firewallEnabled": "true",
"firewallMode": "Detection",
"skuTier": "WAF",
"applicationGatewayName": "yourappgateway",
"applicationGatewaySize": "WAF_Medium",
"applicationGatewayInstanceCount": 1,
"frontendPort": 80,
"backendPort": 80,
"backendIPAddresses": [
{
"IpAddress": "10.0.0.7"
},
{
"IpAddress": "10.0.0.8"
},
{
"IpAddress": "10.0.0.9"
}
],
"cookieBasedAffinity": "Disabled"
}
},
"virtualNetworkName": {
"value": "yourvnetname"
},
"vnetAddressPrefix": {
"value": "10.0.0.0/16"
},
"subnetName": {
"value": "yoursubnet"
},
"subnetPrefix": {
"value": "10.0.0.0/24"
}
}
}

Not sure why this is happening, but you can always do this:
"variables": {
"waffalse": {
"enabled": false
},
"waftrue": {
"enabled": true,
"firewallMode": "[parameters('applicationGateway').firewallMode]",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0"
}
}
...
"webApplicationFirewallConfiguration": "[variables(concat('waf', string(parameters('applicationGateway').firewallEnabled)))]"
so use one variable or the other depending on condition

Resources