Why is my ARM-deployment in a Invalidrequestformat - azure

ARM template
Hey guys, we're trying out to implement a few new templates where we deploy a private Endpoint in an existing subnet. We've successfully set the PrivateEndpoint policies property using ARM, however when deploying the private Endpoint resource we run into a problem:
"resources": [
{
"name": "[variables('privateEndpointName')]",
"location": "[resourceGroup().location]",
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2019-04-01",
"properties": {
"subnet": {
"id": "[parameters('subnetId')]"
},
"PrivateLinkServiceConnections": [
{
"properties": {
"privateLinkServiceId": "[parameters('privateLinkResource')]",
"groupIds": "[parameters('targetSubResource')]",
"requestMessage": "[parameters('requestMessage')]"
}
}
]
},
"tags": {
}
}
]
The parameters fed to the template are identical to deployment when using the portal and contain full resource URI's. Deploying to another resource, storage account or SQL has the same outcome.
We've verified the variable privateEndpointName using an empty deployment generating just output. So that's not the issue, but we still receive the following error:
Error
New-AzResourceGroupDeployment : 11:56:20 - Resource Microsoft.Network/privateEndpoints 'privateEndpointSubnet-pe-nameofthesqlserver' failed with message '{
"error": {
"code": "InvalidRequestFormat",
"message": "Cannot parse the request.",
"details": []
}
}'
Portal Template
Deployment with this using the portal is successful
"resources": [
{
"location": "[parameters('location')]",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"dependsOn": [
"[parameters('subnetDeploymentName')]"
],
"apiVersion": "2019-04-01",
"properties": {
"subnet": {
"id": "[parameters('subnet')]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('privateLinkResource')]",
"groupIds": "[parameters('targetSubResource')]"
}
}
]
},
"tags": {}
},
{
"apiVersion": "2017-05-10",
"name": "[parameters('subnetDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('virtualNetworkResourceGroup')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "tst2testst-weu-vnet-t/subnet-1",
"id": "/subscriptions/removedsubid/resourceGroups/blabla3/providers/Microsoft.Network/virtualNetworks/tst2testst-weu-vnet-t/subnets/subnet-1",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "192.168.0.0/24",
"networkSecurityGroup": {
"id": "/subscriptions/removedsubid/resourceGroups/blabla3/providers/Microsoft.Network/networkSecurityGroups/vnet-id-nsg"
},
"serviceEndpoints": [],
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2019-04-01"
}
]
}
}
}
]

Fixed!
privateLinkServiceConnections JSON-object also requires a name, doesn't look required in the Private Endpoint Arm reference. I'll set up a GitHub issue for it.

Related

Enable update management for automation account

I am trying to link automation account with log analytics and enable update management with below arm template. The resources are getting linked, however not enabling update management. Am I missing something in code
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces','Dev-Loganalyticsworkspace')]",
"[resourceId('Microsoft.Automation/automationAccounts','Dev-Automationaccount')]"
],
"name": "Dev-Loganalyticsworkspace/automation",
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts', 'Dev-Automationaccount')]"
},
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"location": "CentralIndia",
"apiVersion": "2020-08-01"
}
]
}
Please find below the updated code. This is executing succesfully, but as mentioned, update management is unable to found
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "Dev-Automationaccount",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"sku": {
"name": "Basic"
}
},
"tags": {
"displayName": "Automation Account.",
"provider": "Kyniac"
},
"comments": "The automation account for LogAnalytics WorkSpace",
"type": "Microsoft.Automation/automationAccounts",
"location": "UK South",
"apiVersion": "2021-06-22"
},
{
"name": "Dev-Loganalyticsworkspace",
"properties": {
"features": {
"searchVersion": 1
},
"sku": {
"retentionInDays": 120,
"resourcePermissions": true,
"heartbeatTableRetention": 90,
"name": "pergb2018"
}
},
"tags": {
"displayName": "LAWorkspace for storing all the logs and metrics.",
"provider": "Kyniac"
},
"comments": "LAWorkspace for storing all the logs and metrics.",
"type": "Microsoft.OperationalInsights/workspaces",
"location": "UK South",
"apiVersion": "2021-12-01-preview"
},
{
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces','Dev-Loganalyticsworkspace')]",
"[resourceId('Microsoft.Automation/automationAccounts','Dev-Automationaccount')]"
],
"name": "Dev-Loganalyticsworkspace/automation",
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts', 'Dev-Automationaccount')]"
},
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"location": "UK South",
"apiVersion": "2020-08-01"
},
{
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces', 'Dev-Loganalyticsworkspace')]"
],
"name": "Updates(Dev-Loganalyticsworkspace)",
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', 'Dev-Loganalyticsworkspace')]"
},
"plan": {
"name": "Updates(Dev-Loganalyticsworkspace)",
"product": "OMSGallery/Updates",
"publisher": "Microsoft",
"promotionCode": " "
},
"type": "Microsoft.OperationsManagement/solutions",
"location": "UK South",
"apiVersion": "2015-11-01-preview"
}
]
}
I have tried running your shared arm template in my local visual studio using the PowerShell cmdlet New-AzResourceGroupDeployment Template validation is falling with below error.
New-AzResourceGroupDeployment: 14:51:17 - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The resource 'Microsoft.Automation/automationAccounts/<automationAccount>' is not defined in the template. Please see https://aka.ms/arm-template for usage details.'.
You need to create log analytics solution to enable update management of automation account with log analytics.
I have made the necessary changes to your ARM template that you have shared earlier:
Here is the ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"automationAccountName": {
"type": "string"
},
"workspaceName": {
"type": "string"
}
},
"functions": [],
"variables": {
"updates": {
"name": "[concat('Updates', '(', parameters('workspaceName'), ')')]",
"galleryName": "Updates"
}
},
"resources": [
{
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2021-12-01-preview",
"name":"[parameters('workspaceName')]",
"location":"westus",
"properties":{
"sku": {
"name": "PerGB2018"
}
},
"resources": [
{
"type":"Microsoft.OperationsManagement/solutions",
"apiVersion":"2015-11-01-preview",
"location":"westus",
"name": "[variables('updates').name]",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('updates').name)]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
],
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
},
"plan": {
"name": "[variables('updates').name]",
"publisher": "Microsoft",
"promotionCode": "",
"product": "[concat('OMSGallery/', variables('updates').galleryName)]"
}
}
]
},
{
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2021-06-22",
"name":"[parameters('automationAccountName')]",
"location":"westus",
"properties":{
"sku": {
"name": "Basic"
}
}
},
{
"type":"Microsoft.OperationalInsights/workspaces/linkedServices",
"apiVersion": "2020-08-01",
"name": "[concat(parameters('workspaceName'),'/','Automation')]",
"dependsOn":[
"[resourceId('Microsoft.OperationalInsights/workspaces',parameters('workspaceName'))]",
"[resourceId('Microsoft.Automation/automationAccounts',parameters('automationAccountName'))]"
],
"location":"westus",
"properties": {
"resourceId":"[resourceId('Microsoft.Automation/automationAccounts/',parameters('automationAccountName'))]"
}
}
],
"outputs": {}
}
I have tested the above ARM template and it is working fine from my end. I would suggest you to test it from your end as well.

Tags in ARM file not visible in Azure portal

I have multiple tags mentioned in my deployement yml file , but they are not visible inside Azure portal app service. None of the following tags visible to Azure portal. only cost-Center tag can be found.
"resources": [
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites/slots",
"comments": "",
"location": "[resourceGroup().location]",
"dependsOn": [
"[variables('webAppDeployment')]"
],
"kind": "app",
"name": "[concat(parameters('siteName'),'/','staging')]",
"properties": {
"serverFarmId": "[parameters('appServicePlanResourceId')]"
},
"tags": {
"displayName": "TEST",
"Module": "MM",
"SubModule": "ABD"
}
]
To test this in our local environment, we have created a new ARM Template that will create an app service plan, web app & a staging slot to that web app with a list of tags that were shared above.
While testing the template, deployment got succeeded & we were able to see the tags of the webapp slot in the portal.
Here is the sample output for reference:
For reference , here is the sample ARM template that we have created to test this:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"web-appname": {
"type": "string"
},
"appservicename": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('appservicename')]",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-12-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "S1"
},
"properties": {
"name": "[parameters('appservicename')]"
}
},
{
"name": "[parameters('web-appname')]",
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms',parameters('appservicename'))]"
],
"properties": {
"name": "[parameters('web-appname')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms',parameters('appservicename'))]"
}
},
{
"name":"[concat(parameters('web-appname'),'/','stagging')]",
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2021-02-01",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('web-appname'))]"
],
"tags": {
"displayName": "TEST",
"Module": "MM",
"SubModule": "ABD",
"Createdfor": "repro",
"depart":"test"
},
"properties": {
"httpsOnly": true
}
}
],
"outputs": {}
}

Using CopyIndex and listKeys in outputs section

I'm trying to get the primaryConnectionStrings from an aRM template that creates multiple notification hubs
But I get this error
Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template output 'connectionStrings' at line '291' and column '30' is not valid: The
template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see
https://aka.ms/arm-template-expressions for usage details.'.
I am clearly missing what this actually means as I've tried various incarnations of the template all of which have a copy for the resource.
I've tried this with a nested template (apologies if i've mangled the template, just removed some extraneous items):
"resources": [
{
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"name": "[parameters('notificationHubName')]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace"
},
"sku": {
"name": "[parameters('notificationHubSku')]"
},
"kind": "NotificationHub",
"properties": {
"namespaceType": "NotificationHub"
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/RootManageSharedAccessKey')]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "[concat('nestedTemplate', copyIndex('notificationHubEntities'))]",
"copy": {
"name": "notificationHubEntities",
"count": "[length(parameters('notificationHubEntities'))]"
},
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/', parameters('notificationHubEntities')[copyIndex('notificationHubEntities')])]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hubs"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"authorizationRules": []
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs/authorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/',parameters('notificationHubEntities')[copyIndex('notificationHubEntities')],'/DefaultFullSharedAccessSignature')]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/notificationHubs',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex('notificationHubEntities')])]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
},
],
"outputs" : {
"connectionString" : {
"type" : "object",
"value": "[listKeys(resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex('notificationHubEntities')], 'DefaultFullSharedAccessSignature'),'2016-03-01').primaryConnectionString]"
}
}
}
}
}
],
"outputs": {
"connectionStrings" :
{
"type": "array",
"value": "[reference(concat('nestedTemplate', copyIndex('notificationHubEntities'))).outputs.connectionString.value]"
}
}
}
I've also tried with this:
"resources": [
{
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"name": "[parameters('notificationHubName')]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace"
},
"sku": {
"name": "[parameters('notificationHubSku')]"
},
"kind": "NotificationHub",
"properties": {
"namespaceType": "NotificationHub"
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/RootManageSharedAccessKey')]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Namespace Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/', parameters('notificationHubEntities')[copyIndex()])]",
"location": "[resourceGroup().location]",
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hubs"
},
"copy": {
"name": "addNotificationHub",
"count": "[length(parameters('notificationHubEntities'))]"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"authorizationRules": []
}
},
{
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs/authorizationRules",
"apiVersion": "2017-04-01",
"name": "[concat(parameters('notificationHubName'), '/',parameters('notificationHubEntities')[copyIndex()],'/DefaultFullSharedAccessSignature')]",
"copy": {
"name": "addNotificationHub",
"count": "[length(parameters('notificationHubEntities'))]"
},
"tags": {
"Environment": "[parameters('environment')]",
"DisplayName": "Notification Hub Auth Rules"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces/notificationHubs',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex()])]",
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHubName'))]"
],
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
}
}
],
"outputs": {
"connectionStrings" :
{
"type": "array",
"value": "[listKeys(resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules',parameters('notificationHubName'), parameters('notificationHubEntities')[copyIndex()], 'DefaultFullSharedAccessSignature'),'2016-03-01').primaryConnectionString]"
}
}
I've tried using object instead of array but to no avail, so I'm a bit confused, any help would be appreciated as the error message seems misleading to me or I'm just not interpreting it correctly.
To accomplish requirement of creating multiple notification hubs and it's authorization rules, you can use below ARM template.
Template Parameter File (notificationhub.parameters.json):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namespaceName": {
"value": "mm-namespace"
},
"notificationhubNamePrefix": {
"value": "mm-notificationhub"
},
"notificationhubAuthorizationruleNamePrefix": {
"value": "mm-notificationhubAuthorizationrule"
}
}
}
Template File (notificationhub.json):
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namespaceName": {
"type": "string",
"defaultValue": "mm-namespace",
"metadata": {
"description": "namespaceName sample description"
}
},
"notificationhubNamePrefix": {
"type": "string",
"defaultValue": "mm-notificationhub",
"metadata": {
"description": "notificationhubName sample description"
}
},
"notificationhubAuthorizationruleNamePrefix": {
"type": "string",
"defaultValue": "mm-notificationhubAuthorizationrule",
"metadata": {
"description": "notificationhubAuthorizationruleName sample description"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location in which the resources should be deployed."
}
},
"notificationhubNameSuffix": {
"type": "array",
"defaultValue": [
"00",
"01",
"02"
]
},
"notificationhubAuthorizationruleNameSuffix": {
"type": "array",
"defaultValue": [
"00",
"01",
"02"
]
}
},
"variables": {},
"resources": [
{
"name": "[parameters('namespaceName')]",
"type": "Microsoft.NotificationHubs/namespaces",
"apiVersion": "2017-04-01",
"location": "[parameters('location')]",
"tags": {},
"sku": {
"name": "Free"
},
"properties": {
"namespaceType": "NotificationHub"
}
},
{
"name": "[concat(parameters('namespaceName'), '/', parameters('notificationhubNamePrefix'), parameters('notificationhubNameSuffix')[copyIndex()])]",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"apiVersion": "2017-04-01",
"location": "[parameters('location')]",
"sku": {
"name": "Free"
},
"copy": {
"name": "notificationhubscopy",
"count": "[length(parameters('notificationhubNameSuffix'))]"
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaceName'))]"
]
},
{
"name": "[concat(parameters('namespaceName'), '/', parameters('notificationhubNamePrefix'), parameters('notificationhubNameSuffix')[copyIndex()], '/', parameters('notificationhubAuthorizationruleNamePrefix'), parameters('notificationhubAuthorizationruleNameSuffix')[copyIndex()])]",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs/AuthorizationRules",
"apiVersion": "2017-04-01",
"properties": {
"rights": [
"Listen",
"Manage",
"Send"
]
},
"copy": {
"name": "notificationhubsauthroizationrulescopy",
"count": "[length(parameters('notificationhubAuthorizationruleNameSuffix'))]"
},
"dependsOn": [
"notificationhubscopy"
]
}
]
}
Deployment:
AFAIK, to accomplish requirement of getting output (in this case primaryConnectionStrings of multiple notification hubs' authorization rules) from ARM template is currently an unsupported feature. I already see related feature requests / feedback here and here. I would recommend you to up-vote these feature requests / feedback or create a new feature request / feedback explaining your use case and requirement. Azure feature team would consider and work on the feature request / feedback based on the votes, visibility and priority on it.
Azure document references:
ARM template reference for NotificationHubs
Resolve Invalid Template errors
Create multiple instances of a resource using copy and copyIndex
ARM template functions like list (ListKeys)
ARM template structure
Defining order for deploying resources in ARM templates
Hope this helps!! Cheers!!
You can't use a copy loop in outputs today - listing the keys is fine, but you have to know how many you need at design time and hardcode each output. We're working on a fix for that but not there yet.
You could emulate this by using your second option - deploying in a nested deployment and outputting each key in it's own deployment, but then you have to iterate through all the deployments to get all the outputs.

Azure ARM SSL Binding using App service certificate

I have a site with custom hostnames configured with hostnameBindings in the ARM template. This deploys fine.
I have also the SSL certificate created and verified from Azure, with the corresponding thumbprint.
In the Azure site I am also able to bind the certificate to the app service.
But when I use the ARM template to assign the SSL from the template in the hostnameBindings it gives an error that the certificate was not found...
I don't understand what goes wrong...
My guesses:
the certificate is in a different resource group so it cannot be
found, but in the template settings I cannot set the group.
in the Azure website before I can use the SSL I have to import, so maybe I am missing this step in the ARM template?
using wrong thumbprint?
In the hostnameBindings I am defining only the thumbprint and the sslState
Any idea which step I am missing?
thank you
UPDATE
My parameter json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.5.0.8",
"parameters": {
"baseResourceName": {
"value": "base-name"
},
"environments": {
"value": [
"preview"
]
},
"hostNames": {
"value": [
{
"name": "myhostname.example.com",
"sslState": "SniEnabled",
"thumbprint": "9897LKJL88KHKJH8888KLJLJLJLKJLJLKL4545"
},
{
"name": "myhostname2.example.com"
}
]
},
"ipSecurityRestrictions": {
"value": []
}
}
}
My template json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.5.0.8",
"parameters": {
"hostName": {
"defaultValue": [],
"type": "array",
"metadata": {
"description": "The custom hostnames of sites"
}
}
},
"variables": {
"standardPlanMaxAdditionalSlots": 4,
"appName": "[concat(parameters('baseResourceName'), '-private')]",
"appServicePlanName": "[concat(parameters('baseResourceName'), '-appServicePlan')]",
"appInsightName": "[concat(parameters('baseResourceName'), '-appInsight')]",
"ipSecurityRestrictions": "[parameters('ipSecurityRestrictions')]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"comments": "AppPlan for app.",
"sku": {
"name": "[if(lessOrEquals(length(parameters('environments')), variables('standardPlanMaxAdditionalSlots')), 'S1', 'P1')]"
},
"tags": {
"displayName": "AppServicePlan-Private"
},
"name": "[variables('appServicePlanName')]",
"kind": "app",
"apiVersion": "2016-09-01",
"location": "[resourceGroup().location]",
"properties": {},
"dependsOn": []
},
{
"type": "Microsoft.Web/sites",
"comments": "This is the private web app.",
"kind": "app",
"apiVersion": "2016-03-01",
"name": "[variables('appName')]",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "WebApp"
},
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"siteConfig": {
"appSettings": [],
"phpVersion": "",
"ipSecurityRestrictions": "[variables('ipSecurityRestrictions')]",
"http20Enabled": true,
"minTlsVersion": "1.2"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"[resourceId('microsoft.insights/components/', variables('appInsightName'))]"
]
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(variables('appName'), '/', parameters('hostName')[copyIndex()].Name)]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": "[parameters('hostName')[copyIndex()]]",
"condition": "[greater(length(parameters('hostName')), 0)]",
"copy": {
"name": "hostnameCopy",
"count": "[length(parameters('hostName'))]",
"mode": "Serial"
},
"dependsOn": [
"[concat('Microsoft.Web/sites/',variables('appName'))]"
]
}
]
}
completely unrelated, did you test your condition greater(..., 0) with zero length array? pretty sure it will blow up.
on the subject. i think you can maybe make it work if you link your certificate resource to the app service plan. so this is an operation that is performed on the certificate resource. this is totally possible if you use keyvault to store the certificate
{
"apiVersion": "2016-03-01",
"name": "[variables('certificateName')]",
"location": "[resourceGroup().location]",
"type": "Microsoft.Web/certificates",
"dependsOn": [
"[parameters('appServicePlan')]"
],
"properties": {
"keyVaultId": "kvResourceId",
"keyVaultSecretName": "secretName",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlan'))]"
}
}

Create Azure blob/fileshare container through ARM template

I am looking a way to create a container in Azure blob & file-share storage through ARM template.
At present I have ARM template to provision the storage accounts, but I want to create containers also in ARM.
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('storageApiVersion')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"dependsOn": [ ],
"tags": {
"Environment": "[parameters('Environment')]",
"Project": "[parameters('ProjectName')]",
"Contact": "[parameters('ContactName')]"
},
"kind": "Storage",
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": true
}
}
}
}
}
It is possible. Azure Management REST Api now has endpoints for Blob Containers: https://learn.microsoft.com/en-us/rest/api/storagerp/blobcontainers/create.
Since ARM Templates map to REST requests, we can create the following Template, containing a Blob Container as a nested resource below the Storage Account. Of course, you can also describe the Blob container in the toplevel resource array, following the usual rules.
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {
"accountName": "accountname",
"containerName": "containername"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('accountName')]",
"apiVersion": "2018-02-01",
"location": "westeurope",
"kind": "BlobStorage",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"tags": {},
"dependsOn": [],
"properties": {
"accessTier": "Cool"
},
"resources": [
{
"type": "blobServices/containers",
"apiVersion": "2018-03-01-preview",
"name": "[concat('default/', variables('containerName'))]",
"dependsOn": [
"[variables('accountName')]"
],
"properties": {
"publicAccess": "None"
}
}
]
}
]
}
No, you cant do that, consult this feedback item.
you can now create containers. https://stackoverflow.com/a/51608344/6067741

Resources