Azure ARM template enabling Linux Diagnostic Extension with automatically generated SAS token - azure

I'm trying to deploy arm template with New VM and setting up Linux Diagnostic Extension/LAD without the creation of new Storage account but using an existing one. I found this article https://samcogan.com/generate-sas-tokens-in-arm-teamplates/ to use "listAccountSas" and I've set in "ProtectedSettings":
"storageAccountSasToken":
"[listAccountSas(parameters('existingStorageName'), '2018-07-01',
variables('accountSasProperties')).accountSasToken]"
"resources": [
{vm creation bla bla},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]",
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
},
"settings": {
"StorageAccount": "[parameters('existingStorageName')]",
"ladCfg": {
"diagnosticMonitorConfiguration": {
"eventVolume": "Medium",
"metrics": {
"metricAggregation": [
{
"scheduledTransferPeriod": "PT1H"
},
{
"scheduledTransferPeriod": "PT1M"
}
],
"resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
},
"performanceCounters": {
"sinks": "WADMetricJsonBlob",
"performanceCounterConfiguration": [
{
"annotation": [
{
"displayName": "Memory percentage",
"locale": "en-us"
}
],
"class": "memory",
"counter": "percentusedmemory",
"counterSpecifier": "/builtin/memory/percentusedmemory",
"type": "builtin",
"unit": "Percent"
}
]
},
"syslogEvents": {}
},
"sampleRateInSeconds": 15
}
}
}
},
When I try to deploy the template I get an error during validation:
"InvalidTemplate","message":"Deployment template validation failed:
'The template reference 'myExistingStorageAccount' is not valid: could
not find template resource or resource copy with this name. Please see
https://aka.ms/arm-template-expressions/#reference for usage
details.'."}
According to MS:
The reference function and list* functions don't create an implicit
dependency when the resource is referred to by its resource ID. To
create an implicit dependency, pass the name of the resource that is
deployed in the same template.
However, I tried with a nested template where to "create" the SAS token and in outputs to set sasToken.Id where later on to call, in my Main template, Diagnostic Extension with sastoken.Id:
{
"apiVersion": "2017-08-01",
"name": "SasTokenNestedTemplate",
"type": "Microsoft.Resources/deployments",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"mode" : "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion" : "2018-03-01",
"type": "Microsoft.Resources/deployments",
"name": "NestedSasTokenCreation",
"properties": {
"sasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
}
}
],
"outputs": {
"sasToken": {
"type": "string",
"value": "[resourceId('Microsoft.Resources/deployments', parameters('sasToken'))]"
}
}
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": { "value": "[reference('SasTokenNestedTemplate', '2017-08-01').outputs.sasToken.value]" },
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
But still getting the same error as above.
Thanks in advance for your help!


you need to give it resource id of the storage account, because its not the part of the template, it cant figure it out on it own.
listAccountSas(resourceId('Microsoft.Storage/storageAccounts', parameters('existingStorageName')), '2018-07-01', variables('accountSasProperties')).accountSasToken

Related

Enable update management for automation account

I am trying to link automation account with log analytics and enable update management with below arm template. The resources are getting linked, however not enabling update management. Am I missing something in code
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces','Dev-Loganalyticsworkspace')]",
"[resourceId('Microsoft.Automation/automationAccounts','Dev-Automationaccount')]"
],
"name": "Dev-Loganalyticsworkspace/automation",
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts', 'Dev-Automationaccount')]"
},
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"location": "CentralIndia",
"apiVersion": "2020-08-01"
}
]
}
Please find below the updated code. This is executing succesfully, but as mentioned, update management is unable to found
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "Dev-Automationaccount",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"sku": {
"name": "Basic"
}
},
"tags": {
"displayName": "Automation Account.",
"provider": "Kyniac"
},
"comments": "The automation account for LogAnalytics WorkSpace",
"type": "Microsoft.Automation/automationAccounts",
"location": "UK South",
"apiVersion": "2021-06-22"
},
{
"name": "Dev-Loganalyticsworkspace",
"properties": {
"features": {
"searchVersion": 1
},
"sku": {
"retentionInDays": 120,
"resourcePermissions": true,
"heartbeatTableRetention": 90,
"name": "pergb2018"
}
},
"tags": {
"displayName": "LAWorkspace for storing all the logs and metrics.",
"provider": "Kyniac"
},
"comments": "LAWorkspace for storing all the logs and metrics.",
"type": "Microsoft.OperationalInsights/workspaces",
"location": "UK South",
"apiVersion": "2021-12-01-preview"
},
{
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces','Dev-Loganalyticsworkspace')]",
"[resourceId('Microsoft.Automation/automationAccounts','Dev-Automationaccount')]"
],
"name": "Dev-Loganalyticsworkspace/automation",
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts', 'Dev-Automationaccount')]"
},
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"location": "UK South",
"apiVersion": "2020-08-01"
},
{
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces', 'Dev-Loganalyticsworkspace')]"
],
"name": "Updates(Dev-Loganalyticsworkspace)",
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', 'Dev-Loganalyticsworkspace')]"
},
"plan": {
"name": "Updates(Dev-Loganalyticsworkspace)",
"product": "OMSGallery/Updates",
"publisher": "Microsoft",
"promotionCode": " "
},
"type": "Microsoft.OperationsManagement/solutions",
"location": "UK South",
"apiVersion": "2015-11-01-preview"
}
]
}

I have tried running your shared arm template in my local visual studio using the PowerShell cmdlet New-AzResourceGroupDeployment Template validation is falling with below error.
New-AzResourceGroupDeployment: 14:51:17 - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The resource 'Microsoft.Automation/automationAccounts/<automationAccount>' is not defined in the template. Please see https://aka.ms/arm-template for usage details.'.
You need to create log analytics solution to enable update management of automation account with log analytics.
I have made the necessary changes to your ARM template that you have shared earlier:
Here is the ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"automationAccountName": {
"type": "string"
},
"workspaceName": {
"type": "string"
}
},
"functions": [],
"variables": {
"updates": {
"name": "[concat('Updates', '(', parameters('workspaceName'), ')')]",
"galleryName": "Updates"
}
},
"resources": [
{
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2021-12-01-preview",
"name":"[parameters('workspaceName')]",
"location":"westus",
"properties":{
"sku": {
"name": "PerGB2018"
}
},
"resources": [
{
"type":"Microsoft.OperationsManagement/solutions",
"apiVersion":"2015-11-01-preview",
"location":"westus",
"name": "[variables('updates').name]",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('updates').name)]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
],
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
},
"plan": {
"name": "[variables('updates').name]",
"publisher": "Microsoft",
"promotionCode": "",
"product": "[concat('OMSGallery/', variables('updates').galleryName)]"
}
}
]
},
{
"type": "Microsoft.Automation/automationAccounts",
"apiVersion": "2021-06-22",
"name":"[parameters('automationAccountName')]",
"location":"westus",
"properties":{
"sku": {
"name": "Basic"
}
}
},
{
"type":"Microsoft.OperationalInsights/workspaces/linkedServices",
"apiVersion": "2020-08-01",
"name": "[concat(parameters('workspaceName'),'/','Automation')]",
"dependsOn":[
"[resourceId('Microsoft.OperationalInsights/workspaces',parameters('workspaceName'))]",
"[resourceId('Microsoft.Automation/automationAccounts',parameters('automationAccountName'))]"
],
"location":"westus",
"properties": {
"resourceId":"[resourceId('Microsoft.Automation/automationAccounts/',parameters('automationAccountName'))]"
}
}
],
"outputs": {}
}
I have tested the above ARM template and it is working fine from my end. I would suggest you to test it from your end as well.

Azure Purview Ingestion Private Endpoint Creation using Bicep

In most Azure resource private endpoints, I can configure them using a bicep script by calling 'Microsoft.Network/privateEndpoints'. With Purview, it has two kinds of private endpoints: the regular private endpoint and Ingestion private endpoint. When using the mentioned library, although I can create an endpoint, it is not shown under the Ingestion private endpoint connection name. If you do it through the portal, you will see that endpoint connection created there.
I also notice that there is another API named 'Microsoft.Purview/accounts/privateEndpointConnections' however, it only exposes two properties privateEndpoint.id and privateLinkServiceConnectionState - so this does not look like it will be appropriate to use either?
Therefore I wonder if anyone has tried to use Bicep to do the above? I realize that Purview Private endpoint is still under public preview so maybe there is no way to configure using Bicep yet. I also notice that we cannot export a Purview resource as an ARM template from the Azure Portal, so it leads me even more to believe that Bicep is not available for Purview? Just want to confirm with someone more knowledgeable in this before I decide to give up on it.

As Azure Purview is still In preview it is an evolving tool .
Below I am providing two ARM template one for Account and Portal endpoints and one for ingestion endpoints ( I have pasted here two ARM templates and there parametrized file)
Note :- Portal, Account and ingestion endpoint should be in same vnet and subnet
1-ARM template for Portal and account endpoint
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "String"
},
"privateEndpointName-account": {
"type": "String"
},
"privateEndpointName-portal": {
"type": "String"
},
"purview_account_externalid": {
"type": "String"
},
"targetSubResource-account": {
"type": "Array"
},
"targetSubResource-portal": {
"type": "Array"
},
"subnet": {
"type": "String"
},
"virtualNetworkName": {
"type": "String"
},
"privateDnsDeploymentName": {
"type": "String"
},
"virtualNetworkLinkName": {
"type": "String"
},
"privateDNS": {
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-03-01",
"name": "[parameters('privateEndpointName-account')]",
"location": "[parameters('location')]",
"tags": {
},
"properties": {
"subnet": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'), '/subnets/', parameters('subnet'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName-account')]",
"properties": {
"privateLinkServiceId": "[parameters('purview_account_externalid')]",
"groupIds": "[parameters('targetSubResource-account')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-03-01",
"name": "[parameters('privateEndpointName-portal')]",
"location": "[parameters('location')]",
"tags": {
},
"properties": {
"subnet": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'), '/subnets/', parameters('subnet'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName-portal')]",
"properties": {
"privateLinkServiceId": "[parameters('purview_account_externalid')]",
"groupIds": "[parameters('targetSubResource-portal')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[parameters('privateDnsDeploymentName')]",
"dependsOn": [
"[parameters('privateEndpointName-portal')]",
"[parameters('privateEndpointName-account')]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2017-05-10",
"name": "[concat(parameters('privateDnsDeploymentName'), '-zone')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2018-09-01",
"name": "[parameters('privateDNS')]",
"location": "global",
"tags": {
},
"properties": {
}
}
]
}
}
}
]
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[parameters('virtualNetworkLinkName')]",
"dependsOn": [
"[parameters('privateDnsDeploymentName')]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2017-05-10",
"name": "[concat(parameters('virtualNetworkLinkName'), '-link')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2018-09-01",
"name": "[concat(parameters('privateDNS'), '/', uniqueString(parameters('virtualNetworkName')))]",
"location": "global",
"properties": {
"virtualNetwork": {
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
},
"registrationEnabled": false
}
}
]
}
}
}
]
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[concat(parameters('privateEndpointName-account'), '-', 'default')]",
"dependsOn": [
"[parameters('privateEndpointName-account')]",
"[parameters('privateDnsDeploymentName')]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"name": "[concat(parameters('privateEndpointName-account'), '/', 'default')]",
"location": "[parameters('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[parameters('privateDNS')]",
"properties": {
"privateDnsZoneId": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateDnsZones/', parameters('privateDNS'))]"
}
}
]
}
}
]
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"name": "[concat(parameters('privateEndpointName-portal'), '-', 'default')]",
"dependsOn": [
"[parameters('privateEndpointName-portal')]",
"[parameters('privateDnsDeploymentName')]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"name": "[concat(parameters('privateEndpointName-portal'), '/', 'default')]",
"location": "[parameters('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[parameters('privateDNS')]",
"properties": {
"privateDnsZoneId": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateDnsZones/', parameters('privateDNS'))]"
}
}
]
}
}
]
}
}
}
]}
2- Parameterized file for Account and Portal Endpoints
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "Type the location of endpoint here"
},
"privateEndpointName-account": {
"value": "Type the name of Account endpoint here"
},
"privateEndpointName-portal": {
"value": "Type the name of Portal Endpoint here"
},
"purview_account_externalid": {
"value": "Go to azure portal > Purview >Properties >Resource Id,This is resource ID of the Purview "
},
"targetSubResource-account": {
"value": [
"account"
]
},
"targetSubResource-portal": {
"value": [
"portal"
]
},
"subnet": {
"value": "Type the name subnet here "
},
"virtualNetworkName": {
"value": "Type the name of the virtual network here "
},
"privateDnsDeploymentName": {
"value": "privatelink.purview.azure.com"
},
"virtualNetworkLinkName": {
"value": ""
},
"privateDNS": {
"value": "privatelink.purview.azure.com"
}
}}
3-ARM Template for Ingestion Endpoint
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ingestionEndpointName": {
"type": "String"
},
"purviewManagedRGId": {
"type": "String"
},
"virtualNetworksName": {
"type": "String"
},
"purviewManagedRGEventHubsNamespaceId": {
"type": "String"
},
"managedStorageAccountName": {
"type": "string"
},
"resourceGroupId": {
"type": "string"
},
"subnet": {
"type": "String"
},
"privateDnsZonesLinkBlob": {
"defaultValue": "privatelink.blob.core.windows.net",
"type": "String"
},
"privateDnsZonesLinkServicebus": {
"defaultValue": "privatelink.servicebus.windows.net",
"type": "String"
},
"privateDnsZonesLinkQueue": {
"defaultValue": "privatelink.queue.core.windows.net",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-blob')]",
"location": "eastus",
"tags": {
"ContactEmail": "<not defined, please set>",
"ContactName": "<not defined, please set>",
"Department": "<not defined, please set>",
"Environment": "SANDBOX",
"OwnerName": "<not defined, please set>",
"Project": "<not defined, please set>"
},
"properties": {
"privateLinkServiceConnections": [
{
"name": "[concat(parameters('ingestionEndpointName'),'-blob')]",
"properties": {
"privateLinkServiceId": "[concat(parameters('purviewManagedRGId'),'/providers/Microsoft.Storage/storageAccounts/',parameters('managedStorageAccountName'))]",
"groupIds": [
"blob"
],
"privateLinkServiceConnectionState": {
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
}
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/virtualNetworks/',parameters('virtualNetworksName'), '/subnets/',parameters('subnet'))]"
},
"customDnsConfigs": []
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-namespace')]",
"location": "eastus",
"tags": {
"ContactEmail": "<not defined, please set>",
"ContactName": "<not defined, please set>",
"Department": "<not defined, please set>",
"Environment": "SANDBOX",
"OwnerName": "<not defined, please set>",
"Project": "<not defined, please set>"
},
"properties": {
"privateLinkServiceConnections": [
{
"name": "[concat(parameters('ingestionEndpointName'),'-namespace')]",
"properties": {
"privateLinkServiceId": "[parameters('purviewManagedRGEventHubsNamespaceId')]",
"groupIds": [
"namespace"
],
"privateLinkServiceConnectionState": {
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
}
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[concat(parameters('resourceGroupId'), '/providers/Microsoft.Network/virtualNetworks/',parameters('virtualNetworksName'), '/subnets/',parameters('subnet'))]"
},
"customDnsConfigs": []
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-queue')]",
"location": "eastus",
"tags": {
"ContactEmail": "<not defined, please set>",
"ContactName": "<not defined, please set>",
"Department": "<not defined, please set>",
"Environment": "SANDBOX",
"OwnerName": "<not defined, please set>",
"Project": "<not defined, please set>"
},
"properties": {
"privateLinkServiceConnections": [
{
"name": "[concat(parameters('ingestionEndpointName'),'-queue')]",
"properties": {
"privateLinkServiceId": "[concat(parameters('purviewManagedRGId'),'/providers/Microsoft.Storage/storageAccounts/',parameters('managedStorageAccountName'))]",
"groupIds": [
"queue"
],
"privateLinkServiceConnectionState": {
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
}
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[concat(parameters('resourceGroupId'), '/providers/Microsoft.Network/virtualNetworks/',parameters('virtualNetworksName'), '/subnets/',parameters('subnet'))]"
},
"customDnsConfigs": []
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-blob','/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('ingestionEndpointName'),'-blob'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "privatelink-blob-core-windows-net",
"properties": {
"privateDnsZoneId": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/privateDnsZones/',parameters('privateDnsZonesLinkBlob'))]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-namespace','/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('ingestionEndpointName'),'-namespace'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "privatelink-servicebus-windows-net",
"properties": {
"privateDnsZoneId": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/privateDnsZones/',parameters('privateDnsZonesLinkServicebus'))]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('ingestionEndpointName'),'-queue','/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', concat(parameters('ingestionEndpointName'),'-queue'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "privatelink-queue-core-windows-net",
"properties": {
"privateDnsZoneId": "[concat(parameters('resourceGroupId'),'/providers/Microsoft.Network/privateDnsZones/',parameters('privateDnsZonesLinkQueue'))]"
}
}
]
}
}
]}
4- Parameterized file for Ingestion Endpoint template
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ingestionEndpointName": {
"value": "Type the name of Ingestion Endpoint here"
},
"purviewManagedRGId": {
"value": "Go to azure portal > Purview> ManagedResource > Properties> Resource id This is the Resources ID of purview managed resource group"
},
"virtualNetworkName": {
"value": "Give the name of the Virtual network here"
},
"purviewManagedRGEventHubsNamespaceId": {
"value": "Go to azure portal > Purview>Managed Resource > Event Hubs namespace name>properties >Resource IDThis is Purview managed Event hub name space resources Id "
},
"managedStorageAccountName": {
"value": "Go to azure portal > Purview>Managed Resource > Storage Account"
},
"resourceGroupId": {
"value": "Go to azure portal > Purview> overview >resourceGroup"
},
"subnet": {
"value": "Give the name the subnet"
}
}}

Azure ARM Template DependentOn FileShare

I need to create via ARM template storage account --> File share --> Container with mounted fileshare.
The dependency is:
file share depends on storage account
container depends on file share
How to get ReferenceId of Fileshare?
I have the following code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS"
],
"metadata": {
"description": "Storage account type (SKU)"
}
},
"fileShareName": {
"type": "string",
"minLength": 3,
"maxLength": 63,
"defaultValue": "sftp",
"metadata": {
"description": "Name of the File Share to be created. "
}
}
},
"variables": {
"deploymentLocation": "[resourceGroup().location]",
"storageAccountName": "[concat('sftpstr', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[variables('deploymentLocation')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {
"accessTier": "Hot"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2019-06-01",
"properties": {
"accessTier": "Hot"
},
"name": "[concat(variables('storageAccountName'), '/default/', parameters('fileShareName'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
},
{
"type": "Microsoft.ContainerInstance/containerGroups",
"name": "sftp-container-group",
"apiVersion": "2018-04-01",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', ????? )]" //how to get reference to specific Fileshare??? I've tried > [concat(variables('storageAccountName'), '/default/', parameters('fileShareName'))] but it didn't work
],
"properties": {
.......
}
}
]
}
and I don't know how to set dependency on Fileshare:
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', ????? )]" //how to get reference to specific Fileshare???
],
I've tried [concat(variables('storageAccountName'), '/default/', parameters('fileShareName'))] but it didn't work.
Any idea?
Thank you

Use following format:
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', variables('storageAccountName') , 'default', parameters('fileShareName') )]"
],

You could create two separate resources Microsoft.Storage/storageAccounts/fileServices and Microsoft.Storage/storageAccounts/fileServices/shares and try to set dependency on Fileshare like this:
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', variables('storageAccountName'), 'default', parameters('fileShareName') )]"
],
Alternatively, It's recommended to creates a storage account and a file share via azure-CLI in a Container Instance and refer to this quickstart template.
"variables": {
"image": "microsoft/azure-cli",
"cpuCores": "1.0",
"memoryInGb": "1.5",
"containerGroupName": "createshare-containerinstance",
"containerName": "createshare"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2"
},
{
"name": "[variables('containerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"location": "[parameters('containerInstanceLocation')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"containers": [
{
"name": "[variables('containerName')]",
"properties": {
"image": "[variables('image')]",
"command": [
"az",
"storage",
"share",
"create",
"--name",
"[parameters('fileShareName')]"
],
"environmentVariables": [
{
"name": "AZURE_STORAGE_KEY",
"value": "[listKeys(parameters('storageAccountName'),'2019-06-01').keys[0].value]"
},
{
"name": "AZURE_STORAGE_ACCOUNT",
"value": "[parameters('storageAccountName')]"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"restartPolicy": "OnFailure",
"osType": "Linux"
}
}
]

I found a couple of things that made it work for me:
ACI has to depend on the share otherwise it gets created ahead of volume sometimes
"dependsOn": ["resourceId('Microsoft.Storage/storageAccounts/fileServices/shares',variables('storage-account-name'), 'default', variables('file-share-name'))]"]
For some reason, the share wasn't working as a child resource so I had to make it a full resource
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2021-04-01",
"name": "[concat(variables('storage-account-name'),'/default/',variables('nginx-share-name'))]",
"properties":{
"enabledProtocols": "SMB"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storage-account-name'))]"
]
}
Also, I had to pay attention to default part of the resource ID
"name": "[concat(variables('storage-account-name'),'/default/',variables('nginx-share-name'))]"
And finally, ACI wasn't connecting properly unless I explicitly enabled SMB as a protocol
"properties":{
"enabledProtocols": "SMB"
}
This is a template I'm using to spin up NGINX in Azure Container instances with an Azure File Share as a mounted volume.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"containerGroups_name": {
"defaultValue": "container-app",
"type": "String"
},
"containerGroups_reverse_proxy_name": {
"defaultValue": "app-proxy",
"type": "String"
},
"acrPassword": {
"type": "securestring"
}
},
"variables": {
"nginx-proxy-image": "nginx:stable",
"storage-account-name": "[concat('storage', uniqueString(resourceGroup().name))]",
"nginx-share-name": "nginx-share",
"nginx-volume-name": "nginx-volume"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2017-10-01",
"name": "[variables('storage-account-name')]" ,
"location": "[resourceGroup().location]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2021-04-01",
"name": "[concat(variables('storage-account-name'),'/default/',variables('nginx-share-name'))]",
"properties":{
"enabledProtocols": "SMB"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storage-account-name'))]"
]
},
{
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2021-03-01",
"name": "[parameters('containerGroups_name')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": "Standard",
"containers": [
{
"name": "[parameters('containerGroups_reverse_proxy_name')]",
"properties" : {
"image": "[variables('nginx-proxy-image')]",
"ports": [
{
"protocol": "TCP",
"port": 80
},
{
"protocol": "TCP",
"port": 433
}
],
"volumeMounts" : [
{
"name": "[variables('nginx-volume-name')]",
"mountPath": "/etc/nginx"
}
],
"resources": {
"requests":{
"cpu": 1,
"memoryInGB": 1.5
}
}
}
}
],
"initContainers": [],
"restartPolicy": "OnFailure",
"osType": "Linux",
"volumes": [
{
"name": "[variables('nginx-volume-name')]",
"azureFile": {
"shareName": "[variables('nginx-share-name')]",
"storageAccountName": "[variables('storage-account-name')]",
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts',variables('storage-account-name')),'2017-10-01').keys[0].value]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares',variables('storage-account-name'), 'default', variables('nginx-share-name'))]"
]
}
]
}

Deploy Azure VM , ARM template with basic software

I am trying to create Azure VM with ARM template with basic software, I've written ARM template for this but I am unable to deploy VM in this template.
Please refer below error :-
{"code":"DeploymentFailed","message":"At least one resource deployment
operation failed. Please list deployment operations for details.
Please see https://aka.ms/arm-debug for usage
details.","details":[{"code":"BadRequest","message":"{\r\n \"error\":
{\r\n \"code\": \"InvalidTemplate\",\r\n \"message\": \"Unable to
process template language expressions for resource
'/subscriptions/b312b990-e271-4a63-a63a-d6768e1c7aad/resourceGroups/rohittestrg/providers/Microsoft.Compute/virtualMachines/mydevboxvm1'
at line '110' and column '9'. 'The template parameter ' ' is not
found. Please see https://aka.ms/arm-template/#parameters for usage
details.'\"\r\n }\r\n}"}]}.
I used this link for reference
https://raw.githubusercontent.com/FBoucher/SimpleDevBox/master/azure-deploy.json
Powershell script:
https://raw.githubusercontent.com/rt7055/Testrepo/master/simpledevbox.ps1?token=AtI3tjSPO7YLVq2xI2zPwznWAZPiWzd2ks5cWbmOwA%3D%3D
I am trying to do this on Windows server.
This would be great if you can provide solution for this.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":{
"scriptURL": {
"type":"string"
},
"adminUsername": {
"type":"string"
},
"adminPassword": {
"type":"string"
}
},
"variables": {
"scriptURL":" https://raw.githubusercontent.com/rt7055/Testrepo/master/simpledevbox.ps1?token=AtI3to3qKSHYNEZh9tfMfXZQ-P4zRULeks5cWZ5kwA%3D%3D "
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[toLower('mydevboxstoragekata')]",
"apiVersion": "2015-06-15",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "mydevbox Storage Account"
},
"properties": {
"accountType":"Standard_LRS"
}
},
{
"apiVersion": "2017-06-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "mydevbox-PublicIP",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "PublicIPAddress"
}
},
{
"apiVersion": "2017-06-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "mydevbox-VirtualNetwork",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "VirtualNetwork"
},
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"subnets": [
{
"name": "mydevbox-VirtualNetwork-Subnet",
"properties": {
"addressPrefix": "10.0.0.0/24"
}
}
]
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkInterfaces",
"name": "mydevbox-NetworkInterface",
"location": "[resourceGroup().location]",
"dependsOn": [
"Microsoft.Network/publicIPAddresses/mydevbox-PublicIP",
"Microsoft.Network/virtualNetworks/mydevbox-VirtualNetwork"
],
"tags": {
"displayName": "mydevbox Network Interface"
},
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', 'mydevbox-PublicIP')]"
},
"subnet": {
"id": "[concat(resourceId('Microsoft.Network/virtualNetworks', 'mydevbox-VirtualNetwork'), '/subnets/mydevbox-VirtualNetwork-Subnet')]"
}
}
}
]
}
},
{
"apiVersion": "2017-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "mydevboxvm1",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', toLower('mydevboxstoragekata'))]",
"Microsoft.Network/networkInterfaces/mydevbox-NetworkInterface"
],
"tags": {
"displayName": "mydevboxvm1"
},
"properties": {
"hardwareProfile": {
"vmSize": "Standard_A1"
},
"osProfile": {
"computerName": "mydevboxvm1",
"adminUsername": "[parameters('')]",
"adminPassword": "[parameters('')]"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2012-R2-Datacenter",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
"dataDisks":[
{
"diskSizeGB": 1023,
"lun": 0,
"createOption": "Empty"}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', 'mydevbox-NetworkInterface')]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[concat('http://', toLower('mydevboxstoragekata'), '.blob.core.windows.net')]"
}
}
},
"resources": [
{
"apiVersion": "2017-03-30",
"type": "extensions",
"name": "config-app",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', 'mydevboxvm1')]"
],
"tags": {
"displayName": "config-app"
},
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.9",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"[variables('scriptURL')]"
]
},
"protectedSettings": {
"commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File ', './simpledevbox.ps1')]"
}
}
}
]
}
],
"outputs": {}
}

You forgot to pass parameter names here:
"adminUsername": "[parameters('')]",
"adminPassword": "[parameters('')]"
this should be this:
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"

How nested deployments are enforced

I have Azure ARM parent template which has nested deployment of Microsoft.Automation/automationAccounts which in turn has nested resource Configurations. I was able to successfully deploy entire template once, which in fact created configuration in automation Account. I manually deleted configuration inside automation account and tried running template again but this nested deployment is no longer triggered at all. There is no errors, just this nested deployment is not shown up at all in history. I would assume ARM thinks since it succeeded last time it does not need to deploy or something, not sure. What might be the problem?
Here is relevant parts of template. Neither ScaleSet no nested deployment WorkerNodeDSCConfiguration is triggered at all.
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('namingInfix')]",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Network/applicationGateways/', variables('appGwName'))]",
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]",
"WorkerNodeDscConfiguration"
],
"sku": {
"name": "[parameters('vmSku')]",
"tier": "Standard",
"capacity": "[parameters('instanceCount')]"
},
"properties": {
"overprovision": "false",
"singlePlacementGroup": "true",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {
"licenseType": "[parameters('LicenseType')]",
"storageProfile": {
"osDisk": {
"caching": "ReadWrite",
"createOption": "FromImage"
},
"dataDisks": [],
"imageReference": "[variables('imageReference')]"
},
"osProfile": {
"computerNamePrefix": "[variables('namingInfix')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nicName')]",
"properties": {
"primary": "true",
"ipConfigurations": [
{
"name": "[variables('ipConfigName')]",
"properties": {
"subnet": {
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'), '/subnets/', variables('subnetName'))]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/backendAddressPools/', variables('bePoolName'))]"
}
],
"loadBalancerInboundNatPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/inboundNatPools/', variables('natPoolName'))]"
}
],
"ApplicationGatewayBackendAddressPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationGateways/', variables('appGwName'), '/backendAddressPools/', variables('appGwBePoolName'))]"
}
]
}
}
]
}
}
]
},
"extensionProfile": {
"extensions": [
{
"name": "Microsoft.Powershell.DSC",
"properties": {
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "2.72",
"type": "DSC",
"publisher": "Microsoft.Powershell",
//"forceUpdateTag": "[parameters('DSCExtensionTagVersion')]",
"settings": {
"configurationArguments": {
"RegistrationKey": {
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "[parameters('registrationKey')]"
},
"RegistrationUrl": "[parameters('registrationUrl')]",
"NodeConfigurationName": "swarmHost",
"RebootNodeIfNeeded": true,
"ConfigurationMode": "ApplyAndAutoCorrect"
}
}
}
}
]
}
}
}
},
{
"name": "swarmmanagerdeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2016-09-01",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'), '/', variables('swarmmanagerdeploymentTemplateFolder'), '/', variables('swarmmanagerdeploymentTemplateFileName'), parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"swarmmanager1Name": { "value": "[parameters('swarmmanager1Name')]" },
"swarmmanager1VmSize": { "value": "[variables('swarmmanager1VmSize')]" },
"adminUsername": { "value": "[parameters('adminUsername')]" },
"adminPassword": { "value": "[parameters('adminPassword')]" },
"dockerswarmstorageaccountName": { "value": "[variables('dockerswarmstorageaccountName')]" },
"dockerswarmstorageaccountType": { "value": "[parameters('dockerswarmstorageaccountType')]" },
"swarmmanager1NicName": { "value": "[variables('swarmmanager1NicName')]" },
"swarmmanagerpublicIPName": { "value": "[variables('swarmmanagerpublicIPName')]" },
"swarmmanager1SubnetRef": { "value": "[variables('swarmmanager1SubnetRef')]" },
"swarmmanager1ImagePublisher": { "value": "[variables('swarmmanager1ImagePublisher')]" },
"swarmmanager1ImageOffer": { "value": "[variables('swarmmanager1ImageOffer')]" },
"windowsOSVersion": { "value": "[parameters('windowsOSVersion')]" },
"swarmmanager1StorageAccountContainerName": { "value": "[variables('swarmmanager1StorageAccountContainerName')]" },
"swarmmanager1OSDiskName": { "value": "[variables('swarmmanager1OSDiskName')]" },
"swarmmanagerpublicIPDnsName": { "value": "[variables('swarmmanagerpublicIPName')]" },
"RegistrationKey": { "value": "[parameters('registrationKey')]" },
"RegistrationUrl": { "value": "[parameters('registrationUrl')]" },
"LicenseType": { "value": "[parameters('LicenseType')]" },
"_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" },
"_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" },
"privateKey": { "value": "[parameters('privateKey')]" },
"serverCert": { "value": "[parameters('serverCert')]" },
"CACert": { "value": "[parameters('CACert')]" }
}
}
},
{
"name": "WorkerNodeDscConfiguration",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[parameters('automationAccountRGName')]",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"resources": [
{
"apiversion": "2015-10-31",
"location": "[resourceGroup().location]",
"name": "[parameters('automationAccountName')]",
"type": "Microsoft.Automation/automationAccounts",
"properties": {
"sku": {
"name": "Basic"
}
},
"tags": {
},
"resources": [
{
"name": "swarmhost",
"type": "configurations",
"apiVersion": "2018-01-15",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'))]"
],
"properties": {
"state": "Published",
"overwrite": "true",
"Source": {
"type": "uri",
"value": "[parameters('WorkerNodeDSCConfigURL')]"
}
}
},
{
"name": "[guid(resourceGroup().id, deployment().name)]",
"type": "Compilationjobs",
"apiVersion": "2015-10-31",
"tags": {},
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'))]",
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'),'/Configurations/swarmhost')]"
],
"properties": {
"configuration": {
"SwarmManagerURI": "[reference('swarmmanagerdeployment').outputs.returnedIPAddress.value]"
}
}
}
]
}
]
}
}
}

its pretty hard to tell what is going on, but you can verify if something is going on by changing some vmss property, for example, to something else and running the template. it will revert it back to what it is in the template. It might be pretty tricky with the automation account stuff, because I would think it wouldnt trigger the compilation job, because the guid is the same and the resource is there already. you would need to provide a new guid each time (ARM cant help you with this, you need to do some randomization externally). Generally I prefer to use powershell to configure automation accounts compared to ARM.
You can also verify that the nested deployment is being triggered by looking at its timestamp, it should change (and it will). The resource is always deployed, but depending on your situation its properties might stay intact.

Resources