Microsoft.App managedEnvironments 2022-10-01

Bicep resource definition

The managedEnvironments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.App/managedEnvironments@2022-10-01' = {
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    appLogsConfiguration: {
      destination: 'string'
      logAnalyticsConfiguration: {
        customerId: 'string'
        sharedKey: 'string'
      }
    }
    customDomainConfiguration: {
      certificatePassword: 'string'
      certificateValue: any(Azure.Bicep.Types.Concrete.AnyType)
      dnsSuffix: 'string'
    }
    daprAIConnectionString: 'string'
    daprAIInstrumentationKey: 'string'
    vnetConfiguration: {
      dockerBridgeCidr: 'string'
      infrastructureSubnetId: 'string'
      internal: bool
      outboundSettings: {
        outBoundType: 'string'
        virtualNetworkApplianceIp: 'string'
      }
      platformReservedCidr: 'string'
      platformReservedDnsIP: 'string'
      runtimeSubnetId: 'string'
    }
    workloadProfiles: [
      {
        maximumCount: int
        minimumCount: int
        workloadProfileType: 'string'
      }
    ]
    zoneRedundant: bool
  }
  sku: {
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

CustomDomainConfiguration

Name Description Value
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob any
dnsSuffix Dns suffix for the environment domain string

EnvironmentSkuProperties

Name Description Value
name Name of the Sku. 'Consumption'
'Premium' (required)

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

ManagedEnvironmentOutboundSettings

Name Description Value
outBoundType Outbound type for the cluster 'LoadBalancer'
'UserDefinedRouting'
virtualNetworkApplianceIp Virtual Appliance IP used as the Egress controller for the Environment string

ManagedEnvironmentProperties

Name Description Value
appLogsConfiguration Cluster configuration which enables the log daemon to export app logs to configured destination. AppLogsConfiguration
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

Microsoft.App/managedEnvironments

Name Description Value
kind Kind of the Environment. string
location The geo-location where the resource lives string (required)
name The resource name string (required)
properties Managed environment resource specific properties ManagedEnvironmentProperties
sku SKU properties of the Environment. EnvironmentSkuProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

TrackedResourceTags

Name Description Value

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. This subnet must be in the same VNET as the subnet defined in runtimeSubnetId. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide runtimeSubnetId and infrastructureSubnetId if enabling this property bool
outboundSettings Configuration used to control the Environment Egress outbound traffic ManagedEnvironmentOutboundSettings
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string
runtimeSubnetId This field is deprecated and not used. If you wish to provide your own subnet that Container App containers are injected into, then you should leverage the infrastructureSubnetId. string

WorkloadProfile

Name Description Value
maximumCount The maximum capacity. int (required)
minimumCount The minimum capacity. int (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Creates a Container App and Environment with Registry Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET Creates an internal Container App environment with a VNET.

ARM template resource definition

The managedEnvironments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following JSON to your template.

{
  "type": "Microsoft.App/managedEnvironments",
  "apiVersion": "2022-10-01",
  "name": "string",
  "kind": "string",
  "location": "string",
  "properties": {
    "appLogsConfiguration": {
      "destination": "string",
      "logAnalyticsConfiguration": {
        "customerId": "string",
        "sharedKey": "string"
      }
    },
    "customDomainConfiguration": {
      "certificatePassword": "string",
      "certificateValue": {},
      "dnsSuffix": "string"
    },
    "daprAIConnectionString": "string",
    "daprAIInstrumentationKey": "string",
    "vnetConfiguration": {
      "dockerBridgeCidr": "string",
      "infrastructureSubnetId": "string",
      "internal": "bool",
      "outboundSettings": {
        "outBoundType": "string",
        "virtualNetworkApplianceIp": "string"
      },
      "platformReservedCidr": "string",
      "platformReservedDnsIP": "string",
      "runtimeSubnetId": "string"
    },
    "workloadProfiles": [
      {
        "maximumCount": "int",
        "minimumCount": "int",
        "workloadProfileType": "string"
      }
    ],
    "zoneRedundant": "bool"
  },
  "sku": {
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

CustomDomainConfiguration

Name Description Value
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob any
dnsSuffix Dns suffix for the environment domain string

EnvironmentSkuProperties

Name Description Value
name Name of the Sku. 'Consumption'
'Premium' (required)

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

ManagedEnvironmentOutboundSettings

Name Description Value
outBoundType Outbound type for the cluster 'LoadBalancer'
'UserDefinedRouting'
virtualNetworkApplianceIp Virtual Appliance IP used as the Egress controller for the Environment string

ManagedEnvironmentProperties

Name Description Value
appLogsConfiguration Cluster configuration which enables the log daemon to export app logs to configured destination. AppLogsConfiguration
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

Microsoft.App/managedEnvironments

Name Description Value
apiVersion The api version '2022-10-01'
kind Kind of the Environment. string
location The geo-location where the resource lives string (required)
name The resource name string (required)
properties Managed environment resource specific properties ManagedEnvironmentProperties
sku SKU properties of the Environment. EnvironmentSkuProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.App/managedEnvironments'

TrackedResourceTags

Name Description Value

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. This subnet must be in the same VNET as the subnet defined in runtimeSubnetId. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide runtimeSubnetId and infrastructureSubnetId if enabling this property bool
outboundSettings Configuration used to control the Environment Egress outbound traffic ManagedEnvironmentOutboundSettings
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string
runtimeSubnetId This field is deprecated and not used. If you wish to provide your own subnet that Container App containers are injected into, then you should leverage the infrastructureSubnetId. string

WorkloadProfile

Name Description Value
maximumCount The maximum capacity. int (required)
minimumCount The minimum capacity. int (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

Terraform (AzAPI provider) resource definition

The managedEnvironments resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.App/managedEnvironments@2022-10-01"
  name = "string"
  kind = "string"
  location = "string"
  sku = {
    name = "string"
  }
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      appLogsConfiguration = {
        destination = "string"
        logAnalyticsConfiguration = {
          customerId = "string"
          sharedKey = "string"
        }
      }
      customDomainConfiguration = {
        certificatePassword = "string"
        certificateValue = ?
        dnsSuffix = "string"
      }
      daprAIConnectionString = "string"
      daprAIInstrumentationKey = "string"
      vnetConfiguration = {
        dockerBridgeCidr = "string"
        infrastructureSubnetId = "string"
        internal = bool
        outboundSettings = {
          outBoundType = "string"
          virtualNetworkApplianceIp = "string"
        }
        platformReservedCidr = "string"
        platformReservedDnsIP = "string"
        runtimeSubnetId = "string"
      }
      workloadProfiles = [
        {
          maximumCount = int
          minimumCount = int
          workloadProfileType = "string"
        }
      ]
      zoneRedundant = bool
    }
  })
}

Property values

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

CustomDomainConfiguration

Name Description Value
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob any
dnsSuffix Dns suffix for the environment domain string

EnvironmentSkuProperties

Name Description Value
name Name of the Sku. 'Consumption'
'Premium' (required)

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

ManagedEnvironmentOutboundSettings

Name Description Value
outBoundType Outbound type for the cluster 'LoadBalancer'
'UserDefinedRouting'
virtualNetworkApplianceIp Virtual Appliance IP used as the Egress controller for the Environment string

ManagedEnvironmentProperties

Name Description Value
appLogsConfiguration Cluster configuration which enables the log daemon to export app logs to configured destination. AppLogsConfiguration
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

Microsoft.App/managedEnvironments

Name Description Value
kind Kind of the Environment. string
location The geo-location where the resource lives string (required)
name The resource name string (required)
properties Managed environment resource specific properties ManagedEnvironmentProperties
sku SKU properties of the Environment. EnvironmentSkuProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.App/managedEnvironments@2022-10-01"

TrackedResourceTags

Name Description Value

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. This subnet must be in the same VNET as the subnet defined in runtimeSubnetId. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide runtimeSubnetId and infrastructureSubnetId if enabling this property bool
outboundSettings Configuration used to control the Environment Egress outbound traffic ManagedEnvironmentOutboundSettings
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string
runtimeSubnetId This field is deprecated and not used. If you wish to provide your own subnet that Container App containers are injected into, then you should leverage the infrastructureSubnetId. string

WorkloadProfile

Name Description Value
maximumCount The maximum capacity. int (required)
minimumCount The minimum capacity. int (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)