Microsoft.App managedEnvironments

Bicep resource definition

The managedEnvironments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.App/managedEnvironments@2024-10-02-preview' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    appInsightsConfiguration: {
      connectionString: 'string'
    }
    appLogsConfiguration: {
      destination: 'string'
      logAnalyticsConfiguration: {
        customerId: 'string'
        dynamicJsonColumns: bool
        sharedKey: 'string'
      }
    }
    availabilityZones: [
      'string'
    ]
    customDomainConfiguration: {
      certificateKeyVaultProperties: {
        identity: 'string'
        keyVaultUrl: 'string'
      }
      certificatePassword: 'string'
      certificateValue: any(Azure.Bicep.Types.Concrete.AnyType)
      dnsSuffix: 'string'
    }
    daprAIConnectionString: 'string'
    daprAIInstrumentationKey: 'string'
    daprConfiguration: {}
    infrastructureResourceGroup: 'string'
    kedaConfiguration: {}
    openTelemetryConfiguration: {
      destinationsConfiguration: {
        dataDogConfiguration: {
          key: 'string'
          site: 'string'
        }
        otlpConfigurations: [
          {
            endpoint: 'string'
            headers: [
              {
                key: 'string'
                value: 'string'
              }
            ]
            insecure: bool
            name: 'string'
          }
        ]
      }
      logsConfiguration: {
        destinations: [
          'string'
        ]
      }
      metricsConfiguration: {
        destinations: [
          'string'
        ]
        includeKeda: bool
      }
      tracesConfiguration: {
        destinations: [
          'string'
        ]
        includeDapr: bool
      }
    }
    peerAuthentication: {
      mtls: {
        enabled: bool
      }
    }
    peerTrafficConfiguration: {
      encryption: {
        enabled: bool
      }
    }
    publicNetworkAccess: 'string'
    vnetConfiguration: {
      dockerBridgeCidr: 'string'
      infrastructureSubnetId: 'string'
      internal: bool
      platformReservedCidr: 'string'
      platformReservedDnsIP: 'string'
    }
    workloadProfiles: [
      {
        enableFips: bool
        maximumCount: int
        minimumCount: int
        name: 'string'
        workloadProfileType: 'string'
      }
    ]
    zoneRedundant: bool
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AppInsightsConfiguration

Name Description Value
connectionString Application Insights connection string string

Constraints:
Sensitive value. Pass in as a secure parameter.

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

CertificateKeyVaultProperties

Name Description Value
identity Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. string
keyVaultUrl URL pointing to the Azure Key Vault secret that holds the certificate. string

CustomDomainConfiguration

Name Description Value
certificateKeyVaultProperties Certificate stored in Azure Key Vault. CertificateKeyVaultProperties
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob any
dnsSuffix Dns suffix for the environment domain string

DaprConfiguration

Name Description Value

DataDogConfiguration

Name Description Value
key The data dog api key string

Constraints:
Sensitive value. Pass in as a secure parameter.
site The data dog site string

DestinationsConfiguration

Name Description Value
dataDogConfiguration Open telemetry datadog destination configuration DataDogConfiguration
otlpConfigurations Open telemetry otlp configurations OtlpConfiguration[]
Name Description Value
key The key of otlp configuration header string
value The value of otlp configuration header string

KedaConfiguration

Name Description Value

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
dynamicJsonColumns Boolean indicating whether to parse json string log into dynamic json columns bool
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

LogsConfiguration

Name Description Value
destinations Open telemetry logs destinations string[]

ManagedEnvironmentProperties

Name Description Value
appInsightsConfiguration Environment level Application Insights configuration AppInsightsConfiguration
appLogsConfiguration Cluster configuration which enables the log daemon to export app logs to configured destination AppLogsConfiguration
availabilityZones The list of availability zones to use for managed environment string[]
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprConfiguration The configuration of Dapr component. DaprConfiguration
infrastructureResourceGroup Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. string
kedaConfiguration The configuration of Keda component. KedaConfiguration
openTelemetryConfiguration Environment Open Telemetry configuration OpenTelemetryConfiguration
peerAuthentication Peer authentication settings for the Managed Environment ManagedEnvironmentPropertiesPeerAuthentication
peerTrafficConfiguration Peer traffic settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration
publicNetworkAccess Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. 'Disabled'
'Enabled'
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

ManagedEnvironmentPropertiesPeerAuthentication

Name Description Value
mtls Mutual TLS authentication settings for the Managed Environment Mtls

ManagedEnvironmentPropertiesPeerTrafficConfiguration

Name Description Value
encryption Peer traffic encryption settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption

ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption

Name Description Value
enabled Boolean indicating whether the peer traffic encryption is enabled bool

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

MetricsConfiguration

Name Description Value
destinations Open telemetry metrics destinations string[]
includeKeda Boolean indicating if including keda metrics bool

Microsoft.App/managedEnvironments

Name Description Value
identity Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
kind Kind of the Environment. string
location The geo-location where the resource lives string (required)
name The resource name string (required)
properties Managed environment resource specific properties ManagedEnvironmentProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

Mtls

Name Description Value
enabled Boolean indicating whether the mutual TLS authentication is enabled bool

OpenTelemetryConfiguration

Name Description Value
destinationsConfiguration Open telemetry destinations configuration DestinationsConfiguration
logsConfiguration Open telemetry logs configuration LogsConfiguration
metricsConfiguration Open telemetry metrics configuration MetricsConfiguration
tracesConfiguration Open telemetry trace configuration TracesConfiguration

OtlpConfiguration

Name Description Value
endpoint The endpoint of otlp configuration string
headers Headers of otlp configurations Header[]
insecure Boolean indicating if otlp configuration is insecure bool
name The name of otlp configuration string

TracesConfiguration

Name Description Value
destinations Open telemetry traces destinations string[]
includeDapr Boolean indicating if including dapr traces bool

TrackedResourceTags

Name Description Value

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property bool
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string

WorkloadProfile

Name Description Value
enableFips Whether to use a FIPS-enabled OS. Supported only for dedicated workload profiles. bool
maximumCount The maximum capacity. int
minimumCount The minimum capacity. int
name Workload profile type for the workloads to run on. string (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Creates a Container App and Environment with Registry Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET Creates an internal Container App environment with a VNET.

ARM template resource definition

The managedEnvironments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following JSON to your template.

{
  "type": "Microsoft.App/managedEnvironments",
  "apiVersion": "2024-10-02-preview",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "kind": "string",
  "location": "string",
  "properties": {
    "appInsightsConfiguration": {
      "connectionString": "string"
    },
    "appLogsConfiguration": {
      "destination": "string",
      "logAnalyticsConfiguration": {
        "customerId": "string",
        "dynamicJsonColumns": "bool",
        "sharedKey": "string"
      }
    },
    "availabilityZones": [ "string" ],
    "customDomainConfiguration": {
      "certificateKeyVaultProperties": {
        "identity": "string",
        "keyVaultUrl": "string"
      },
      "certificatePassword": "string",
      "certificateValue": {},
      "dnsSuffix": "string"
    },
    "daprAIConnectionString": "string",
    "daprAIInstrumentationKey": "string",
    "daprConfiguration": {
    },
    "infrastructureResourceGroup": "string",
    "kedaConfiguration": {
    },
    "openTelemetryConfiguration": {
      "destinationsConfiguration": {
        "dataDogConfiguration": {
          "key": "string",
          "site": "string"
        },
        "otlpConfigurations": [
          {
            "endpoint": "string",
            "headers": [
              {
                "key": "string",
                "value": "string"
              }
            ],
            "insecure": "bool",
            "name": "string"
          }
        ]
      },
      "logsConfiguration": {
        "destinations": [ "string" ]
      },
      "metricsConfiguration": {
        "destinations": [ "string" ],
        "includeKeda": "bool"
      },
      "tracesConfiguration": {
        "destinations": [ "string" ],
        "includeDapr": "bool"
      }
    },
    "peerAuthentication": {
      "mtls": {
        "enabled": "bool"
      }
    },
    "peerTrafficConfiguration": {
      "encryption": {
        "enabled": "bool"
      }
    },
    "publicNetworkAccess": "string",
    "vnetConfiguration": {
      "dockerBridgeCidr": "string",
      "infrastructureSubnetId": "string",
      "internal": "bool",
      "platformReservedCidr": "string",
      "platformReservedDnsIP": "string"
    },
    "workloadProfiles": [
      {
        "enableFips": "bool",
        "maximumCount": "int",
        "minimumCount": "int",
        "name": "string",
        "workloadProfileType": "string"
      }
    ],
    "zoneRedundant": "bool"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AppInsightsConfiguration

Name Description Value
connectionString Application Insights connection string string

Constraints:
Sensitive value. Pass in as a secure parameter.

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

CertificateKeyVaultProperties

Name Description Value
identity Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. string
keyVaultUrl URL pointing to the Azure Key Vault secret that holds the certificate. string

CustomDomainConfiguration

Name Description Value
certificateKeyVaultProperties Certificate stored in Azure Key Vault. CertificateKeyVaultProperties
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob any
dnsSuffix Dns suffix for the environment domain string

DaprConfiguration

Name Description Value

DataDogConfiguration

Name Description Value
key The data dog api key string

Constraints:
Sensitive value. Pass in as a secure parameter.
site The data dog site string

DestinationsConfiguration

Name Description Value
dataDogConfiguration Open telemetry datadog destination configuration DataDogConfiguration
otlpConfigurations Open telemetry otlp configurations OtlpConfiguration[]

Header

Name Description Value
key The key of otlp configuration header string
value The value of otlp configuration header string

KedaConfiguration

Name Description Value

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
dynamicJsonColumns Boolean indicating whether to parse json string log into dynamic json columns bool
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

LogsConfiguration

Name Description Value
destinations Open telemetry logs destinations string[]

ManagedEnvironmentProperties

Name Description Value
appInsightsConfiguration Environment level Application Insights configuration AppInsightsConfiguration
appLogsConfiguration Cluster configuration which enables the log daemon to export app logs to configured destination AppLogsConfiguration
availabilityZones The list of availability zones to use for managed environment string[]
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprConfiguration The configuration of Dapr component. DaprConfiguration
infrastructureResourceGroup Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. string
kedaConfiguration The configuration of Keda component. KedaConfiguration
openTelemetryConfiguration Environment Open Telemetry configuration OpenTelemetryConfiguration
peerAuthentication Peer authentication settings for the Managed Environment ManagedEnvironmentPropertiesPeerAuthentication
peerTrafficConfiguration Peer traffic settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration
publicNetworkAccess Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. 'Disabled'
'Enabled'
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

ManagedEnvironmentPropertiesPeerAuthentication

Name Description Value
mtls Mutual TLS authentication settings for the Managed Environment Mtls

ManagedEnvironmentPropertiesPeerTrafficConfiguration

Name Description Value
encryption Peer traffic encryption settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption

ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption

Name Description Value
enabled Boolean indicating whether the peer traffic encryption is enabled bool

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

MetricsConfiguration

Name Description Value
destinations Open telemetry metrics destinations string[]
includeKeda Boolean indicating if including keda metrics bool

Microsoft.App/managedEnvironments

Name Description Value
apiVersion The api version '2024-10-02-preview'
identity Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
kind Kind of the Environment. string
location The geo-location where the resource lives string (required)
name The resource name string (required)
properties Managed environment resource specific properties ManagedEnvironmentProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.App/managedEnvironments'

Mtls

Name Description Value
enabled Boolean indicating whether the mutual TLS authentication is enabled bool

OpenTelemetryConfiguration

Name Description Value
destinationsConfiguration Open telemetry destinations configuration DestinationsConfiguration
logsConfiguration Open telemetry logs configuration LogsConfiguration
metricsConfiguration Open telemetry metrics configuration MetricsConfiguration
tracesConfiguration Open telemetry trace configuration TracesConfiguration

OtlpConfiguration

Name Description Value
endpoint The endpoint of otlp configuration string
headers Headers of otlp configurations Header[]
insecure Boolean indicating if otlp configuration is insecure bool
name The name of otlp configuration string

TracesConfiguration

Name Description Value
destinations Open telemetry traces destinations string[]
includeDapr Boolean indicating if including dapr traces bool

TrackedResourceTags

Name Description Value

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property bool
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string

WorkloadProfile

Name Description Value
enableFips Whether to use a FIPS-enabled OS. Supported only for dedicated workload profiles. bool
maximumCount The maximum capacity. int
minimumCount The minimum capacity. int
name Workload profile type for the workloads to run on. string (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

Terraform (AzAPI provider) resource definition

The managedEnvironments resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.App/managedEnvironments@2024-10-02-preview"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  kind = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      appInsightsConfiguration = {
        connectionString = "string"
      }
      appLogsConfiguration = {
        destination = "string"
        logAnalyticsConfiguration = {
          customerId = "string"
          dynamicJsonColumns = bool
          sharedKey = "string"
        }
      }
      availabilityZones = [
        "string"
      ]
      customDomainConfiguration = {
        certificateKeyVaultProperties = {
          identity = "string"
          keyVaultUrl = "string"
        }
        certificatePassword = "string"
        certificateValue = ?
        dnsSuffix = "string"
      }
      daprAIConnectionString = "string"
      daprAIInstrumentationKey = "string"
      daprConfiguration = {
      }
      infrastructureResourceGroup = "string"
      kedaConfiguration = {
      }
      openTelemetryConfiguration = {
        destinationsConfiguration = {
          dataDogConfiguration = {
            key = "string"
            site = "string"
          }
          otlpConfigurations = [
            {
              endpoint = "string"
              headers = [
                {
                  key = "string"
                  value = "string"
                }
              ]
              insecure = bool
              name = "string"
            }
          ]
        }
        logsConfiguration = {
          destinations = [
            "string"
          ]
        }
        metricsConfiguration = {
          destinations = [
            "string"
          ]
          includeKeda = bool
        }
        tracesConfiguration = {
          destinations = [
            "string"
          ]
          includeDapr = bool
        }
      }
      peerAuthentication = {
        mtls = {
          enabled = bool
        }
      }
      peerTrafficConfiguration = {
        encryption = {
          enabled = bool
        }
      }
      publicNetworkAccess = "string"
      vnetConfiguration = {
        dockerBridgeCidr = "string"
        infrastructureSubnetId = "string"
        internal = bool
        platformReservedCidr = "string"
        platformReservedDnsIP = "string"
      }
      workloadProfiles = [
        {
          enableFips = bool
          maximumCount = int
          minimumCount = int
          name = "string"
          workloadProfileType = "string"
        }
      ]
      zoneRedundant = bool
    }
  })
}

Property values

AppInsightsConfiguration

Name Description Value
connectionString Application Insights connection string string

Constraints:
Sensitive value. Pass in as a secure parameter.

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

CertificateKeyVaultProperties

Name Description Value
identity Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. string
keyVaultUrl URL pointing to the Azure Key Vault secret that holds the certificate. string

CustomDomainConfiguration

Name Description Value
certificateKeyVaultProperties Certificate stored in Azure Key Vault. CertificateKeyVaultProperties
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob any
dnsSuffix Dns suffix for the environment domain string

DaprConfiguration

Name Description Value

DataDogConfiguration

Name Description Value
key The data dog api key string

Constraints:
Sensitive value. Pass in as a secure parameter.
site The data dog site string

DestinationsConfiguration

Name Description Value
dataDogConfiguration Open telemetry datadog destination configuration DataDogConfiguration
otlpConfigurations Open telemetry otlp configurations OtlpConfiguration[]

Header

Name Description Value
key The key of otlp configuration header string
value The value of otlp configuration header string

KedaConfiguration

Name Description Value

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
dynamicJsonColumns Boolean indicating whether to parse json string log into dynamic json columns bool
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

LogsConfiguration

Name Description Value
destinations Open telemetry logs destinations string[]

ManagedEnvironmentProperties

Name Description Value
appInsightsConfiguration Environment level Application Insights configuration AppInsightsConfiguration
appLogsConfiguration Cluster configuration which enables the log daemon to export app logs to configured destination AppLogsConfiguration
availabilityZones The list of availability zones to use for managed environment string[]
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprConfiguration The configuration of Dapr component. DaprConfiguration
infrastructureResourceGroup Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. string
kedaConfiguration The configuration of Keda component. KedaConfiguration
openTelemetryConfiguration Environment Open Telemetry configuration OpenTelemetryConfiguration
peerAuthentication Peer authentication settings for the Managed Environment ManagedEnvironmentPropertiesPeerAuthentication
peerTrafficConfiguration Peer traffic settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration
publicNetworkAccess Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. 'Disabled'
'Enabled'
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

ManagedEnvironmentPropertiesPeerAuthentication

Name Description Value
mtls Mutual TLS authentication settings for the Managed Environment Mtls

ManagedEnvironmentPropertiesPeerTrafficConfiguration

Name Description Value
encryption Peer traffic encryption settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption

ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption

Name Description Value
enabled Boolean indicating whether the peer traffic encryption is enabled bool

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

MetricsConfiguration

Name Description Value
destinations Open telemetry metrics destinations string[]
includeKeda Boolean indicating if including keda metrics bool

Microsoft.App/managedEnvironments

Name Description Value
identity Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. ManagedServiceIdentity
kind Kind of the Environment. string
location The geo-location where the resource lives string (required)
name The resource name string (required)
properties Managed environment resource specific properties ManagedEnvironmentProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.App/managedEnvironments@2024-10-02-preview"

Mtls

Name Description Value
enabled Boolean indicating whether the mutual TLS authentication is enabled bool

OpenTelemetryConfiguration

Name Description Value
destinationsConfiguration Open telemetry destinations configuration DestinationsConfiguration
logsConfiguration Open telemetry logs configuration LogsConfiguration
metricsConfiguration Open telemetry metrics configuration MetricsConfiguration
tracesConfiguration Open telemetry trace configuration TracesConfiguration

OtlpConfiguration

Name Description Value
endpoint The endpoint of otlp configuration string
headers Headers of otlp configurations Header[]
insecure Boolean indicating if otlp configuration is insecure bool
name The name of otlp configuration string

TracesConfiguration

Name Description Value
destinations Open telemetry traces destinations string[]
includeDapr Boolean indicating if including dapr traces bool

TrackedResourceTags

Name Description Value

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property bool
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string

WorkloadProfile

Name Description Value
enableFips Whether to use a FIPS-enabled OS. Supported only for dedicated workload profiles. bool
maximumCount The maximum capacity. int
minimumCount The minimum capacity. int
name Workload profile type for the workloads to run on. string (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)