Microsoft.Batch batchAccounts 2023-11-01

Bicep resource definition

The batchAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Batch/batchAccounts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Batch/batchAccounts@2023-11-01' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    allowedAuthenticationModes: [
      'string'
    ]
    autoStorage: {
      authenticationMode: 'string'
      nodeIdentityReference: {
        resourceId: 'string'
      }
      storageAccountId: 'string'
    }
    encryption: {
      keySource: 'string'
      keyVaultProperties: {
        keyIdentifier: 'string'
      }
    }
    keyVaultReference: {
      id: 'string'
      url: 'string'
    }
    networkProfile: {
      accountAccess: {
        defaultAction: 'string'
        ipRules: [
          {
            action: 'Allow'
            value: 'string'
          }
        ]
      }
      nodeManagementAccess: {
        defaultAction: 'string'
        ipRules: [
          {
            action: 'Allow'
            value: 'string'
          }
        ]
      }
    }
    poolAllocationMode: 'string'
    publicNetworkAccess: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AutoStorageBasePropertiesOrAutoStorageProperties

Name Description Value
authenticationMode The authentication mode which the Batch service will use to manage the auto-storage account. 'BatchAccountManagedIdentity'
'StorageKeys'
nodeIdentityReference The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. ComputeNodeIdentityReference
storageAccountId The resource ID of the storage account to be used for auto-storage account. string (required)

BatchAccountCreateParametersTags

Name Description Value

BatchAccountCreatePropertiesOrBatchAccountProperties

Name Description Value
allowedAuthenticationModes List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. String array containing any of:
'AAD'
'SharedKey'
'TaskAuthenticationToken'
autoStorage The properties related to the auto-storage account. AutoStorageBasePropertiesOrAutoStorageProperties
encryption Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. EncryptionProperties
keyVaultReference A reference to the Azure key vault associated with the Batch account. KeyVaultReference
networkProfile The network profile only takes effect when publicNetworkAccess is enabled. NetworkProfile
poolAllocationMode The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. 'BatchService'
'UserSubscription'
publicNetworkAccess If not specified, the default value is 'enabled'. 'Disabled'
'Enabled'

BatchAccountIdentity

Name Description Value
type The type of identity used for the Batch account. 'None'
'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the Batch account. BatchAccountIdentityUserAssignedIdentities

BatchAccountIdentityUserAssignedIdentities

Name Description Value

ComputeNodeIdentityReference

Name Description Value
resourceId The ARM resource id of the user assigned identity. string

EncryptionProperties

Name Description Value
keySource Type of the key source. 'Microsoft.Batch'
'Microsoft.KeyVault'
keyVaultProperties Additional details when using Microsoft.KeyVault KeyVaultProperties

EndpointAccessProfile

Name Description Value
defaultAction Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. 'Allow'
'Deny' (required)
ipRules Array of IP ranges to filter client IP address. IPRule[]

IPRule

Name Description Value
action Action when client IP address is matched. 'Allow' (required)
value IPv4 address, or IPv4 address range in CIDR format. string (required)

KeyVaultProperties

Name Description Value
keyIdentifier Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:

The Batch Account has a System Assigned identity
The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions
The KeyVault has soft-delete and purge protection enabled
string

KeyVaultReference

Name Description Value
id The resource ID of the Azure key vault associated with the Batch account. string (required)
url The URL of the Azure key vault associated with the Batch account. string (required)

Microsoft.Batch/batchAccounts

Name Description Value
identity The identity of the Batch account. BatchAccountIdentity
location The region in which to create the account. string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-z0-9]+$ (required)
properties The properties of the Batch account. BatchAccountCreatePropertiesOrBatchAccountProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

NetworkProfile

Name Description Value
accountAccess Network access profile for batchAccount endpoint (Batch account data plane API). EndpointAccessProfile
nodeManagementAccess Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). EndpointAccessProfile

UserAssignedIdentities

Name Description Value

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure Batch pool without public IP addresses This template creates Azure Batch simplified node communication pool without public IP addresses.
Create a Batch Account using a template This template creates a Batch Account and a storage account.

ARM template resource definition

The batchAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Batch/batchAccounts resource, add the following JSON to your template.

{
  "type": "Microsoft.Batch/batchAccounts",
  "apiVersion": "2023-11-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "allowedAuthenticationModes": [ "string" ],
    "autoStorage": {
      "authenticationMode": "string",
      "nodeIdentityReference": {
        "resourceId": "string"
      },
      "storageAccountId": "string"
    },
    "encryption": {
      "keySource": "string",
      "keyVaultProperties": {
        "keyIdentifier": "string"
      }
    },
    "keyVaultReference": {
      "id": "string",
      "url": "string"
    },
    "networkProfile": {
      "accountAccess": {
        "defaultAction": "string",
        "ipRules": [
          {
            "action": "Allow",
            "value": "string"
          }
        ]
      },
      "nodeManagementAccess": {
        "defaultAction": "string",
        "ipRules": [
          {
            "action": "Allow",
            "value": "string"
          }
        ]
      }
    },
    "poolAllocationMode": "string",
    "publicNetworkAccess": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AutoStorageBasePropertiesOrAutoStorageProperties

Name Description Value
authenticationMode The authentication mode which the Batch service will use to manage the auto-storage account. 'BatchAccountManagedIdentity'
'StorageKeys'
nodeIdentityReference The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. ComputeNodeIdentityReference
storageAccountId The resource ID of the storage account to be used for auto-storage account. string (required)

BatchAccountCreateParametersTags

Name Description Value

BatchAccountCreatePropertiesOrBatchAccountProperties

Name Description Value
allowedAuthenticationModes List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. String array containing any of:
'AAD'
'SharedKey'
'TaskAuthenticationToken'
autoStorage The properties related to the auto-storage account. AutoStorageBasePropertiesOrAutoStorageProperties
encryption Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. EncryptionProperties
keyVaultReference A reference to the Azure key vault associated with the Batch account. KeyVaultReference
networkProfile The network profile only takes effect when publicNetworkAccess is enabled. NetworkProfile
poolAllocationMode The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. 'BatchService'
'UserSubscription'
publicNetworkAccess If not specified, the default value is 'enabled'. 'Disabled'
'Enabled'

BatchAccountIdentity

Name Description Value
type The type of identity used for the Batch account. 'None'
'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the Batch account. BatchAccountIdentityUserAssignedIdentities

BatchAccountIdentityUserAssignedIdentities

Name Description Value

ComputeNodeIdentityReference

Name Description Value
resourceId The ARM resource id of the user assigned identity. string

EncryptionProperties

Name Description Value
keySource Type of the key source. 'Microsoft.Batch'
'Microsoft.KeyVault'
keyVaultProperties Additional details when using Microsoft.KeyVault KeyVaultProperties

EndpointAccessProfile

Name Description Value
defaultAction Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. 'Allow'
'Deny' (required)
ipRules Array of IP ranges to filter client IP address. IPRule[]

IPRule

Name Description Value
action Action when client IP address is matched. 'Allow' (required)
value IPv4 address, or IPv4 address range in CIDR format. string (required)

KeyVaultProperties

Name Description Value
keyIdentifier Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:

The Batch Account has a System Assigned identity
The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions
The KeyVault has soft-delete and purge protection enabled
string

KeyVaultReference

Name Description Value
id The resource ID of the Azure key vault associated with the Batch account. string (required)
url The URL of the Azure key vault associated with the Batch account. string (required)

Microsoft.Batch/batchAccounts

Name Description Value
apiVersion The api version '2023-11-01'
identity The identity of the Batch account. BatchAccountIdentity
location The region in which to create the account. string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-z0-9]+$ (required)
properties The properties of the Batch account. BatchAccountCreatePropertiesOrBatchAccountProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Batch/batchAccounts'

NetworkProfile

Name Description Value
accountAccess Network access profile for batchAccount endpoint (Batch account data plane API). EndpointAccessProfile
nodeManagementAccess Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). EndpointAccessProfile

UserAssignedIdentities

Name Description Value

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.
Create a Batch Account using a template

Deploy to Azure
This template creates a Batch Account and a storage account.

Terraform (AzAPI provider) resource definition

The batchAccounts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Batch/batchAccounts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Batch/batchAccounts@2023-11-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      allowedAuthenticationModes = [
        "string"
      ]
      autoStorage = {
        authenticationMode = "string"
        nodeIdentityReference = {
          resourceId = "string"
        }
        storageAccountId = "string"
      }
      encryption = {
        keySource = "string"
        keyVaultProperties = {
          keyIdentifier = "string"
        }
      }
      keyVaultReference = {
        id = "string"
        url = "string"
      }
      networkProfile = {
        accountAccess = {
          defaultAction = "string"
          ipRules = [
            {
              action = "Allow"
              value = "string"
            }
          ]
        }
        nodeManagementAccess = {
          defaultAction = "string"
          ipRules = [
            {
              action = "Allow"
              value = "string"
            }
          ]
        }
      }
      poolAllocationMode = "string"
      publicNetworkAccess = "string"
    }
  })
}

Property values

AutoStorageBasePropertiesOrAutoStorageProperties

Name Description Value
authenticationMode The authentication mode which the Batch service will use to manage the auto-storage account. 'BatchAccountManagedIdentity'
'StorageKeys'
nodeIdentityReference The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. ComputeNodeIdentityReference
storageAccountId The resource ID of the storage account to be used for auto-storage account. string (required)

BatchAccountCreateParametersTags

Name Description Value

BatchAccountCreatePropertiesOrBatchAccountProperties

Name Description Value
allowedAuthenticationModes List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. String array containing any of:
'AAD'
'SharedKey'
'TaskAuthenticationToken'
autoStorage The properties related to the auto-storage account. AutoStorageBasePropertiesOrAutoStorageProperties
encryption Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. EncryptionProperties
keyVaultReference A reference to the Azure key vault associated with the Batch account. KeyVaultReference
networkProfile The network profile only takes effect when publicNetworkAccess is enabled. NetworkProfile
poolAllocationMode The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. 'BatchService'
'UserSubscription'
publicNetworkAccess If not specified, the default value is 'enabled'. 'Disabled'
'Enabled'

BatchAccountIdentity

Name Description Value
type The type of identity used for the Batch account. 'None'
'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the Batch account. BatchAccountIdentityUserAssignedIdentities

BatchAccountIdentityUserAssignedIdentities

Name Description Value

ComputeNodeIdentityReference

Name Description Value
resourceId The ARM resource id of the user assigned identity. string

EncryptionProperties

Name Description Value
keySource Type of the key source. 'Microsoft.Batch'
'Microsoft.KeyVault'
keyVaultProperties Additional details when using Microsoft.KeyVault KeyVaultProperties

EndpointAccessProfile

Name Description Value
defaultAction Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. 'Allow'
'Deny' (required)
ipRules Array of IP ranges to filter client IP address. IPRule[]

IPRule

Name Description Value
action Action when client IP address is matched. 'Allow' (required)
value IPv4 address, or IPv4 address range in CIDR format. string (required)

KeyVaultProperties

Name Description Value
keyIdentifier Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:

The Batch Account has a System Assigned identity
The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions
The KeyVault has soft-delete and purge protection enabled
string

KeyVaultReference

Name Description Value
id The resource ID of the Azure key vault associated with the Batch account. string (required)
url The URL of the Azure key vault associated with the Batch account. string (required)

Microsoft.Batch/batchAccounts

Name Description Value
identity The identity of the Batch account. BatchAccountIdentity
location The region in which to create the account. string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-z0-9]+$ (required)
properties The properties of the Batch account. BatchAccountCreatePropertiesOrBatchAccountProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Batch/batchAccounts@2023-11-01"

NetworkProfile

Name Description Value
accountAccess Network access profile for batchAccount endpoint (Batch account data plane API). EndpointAccessProfile
nodeManagementAccess Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). EndpointAccessProfile

UserAssignedIdentities

Name Description Value