Microsoft.Batch batchAccounts 2023-11-01
Bicep resource definition
The batchAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Batch/batchAccounts@2023-11-01' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
allowedAuthenticationModes: [
'string'
]
autoStorage: {
authenticationMode: 'string'
nodeIdentityReference: {
resourceId: 'string'
}
storageAccountId: 'string'
}
encryption: {
keySource: 'string'
keyVaultProperties: {
keyIdentifier: 'string'
}
}
keyVaultReference: {
id: 'string'
url: 'string'
}
networkProfile: {
accountAccess: {
defaultAction: 'string'
ipRules: [
{
action: 'Allow'
value: 'string'
}
]
}
nodeManagementAccess: {
defaultAction: 'string'
ipRules: [
{
action: 'Allow'
value: 'string'
}
]
}
}
poolAllocationMode: 'string'
publicNetworkAccess: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
AutoStorageBasePropertiesOrAutoStorageProperties
Name | Description | Value |
---|---|---|
authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' |
nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference |
storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) |
BatchAccountCreateParametersTags
Name | Description | Value |
---|
BatchAccountCreatePropertiesOrBatchAccountProperties
Name | Description | Value |
---|---|---|
allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' |
autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties |
encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties |
keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference |
networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile |
poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. | 'BatchService' 'UserSubscription' |
publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' |
BatchAccountIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities |
BatchAccountIdentityUserAssignedIdentities
Name | Description | Value |
---|
ComputeNodeIdentityReference
Name | Description | Value |
---|---|---|
resourceId | The ARM resource id of the user assigned identity. | string |
EncryptionProperties
Name | Description | Value |
---|---|---|
keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' |
keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties |
EndpointAccessProfile
Name | Description | Value |
---|---|---|
defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) |
ipRules | Array of IP ranges to filter client IP address. | IPRule[] |
IPRule
Name | Description | Value |
---|---|---|
action | Action when client IP address is matched. | 'Allow' (required) |
value | IPv4 address, or IPv4 address range in CIDR format. | string (required) |
KeyVaultProperties
Name | Description | Value |
---|---|---|
keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met: The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled |
string |
KeyVaultReference
Name | Description | Value |
---|---|---|
id | The resource ID of the Azure key vault associated with the Batch account. | string (required) |
url | The URL of the Azure key vault associated with the Batch account. | string (required) |
Microsoft.Batch/batchAccounts
Name | Description | Value |
---|---|---|
identity | The identity of the Batch account. | BatchAccountIdentity |
location | The region in which to create the account. | string (required) |
name | The resource name | string Constraints: Min length = 3 Max length = 3 Pattern = ^[a-z0-9]+$ (required) |
properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NetworkProfile
Name | Description | Value |
---|---|---|
accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile |
nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile |
UserAssignedIdentities
Name | Description | Value |
---|
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Azure Batch pool without public IP addresses | This template creates Azure Batch simplified node communication pool without public IP addresses. |
Create a Batch Account using a template | This template creates a Batch Account and a storage account. |
ARM template resource definition
The batchAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following JSON to your template.
{
"type": "Microsoft.Batch/batchAccounts",
"apiVersion": "2023-11-01",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"allowedAuthenticationModes": [ "string" ],
"autoStorage": {
"authenticationMode": "string",
"nodeIdentityReference": {
"resourceId": "string"
},
"storageAccountId": "string"
},
"encryption": {
"keySource": "string",
"keyVaultProperties": {
"keyIdentifier": "string"
}
},
"keyVaultReference": {
"id": "string",
"url": "string"
},
"networkProfile": {
"accountAccess": {
"defaultAction": "string",
"ipRules": [
{
"action": "Allow",
"value": "string"
}
]
},
"nodeManagementAccess": {
"defaultAction": "string",
"ipRules": [
{
"action": "Allow",
"value": "string"
}
]
}
},
"poolAllocationMode": "string",
"publicNetworkAccess": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
AutoStorageBasePropertiesOrAutoStorageProperties
Name | Description | Value |
---|---|---|
authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' |
nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference |
storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) |
BatchAccountCreateParametersTags
Name | Description | Value |
---|
BatchAccountCreatePropertiesOrBatchAccountProperties
Name | Description | Value |
---|---|---|
allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' |
autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties |
encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties |
keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference |
networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile |
poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. | 'BatchService' 'UserSubscription' |
publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' |
BatchAccountIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities |
BatchAccountIdentityUserAssignedIdentities
Name | Description | Value |
---|
ComputeNodeIdentityReference
Name | Description | Value |
---|---|---|
resourceId | The ARM resource id of the user assigned identity. | string |
EncryptionProperties
Name | Description | Value |
---|---|---|
keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' |
keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties |
EndpointAccessProfile
Name | Description | Value |
---|---|---|
defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) |
ipRules | Array of IP ranges to filter client IP address. | IPRule[] |
IPRule
Name | Description | Value |
---|---|---|
action | Action when client IP address is matched. | 'Allow' (required) |
value | IPv4 address, or IPv4 address range in CIDR format. | string (required) |
KeyVaultProperties
Name | Description | Value |
---|---|---|
keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met: The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled |
string |
KeyVaultReference
Name | Description | Value |
---|---|---|
id | The resource ID of the Azure key vault associated with the Batch account. | string (required) |
url | The URL of the Azure key vault associated with the Batch account. | string (required) |
Microsoft.Batch/batchAccounts
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2023-11-01' |
identity | The identity of the Batch account. | BatchAccountIdentity |
location | The region in which to create the account. | string (required) |
name | The resource name | string Constraints: Min length = 3 Max length = 3 Pattern = ^[a-z0-9]+$ (required) |
properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Batch/batchAccounts' |
NetworkProfile
Name | Description | Value |
---|---|---|
accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile |
nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile |
UserAssignedIdentities
Name | Description | Value |
---|
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Batch pool without public IP addresses |
This template creates Azure Batch simplified node communication pool without public IP addresses. |
Create a Batch Account using a template |
This template creates a Batch Account and a storage account. |
Terraform (AzAPI provider) resource definition
The batchAccounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Batch/batchAccounts@2023-11-01"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
allowedAuthenticationModes = [
"string"
]
autoStorage = {
authenticationMode = "string"
nodeIdentityReference = {
resourceId = "string"
}
storageAccountId = "string"
}
encryption = {
keySource = "string"
keyVaultProperties = {
keyIdentifier = "string"
}
}
keyVaultReference = {
id = "string"
url = "string"
}
networkProfile = {
accountAccess = {
defaultAction = "string"
ipRules = [
{
action = "Allow"
value = "string"
}
]
}
nodeManagementAccess = {
defaultAction = "string"
ipRules = [
{
action = "Allow"
value = "string"
}
]
}
}
poolAllocationMode = "string"
publicNetworkAccess = "string"
}
})
}
Property values
AutoStorageBasePropertiesOrAutoStorageProperties
Name | Description | Value |
---|---|---|
authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' |
nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference |
storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) |
BatchAccountCreateParametersTags
Name | Description | Value |
---|
BatchAccountCreatePropertiesOrBatchAccountProperties
Name | Description | Value |
---|---|---|
allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' |
autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties |
encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties |
keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference |
networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile |
poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Microsoft Entra ID. If the mode is UserSubscription, clients must use Microsoft Entra ID. The default is BatchService. | 'BatchService' 'UserSubscription' |
publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' |
BatchAccountIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities |
BatchAccountIdentityUserAssignedIdentities
Name | Description | Value |
---|
ComputeNodeIdentityReference
Name | Description | Value |
---|---|---|
resourceId | The ARM resource id of the user assigned identity. | string |
EncryptionProperties
Name | Description | Value |
---|---|---|
keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' |
keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties |
EndpointAccessProfile
Name | Description | Value |
---|---|---|
defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) |
ipRules | Array of IP ranges to filter client IP address. | IPRule[] |
IPRule
Name | Description | Value |
---|---|---|
action | Action when client IP address is matched. | 'Allow' (required) |
value | IPv4 address, or IPv4 address range in CIDR format. | string (required) |
KeyVaultProperties
Name | Description | Value |
---|---|---|
keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met: The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled |
string |
KeyVaultReference
Name | Description | Value |
---|---|---|
id | The resource ID of the Azure key vault associated with the Batch account. | string (required) |
url | The URL of the Azure key vault associated with the Batch account. | string (required) |
Microsoft.Batch/batchAccounts
Name | Description | Value |
---|---|---|
identity | The identity of the Batch account. | BatchAccountIdentity |
location | The region in which to create the account. | string (required) |
name | The resource name | string Constraints: Min length = 3 Max length = 3 Pattern = ^[a-z0-9]+$ (required) |
properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Batch/batchAccounts@2023-11-01" |
NetworkProfile
Name | Description | Value |
---|---|---|
accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile |
nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile |
UserAssignedIdentities
Name | Description | Value |
---|