Microsoft.Blueprint blueprintAssignments 2018-11-01-preview
Bicep resource definition
The blueprintAssignments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Blueprint/blueprintAssignments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview' = {
scope: resourceSymbolicName or scope
identity: {
principalId: 'string'
tenantId: 'string'
type: 'string'
userAssignedIdentities: {
{customized property}: {
clientId: 'string'
principalId: 'string'
}
}
}
location: 'string'
name: 'string'
properties: {
blueprintId: 'string'
description: 'string'
displayName: 'string'
locks: {
excludedActions: [
'string'
]
excludedPrincipals: [
'string'
]
mode: 'string'
}
parameters: {
{customized property}: {
reference: {
keyVault: {
id: 'string'
}
secretName: 'string'
secretVersion: 'string'
}
value: any(Azure.Bicep.Types.Concrete.AnyType)
}
}
resourceGroups: {
{customized property}: {
location: 'string'
name: 'string'
}
}
scope: 'string'
}
}
Property values
AssignmentLockSettings
| Name | Description | Value |
|---|---|---|
| excludedActions | List of management operations that are excluded from blueprint locks. Up to 200 actions are permitted. If the lock mode is set to 'AllResourcesReadOnly', then the following actions are automatically appended to 'excludedActions': '*/read', 'Microsoft.Network/virtualNetworks/subnets/join/action' and 'Microsoft.Authorization/locks/delete'. If the lock mode is set to 'AllResourcesDoNotDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will get removed. | string[] |
| excludedPrincipals | List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. | string[] |
| mode | Lock mode. | 'AllResourcesDoNotDelete' 'AllResourcesReadOnly' 'None' |
AssignmentProperties
| Name | Description | Value |
|---|---|---|
| blueprintId | ID of the published version of a blueprint definition. | string |
| description | Multi-line explain this resource. | string Constraints: Max length = |
| displayName | One-liner string explain this resource. | string Constraints: Max length = |
| locks | Defines how resources deployed by a blueprint assignment are locked. | AssignmentLockSettings |
| parameters | Blueprint assignment parameter values. | AssignmentPropertiesParameters (required) |
| resourceGroups | Names and locations of resource group placeholders. | AssignmentPropertiesResourceGroups (required) |
| scope | The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. | string |
AssignmentPropertiesParameters
| Name | Description | Value |
|---|
AssignmentPropertiesResourceGroups
| Name | Description | Value |
|---|
KeyVaultReference
| Name | Description | Value |
|---|---|---|
| id | Azure resource ID of the Key Vault. | string (required) |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
| tenantId | ID of the Azure Active Directory. | string |
| type | Type of the managed identity. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
Microsoft.Blueprint/blueprintAssignments
| Name | Description | Value |
|---|---|---|
| identity | Managed identity for this blueprint assignment. | ManagedServiceIdentity (required) |
| location | The location of this blueprint assignment. | string (required) |
| name | The resource name | string (required) |
| properties | Properties for blueprint assignment object. | AssignmentProperties (required) |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
ParameterValue
| Name | Description | Value |
|---|---|---|
| reference | Parameter value as reference type. | SecretValueReference |
| value | Parameter value. Any valid JSON value is allowed including objects, arrays, strings, numbers and booleans. | any |
ResourceGroupValue
| Name | Description | Value |
|---|---|---|
| location | Location of the resource group. | string |
| name | Name of the resource group. | string Constraints: Min length = 1 Max length = 1 |
SecretValueReference
| Name | Description | Value |
|---|---|---|
| keyVault | Specifies the reference to a given Azure Key Vault. | KeyVaultReference (required) |
| secretName | Name of the secret. | string (required) |
| secretVersion | The version of the secret to use. If left blank, the latest version of the secret is used. | string |
UserAssignedIdentity
| Name | Description | Value |
|---|---|---|
| clientId | Client App Id associated with this identity. | string |
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
ARM template resource definition
The blueprintAssignments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Blueprint/blueprintAssignments resource, add the following JSON to your template.
{
"type": "Microsoft.Blueprint/blueprintAssignments",
"apiVersion": "2018-11-01-preview",
"name": "string",
"identity": {
"principalId": "string",
"tenantId": "string",
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
"clientId": "string",
"principalId": "string"
}
}
},
"location": "string",
"properties": {
"blueprintId": "string",
"description": "string",
"displayName": "string",
"locks": {
"excludedActions": [ "string" ],
"excludedPrincipals": [ "string" ],
"mode": "string"
},
"parameters": {
"{customized property}": {
"reference": {
"keyVault": {
"id": "string"
},
"secretName": "string",
"secretVersion": "string"
},
"value": {}
}
},
"resourceGroups": {
"{customized property}": {
"location": "string",
"name": "string"
}
},
"scope": "string"
}
}
Property values
AssignmentLockSettings
| Name | Description | Value |
|---|---|---|
| excludedActions | List of management operations that are excluded from blueprint locks. Up to 200 actions are permitted. If the lock mode is set to 'AllResourcesReadOnly', then the following actions are automatically appended to 'excludedActions': '*/read', 'Microsoft.Network/virtualNetworks/subnets/join/action' and 'Microsoft.Authorization/locks/delete'. If the lock mode is set to 'AllResourcesDoNotDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will get removed. | string[] |
| excludedPrincipals | List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. | string[] |
| mode | Lock mode. | 'AllResourcesDoNotDelete' 'AllResourcesReadOnly' 'None' |
AssignmentProperties
| Name | Description | Value |
|---|---|---|
| blueprintId | ID of the published version of a blueprint definition. | string |
| description | Multi-line explain this resource. | string Constraints: Max length = |
| displayName | One-liner string explain this resource. | string Constraints: Max length = |
| locks | Defines how resources deployed by a blueprint assignment are locked. | AssignmentLockSettings |
| parameters | Blueprint assignment parameter values. | AssignmentPropertiesParameters (required) |
| resourceGroups | Names and locations of resource group placeholders. | AssignmentPropertiesResourceGroups (required) |
| scope | The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. | string |
AssignmentPropertiesParameters
| Name | Description | Value |
|---|
AssignmentPropertiesResourceGroups
| Name | Description | Value |
|---|
KeyVaultReference
| Name | Description | Value |
|---|---|---|
| id | Azure resource ID of the Key Vault. | string (required) |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
| tenantId | ID of the Azure Active Directory. | string |
| type | Type of the managed identity. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
Microsoft.Blueprint/blueprintAssignments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2018-11-01-preview' |
| identity | Managed identity for this blueprint assignment. | ManagedServiceIdentity (required) |
| location | The location of this blueprint assignment. | string (required) |
| name | The resource name | string (required) |
| properties | Properties for blueprint assignment object. | AssignmentProperties (required) |
| type | The resource type | 'Microsoft.Blueprint/blueprintAssignments' |
ParameterValue
| Name | Description | Value |
|---|---|---|
| reference | Parameter value as reference type. | SecretValueReference |
| value | Parameter value. Any valid JSON value is allowed including objects, arrays, strings, numbers and booleans. | any |
ResourceGroupValue
| Name | Description | Value |
|---|---|---|
| location | Location of the resource group. | string |
| name | Name of the resource group. | string Constraints: Min length = 1 Max length = 1 |
SecretValueReference
| Name | Description | Value |
|---|---|---|
| keyVault | Specifies the reference to a given Azure Key Vault. | KeyVaultReference (required) |
| secretName | Name of the secret. | string (required) |
| secretVersion | The version of the secret to use. If left blank, the latest version of the secret is used. | string |
UserAssignedIdentity
| Name | Description | Value |
|---|---|---|
| clientId | Client App Id associated with this identity. | string |
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
Terraform (AzAPI provider) resource definition
The blueprintAssignments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Blueprint/blueprintAssignments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview"
name = "string"
parent_id = "string"
identity = {
principalId = "string"
tenantId = "string"
type = "string"
userAssignedIdentities = {
{customized property} = {
clientId = "string"
principalId = "string"
}
}
}
location = "string"
body = jsonencode({
properties = {
blueprintId = "string"
description = "string"
displayName = "string"
locks = {
excludedActions = [
"string"
]
excludedPrincipals = [
"string"
]
mode = "string"
}
parameters = {
{customized property} = {
reference = {
keyVault = {
id = "string"
}
secretName = "string"
secretVersion = "string"
}
value = ?
}
}
resourceGroups = {
{customized property} = {
location = "string"
name = "string"
}
}
scope = "string"
}
})
}
Property values
AssignmentLockSettings
| Name | Description | Value |
|---|---|---|
| excludedActions | List of management operations that are excluded from blueprint locks. Up to 200 actions are permitted. If the lock mode is set to 'AllResourcesReadOnly', then the following actions are automatically appended to 'excludedActions': '*/read', 'Microsoft.Network/virtualNetworks/subnets/join/action' and 'Microsoft.Authorization/locks/delete'. If the lock mode is set to 'AllResourcesDoNotDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will get removed. | string[] |
| excludedPrincipals | List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. | string[] |
| mode | Lock mode. | 'AllResourcesDoNotDelete' 'AllResourcesReadOnly' 'None' |
AssignmentProperties
| Name | Description | Value |
|---|---|---|
| blueprintId | ID of the published version of a blueprint definition. | string |
| description | Multi-line explain this resource. | string Constraints: Max length = |
| displayName | One-liner string explain this resource. | string Constraints: Max length = |
| locks | Defines how resources deployed by a blueprint assignment are locked. | AssignmentLockSettings |
| parameters | Blueprint assignment parameter values. | AssignmentPropertiesParameters (required) |
| resourceGroups | Names and locations of resource group placeholders. | AssignmentPropertiesResourceGroups (required) |
| scope | The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. | string |
AssignmentPropertiesParameters
| Name | Description | Value |
|---|
AssignmentPropertiesResourceGroups
| Name | Description | Value |
|---|
KeyVaultReference
| Name | Description | Value |
|---|---|---|
| id | Azure resource ID of the Key Vault. | string (required) |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
| tenantId | ID of the Azure Active Directory. | string |
| type | Type of the managed identity. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
Microsoft.Blueprint/blueprintAssignments
| Name | Description | Value |
|---|---|---|
| identity | Managed identity for this blueprint assignment. | ManagedServiceIdentity (required) |
| location | The location of this blueprint assignment. | string (required) |
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Properties for blueprint assignment object. | AssignmentProperties (required) |
| type | The resource type | "Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview" |
ParameterValue
| Name | Description | Value |
|---|---|---|
| reference | Parameter value as reference type. | SecretValueReference |
| value | Parameter value. Any valid JSON value is allowed including objects, arrays, strings, numbers and booleans. | any |
ResourceGroupValue
| Name | Description | Value |
|---|---|---|
| location | Location of the resource group. | string |
| name | Name of the resource group. | string Constraints: Min length = 1 Max length = 1 |
SecretValueReference
| Name | Description | Value |
|---|---|---|
| keyVault | Specifies the reference to a given Azure Key Vault. | KeyVaultReference (required) |
| secretName | Name of the secret. | string (required) |
| secretVersion | The version of the secret to use. If left blank, the latest version of the secret is used. | string |
UserAssignedIdentity
| Name | Description | Value |
|---|---|---|
| clientId | Client App Id associated with this identity. | string |
| principalId | Azure Active Directory principal ID associated with this Identity. | string |