Microsoft.Blueprint blueprintAssignments

Bicep resource definition

The blueprintAssignments resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

The blueprintAssignments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Blueprint/blueprintAssignments resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview' = {
  name: 'string'
  location: 'string'
  scope: resourceSymbolicName
  identity: {
    principalId: 'string'
    tenantId: 'string'
    type: 'string'
    userAssignedIdentities: {}
  }
  properties: {
    blueprintId: 'string'
    description: 'string'
    displayName: 'string'
    locks: {
      excludedPrincipals: [
        'string'
      ]
      mode: 'string'
    }
    parameters: {}
    resourceGroups: {}
    scope: 'string'
  }
}

Property values

blueprintAssignments

Name Description Value
name The resource name string (required)

Character limit: 90

Valid characters:
Alphanumerics, underscores, and hyphens.
location The location of this blueprint assignment. string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
identity Managed identity for this blueprint assignment. ManagedServiceIdentity (required)
properties Properties for blueprint assignment object. AssignmentProperties (required)

ManagedServiceIdentity

Name Description Value
principalId Azure Active Directory principal ID associated with this Identity. string
tenantId ID of the Azure Active Directory. string
type Type of the managed identity. 'None'
'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. object

AssignmentProperties

Name Description Value
blueprintId ID of the published version of a blueprint definition. string
description Multi-line explain this resource. string
displayName One-liner string explain this resource. string
locks Defines how resources deployed by a blueprint assignment are locked. AssignmentLockSettings
parameters Blueprint assignment parameter values. object (required)
resourceGroups Names and locations of resource group placeholders. object (required)
scope The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. string

AssignmentLockSettings

Name Description Value
excludedPrincipals List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. string[]
mode Lock mode. 'AllResourcesDoNotDelete'
'AllResourcesReadOnly'
'None'

ARM template resource definition

The blueprintAssignments resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

The blueprintAssignments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Blueprint/blueprintAssignments resource, add the following JSON to your template.

{
  "type": "Microsoft.Blueprint/blueprintAssignments",
  "apiVersion": "2018-11-01-preview",
  "name": "string",
  "location": "string",
  "scope": "string",
  "identity": {
    "principalId": "string",
    "tenantId": "string",
    "type": "string",
    "userAssignedIdentities": {}
  },
  "properties": {
    "blueprintId": "string",
    "description": "string",
    "displayName": "string",
    "locks": {
      "excludedPrincipals": [ "string" ],
      "mode": "string"
    },
    "parameters": {},
    "resourceGroups": {},
    "scope": "string"
  }
}

Property values

blueprintAssignments

Name Description Value
type The resource type 'Microsoft.Blueprint/blueprintAssignments'
apiVersion The resource api version '2018-11-01-preview'
name The resource name string (required)

Character limit: 90

Valid characters:
Alphanumerics, underscores, and hyphens.
location The location of this blueprint assignment. string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
identity Managed identity for this blueprint assignment. ManagedServiceIdentity (required)
properties Properties for blueprint assignment object. AssignmentProperties (required)

ManagedServiceIdentity

Name Description Value
principalId Azure Active Directory principal ID associated with this Identity. string
tenantId ID of the Azure Active Directory. string
type Type of the managed identity. 'None'
'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. object

AssignmentProperties

Name Description Value
blueprintId ID of the published version of a blueprint definition. string
description Multi-line explain this resource. string
displayName One-liner string explain this resource. string
locks Defines how resources deployed by a blueprint assignment are locked. AssignmentLockSettings
parameters Blueprint assignment parameter values. object (required)
resourceGroups Names and locations of resource group placeholders. object (required)
scope The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. string

AssignmentLockSettings

Name Description Value
excludedPrincipals List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. string[]
mode Lock mode. 'AllResourcesDoNotDelete'
'AllResourcesReadOnly'
'None'

Terraform (AzAPI provider) resource definition

The blueprintAssignments resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

The blueprintAssignments resource type can be deployed with operations that target:

  • Resource groups
  • Subscriptions
  • Management groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Blueprint/blueprintAssignments resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = []
  }
  body = jsonencode({
    properties = {
      blueprintId = "string"
      description = "string"
      displayName = "string"
      locks = {
        excludedPrincipals = [
          "string"
        ]
        mode = "string"
      }
      parameters = {}
      resourceGroups = {}
      scope = "string"
    }
  })
}

Property values

blueprintAssignments

Name Description Value
type The resource type "Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview"
name The resource name string (required)

Character limit: 90

Valid characters:
Alphanumerics, underscores, and hyphens.
location The location of this blueprint assignment. string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
identity Managed identity for this blueprint assignment. ManagedServiceIdentity (required)
properties Properties for blueprint assignment object. AssignmentProperties (required)

ManagedServiceIdentity

Name Description Value
type Type of the managed identity. "SystemAssigned"
"UserAssigned" (required)
identity_ids The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. Array of user identity IDs.

AssignmentProperties

Name Description Value
blueprintId ID of the published version of a blueprint definition. string
description Multi-line explain this resource. string
displayName One-liner string explain this resource. string
locks Defines how resources deployed by a blueprint assignment are locked. AssignmentLockSettings
parameters Blueprint assignment parameter values. object (required)
resourceGroups Names and locations of resource group placeholders. object (required)
scope The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. string

AssignmentLockSettings

Name Description Value
excludedPrincipals List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. string[]
mode Lock mode. "AllResourcesDoNotDelete"
"AllResourcesReadOnly"
"None"