Microsoft.Blueprint blueprintAssignments
Bicep resource definition
The blueprintAssignments resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
The blueprintAssignments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Blueprint/blueprintAssignments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview' = {
name: 'string'
location: 'string'
scope: resourceSymbolicName
identity: {
principalId: 'string'
tenantId: 'string'
type: 'string'
userAssignedIdentities: {}
}
properties: {
blueprintId: 'string'
description: 'string'
displayName: 'string'
locks: {
excludedPrincipals: [
'string'
]
mode: 'string'
}
parameters: {}
resourceGroups: {}
scope: 'string'
}
}
Property values
blueprintAssignments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 90 Valid characters: Alphanumerics, underscores, and hyphens. |
| location | The location of this blueprint assignment. | string (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
| identity | Managed identity for this blueprint assignment. | ManagedServiceIdentity (required) |
| properties | Properties for blueprint assignment object. | AssignmentProperties (required) |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
| tenantId | ID of the Azure Active Directory. | string |
| type | Type of the managed identity. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. | object |
AssignmentProperties
| Name | Description | Value |
|---|---|---|
| blueprintId | ID of the published version of a blueprint definition. | string |
| description | Multi-line explain this resource. | string |
| displayName | One-liner string explain this resource. | string |
| locks | Defines how resources deployed by a blueprint assignment are locked. | AssignmentLockSettings |
| parameters | Blueprint assignment parameter values. | object (required) |
| resourceGroups | Names and locations of resource group placeholders. | object (required) |
| scope | The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. | string |
AssignmentLockSettings
| Name | Description | Value |
|---|---|---|
| excludedPrincipals | List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. | string[] |
| mode | Lock mode. | 'AllResourcesDoNotDelete' 'AllResourcesReadOnly' 'None' |
ARM template resource definition
The blueprintAssignments resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
The blueprintAssignments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Blueprint/blueprintAssignments resource, add the following JSON to your template.
{
"type": "Microsoft.Blueprint/blueprintAssignments",
"apiVersion": "2018-11-01-preview",
"name": "string",
"location": "string",
"scope": "string",
"identity": {
"principalId": "string",
"tenantId": "string",
"type": "string",
"userAssignedIdentities": {}
},
"properties": {
"blueprintId": "string",
"description": "string",
"displayName": "string",
"locks": {
"excludedPrincipals": [ "string" ],
"mode": "string"
},
"parameters": {},
"resourceGroups": {},
"scope": "string"
}
}
Property values
blueprintAssignments
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Blueprint/blueprintAssignments' |
| apiVersion | The resource api version | '2018-11-01-preview' |
| name | The resource name | string (required) Character limit: 90 Valid characters: Alphanumerics, underscores, and hyphens. |
| location | The location of this blueprint assignment. | string (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
| identity | Managed identity for this blueprint assignment. | ManagedServiceIdentity (required) |
| properties | Properties for blueprint assignment object. | AssignmentProperties (required) |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| principalId | Azure Active Directory principal ID associated with this Identity. | string |
| tenantId | ID of the Azure Active Directory. | string |
| type | Type of the managed identity. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. | object |
AssignmentProperties
| Name | Description | Value |
|---|---|---|
| blueprintId | ID of the published version of a blueprint definition. | string |
| description | Multi-line explain this resource. | string |
| displayName | One-liner string explain this resource. | string |
| locks | Defines how resources deployed by a blueprint assignment are locked. | AssignmentLockSettings |
| parameters | Blueprint assignment parameter values. | object (required) |
| resourceGroups | Names and locations of resource group placeholders. | object (required) |
| scope | The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. | string |
AssignmentLockSettings
| Name | Description | Value |
|---|---|---|
| excludedPrincipals | List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. | string[] |
| mode | Lock mode. | 'AllResourcesDoNotDelete' 'AllResourcesReadOnly' 'None' |
Terraform (AzAPI provider) resource definition
The blueprintAssignments resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id property on this resource to set the scope for this resource.
The blueprintAssignments resource type can be deployed with operations that target:
- Resource groups
- Subscriptions
- Management groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Blueprint/blueprintAssignments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview"
name = "string"
location = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
blueprintId = "string"
description = "string"
displayName = "string"
locks = {
excludedPrincipals = [
"string"
]
mode = "string"
}
parameters = {}
resourceGroups = {}
scope = "string"
}
})
}
Property values
blueprintAssignments
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Blueprint/blueprintAssignments@2018-11-01-preview" |
| name | The resource name | string (required) Character limit: 90 Valid characters: Alphanumerics, underscores, and hyphens. |
| location | The location of this blueprint assignment. | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| identity | Managed identity for this blueprint assignment. | ManagedServiceIdentity (required) |
| properties | Properties for blueprint assignment object. | AssignmentProperties (required) |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of the managed identity. | "SystemAssigned" "UserAssigned" (required) |
| identity_ids | The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. | Array of user identity IDs. |
AssignmentProperties
| Name | Description | Value |
|---|---|---|
| blueprintId | ID of the published version of a blueprint definition. | string |
| description | Multi-line explain this resource. | string |
| displayName | One-liner string explain this resource. | string |
| locks | Defines how resources deployed by a blueprint assignment are locked. | AssignmentLockSettings |
| parameters | Blueprint assignment parameter values. | object (required) |
| resourceGroups | Names and locations of resource group placeholders. | object (required) |
| scope | The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required. | string |
AssignmentLockSettings
| Name | Description | Value |
|---|---|---|
| excludedPrincipals | List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. | string[] |
| mode | Lock mode. | "AllResourcesDoNotDelete" "AllResourcesReadOnly" "None" |