Microsoft.Compute galleries/inVMAccessControlProfiles/versions
Bicep resource definition
The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03' = {
parent: resourceSymbolicName
location: 'string'
name: 'string'
properties: {
defaultAccess: 'string'
excludeFromLatest: bool
mode: 'string'
rules: {
identities: [
{
exePath: 'string'
groupName: 'string'
name: 'string'
processName: 'string'
userName: 'string'
}
]
privileges: [
{
name: 'string'
path: 'string'
queryParameters: {
{customized property}: 'string'
}
}
]
roleAssignments: [
{
identities: [
'string'
]
role: 'string'
}
]
roles: [
{
name: 'string'
privileges: [
'string'
]
}
]
}
targetLocations: [
{
additionalReplicaSets: [
{
regionalReplicaCount: int
storageAccountType: 'string'
}
]
encryption: {
dataDiskImages: [
{
diskEncryptionSetId: 'string'
lun: int
}
]
osDiskImage: {
diskEncryptionSetId: 'string'
securityProfile: {
confidentialVMEncryptionType: 'string'
secureVMDiskEncryptionSetId: 'string'
}
}
}
excludeFromLatest: bool
name: 'string'
regionalReplicaCount: int
storageAccountType: 'string'
}
]
}
tags: {
{customized property}: 'string'
}
}
Property values
AccessControlRules
Name | Description | Value |
---|---|---|
identities | A list of identities. | AccessControlRulesIdentity[] |
privileges | A list of privileges. | AccessControlRulesPrivilege[] |
roleAssignments | A list of role assignments. | AccessControlRulesRoleAssignment[] |
roles | A list of roles. | AccessControlRulesRole[] |
AccessControlRulesIdentity
Name | Description | Value |
---|---|---|
exePath | The path to the executable. | string |
groupName | The groupName corresponding to this identity. | string |
name | The name of the identity. | string (required) |
processName | The process name of the executable. | string |
userName | The username corresponding to this identity. | string |
AccessControlRulesPrivilege
Name | Description | Value |
---|---|---|
name | The name of the privilege. | string (required) |
path | The HTTP path corresponding to the privilege. | string (required) |
queryParameters | The query parameters to match in the path. | AccessControlRulesPrivilegeQueryParameters |
AccessControlRulesPrivilegeQueryParameters
Name | Description | Value |
---|
AccessControlRulesRole
Name | Description | Value |
---|---|---|
name | The name of the role. | string (required) |
privileges | A list of privileges needed by this role. | string[] (required) |
AccessControlRulesRoleAssignment
Name | Description | Value |
---|---|---|
identities | A list of identities that can access the privileges defined by the role. | string[] (required) |
role | The name of the role. | string (required) |
AdditionalReplicaSet
Name | Description | Value |
---|---|---|
regionalReplicaCount | The number of direct drive replicas of the Image Version to be created.This Property is updatable | int |
storageAccountType | Specifies the storage account type to be used to create the direct drive replicas | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
DataDiskImageEncryption
Name | Description | Value |
---|---|---|
diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
lun | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. | int (required) |
EncryptionImages
Name | Description | Value |
---|---|---|
dataDiskImages | A list of encryption specifications for data disk images. | DataDiskImageEncryption[] |
osDiskImage | Contains encryption settings for an OS disk image. | OSDiskImageEncryption |
GalleryInVMAccessControlProfileVersionProperties
Name | Description | Value |
---|---|---|
defaultAccess | This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. | 'Allow' 'Deny' (required) |
excludeFromLatest | If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. | bool |
mode | This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. | 'Audit' 'Disabled' 'Enforce' (required) |
rules | This is the Access Control Rules specification for an inVMAccessControlProfile version. | AccessControlRules |
targetLocations | The target regions where the Resource Profile version is going to be replicated to. This property is updatable. | TargetRegion[] |
Microsoft.Compute/galleries/inVMAccessControlProfiles/versions
Name | Description | Value |
---|---|---|
location | Resource location | string (required) |
name | The resource name | string Constraints: Pattern = ^[0-9]+\.[0-9]+\.[0-9]+$ (required) |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: galleries/inVMAccessControlProfiles |
properties | Describes the properties of an inVMAccessControlProfile version. | GalleryInVMAccessControlProfileVersionProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
OSDiskImageEncryption
Name | Description | Value |
---|---|---|
diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
securityProfile | This property specifies the security profile of an OS disk image. | OSDiskImageSecurityProfile |
OSDiskImageSecurityProfile
Name | Description | Value |
---|---|---|
confidentialVMEncryptionType | confidential VM encryption types | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' 'NonPersistedTPM' |
secureVMDiskEncryptionSetId | secure VM disk encryption set id | string |
ResourceTags
Name | Description | Value |
---|
TargetRegion
Name | Description | Value |
---|---|---|
additionalReplicaSets | List of storage sku with replica count to create direct drive replicas. | AdditionalReplicaSet[] |
encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. | EncryptionImages |
excludeFromLatest | Contains the flag setting to hide an image when users specify version='latest' | bool |
name | The name of the region. | string (required) |
regionalReplicaCount | The number of replicas of the Image Version to be created per region. This property is updatable. | int |
storageAccountType | Specifies the storage account type to be used to store the image. This property is not updatable. | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
ARM template resource definition
The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions",
"apiVersion": "2024-03-03",
"name": "string",
"location": "string",
"properties": {
"defaultAccess": "string",
"excludeFromLatest": "bool",
"mode": "string",
"rules": {
"identities": [
{
"exePath": "string",
"groupName": "string",
"name": "string",
"processName": "string",
"userName": "string"
}
],
"privileges": [
{
"name": "string",
"path": "string",
"queryParameters": {
"{customized property}": "string"
}
}
],
"roleAssignments": [
{
"identities": [ "string" ],
"role": "string"
}
],
"roles": [
{
"name": "string",
"privileges": [ "string" ]
}
]
},
"targetLocations": [
{
"additionalReplicaSets": [
{
"regionalReplicaCount": "int",
"storageAccountType": "string"
}
],
"encryption": {
"dataDiskImages": [
{
"diskEncryptionSetId": "string",
"lun": "int"
}
],
"osDiskImage": {
"diskEncryptionSetId": "string",
"securityProfile": {
"confidentialVMEncryptionType": "string",
"secureVMDiskEncryptionSetId": "string"
}
}
},
"excludeFromLatest": "bool",
"name": "string",
"regionalReplicaCount": "int",
"storageAccountType": "string"
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property values
AccessControlRules
Name | Description | Value |
---|---|---|
identities | A list of identities. | AccessControlRulesIdentity[] |
privileges | A list of privileges. | AccessControlRulesPrivilege[] |
roleAssignments | A list of role assignments. | AccessControlRulesRoleAssignment[] |
roles | A list of roles. | AccessControlRulesRole[] |
AccessControlRulesIdentity
Name | Description | Value |
---|---|---|
exePath | The path to the executable. | string |
groupName | The groupName corresponding to this identity. | string |
name | The name of the identity. | string (required) |
processName | The process name of the executable. | string |
userName | The username corresponding to this identity. | string |
AccessControlRulesPrivilege
Name | Description | Value |
---|---|---|
name | The name of the privilege. | string (required) |
path | The HTTP path corresponding to the privilege. | string (required) |
queryParameters | The query parameters to match in the path. | AccessControlRulesPrivilegeQueryParameters |
AccessControlRulesPrivilegeQueryParameters
Name | Description | Value |
---|
AccessControlRulesRole
Name | Description | Value |
---|---|---|
name | The name of the role. | string (required) |
privileges | A list of privileges needed by this role. | string[] (required) |
AccessControlRulesRoleAssignment
Name | Description | Value |
---|---|---|
identities | A list of identities that can access the privileges defined by the role. | string[] (required) |
role | The name of the role. | string (required) |
AdditionalReplicaSet
Name | Description | Value |
---|---|---|
regionalReplicaCount | The number of direct drive replicas of the Image Version to be created.This Property is updatable | int |
storageAccountType | Specifies the storage account type to be used to create the direct drive replicas | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
DataDiskImageEncryption
Name | Description | Value |
---|---|---|
diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
lun | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. | int (required) |
EncryptionImages
Name | Description | Value |
---|---|---|
dataDiskImages | A list of encryption specifications for data disk images. | DataDiskImageEncryption[] |
osDiskImage | Contains encryption settings for an OS disk image. | OSDiskImageEncryption |
GalleryInVMAccessControlProfileVersionProperties
Name | Description | Value |
---|---|---|
defaultAccess | This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. | 'Allow' 'Deny' (required) |
excludeFromLatest | If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. | bool |
mode | This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. | 'Audit' 'Disabled' 'Enforce' (required) |
rules | This is the Access Control Rules specification for an inVMAccessControlProfile version. | AccessControlRules |
targetLocations | The target regions where the Resource Profile version is going to be replicated to. This property is updatable. | TargetRegion[] |
Microsoft.Compute/galleries/inVMAccessControlProfiles/versions
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2024-03-03' |
location | Resource location | string (required) |
name | The resource name | string Constraints: Pattern = ^[0-9]+\.[0-9]+\.[0-9]+$ (required) |
properties | Describes the properties of an inVMAccessControlProfile version. | GalleryInVMAccessControlProfileVersionProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Compute/galleries/inVMAccessControlProfiles/versions' |
OSDiskImageEncryption
Name | Description | Value |
---|---|---|
diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
securityProfile | This property specifies the security profile of an OS disk image. | OSDiskImageSecurityProfile |
OSDiskImageSecurityProfile
Name | Description | Value |
---|---|---|
confidentialVMEncryptionType | confidential VM encryption types | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' 'NonPersistedTPM' |
secureVMDiskEncryptionSetId | secure VM disk encryption set id | string |
ResourceTags
Name | Description | Value |
---|
TargetRegion
Name | Description | Value |
---|---|---|
additionalReplicaSets | List of storage sku with replica count to create direct drive replicas. | AdditionalReplicaSet[] |
encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. | EncryptionImages |
excludeFromLatest | Contains the flag setting to hide an image when users specify version='latest' | bool |
name | The name of the region. | string (required) |
regionalReplicaCount | The number of replicas of the Image Version to be created per region. This property is updatable. | int |
storageAccountType | Specifies the storage account type to be used to store the image. This property is not updatable. | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
Terraform (AzAPI provider) resource definition
The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03"
name = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
defaultAccess = "string"
excludeFromLatest = bool
mode = "string"
rules = {
identities = [
{
exePath = "string"
groupName = "string"
name = "string"
processName = "string"
userName = "string"
}
]
privileges = [
{
name = "string"
path = "string"
queryParameters = {
{customized property} = "string"
}
}
]
roleAssignments = [
{
identities = [
"string"
]
role = "string"
}
]
roles = [
{
name = "string"
privileges = [
"string"
]
}
]
}
targetLocations = [
{
additionalReplicaSets = [
{
regionalReplicaCount = int
storageAccountType = "string"
}
]
encryption = {
dataDiskImages = [
{
diskEncryptionSetId = "string"
lun = int
}
]
osDiskImage = {
diskEncryptionSetId = "string"
securityProfile = {
confidentialVMEncryptionType = "string"
secureVMDiskEncryptionSetId = "string"
}
}
}
excludeFromLatest = bool
name = "string"
regionalReplicaCount = int
storageAccountType = "string"
}
]
}
})
}
Property values
AccessControlRules
Name | Description | Value |
---|---|---|
identities | A list of identities. | AccessControlRulesIdentity[] |
privileges | A list of privileges. | AccessControlRulesPrivilege[] |
roleAssignments | A list of role assignments. | AccessControlRulesRoleAssignment[] |
roles | A list of roles. | AccessControlRulesRole[] |
AccessControlRulesIdentity
Name | Description | Value |
---|---|---|
exePath | The path to the executable. | string |
groupName | The groupName corresponding to this identity. | string |
name | The name of the identity. | string (required) |
processName | The process name of the executable. | string |
userName | The username corresponding to this identity. | string |
AccessControlRulesPrivilege
Name | Description | Value |
---|---|---|
name | The name of the privilege. | string (required) |
path | The HTTP path corresponding to the privilege. | string (required) |
queryParameters | The query parameters to match in the path. | AccessControlRulesPrivilegeQueryParameters |
AccessControlRulesPrivilegeQueryParameters
Name | Description | Value |
---|
AccessControlRulesRole
Name | Description | Value |
---|---|---|
name | The name of the role. | string (required) |
privileges | A list of privileges needed by this role. | string[] (required) |
AccessControlRulesRoleAssignment
Name | Description | Value |
---|---|---|
identities | A list of identities that can access the privileges defined by the role. | string[] (required) |
role | The name of the role. | string (required) |
AdditionalReplicaSet
Name | Description | Value |
---|---|---|
regionalReplicaCount | The number of direct drive replicas of the Image Version to be created.This Property is updatable | int |
storageAccountType | Specifies the storage account type to be used to create the direct drive replicas | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
DataDiskImageEncryption
Name | Description | Value |
---|---|---|
diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
lun | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. | int (required) |
EncryptionImages
Name | Description | Value |
---|---|---|
dataDiskImages | A list of encryption specifications for data disk images. | DataDiskImageEncryption[] |
osDiskImage | Contains encryption settings for an OS disk image. | OSDiskImageEncryption |
GalleryInVMAccessControlProfileVersionProperties
Name | Description | Value |
---|---|---|
defaultAccess | This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. | 'Allow' 'Deny' (required) |
excludeFromLatest | If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. | bool |
mode | This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. | 'Audit' 'Disabled' 'Enforce' (required) |
rules | This is the Access Control Rules specification for an inVMAccessControlProfile version. | AccessControlRules |
targetLocations | The target regions where the Resource Profile version is going to be replicated to. This property is updatable. | TargetRegion[] |
Microsoft.Compute/galleries/inVMAccessControlProfiles/versions
Name | Description | Value |
---|---|---|
location | Resource location | string (required) |
name | The resource name | string Constraints: Pattern = ^[0-9]+\.[0-9]+\.[0-9]+$ (required) |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: galleries/inVMAccessControlProfiles |
properties | Describes the properties of an inVMAccessControlProfile version. | GalleryInVMAccessControlProfileVersionProperties |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03" |
OSDiskImageEncryption
Name | Description | Value |
---|---|---|
diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
securityProfile | This property specifies the security profile of an OS disk image. | OSDiskImageSecurityProfile |
OSDiskImageSecurityProfile
Name | Description | Value |
---|---|---|
confidentialVMEncryptionType | confidential VM encryption types | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' 'NonPersistedTPM' |
secureVMDiskEncryptionSetId | secure VM disk encryption set id | string |
ResourceTags
Name | Description | Value |
---|
TargetRegion
Name | Description | Value |
---|---|---|
additionalReplicaSets | List of storage sku with replica count to create direct drive replicas. | AdditionalReplicaSet[] |
encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. | EncryptionImages |
excludeFromLatest | Contains the flag setting to hide an image when users specify version='latest' | bool |
name | The name of the region. | string (required) |
regionalReplicaCount | The number of replicas of the Image Version to be created per region. This property is updatable. | int |
storageAccountType | Specifies the storage account type to be used to store the image. This property is not updatable. | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |