Microsoft.Compute galleries/inVMAccessControlProfiles/versions

Bicep resource definition

The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03' = {
  parent: resourceSymbolicName
  location: 'string'
  name: 'string'
  properties: {
    defaultAccess: 'string'
    excludeFromLatest: bool
    mode: 'string'
    rules: {
      identities: [
        {
          exePath: 'string'
          groupName: 'string'
          name: 'string'
          processName: 'string'
          userName: 'string'
        }
      ]
      privileges: [
        {
          name: 'string'
          path: 'string'
          queryParameters: {
            {customized property}: 'string'
          }
        }
      ]
      roleAssignments: [
        {
          identities: [
            'string'
          ]
          role: 'string'
        }
      ]
      roles: [
        {
          name: 'string'
          privileges: [
            'string'
          ]
        }
      ]
    }
    targetLocations: [
      {
        additionalReplicaSets: [
          {
            regionalReplicaCount: int
            storageAccountType: 'string'
          }
        ]
        encryption: {
          dataDiskImages: [
            {
              diskEncryptionSetId: 'string'
              lun: int
            }
          ]
          osDiskImage: {
            diskEncryptionSetId: 'string'
            securityProfile: {
              confidentialVMEncryptionType: 'string'
              secureVMDiskEncryptionSetId: 'string'
            }
          }
        }
        excludeFromLatest: bool
        name: 'string'
        regionalReplicaCount: int
        storageAccountType: 'string'
      }
    ]
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AccessControlRules

Name Description Value
identities A list of identities. AccessControlRulesIdentity[]
privileges A list of privileges. AccessControlRulesPrivilege[]
roleAssignments A list of role assignments. AccessControlRulesRoleAssignment[]
roles A list of roles. AccessControlRulesRole[]

AccessControlRulesIdentity

Name Description Value
exePath The path to the executable. string
groupName The groupName corresponding to this identity. string
name The name of the identity. string (required)
processName The process name of the executable. string
userName The username corresponding to this identity. string

AccessControlRulesPrivilege

Name Description Value
name The name of the privilege. string (required)
path The HTTP path corresponding to the privilege. string (required)
queryParameters The query parameters to match in the path. AccessControlRulesPrivilegeQueryParameters

AccessControlRulesPrivilegeQueryParameters

Name Description Value

AccessControlRulesRole

Name Description Value
name The name of the role. string (required)
privileges A list of privileges needed by this role. string[] (required)

AccessControlRulesRoleAssignment

Name Description Value
identities A list of identities that can access the privileges defined by the role. string[] (required)
role The name of the role. string (required)

AdditionalReplicaSet

Name Description Value
regionalReplicaCount The number of direct drive replicas of the Image Version to be created.This Property is updatable int
storageAccountType Specifies the storage account type to be used to create the direct drive replicas 'PremiumV2_LRS'
'Premium_LRS'
'Standard_LRS'
'Standard_ZRS'

DataDiskImageEncryption

Name Description Value
diskEncryptionSetId A relative URI containing the resource ID of the disk encryption set. string
lun This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. int (required)

EncryptionImages

Name Description Value
dataDiskImages A list of encryption specifications for data disk images. DataDiskImageEncryption[]
osDiskImage Contains encryption settings for an OS disk image. OSDiskImageEncryption

GalleryInVMAccessControlProfileVersionProperties

Name Description Value
defaultAccess This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. 'Allow'
'Deny' (required)
excludeFromLatest If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. bool
mode This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. 'Audit'
'Disabled'
'Enforce' (required)
rules This is the Access Control Rules specification for an inVMAccessControlProfile version. AccessControlRules
targetLocations The target regions where the Resource Profile version is going to be replicated to. This property is updatable. TargetRegion[]

Microsoft.Compute/galleries/inVMAccessControlProfiles/versions

Name Description Value
location Resource location string (required)
name The resource name string

Constraints:
Pattern = ^[0-9]+\.[0-9]+\.[0-9]+$ (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: galleries/inVMAccessControlProfiles
properties Describes the properties of an inVMAccessControlProfile version. GalleryInVMAccessControlProfileVersionProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

OSDiskImageEncryption

Name Description Value
diskEncryptionSetId A relative URI containing the resource ID of the disk encryption set. string
securityProfile This property specifies the security profile of an OS disk image. OSDiskImageSecurityProfile

OSDiskImageSecurityProfile

Name Description Value
confidentialVMEncryptionType confidential VM encryption types 'EncryptedVMGuestStateOnlyWithPmk'
'EncryptedWithCmk'
'EncryptedWithPmk'
'NonPersistedTPM'
secureVMDiskEncryptionSetId secure VM disk encryption set id string

ResourceTags

Name Description Value

TargetRegion

Name Description Value
additionalReplicaSets List of storage sku with replica count to create direct drive replicas. AdditionalReplicaSet[]
encryption Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. EncryptionImages
excludeFromLatest Contains the flag setting to hide an image when users specify version='latest' bool
name The name of the region. string (required)
regionalReplicaCount The number of replicas of the Image Version to be created per region. This property is updatable. int
storageAccountType Specifies the storage account type to be used to store the image. This property is not updatable. 'PremiumV2_LRS'
'Premium_LRS'
'Standard_LRS'
'Standard_ZRS'

ARM template resource definition

The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions",
  "apiVersion": "2024-03-03",
  "name": "string",
  "location": "string",
  "properties": {
    "defaultAccess": "string",
    "excludeFromLatest": "bool",
    "mode": "string",
    "rules": {
      "identities": [
        {
          "exePath": "string",
          "groupName": "string",
          "name": "string",
          "processName": "string",
          "userName": "string"
        }
      ],
      "privileges": [
        {
          "name": "string",
          "path": "string",
          "queryParameters": {
            "{customized property}": "string"
          }
        }
      ],
      "roleAssignments": [
        {
          "identities": [ "string" ],
          "role": "string"
        }
      ],
      "roles": [
        {
          "name": "string",
          "privileges": [ "string" ]
        }
      ]
    },
    "targetLocations": [
      {
        "additionalReplicaSets": [
          {
            "regionalReplicaCount": "int",
            "storageAccountType": "string"
          }
        ],
        "encryption": {
          "dataDiskImages": [
            {
              "diskEncryptionSetId": "string",
              "lun": "int"
            }
          ],
          "osDiskImage": {
            "diskEncryptionSetId": "string",
            "securityProfile": {
              "confidentialVMEncryptionType": "string",
              "secureVMDiskEncryptionSetId": "string"
            }
          }
        },
        "excludeFromLatest": "bool",
        "name": "string",
        "regionalReplicaCount": "int",
        "storageAccountType": "string"
      }
    ]
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AccessControlRules

Name Description Value
identities A list of identities. AccessControlRulesIdentity[]
privileges A list of privileges. AccessControlRulesPrivilege[]
roleAssignments A list of role assignments. AccessControlRulesRoleAssignment[]
roles A list of roles. AccessControlRulesRole[]

AccessControlRulesIdentity

Name Description Value
exePath The path to the executable. string
groupName The groupName corresponding to this identity. string
name The name of the identity. string (required)
processName The process name of the executable. string
userName The username corresponding to this identity. string

AccessControlRulesPrivilege

Name Description Value
name The name of the privilege. string (required)
path The HTTP path corresponding to the privilege. string (required)
queryParameters The query parameters to match in the path. AccessControlRulesPrivilegeQueryParameters

AccessControlRulesPrivilegeQueryParameters

Name Description Value

AccessControlRulesRole

Name Description Value
name The name of the role. string (required)
privileges A list of privileges needed by this role. string[] (required)

AccessControlRulesRoleAssignment

Name Description Value
identities A list of identities that can access the privileges defined by the role. string[] (required)
role The name of the role. string (required)

AdditionalReplicaSet

Name Description Value
regionalReplicaCount The number of direct drive replicas of the Image Version to be created.This Property is updatable int
storageAccountType Specifies the storage account type to be used to create the direct drive replicas 'PremiumV2_LRS'
'Premium_LRS'
'Standard_LRS'
'Standard_ZRS'

DataDiskImageEncryption

Name Description Value
diskEncryptionSetId A relative URI containing the resource ID of the disk encryption set. string
lun This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. int (required)

EncryptionImages

Name Description Value
dataDiskImages A list of encryption specifications for data disk images. DataDiskImageEncryption[]
osDiskImage Contains encryption settings for an OS disk image. OSDiskImageEncryption

GalleryInVMAccessControlProfileVersionProperties

Name Description Value
defaultAccess This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. 'Allow'
'Deny' (required)
excludeFromLatest If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. bool
mode This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. 'Audit'
'Disabled'
'Enforce' (required)
rules This is the Access Control Rules specification for an inVMAccessControlProfile version. AccessControlRules
targetLocations The target regions where the Resource Profile version is going to be replicated to. This property is updatable. TargetRegion[]

Microsoft.Compute/galleries/inVMAccessControlProfiles/versions

Name Description Value
apiVersion The api version '2024-03-03'
location Resource location string (required)
name The resource name string

Constraints:
Pattern = ^[0-9]+\.[0-9]+\.[0-9]+$ (required)
properties Describes the properties of an inVMAccessControlProfile version. GalleryInVMAccessControlProfileVersionProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Compute/galleries/inVMAccessControlProfiles/versions'

OSDiskImageEncryption

Name Description Value
diskEncryptionSetId A relative URI containing the resource ID of the disk encryption set. string
securityProfile This property specifies the security profile of an OS disk image. OSDiskImageSecurityProfile

OSDiskImageSecurityProfile

Name Description Value
confidentialVMEncryptionType confidential VM encryption types 'EncryptedVMGuestStateOnlyWithPmk'
'EncryptedWithCmk'
'EncryptedWithPmk'
'NonPersistedTPM'
secureVMDiskEncryptionSetId secure VM disk encryption set id string

ResourceTags

Name Description Value

TargetRegion

Name Description Value
additionalReplicaSets List of storage sku with replica count to create direct drive replicas. AdditionalReplicaSet[]
encryption Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. EncryptionImages
excludeFromLatest Contains the flag setting to hide an image when users specify version='latest' bool
name The name of the region. string (required)
regionalReplicaCount The number of replicas of the Image Version to be created per region. This property is updatable. int
storageAccountType Specifies the storage account type to be used to store the image. This property is not updatable. 'PremiumV2_LRS'
'Premium_LRS'
'Standard_LRS'
'Standard_ZRS'

Terraform (AzAPI provider) resource definition

The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03"
  name = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      defaultAccess = "string"
      excludeFromLatest = bool
      mode = "string"
      rules = {
        identities = [
          {
            exePath = "string"
            groupName = "string"
            name = "string"
            processName = "string"
            userName = "string"
          }
        ]
        privileges = [
          {
            name = "string"
            path = "string"
            queryParameters = {
              {customized property} = "string"
            }
          }
        ]
        roleAssignments = [
          {
            identities = [
              "string"
            ]
            role = "string"
          }
        ]
        roles = [
          {
            name = "string"
            privileges = [
              "string"
            ]
          }
        ]
      }
      targetLocations = [
        {
          additionalReplicaSets = [
            {
              regionalReplicaCount = int
              storageAccountType = "string"
            }
          ]
          encryption = {
            dataDiskImages = [
              {
                diskEncryptionSetId = "string"
                lun = int
              }
            ]
            osDiskImage = {
              diskEncryptionSetId = "string"
              securityProfile = {
                confidentialVMEncryptionType = "string"
                secureVMDiskEncryptionSetId = "string"
              }
            }
          }
          excludeFromLatest = bool
          name = "string"
          regionalReplicaCount = int
          storageAccountType = "string"
        }
      ]
    }
  })
}

Property values

AccessControlRules

Name Description Value
identities A list of identities. AccessControlRulesIdentity[]
privileges A list of privileges. AccessControlRulesPrivilege[]
roleAssignments A list of role assignments. AccessControlRulesRoleAssignment[]
roles A list of roles. AccessControlRulesRole[]

AccessControlRulesIdentity

Name Description Value
exePath The path to the executable. string
groupName The groupName corresponding to this identity. string
name The name of the identity. string (required)
processName The process name of the executable. string
userName The username corresponding to this identity. string

AccessControlRulesPrivilege

Name Description Value
name The name of the privilege. string (required)
path The HTTP path corresponding to the privilege. string (required)
queryParameters The query parameters to match in the path. AccessControlRulesPrivilegeQueryParameters

AccessControlRulesPrivilegeQueryParameters

Name Description Value

AccessControlRulesRole

Name Description Value
name The name of the role. string (required)
privileges A list of privileges needed by this role. string[] (required)

AccessControlRulesRoleAssignment

Name Description Value
identities A list of identities that can access the privileges defined by the role. string[] (required)
role The name of the role. string (required)

AdditionalReplicaSet

Name Description Value
regionalReplicaCount The number of direct drive replicas of the Image Version to be created.This Property is updatable int
storageAccountType Specifies the storage account type to be used to create the direct drive replicas 'PremiumV2_LRS'
'Premium_LRS'
'Standard_LRS'
'Standard_ZRS'

DataDiskImageEncryption

Name Description Value
diskEncryptionSetId A relative URI containing the resource ID of the disk encryption set. string
lun This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. int (required)

EncryptionImages

Name Description Value
dataDiskImages A list of encryption specifications for data disk images. DataDiskImageEncryption[]
osDiskImage Contains encryption settings for an OS disk image. OSDiskImageEncryption

GalleryInVMAccessControlProfileVersionProperties

Name Description Value
defaultAccess This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. 'Allow'
'Deny' (required)
excludeFromLatest If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. bool
mode This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. 'Audit'
'Disabled'
'Enforce' (required)
rules This is the Access Control Rules specification for an inVMAccessControlProfile version. AccessControlRules
targetLocations The target regions where the Resource Profile version is going to be replicated to. This property is updatable. TargetRegion[]

Microsoft.Compute/galleries/inVMAccessControlProfiles/versions

Name Description Value
location Resource location string (required)
name The resource name string

Constraints:
Pattern = ^[0-9]+\.[0-9]+\.[0-9]+$ (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: galleries/inVMAccessControlProfiles
properties Describes the properties of an inVMAccessControlProfile version. GalleryInVMAccessControlProfileVersionProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03"

OSDiskImageEncryption

Name Description Value
diskEncryptionSetId A relative URI containing the resource ID of the disk encryption set. string
securityProfile This property specifies the security profile of an OS disk image. OSDiskImageSecurityProfile

OSDiskImageSecurityProfile

Name Description Value
confidentialVMEncryptionType confidential VM encryption types 'EncryptedVMGuestStateOnlyWithPmk'
'EncryptedWithCmk'
'EncryptedWithPmk'
'NonPersistedTPM'
secureVMDiskEncryptionSetId secure VM disk encryption set id string

ResourceTags

Name Description Value

TargetRegion

Name Description Value
additionalReplicaSets List of storage sku with replica count to create direct drive replicas. AdditionalReplicaSet[]
encryption Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. EncryptionImages
excludeFromLatest Contains the flag setting to hide an image when users specify version='latest' bool
name The name of the region. string (required)
regionalReplicaCount The number of replicas of the Image Version to be created per region. This property is updatable. int
storageAccountType Specifies the storage account type to be used to store the image. This property is not updatable. 'PremiumV2_LRS'
'Premium_LRS'
'Standard_LRS'
'Standard_ZRS'