Microsoft.Maps accounts 2023-06-01
Bicep resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Maps/accounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Maps/accounts@2023-06-01' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
name: 'string'
properties: {
cors: {
corsRules: [
{
allowedOrigins: [
'string'
]
}
]
}
disableLocalAuth: bool
encryption: {
customerManagedKeyEncryption: {
keyEncryptionKeyIdentity: {
delegatedIdentityClientId: 'string'
identityType: 'string'
userAssignedIdentityResourceId: 'string'
}
keyEncryptionKeyUrl: 'string'
}
infrastructureEncryption: 'string'
}
linkedResources: [
{
id: 'string'
uniqueName: 'string'
}
]
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
CorsRule
Name | Description | Value |
---|---|---|
allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) |
CorsRules
Name | Description | Value |
---|---|---|
corsRules | The list of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] |
CustomerManagedKeyEncryption
Name | Description | Value |
---|---|---|
keyEncryptionKeyIdentity | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | CustomerManagedKeyEncryptionKeyIdentity |
keyEncryptionKeyUrl | key encryption key Url, versioned or non-versioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | string |
CustomerManagedKeyEncryptionKeyIdentity
Name | Description | Value |
---|---|---|
delegatedIdentityClientId | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
identityType | Values can be systemAssignedIdentity or userAssignedIdentity | 'delegatedResourceIdentity' 'systemAssignedIdentity' 'userAssignedIdentity' |
userAssignedIdentityResourceId | user assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and delegatedResourceIdentity. | string |
Encryption
Name | Description | Value |
---|---|---|
customerManagedKeyEncryption | All Customer-managed key encryption properties for the resource. | CustomerManagedKeyEncryption |
infrastructureEncryption | Values are enabled and disabled. | 'disabled' 'enabled' |
LinkedResource
Name | Description | Value |
---|---|---|
id | ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. | string (required) |
uniqueName | A provided name which uniquely identifies the linked resource. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
MapsAccountProperties
Name | Description | Value |
---|---|---|
cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules |
disableLocalAuth | Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. | bool |
encryption | (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. | Encryption |
linkedResources | The array of associated resources to the Map account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Map Account Managed Identity(s) permissions to those resource(s). | LinkedResource[] |
Microsoft.Maps/accounts
Name | Description | Value |
---|---|---|
identity | Managed service identity (system assigned and/or user assigned identities) | ManagedServiceIdentity |
kind | Get or Set Kind property. | 'Gen1' 'Gen2' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string (required) |
properties | The map account properties. | MapsAccountProperties |
sku | The SKU of this account. | Sku (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
Sku
Name | Description | Value |
---|---|---|
name | The name of the SKU, in standard format (such as S0). | 'G2' 'S0' 'S1' (required) |
TrackedResourceTags
Name | Description | Value |
---|
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Deploy Azure Maps | This template deploys and Azure Maps account and lists the primary key. |
Deploy Azure Maps with Azure Maps Creator (Indoor Maps) | This template deploys and Azure Maps account with the Indoor Maps Creator Feature to allow building Indoor Maps. |
ARM template resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Maps/accounts resource, add the following JSON to your template.
{
"type": "Microsoft.Maps/accounts",
"apiVersion": "2023-06-01",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"properties": {
"cors": {
"corsRules": [
{
"allowedOrigins": [ "string" ]
}
]
},
"disableLocalAuth": "bool",
"encryption": {
"customerManagedKeyEncryption": {
"keyEncryptionKeyIdentity": {
"delegatedIdentityClientId": "string",
"identityType": "string",
"userAssignedIdentityResourceId": "string"
},
"keyEncryptionKeyUrl": "string"
},
"infrastructureEncryption": "string"
},
"linkedResources": [
{
"id": "string",
"uniqueName": "string"
}
]
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
CorsRule
Name | Description | Value |
---|---|---|
allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) |
CorsRules
Name | Description | Value |
---|---|---|
corsRules | The list of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] |
CustomerManagedKeyEncryption
Name | Description | Value |
---|---|---|
keyEncryptionKeyIdentity | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | CustomerManagedKeyEncryptionKeyIdentity |
keyEncryptionKeyUrl | key encryption key Url, versioned or non-versioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | string |
CustomerManagedKeyEncryptionKeyIdentity
Name | Description | Value |
---|---|---|
delegatedIdentityClientId | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
identityType | Values can be systemAssignedIdentity or userAssignedIdentity | 'delegatedResourceIdentity' 'systemAssignedIdentity' 'userAssignedIdentity' |
userAssignedIdentityResourceId | user assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and delegatedResourceIdentity. | string |
Encryption
Name | Description | Value |
---|---|---|
customerManagedKeyEncryption | All Customer-managed key encryption properties for the resource. | CustomerManagedKeyEncryption |
infrastructureEncryption | Values are enabled and disabled. | 'disabled' 'enabled' |
LinkedResource
Name | Description | Value |
---|---|---|
id | ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. | string (required) |
uniqueName | A provided name which uniquely identifies the linked resource. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
MapsAccountProperties
Name | Description | Value |
---|---|---|
cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules |
disableLocalAuth | Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. | bool |
encryption | (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. | Encryption |
linkedResources | The array of associated resources to the Map account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Map Account Managed Identity(s) permissions to those resource(s). | LinkedResource[] |
Microsoft.Maps/accounts
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2023-06-01' |
identity | Managed service identity (system assigned and/or user assigned identities) | ManagedServiceIdentity |
kind | Get or Set Kind property. | 'Gen1' 'Gen2' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string (required) |
properties | The map account properties. | MapsAccountProperties |
sku | The SKU of this account. | Sku (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Maps/accounts' |
Sku
Name | Description | Value |
---|---|---|
name | The name of the SKU, in standard format (such as S0). | 'G2' 'S0' 'S1' (required) |
TrackedResourceTags
Name | Description | Value |
---|
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create Azure Maps SAS token stored in an Azure Key Vault |
This template deploys and Azure Maps account and lists a Sas token based on the provided User Assigned identity to be stored in an Azure Key Vault secret. |
Deploy Azure Maps |
This template deploys and Azure Maps account and lists the primary key. |
Deploy Azure Maps with Azure Maps Creator (Indoor Maps) |
This template deploys and Azure Maps account with the Indoor Maps Creator Feature to allow building Indoor Maps. |
RBAC - Create Managed Identity Access on Azure Maps account |
This template creates a Managed Identity and assigns it access to an a created Azure Maps account. |
Terraform (AzAPI provider) resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Maps/accounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Maps/accounts@2023-06-01"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
kind = "string"
location = "string"
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
cors = {
corsRules = [
{
allowedOrigins = [
"string"
]
}
]
}
disableLocalAuth = bool
encryption = {
customerManagedKeyEncryption = {
keyEncryptionKeyIdentity = {
delegatedIdentityClientId = "string"
identityType = "string"
userAssignedIdentityResourceId = "string"
}
keyEncryptionKeyUrl = "string"
}
infrastructureEncryption = "string"
}
linkedResources = [
{
id = "string"
uniqueName = "string"
}
]
}
})
}
Property values
CorsRule
Name | Description | Value |
---|---|---|
allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) |
CorsRules
Name | Description | Value |
---|---|---|
corsRules | The list of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] |
CustomerManagedKeyEncryption
Name | Description | Value |
---|---|---|
keyEncryptionKeyIdentity | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | CustomerManagedKeyEncryptionKeyIdentity |
keyEncryptionKeyUrl | key encryption key Url, versioned or non-versioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | string |
CustomerManagedKeyEncryptionKeyIdentity
Name | Description | Value |
---|---|---|
delegatedIdentityClientId | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
identityType | Values can be systemAssignedIdentity or userAssignedIdentity | 'delegatedResourceIdentity' 'systemAssignedIdentity' 'userAssignedIdentity' |
userAssignedIdentityResourceId | user assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and delegatedResourceIdentity. | string |
Encryption
Name | Description | Value |
---|---|---|
customerManagedKeyEncryption | All Customer-managed key encryption properties for the resource. | CustomerManagedKeyEncryption |
infrastructureEncryption | Values are enabled and disabled. | 'disabled' 'enabled' |
LinkedResource
Name | Description | Value |
---|---|---|
id | ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. | string (required) |
uniqueName | A provided name which uniquely identifies the linked resource. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
MapsAccountProperties
Name | Description | Value |
---|---|---|
cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules |
disableLocalAuth | Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. | bool |
encryption | (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. | Encryption |
linkedResources | The array of associated resources to the Map account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Map Account Managed Identity(s) permissions to those resource(s). | LinkedResource[] |
Microsoft.Maps/accounts
Name | Description | Value |
---|---|---|
identity | Managed service identity (system assigned and/or user assigned identities) | ManagedServiceIdentity |
kind | Get or Set Kind property. | 'Gen1' 'Gen2' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string (required) |
properties | The map account properties. | MapsAccountProperties |
sku | The SKU of this account. | Sku (required) |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Maps/accounts@2023-06-01" |
Sku
Name | Description | Value |
---|---|---|
name | The name of the SKU, in standard format (such as S0). | 'G2' 'S0' 'S1' (required) |
TrackedResourceTags
Name | Description | Value |
---|
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|