Microsoft.Maps accounts 2024-01-01-preview

Bicep resource definition

The accounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Maps/accounts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Maps/accounts@2024-01-01-preview' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    cors: {
      corsRules: [
        {
          allowedOrigins: [
            'string'
          ]
        }
      ]
    }
    disableLocalAuth: bool
    encryption: {
      customerManagedKeyEncryption: {
        keyEncryptionKeyIdentity: {
          delegatedIdentityClientId: 'string'
          federatedClientId: 'string'
          identityType: 'string'
          userAssignedIdentityResourceId: 'string'
        }
        keyEncryptionKeyUrl: 'string'
      }
      infrastructureEncryption: 'string'
    }
    linkedResources: [
      {
        id: 'string'
        uniqueName: 'string'
      }
    ]
    locations: [
      {
        locationName: 'string'
      }
    ]
    publicNetworkAccess: 'string'
  }
  sku: {
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

CorsRule

Name Description Value
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)

CorsRules

Name Description Value
corsRules The list of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

Encryption

Name Description Value
customerManagedKeyEncryption All Customer-managed key encryption properties for the resource. EncryptionCustomerManagedKeyEncryption
infrastructureEncryption (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. 'disabled'
'enabled'

EncryptionCustomerManagedKeyEncryption

Name Description Value
keyEncryptionKeyIdentity All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. EncryptionCustomerManagedKeyEncryptionKeyIdentity
keyEncryptionKeyUrl key encryption key Url, versioned or unversioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. string

EncryptionCustomerManagedKeyEncryptionKeyIdentity

Name Description Value
delegatedIdentityClientId delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
federatedClientId application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
identityType The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. 'delegatedResourceIdentity'
'systemAssignedIdentity'
'userAssignedIdentity'
userAssignedIdentityResourceId User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. string

LinkedResource

Name Description Value
id ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. string (required)
uniqueName A provided name which uniquely identifies the linked resource. string (required)

LocationsItem

Name Description Value
locationName The location name. string (required)

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

MapsAccountProperties

Name Description Value
cors Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. CorsRules
disableLocalAuth Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. bool
encryption All encryption configuration for a resource. Encryption
linkedResources The array of associated resources to the Maps account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Maps Account Managed Identity(s) permissions to those resource(s). LinkedResource[]
locations List of additional data processing regions for the Maps Account, which may result in requests being processed in another geography. Some features or results may be restricted to specific regions. By default, Maps REST APIs process requests according to the account location or the geographic scope. LocationsItem[]
publicNetworkAccess Property to specify whether the Maps Account will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. 'disabled'
'enabled'

Microsoft.Maps/accounts

Name Description Value
identity Managed service identity (system assigned and/or user assigned identities) ManagedServiceIdentity
kind Get or Set Kind property. 'Gen2'
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-zA-Z][a-zA-Z0-9-]{3,98}[a-zA-Z0-9]$ (required)
properties The map account properties. MapsAccountProperties
sku The SKU of this account. Sku (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates

Sku

Name Description Value
name The name of the SKU, in standard format (such as G2). 'G2' (required)

TrackedResourceTags

Name Description Value

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Deploy Azure Maps This template deploys and Azure Maps account and lists the primary key.
Deploy Azure Maps with Azure Maps Creator (Indoor Maps) This template deploys and Azure Maps account with the Indoor Maps Creator Feature to allow building Indoor Maps.

ARM template resource definition

The accounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Maps/accounts resource, add the following JSON to your template.

{
  "type": "Microsoft.Maps/accounts",
  "apiVersion": "2024-01-01-preview",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "kind": "string",
  "location": "string",
  "properties": {
    "cors": {
      "corsRules": [
        {
          "allowedOrigins": [ "string" ]
        }
      ]
    },
    "disableLocalAuth": "bool",
    "encryption": {
      "customerManagedKeyEncryption": {
        "keyEncryptionKeyIdentity": {
          "delegatedIdentityClientId": "string",
          "federatedClientId": "string",
          "identityType": "string",
          "userAssignedIdentityResourceId": "string"
        },
        "keyEncryptionKeyUrl": "string"
      },
      "infrastructureEncryption": "string"
    },
    "linkedResources": [
      {
        "id": "string",
        "uniqueName": "string"
      }
    ],
    "locations": [
      {
        "locationName": "string"
      }
    ],
    "publicNetworkAccess": "string"
  },
  "sku": {
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

CorsRule

Name Description Value
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)

CorsRules

Name Description Value
corsRules The list of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

Encryption

Name Description Value
customerManagedKeyEncryption All Customer-managed key encryption properties for the resource. EncryptionCustomerManagedKeyEncryption
infrastructureEncryption (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. 'disabled'
'enabled'

EncryptionCustomerManagedKeyEncryption

Name Description Value
keyEncryptionKeyIdentity All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. EncryptionCustomerManagedKeyEncryptionKeyIdentity
keyEncryptionKeyUrl key encryption key Url, versioned or unversioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. string

EncryptionCustomerManagedKeyEncryptionKeyIdentity

Name Description Value
delegatedIdentityClientId delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
federatedClientId application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
identityType The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. 'delegatedResourceIdentity'
'systemAssignedIdentity'
'userAssignedIdentity'
userAssignedIdentityResourceId User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. string

LinkedResource

Name Description Value
id ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. string (required)
uniqueName A provided name which uniquely identifies the linked resource. string (required)

LocationsItem

Name Description Value
locationName The location name. string (required)

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

MapsAccountProperties

Name Description Value
cors Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. CorsRules
disableLocalAuth Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. bool
encryption All encryption configuration for a resource. Encryption
linkedResources The array of associated resources to the Maps account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Maps Account Managed Identity(s) permissions to those resource(s). LinkedResource[]
locations List of additional data processing regions for the Maps Account, which may result in requests being processed in another geography. Some features or results may be restricted to specific regions. By default, Maps REST APIs process requests according to the account location or the geographic scope. LocationsItem[]
publicNetworkAccess Property to specify whether the Maps Account will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. 'disabled'
'enabled'

Microsoft.Maps/accounts

Name Description Value
apiVersion The api version '2024-01-01-preview'
identity Managed service identity (system assigned and/or user assigned identities) ManagedServiceIdentity
kind Get or Set Kind property. 'Gen2'
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-zA-Z][a-zA-Z0-9-]{3,98}[a-zA-Z0-9]$ (required)
properties The map account properties. MapsAccountProperties
sku The SKU of this account. Sku (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Maps/accounts'

Sku

Name Description Value
name The name of the SKU, in standard format (such as G2). 'G2' (required)

TrackedResourceTags

Name Description Value

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create Azure Maps SAS token stored in an Azure Key Vault

Deploy to Azure
This template deploys and Azure Maps account and lists a Sas token based on the provided User Assigned identity to be stored in an Azure Key Vault secret.
Deploy Azure Maps

Deploy to Azure
This template deploys and Azure Maps account and lists the primary key.
Deploy Azure Maps with Azure Maps Creator (Indoor Maps)

Deploy to Azure
This template deploys and Azure Maps account with the Indoor Maps Creator Feature to allow building Indoor Maps.
RBAC - Create Managed Identity Access on Azure Maps account

Deploy to Azure
This template creates a Managed Identity and assigns it access to an a created Azure Maps account.

Terraform (AzAPI provider) resource definition

The accounts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Maps/accounts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Maps/accounts@2024-01-01-preview"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  kind = "string"
  location = "string"
  sku = {
    name = "string"
  }
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      cors = {
        corsRules = [
          {
            allowedOrigins = [
              "string"
            ]
          }
        ]
      }
      disableLocalAuth = bool
      encryption = {
        customerManagedKeyEncryption = {
          keyEncryptionKeyIdentity = {
            delegatedIdentityClientId = "string"
            federatedClientId = "string"
            identityType = "string"
            userAssignedIdentityResourceId = "string"
          }
          keyEncryptionKeyUrl = "string"
        }
        infrastructureEncryption = "string"
      }
      linkedResources = [
        {
          id = "string"
          uniqueName = "string"
        }
      ]
      locations = [
        {
          locationName = "string"
        }
      ]
      publicNetworkAccess = "string"
    }
  })
}

Property values

CorsRule

Name Description Value
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)

CorsRules

Name Description Value
corsRules The list of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

Encryption

Name Description Value
customerManagedKeyEncryption All Customer-managed key encryption properties for the resource. EncryptionCustomerManagedKeyEncryption
infrastructureEncryption (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. 'disabled'
'enabled'

EncryptionCustomerManagedKeyEncryption

Name Description Value
keyEncryptionKeyIdentity All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. EncryptionCustomerManagedKeyEncryptionKeyIdentity
keyEncryptionKeyUrl key encryption key Url, versioned or unversioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. string

EncryptionCustomerManagedKeyEncryptionKeyIdentity

Name Description Value
delegatedIdentityClientId delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
federatedClientId application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
identityType The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. 'delegatedResourceIdentity'
'systemAssignedIdentity'
'userAssignedIdentity'
userAssignedIdentityResourceId User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/<resource group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. string

LinkedResource

Name Description Value
id ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. string (required)
uniqueName A provided name which uniquely identifies the linked resource. string (required)

LocationsItem

Name Description Value
locationName The location name. string (required)

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

MapsAccountProperties

Name Description Value
cors Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. CorsRules
disableLocalAuth Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. bool
encryption All encryption configuration for a resource. Encryption
linkedResources The array of associated resources to the Maps account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Maps Account Managed Identity(s) permissions to those resource(s). LinkedResource[]
locations List of additional data processing regions for the Maps Account, which may result in requests being processed in another geography. Some features or results may be restricted to specific regions. By default, Maps REST APIs process requests according to the account location or the geographic scope. LocationsItem[]
publicNetworkAccess Property to specify whether the Maps Account will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. 'disabled'
'enabled'

Microsoft.Maps/accounts

Name Description Value
identity Managed service identity (system assigned and/or user assigned identities) ManagedServiceIdentity
kind Get or Set Kind property. 'Gen2'
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-zA-Z][a-zA-Z0-9-]{3,98}[a-zA-Z0-9]$ (required)
properties The map account properties. MapsAccountProperties
sku The SKU of this account. Sku (required)
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Maps/accounts@2024-01-01-preview"

Sku

Name Description Value
name The name of the SKU, in standard format (such as G2). 'G2' (required)

TrackedResourceTags

Name Description Value

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value