Compartilhar via


Assignments - Create Or Update

Create or update a blueprint assignment.

PUT https://management.azure.com/{resourceScope}/providers/Microsoft.Blueprint/blueprintAssignments/{assignmentName}?api-version=2018-11-01-preview

URI Parameters

Name In Required Type Description
assignmentName
path True

string

Name of the blueprint assignment.

resourceScope
path True

string

The scope of the resource. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}').

api-version
query True

string

Client API Version.

Request Body

Name Required Type Description
identity True

ManagedServiceIdentity

Managed identity for this blueprint assignment.

location True

string

The location of this blueprint assignment.

properties.parameters True

<string,  ParameterValue>

Blueprint assignment parameter values.

properties.resourceGroups True

<string,  ResourceGroupValue>

Names and locations of resource group placeholders.

properties.blueprintId

string

ID of the published version of a blueprint definition.

properties.description

string

Multi-line explain this resource.

properties.displayName

string

One-liner string explain this resource.

properties.locks

AssignmentLockSettings

Defines how resources deployed by a blueprint assignment are locked.

properties.scope

string

The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required.

Responses

Name Type Description
201 Created

Assignment

Created -- blueprint assignment saved.

Other Status Codes

CloudError

Blueprints error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Assignment with system-assigned managed identity at management group scope
Assignment with system-assigned managed identity at subscription scope
Assignment with user-assigned managed identity at management group scope
Assignment with user-assigned managed identity at subscription scope

Assignment with system-assigned managed identity at management group scope

Sample request

PUT https://management.azure.com/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "SystemAssigned"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Sample response

{
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "principalId": "00000000-0000-0000-0000-000000000000"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Assignment with system-assigned managed identity at subscription scope

Sample request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "SystemAssigned"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Sample response

{
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "principalId": "00000000-0000-0000-0000-000000000000"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Assignment with user-assigned managed identity at management group scope

Sample request

PUT https://management.azure.com/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {}
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Sample response

{
  "identity": {
    "type": "UserAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {
        "principalId": "00000000-0000-0000-0000-000000000000",
        "clientId": "00000000-0000-0000-0000-000000000000"
      }
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "scope": "subscriptions/00000000-0000-0000-0000-000000000000",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Assignment with user-assigned managed identity at subscription scope

Sample request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint?api-version=2018-11-01-preview

{
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {}
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  }
}

Sample response

{
  "identity": {
    "type": "UserAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "userAssignedIdentities": {
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/contoso-identity": {
        "principalId": "00000000-0000-0000-0000-000000000000",
        "clientId": "00000000-0000-0000-0000-000000000000"
      }
    }
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "creating",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Definitions

Name Description
Assignment

Represents a blueprint assignment.

AssignmentLockMode

Lock mode.

AssignmentLockSettings

Defines how resources deployed by a blueprint assignment are locked.

AssignmentProvisioningState

State of the blueprint assignment.

AssignmentStatus

The status of a blueprint assignment. This field is readonly.

CloudError
ErrorAdditionalInfo

The resource management error additional info.

ErrorResponse

Error Response

keyVaultReference

Specifies the link to a Key Vault.

ManagedServiceIdentity

Managed identity generic object.

ManagedServiceIdentityType

Type of the managed identity.

ParameterValue

Value for the specified parameter. Can be either 'value' or 'reference' but not both.

ResourceGroupValue

Represents an Azure resource group.

SecretValueReference

Reference to a Key Vault secret.

UserAssignedIdentity

User-assigned managed identity.

Assignment

Represents a blueprint assignment.

Name Type Description
id

string

String Id used to locate any resource on Azure.

identity

ManagedServiceIdentity

Managed identity for this blueprint assignment.

location

string

The location of this blueprint assignment.

name

string

Name of this resource.

properties.blueprintId

string

ID of the published version of a blueprint definition.

properties.description

string

Multi-line explain this resource.

properties.displayName

string

One-liner string explain this resource.

properties.locks

AssignmentLockSettings

Defines how resources deployed by a blueprint assignment are locked.

properties.parameters

<string,  ParameterValue>

Blueprint assignment parameter values.

properties.provisioningState

AssignmentProvisioningState

State of the blueprint assignment.

properties.resourceGroups

<string,  ResourceGroupValue>

Names and locations of resource group placeholders.

properties.scope

string

The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required.

properties.status

AssignmentStatus

Status of blueprint assignment. This field is readonly.

type

string

Type of this resource.

AssignmentLockMode

Lock mode.

Name Type Description
AllResourcesDoNotDelete

string

AllResourcesReadOnly

string

None

string

AssignmentLockSettings

Defines how resources deployed by a blueprint assignment are locked.

Name Type Description
excludedActions

string[]

List of management operations that are excluded from blueprint locks. Up to 200 actions are permitted. If the lock mode is set to 'AllResourcesReadOnly', then the following actions are automatically appended to 'excludedActions': '*/read', 'Microsoft.Network/virtualNetworks/subnets/join/action' and 'Microsoft.Authorization/locks/delete'. If the lock mode is set to 'AllResourcesDoNotDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will get removed.

excludedPrincipals

string[]

List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted.

mode

AssignmentLockMode

Lock mode.

AssignmentProvisioningState

State of the blueprint assignment.

Name Type Description
canceled

string

cancelling

string

creating

string

deleting

string

deploying

string

failed

string

locking

string

succeeded

string

validating

string

waiting

string

AssignmentStatus

The status of a blueprint assignment. This field is readonly.

Name Type Description
lastModified

string

Last modified time of this blueprint definition.

managedResources

string[]

List of resources that were created by the blueprint assignment.

timeCreated

string

Creation time of this blueprint definition.

CloudError

Name Type Description
error

ErrorResponse

Error Response
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.)

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorResponse

Error Response

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorResponse[]

The error details.

message

string

The error message.

target

string

The error target.

keyVaultReference

Specifies the link to a Key Vault.

Name Type Description
id

string

Azure resource ID of the Key Vault.

ManagedServiceIdentity

Managed identity generic object.

Name Type Description
principalId

string

Azure Active Directory principal ID associated with this Identity.

tenantId

string

ID of the Azure Active Directory.

type

ManagedServiceIdentityType

Type of the managed identity.

userAssignedIdentities

<string,  UserAssignedIdentity>

The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity.

ManagedServiceIdentityType

Type of the managed identity.

Name Type Description
None

string

SystemAssigned

string

UserAssigned

string

ParameterValue

Value for the specified parameter. Can be either 'value' or 'reference' but not both.

Name Type Description
reference

SecretValueReference

Parameter value as reference type.

value

object

Parameter value. Any valid JSON value is allowed including objects, arrays, strings, numbers and booleans.

ResourceGroupValue

Represents an Azure resource group.

Name Type Description
location

string

Location of the resource group.

name

string

Name of the resource group.

SecretValueReference

Reference to a Key Vault secret.

Name Type Description
keyVault

keyVaultReference

Specifies the reference to a given Azure Key Vault.

secretName

string

Name of the secret.

secretVersion

string

The version of the secret to use. If left blank, the latest version of the secret is used.

UserAssignedIdentity

User-assigned managed identity.

Name Type Description
clientId

string

Client App Id associated with this identity.

principalId

string

Azure Active Directory principal ID associated with this Identity.