你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Microsoft.Network applicationGateways 2019-08-01

Bicep resource definition

The applicationGateways resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/applicationGateways resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/applicationGateways@2019-08-01' = {
  etag: 'string'
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    authenticationCertificates: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          data: 'string'
        }
        type: 'string'
      }
    ]
    autoscaleConfiguration: {
      maxCapacity: int
      minCapacity: int
    }
    backendAddressPools: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          backendAddresses: [
            {
              fqdn: 'string'
              ipAddress: 'string'
            }
          ]
          backendIPConfigurations: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                applicationGatewayBackendAddressPools: [
                  ...
                ]
                applicationSecurityGroups: [
                  {
                    id: 'string'
                    location: 'string'
                    properties: {}
                    tags: {
                      {customized property}: 'string'
                    }
                  }
                ]
                loadBalancerBackendAddressPools: [
                  {
                    etag: 'string'
                    id: 'string'
                    name: 'string'
                    properties: {}
                  }
                ]
                loadBalancerInboundNatRules: [
                  {
                    etag: 'string'
                    id: 'string'
                    name: 'string'
                    properties: {
                      backendPort: int
                      enableFloatingIP: bool
                      enableTcpReset: bool
                      frontendIPConfiguration: {
                        id: 'string'
                      }
                      frontendPort: int
                      idleTimeoutInMinutes: int
                      protocol: 'string'
                    }
                  }
                ]
                primary: bool
                privateIPAddress: 'string'
                privateIPAddressVersion: 'string'
                privateIPAllocationMethod: 'string'
                publicIPAddress: {
                  etag: 'string'
                  id: 'string'
                  location: 'string'
                  properties: {
                    ddosSettings: {
                      ddosCustomPolicy: {
                        id: 'string'
                      }
                      protectionCoverage: 'string'
                    }
                    dnsSettings: {
                      domainNameLabel: 'string'
                      fqdn: 'string'
                      reverseFqdn: 'string'
                    }
                    idleTimeoutInMinutes: int
                    ipAddress: 'string'
                    ipTags: [
                      {
                        ipTagType: 'string'
                        tag: 'string'
                      }
                    ]
                    publicIPAddressVersion: 'string'
                    publicIPAllocationMethod: 'string'
                    publicIPPrefix: {
                      id: 'string'
                    }
                    resourceGuid: 'string'
                  }
                  sku: {
                    name: 'string'
                  }
                  tags: {
                    {customized property}: 'string'
                  }
                  zones: [
                    'string'
                  ]
                }
                subnet: {
                  etag: 'string'
                  id: 'string'
                  name: 'string'
                  properties: {
                    addressPrefix: 'string'
                    addressPrefixes: [
                      'string'
                    ]
                    delegations: [
                      {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          actions: [
                            'string'
                          ]
                          serviceName: 'string'
                        }
                      }
                    ]
                    natGateway: {
                      id: 'string'
                    }
                    networkSecurityGroup: {
                      etag: 'string'
                      id: 'string'
                      location: 'string'
                      properties: {
                        defaultSecurityRules: [
                          {
                            etag: 'string'
                            id: 'string'
                            name: 'string'
                            properties: {
                              access: 'string'
                              description: 'string'
                              destinationAddressPrefix: 'string'
                              destinationAddressPrefixes: [
                                'string'
                              ]
                              destinationApplicationSecurityGroups: [
                                {
                                  id: 'string'
                                  location: 'string'
                                  properties: {}
                                  tags: {
                                    {customized property}: 'string'
                                  }
                                }
                              ]
                              destinationPortRange: 'string'
                              destinationPortRanges: [
                                'string'
                              ]
                              direction: 'string'
                              priority: int
                              protocol: 'string'
                              sourceAddressPrefix: 'string'
                              sourceAddressPrefixes: [
                                'string'
                              ]
                              sourceApplicationSecurityGroups: [
                                {
                                  id: 'string'
                                  location: 'string'
                                  properties: {}
                                  tags: {
                                    {customized property}: 'string'
                                  }
                                }
                              ]
                              sourcePortRange: 'string'
                              sourcePortRanges: [
                                'string'
                              ]
                            }
                          }
                        ]
                        resourceGuid: 'string'
                        securityRules: [
                          {
                            etag: 'string'
                            id: 'string'
                            name: 'string'
                            properties: {
                              access: 'string'
                              description: 'string'
                              destinationAddressPrefix: 'string'
                              destinationAddressPrefixes: [
                                'string'
                              ]
                              destinationApplicationSecurityGroups: [
                                {
                                  id: 'string'
                                  location: 'string'
                                  properties: {}
                                  tags: {
                                    {customized property}: 'string'
                                  }
                                }
                              ]
                              destinationPortRange: 'string'
                              destinationPortRanges: [
                                'string'
                              ]
                              direction: 'string'
                              priority: int
                              protocol: 'string'
                              sourceAddressPrefix: 'string'
                              sourceAddressPrefixes: [
                                'string'
                              ]
                              sourceApplicationSecurityGroups: [
                                {
                                  id: 'string'
                                  location: 'string'
                                  properties: {}
                                  tags: {
                                    {customized property}: 'string'
                                  }
                                }
                              ]
                              sourcePortRange: 'string'
                              sourcePortRanges: [
                                'string'
                              ]
                            }
                          }
                        ]
                      }
                      tags: {
                        {customized property}: 'string'
                      }
                    }
                    privateEndpointNetworkPolicies: 'string'
                    privateLinkServiceNetworkPolicies: 'string'
                    resourceNavigationLinks: [
                      {
                        id: 'string'
                        name: 'string'
                        properties: {
                          link: 'string'
                          linkedResourceType: 'string'
                        }
                      }
                    ]
                    routeTable: {
                      etag: 'string'
                      id: 'string'
                      location: 'string'
                      properties: {
                        disableBgpRoutePropagation: bool
                        routes: [
                          {
                            etag: 'string'
                            id: 'string'
                            name: 'string'
                            properties: {
                              addressPrefix: 'string'
                              nextHopIpAddress: 'string'
                              nextHopType: 'string'
                            }
                          }
                        ]
                      }
                      tags: {
                        {customized property}: 'string'
                      }
                    }
                    serviceAssociationLinks: [
                      {
                        id: 'string'
                        name: 'string'
                        properties: {
                          allowDelete: bool
                          link: 'string'
                          linkedResourceType: 'string'
                          locations: [
                            'string'
                          ]
                        }
                        type: 'string'
                      }
                    ]
                    serviceEndpointPolicies: [
                      {
                        etag: 'string'
                        id: 'string'
                        location: 'string'
                        properties: {
                          serviceEndpointPolicyDefinitions: [
                            {
                              etag: 'string'
                              id: 'string'
                              name: 'string'
                              properties: {
                                description: 'string'
                                service: 'string'
                                serviceResources: [
                                  'string'
                                ]
                              }
                            }
                          ]
                        }
                        tags: {
                          {customized property}: 'string'
                        }
                      }
                    ]
                    serviceEndpoints: [
                      {
                        locations: [
                          'string'
                        ]
                        service: 'string'
                      }
                    ]
                  }
                }
                virtualNetworkTaps: [
                  {
                    etag: 'string'
                    id: 'string'
                    location: 'string'
                    properties: {
                      destinationLoadBalancerFrontEndIPConfiguration: {
                        etag: 'string'
                        id: 'string'
                        name: 'string'
                        properties: {
                          privateIPAddress: 'string'
                          privateIPAddressVersion: 'string'
                          privateIPAllocationMethod: 'string'
                          publicIPAddress: {
                            etag: 'string'
                            id: 'string'
                            location: 'string'
                            properties: {
                              ddosSettings: {
                                ddosCustomPolicy: {
                                  id: 'string'
                                }
                                protectionCoverage: 'string'
                              }
                              dnsSettings: {
                                domainNameLabel: 'string'
                                fqdn: 'string'
                                reverseFqdn: 'string'
                              }
                              idleTimeoutInMinutes: int
                              ipAddress: 'string'
                              ipTags: [
                                {
                                  ipTagType: 'string'
                                  tag: 'string'
                                }
                              ]
                              publicIPAddressVersion: 'string'
                              publicIPAllocationMethod: 'string'
                              publicIPPrefix: {
                                id: 'string'
                              }
                              resourceGuid: 'string'
                            }
                            sku: {
                              name: 'string'
                            }
                            tags: {
                              {customized property}: 'string'
                            }
                            zones: [
                              'string'
                            ]
                          }
                          publicIPPrefix: {
                            id: 'string'
                          }
                          subnet: {
                            etag: 'string'
                            id: 'string'
                            name: 'string'
                            properties: {
                              addressPrefix: 'string'
                              addressPrefixes: [
                                'string'
                              ]
                              delegations: [
                                {
                                  etag: 'string'
                                  id: 'string'
                                  name: 'string'
                                  properties: {
                                    actions: [
                                      'string'
                                    ]
                                    serviceName: 'string'
                                  }
                                }
                              ]
                              natGateway: {
                                id: 'string'
                              }
                              networkSecurityGroup: {
                                etag: 'string'
                                id: 'string'
                                location: 'string'
                                properties: {
                                  defaultSecurityRules: [
                                    {
                                      etag: 'string'
                                      id: 'string'
                                      name: 'string'
                                      properties: {
                                        access: 'string'
                                        description: 'string'
                                        destinationAddressPrefix: 'string'
                                        destinationAddressPrefixes: [
                                          'string'
                                        ]
                                        destinationApplicationSecurityGroups: [
                                          {
                                            id: 'string'
                                            location: 'string'
                                            properties: {}
                                            tags: {
                                              {customized property}: 'string'
                                            }
                                          }
                                        ]
                                        destinationPortRange: 'string'
                                        destinationPortRanges: [
                                          'string'
                                        ]
                                        direction: 'string'
                                        priority: int
                                        protocol: 'string'
                                        sourceAddressPrefix: 'string'
                                        sourceAddressPrefixes: [
                                          'string'
                                        ]
                                        sourceApplicationSecurityGroups: [
                                          {
                                            id: 'string'
                                            location: 'string'
                                            properties: {}
                                            tags: {
                                              {customized property}: 'string'
                                            }
                                          }
                                        ]
                                        sourcePortRange: 'string'
                                        sourcePortRanges: [
                                          'string'
                                        ]
                                      }
                                    }
                                  ]
                                  resourceGuid: 'string'
                                  securityRules: [
                                    {
                                      etag: 'string'
                                      id: 'string'
                                      name: 'string'
                                      properties: {
                                        access: 'string'
                                        description: 'string'
                                        destinationAddressPrefix: 'string'
                                        destinationAddressPrefixes: [
                                          'string'
                                        ]
                                        destinationApplicationSecurityGroups: [
                                          {
                                            id: 'string'
                                            location: 'string'
                                            properties: {}
                                            tags: {
                                              {customized property}: 'string'
                                            }
                                          }
                                        ]
                                        destinationPortRange: 'string'
                                        destinationPortRanges: [
                                          'string'
                                        ]
                                        direction: 'string'
                                        priority: int
                                        protocol: 'string'
                                        sourceAddressPrefix: 'string'
                                        sourceAddressPrefixes: [
                                          'string'
                                        ]
                                        sourceApplicationSecurityGroups: [
                                          {
                                            id: 'string'
                                            location: 'string'
                                            properties: {}
                                            tags: {
                                              {customized property}: 'string'
                                            }
                                          }
                                        ]
                                        sourcePortRange: 'string'
                                        sourcePortRanges: [
                                          'string'
                                        ]
                                      }
                                    }
                                  ]
                                }
                                tags: {
                                  {customized property}: 'string'
                                }
                              }
                              privateEndpointNetworkPolicies: 'string'
                              privateLinkServiceNetworkPolicies: 'string'
                              resourceNavigationLinks: [
                                {
                                  id: 'string'
                                  name: 'string'
                                  properties: {
                                    link: 'string'
                                    linkedResourceType: 'string'
                                  }
                                }
                              ]
                              routeTable: {
                                etag: 'string'
                                id: 'string'
                                location: 'string'
                                properties: {
                                  disableBgpRoutePropagation: bool
                                  routes: [
                                    {
                                      etag: 'string'
                                      id: 'string'
                                      name: 'string'
                                      properties: {
                                        addressPrefix: 'string'
                                        nextHopIpAddress: 'string'
                                        nextHopType: 'string'
                                      }
                                    }
                                  ]
                                }
                                tags: {
                                  {customized property}: 'string'
                                }
                              }
                              serviceAssociationLinks: [
                                {
                                  id: 'string'
                                  name: 'string'
                                  properties: {
                                    allowDelete: bool
                                    link: 'string'
                                    linkedResourceType: 'string'
                                    locations: [
                                      'string'
                                    ]
                                  }
                                  type: 'string'
                                }
                              ]
                              serviceEndpointPolicies: [
                                {
                                  etag: 'string'
                                  id: 'string'
                                  location: 'string'
                                  properties: {
                                    serviceEndpointPolicyDefinitions: [
                                      {
                                        etag: 'string'
                                        id: 'string'
                                        name: 'string'
                                        properties: {
                                          description: 'string'
                                          service: 'string'
                                          serviceResources: [
                                            'string'
                                          ]
                                        }
                                      }
                                    ]
                                  }
                                  tags: {
                                    {customized property}: 'string'
                                  }
                                }
                              ]
                              serviceEndpoints: [
                                {
                                  locations: [
                                    'string'
                                  ]
                                  service: 'string'
                                }
                              ]
                            }
                          }
                        }
                        zones: [
                          'string'
                        ]
                      }
                      destinationNetworkInterfaceIPConfiguration: ...
                      destinationPort: int
                    }
                    tags: {
                      {customized property}: 'string'
                    }
                  }
                ]
              }
            }
          ]
        }
        type: 'string'
      }
    ]
    backendHttpSettingsCollection: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          affinityCookieName: 'string'
          authenticationCertificates: [
            {
              id: 'string'
            }
          ]
          connectionDraining: {
            drainTimeoutInSec: int
            enabled: bool
          }
          cookieBasedAffinity: 'string'
          hostName: 'string'
          path: 'string'
          pickHostNameFromBackendAddress: bool
          port: int
          probe: {
            id: 'string'
          }
          probeEnabled: bool
          protocol: 'string'
          requestTimeout: int
          trustedRootCertificates: [
            {
              id: 'string'
            }
          ]
        }
        type: 'string'
      }
    ]
    customErrorConfigurations: [
      {
        customErrorPageUrl: 'string'
        statusCode: 'string'
      }
    ]
    enableFips: bool
    enableHttp2: bool
    firewallPolicy: {
      id: 'string'
    }
    frontendIPConfigurations: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          privateIPAddress: 'string'
          privateIPAllocationMethod: 'string'
          publicIPAddress: {
            id: 'string'
          }
          subnet: {
            id: 'string'
          }
        }
        type: 'string'
      }
    ]
    frontendPorts: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          port: int
        }
        type: 'string'
      }
    ]
    gatewayIPConfigurations: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          subnet: {
            id: 'string'
          }
        }
        type: 'string'
      }
    ]
    httpListeners: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          customErrorConfigurations: [
            {
              customErrorPageUrl: 'string'
              statusCode: 'string'
            }
          ]
          frontendIPConfiguration: {
            id: 'string'
          }
          frontendPort: {
            id: 'string'
          }
          hostName: 'string'
          protocol: 'string'
          requireServerNameIndication: bool
          sslCertificate: {
            id: 'string'
          }
        }
        type: 'string'
      }
    ]
    probes: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          host: 'string'
          interval: int
          match: {
            body: 'string'
            statusCodes: [
              'string'
            ]
          }
          minServers: int
          path: 'string'
          pickHostNameFromBackendHttpSettings: bool
          port: int
          protocol: 'string'
          timeout: int
          unhealthyThreshold: int
        }
        type: 'string'
      }
    ]
    redirectConfigurations: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          includePath: bool
          includeQueryString: bool
          pathRules: [
            {
              id: 'string'
            }
          ]
          redirectType: 'string'
          requestRoutingRules: [
            {
              id: 'string'
            }
          ]
          targetListener: {
            id: 'string'
          }
          targetUrl: 'string'
          urlPathMaps: [
            {
              id: 'string'
            }
          ]
        }
        type: 'string'
      }
    ]
    requestRoutingRules: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          backendAddressPool: {
            id: 'string'
          }
          backendHttpSettings: {
            id: 'string'
          }
          httpListener: {
            id: 'string'
          }
          priority: int
          redirectConfiguration: {
            id: 'string'
          }
          rewriteRuleSet: {
            id: 'string'
          }
          ruleType: 'string'
          urlPathMap: {
            id: 'string'
          }
        }
        type: 'string'
      }
    ]
    resourceGuid: 'string'
    rewriteRuleSets: [
      {
        id: 'string'
        name: 'string'
        properties: {
          rewriteRules: [
            {
              actionSet: {
                requestHeaderConfigurations: [
                  {
                    headerName: 'string'
                    headerValue: 'string'
                  }
                ]
                responseHeaderConfigurations: [
                  {
                    headerName: 'string'
                    headerValue: 'string'
                  }
                ]
              }
              conditions: [
                {
                  ignoreCase: bool
                  negate: bool
                  pattern: 'string'
                  variable: 'string'
                }
              ]
              name: 'string'
              ruleSequence: int
            }
          ]
        }
      }
    ]
    sku: {
      capacity: int
      name: 'string'
      tier: 'string'
    }
    sslCertificates: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          data: 'string'
          keyVaultSecretId: 'string'
          password: 'string'
          publicCertData: 'string'
        }
        type: 'string'
      }
    ]
    sslPolicy: {
      cipherSuites: [
        'string'
      ]
      disabledSslProtocols: [
        'string'
      ]
      minProtocolVersion: 'string'
      policyName: 'string'
      policyType: 'string'
    }
    trustedRootCertificates: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          data: 'string'
          keyVaultSecretId: 'string'
        }
        type: 'string'
      }
    ]
    urlPathMaps: [
      {
        etag: 'string'
        id: 'string'
        name: 'string'
        properties: {
          defaultBackendAddressPool: {
            id: 'string'
          }
          defaultBackendHttpSettings: {
            id: 'string'
          }
          defaultRedirectConfiguration: {
            id: 'string'
          }
          defaultRewriteRuleSet: {
            id: 'string'
          }
          pathRules: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                backendAddressPool: {
                  id: 'string'
                }
                backendHttpSettings: {
                  id: 'string'
                }
                paths: [
                  'string'
                ]
                redirectConfiguration: {
                  id: 'string'
                }
                rewriteRuleSet: {
                  id: 'string'
                }
              }
              type: 'string'
            }
          ]
        }
        type: 'string'
      }
    ]
    webApplicationFirewallConfiguration: {
      disabledRuleGroups: [
        {
          ruleGroupName: 'string'
          rules: [
            int
          ]
        }
      ]
      enabled: bool
      exclusions: [
        {
          matchVariable: 'string'
          selector: 'string'
          selectorMatchOperator: 'string'
        }
      ]
      fileUploadLimitInMb: int
      firewallMode: 'string'
      maxRequestBodySize: int
      maxRequestBodySizeInKb: int
      requestBodyCheck: bool
      ruleSetType: 'string'
      ruleSetVersion: 'string'
    }
  }
  tags: {
    {customized property}: 'string'
  }
  zones: [
    'string'
  ]
}

Property values

ApplicationGatewayAuthenticationCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the authentication certificate that is unique within an Application Gateway. string
properties Properties of the application gateway authentication certificate. ApplicationGatewayAuthenticationCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewayAuthenticationCertificatePropertiesFormat

Name Description Value
data Certificate public data. string

ApplicationGatewayAutoscaleConfiguration

Name Description Value
maxCapacity Upper bound on number of Application Gateway capacity. int

Constraints:
Min value = 2
minCapacity Lower bound on number of Application Gateway capacity. int

Constraints:
Min value = 0 (required)

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat
type Type of the resource. string

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]
backendIPConfigurations Collection of references to IPs defined in network interfaces. NetworkInterfaceIPConfiguration[]

ApplicationGatewayBackendHttpSettings

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the backend http settings that is unique within an Application Gateway. string
properties Properties of the application gateway backend HTTP settings. ApplicationGatewayBackendHttpSettingsPropertiesFormat
type Type of the resource. string

ApplicationGatewayBackendHttpSettingsPropertiesFormat

Name Description Value
affinityCookieName Cookie name to use for the affinity cookie. string
authenticationCertificates Array of references to application gateway authentication certificates. SubResource[]
connectionDraining Connection draining of the backend http settings resource. ApplicationGatewayConnectionDraining
cookieBasedAffinity Cookie based affinity. 'Disabled'
'Enabled'
hostName Host header to be sent to the backend servers. string
path Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. string
pickHostNameFromBackendAddress Whether to pick host header should be picked from the host name of the backend server. Default value is false. bool
port The destination port on the backend. int
probe Probe resource of an application gateway. SubResource
probeEnabled Whether the probe is enabled. Default value is false. bool
protocol The protocol used to communicate with the backend. 'Http'
'Https'
requestTimeout Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. int
trustedRootCertificates Array of references to application gateway trusted root certificates. SubResource[]

ApplicationGatewayConnectionDraining

Name Description Value
drainTimeoutInSec The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. int

Constraints:
Min value = 1
Max value = 3600 (required)
enabled Whether connection draining is enabled or not. bool (required)

ApplicationGatewayCustomError

Name Description Value
customErrorPageUrl Error page URL of the application gateway customer error. string
statusCode Status code of the application gateway customer error. 'HttpStatus403'
'HttpStatus502'

ApplicationGatewayFirewallDisabledRuleGroup

Name Description Value
ruleGroupName The name of the rule group that will be disabled. string (required)
rules The list of rules that will be disabled. If null, all rules of the rule group will be disabled. int[]

ApplicationGatewayFirewallExclusion

Name Description Value
matchVariable The variable to be excluded. string (required)
selector When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. string (required)
selectorMatchOperator When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. string (required)

ApplicationGatewayFrontendIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the frontend IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway frontend IP configuration. ApplicationGatewayFrontendIPConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayFrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress PrivateIPAddress of the network interface IP Configuration. string
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Reference of the PublicIP resource. SubResource
subnet Reference of the subnet resource. SubResource

ApplicationGatewayFrontendPort

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the frontend port that is unique within an Application Gateway. string
properties Properties of the application gateway frontend port. ApplicationGatewayFrontendPortPropertiesFormat
type Type of the resource. string

ApplicationGatewayFrontendPortPropertiesFormat

Name Description Value
port Frontend port. int

ApplicationGatewayHeaderConfiguration

Name Description Value
headerName Header name of the header configuration. string
headerValue Header value of the header configuration. string

ApplicationGatewayHttpListener

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the HTTP listener that is unique within an Application Gateway. string
properties Properties of the application gateway HTTP listener. ApplicationGatewayHttpListenerPropertiesFormat
type Type of the resource. string

ApplicationGatewayHttpListenerPropertiesFormat

Name Description Value
customErrorConfigurations Custom error configurations of the HTTP listener. ApplicationGatewayCustomError[]
frontendIPConfiguration Frontend IP configuration resource of an application gateway. SubResource
frontendPort Frontend port resource of an application gateway. SubResource
hostName Host name of HTTP listener. string
protocol Protocol of the HTTP listener. 'Http'
'Https'
requireServerNameIndication Applicable only if protocol is https. Enables SNI for multi-hosting. bool
sslCertificate SSL certificate resource of an application gateway. SubResource

ApplicationGatewayIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference of the subnet resource. A subnet from where application gateway gets its private address. SubResource

ApplicationGatewayPathRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the path rule that is unique within an Application Gateway. string
properties Properties of the application gateway path rule. ApplicationGatewayPathRulePropertiesFormat
type Type of the resource. string

ApplicationGatewayPathRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of URL path map path rule. SubResource
backendHttpSettings Backend http settings resource of URL path map path rule. SubResource
paths Path rules of URL path map. string[]
redirectConfiguration Redirect configuration resource of URL path map path rule. SubResource
rewriteRuleSet Rewrite rule set resource of URL path map path rule. SubResource

ApplicationGatewayProbe

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the probe that is unique within an Application Gateway. string
properties Properties of the application gateway probe. ApplicationGatewayProbePropertiesFormat
type Type of the resource. string

ApplicationGatewayProbeHealthResponseMatch

Name Description Value
body Body that must be contained in the health response. Default value is empty. string
statusCodes Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. string[]

ApplicationGatewayProbePropertiesFormat

Name Description Value
host Host name to send the probe to. string
interval The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. int
match Criterion for classifying a healthy probe response. ApplicationGatewayProbeHealthResponseMatch
minServers Minimum number of servers that are always marked healthy. Default value is 0. int
path Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. string
pickHostNameFromBackendHttpSettings Whether the host header should be picked from the backend http settings. Default value is false. bool
port Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. int

Constraints:
Min value = 1
Max value = 65535
protocol The protocol used for the probe. 'Http'
'Https'
timeout The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. int
unhealthyThreshold The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. int

ApplicationGatewayPropertiesFormat

Name Description Value
authenticationCertificates Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayAuthenticationCertificate[]
autoscaleConfiguration Autoscale Configuration. ApplicationGatewayAutoscaleConfiguration
backendAddressPools Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendAddressPool[]
backendHttpSettingsCollection Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendHttpSettings[]
customErrorConfigurations Custom error configurations of the application gateway resource. ApplicationGatewayCustomError[]
enableFips Whether FIPS is enabled on the application gateway resource. bool
enableHttp2 Whether HTTP2 is enabled on the application gateway resource. bool
firewallPolicy Reference of the FirewallPolicy resource. SubResource
frontendIPConfigurations Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendIPConfiguration[]
frontendPorts Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendPort[]
gatewayIPConfigurations Subnets of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayIPConfiguration[]
httpListeners Http listeners of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayHttpListener[]
probes Probes of the application gateway resource. ApplicationGatewayProbe[]
redirectConfigurations Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayRedirectConfiguration[]
requestRoutingRules Request routing rules of the application gateway resource. ApplicationGatewayRequestRoutingRule[]
resourceGuid The resource GUID property of the application gateway resource. string
rewriteRuleSets Rewrite rules for the application gateway resource. ApplicationGatewayRewriteRuleSet[]
sku SKU of the application gateway resource. ApplicationGatewaySku
sslCertificates SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewaySslCertificate[]
sslPolicy SSL policy of the application gateway resource. ApplicationGatewaySslPolicy
trustedRootCertificates Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayTrustedRootCertificate[]
urlPathMaps URL path map of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayUrlPathMap[]
webApplicationFirewallConfiguration Web application firewall configuration. ApplicationGatewayWebApplicationFirewallConfiguration

ApplicationGatewayRedirectConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the redirect configuration that is unique within an Application Gateway. string
properties Properties of the application gateway redirect configuration. ApplicationGatewayRedirectConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayRedirectConfigurationPropertiesFormat

Name Description Value
includePath Include path in the redirected url. bool
includeQueryString Include query string in the redirected url. bool
pathRules Path rules specifying redirect configuration. SubResource[]
redirectType HTTP redirection type. 'Found'
'Permanent'
'SeeOther'
'Temporary'
requestRoutingRules Request routing specifying redirect configuration. SubResource[]
targetListener Reference to a listener to redirect the request to. SubResource
targetUrl Url to redirect the request to. string
urlPathMaps Url path maps specifying default redirect configuration. SubResource[]

ApplicationGatewayRequestRoutingRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the request routing rule that is unique within an Application Gateway. string
properties Properties of the application gateway request routing rule. ApplicationGatewayRequestRoutingRulePropertiesFormat
type Type of the resource. string

ApplicationGatewayRequestRoutingRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of the application gateway. SubResource
backendHttpSettings Backend http settings resource of the application gateway. SubResource
httpListener Http listener resource of the application gateway. SubResource
priority Priority of the request routing rule. int

Constraints:
Min value = 1
Max value = 20000
redirectConfiguration Redirect configuration resource of the application gateway. SubResource
rewriteRuleSet Rewrite Rule Set resource in Basic rule of the application gateway. SubResource
ruleType Rule type. 'Basic'
'PathBasedRouting'
urlPathMap URL path map resource of the application gateway. SubResource

ApplicationGatewayRewriteRule

Name Description Value
actionSet Set of actions to be done as part of the rewrite Rule. ApplicationGatewayRewriteRuleActionSet
conditions Conditions based on which the action set execution will be evaluated. ApplicationGatewayRewriteRuleCondition[]
name Name of the rewrite rule that is unique within an Application Gateway. string
ruleSequence Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. int

ApplicationGatewayRewriteRuleActionSet

Name Description Value
requestHeaderConfigurations Request Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
responseHeaderConfigurations Response Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]

ApplicationGatewayRewriteRuleCondition

Name Description Value
ignoreCase Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. bool
negate Setting this value as truth will force to check the negation of the condition given by the user. bool
pattern The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. string
variable The condition parameter of the RewriteRuleCondition. string

ApplicationGatewayRewriteRuleSet

Name Description Value
id Resource ID. string
name Name of the rewrite rule set that is unique within an Application Gateway. string
properties Properties of the application gateway rewrite rule set. ApplicationGatewayRewriteRuleSetPropertiesFormat

ApplicationGatewayRewriteRuleSetPropertiesFormat

Name Description Value
rewriteRules Rewrite rules in the rewrite rule set. ApplicationGatewayRewriteRule[]

ApplicationGatewaySku

Name Description Value
capacity Capacity (instance count) of an application gateway. int
name Name of an application gateway SKU. 'Standard_Large'
'Standard_Medium'
'Standard_Small'
'Standard_v2'
'WAF_Large'
'WAF_Medium'
'WAF_v2'
tier Tier of an application gateway. 'Standard'
'Standard_v2'
'WAF'
'WAF_v2'

ApplicationGatewaySslCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the SSL certificate that is unique within an Application Gateway. string
properties Properties of the application gateway SSL certificate. ApplicationGatewaySslCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewaySslCertificatePropertiesFormat

Name Description Value
data Base-64 encoded pfx certificate. Only applicable in PUT Request. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string
password Password for the pfx file specified in data. Only applicable in PUT request. string
publicCertData Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. string

ApplicationGatewaySslPolicy

Name Description Value
cipherSuites Ssl cipher suites to be enabled in the specified order to application gateway. String array containing any of:
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_RSA_WITH_AES_128_GCM_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_RSA_WITH_AES_256_GCM_SHA384'
disabledSslProtocols Ssl protocols to be disabled on application gateway. String array containing any of:
'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
minProtocolVersion Minimum version of Ssl protocol to be supported on application gateway. 'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
policyName Name of Ssl predefined policy. 'AppGwSslPolicy20150501'
'AppGwSslPolicy20170401'
'AppGwSslPolicy20170401S'
policyType Type of Ssl Policy. 'Custom'
'Predefined'

ApplicationGatewayTrustedRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the trusted root certificate that is unique within an Application Gateway. string
properties Properties of the application gateway trusted root certificate. ApplicationGatewayTrustedRootCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewayTrustedRootCertificatePropertiesFormat

Name Description Value
data Certificate public data. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string

ApplicationGatewayUrlPathMap

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the URL path map that is unique within an Application Gateway. string
properties Properties of the application gateway URL path map. ApplicationGatewayUrlPathMapPropertiesFormat
type Type of the resource. string

ApplicationGatewayUrlPathMapPropertiesFormat

Name Description Value
defaultBackendAddressPool Default backend address pool resource of URL path map. SubResource
defaultBackendHttpSettings Default backend http settings resource of URL path map. SubResource
defaultRedirectConfiguration Default redirect configuration resource of URL path map. SubResource
defaultRewriteRuleSet Default Rewrite rule set resource of URL path map. SubResource
pathRules Path rule of URL path map resource. ApplicationGatewayPathRule[]

ApplicationGatewayWebApplicationFirewallConfiguration

Name Description Value
disabledRuleGroups The disabled rule groups. ApplicationGatewayFirewallDisabledRuleGroup[]
enabled Whether the web application firewall is enabled or not. bool (required)
exclusions The exclusion list. ApplicationGatewayFirewallExclusion[]
fileUploadLimitInMb Maximum file upload size in Mb for WAF. int

Constraints:
Min value = 0
firewallMode Web application firewall mode. 'Detection'
'Prevention' (required)
maxRequestBodySize Maximum request body size for WAF. int

Constraints:
Min value = 8
Max value = 128
maxRequestBodySizeInKb Maximum request body size in Kb for WAF. int

Constraints:
Min value = 8
Max value = 128
requestBodyCheck Whether allow WAF to check request Body. bool
ruleSetType The type of the web application firewall rule set. Possible values are: 'OWASP'. string (required)
ruleSetVersion The version of the rule set type. string (required)

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

ApplicationSecurityGroupPropertiesFormat

Name Description Value

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

DdosSettings

Name Description Value
ddosCustomPolicy The DDoS custom policy associated with the public IP. SubResource
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

Delegation

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat

FrontendIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. string
properties Properties of the load balancer probe. FrontendIPConfigurationPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

FrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The Private IP allocation method. 'Dynamic'
'Static'
publicIPAddress The reference of the Public IP resource. PublicIPAddress
publicIPPrefix The reference of the Public IP Prefix resource. SubResource
subnet The reference of the subnet resource. Subnet

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer inbound nat rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
enableTcpReset Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The reference to the transport protocol used by the load balancing rule. 'All'
'Tcp'
'Udp'

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/applicationGateways

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
identity The identity of the application gateway, if configured. ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the application gateway. ApplicationGatewayPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates
zones A list of availability zones denoting where the resource needs to come from. string[]

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Network interface IP configuration properties. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools The reference of ApplicationGatewayBackendAddressPool resource. ApplicationGatewayBackendAddressPool[]
applicationSecurityGroups Application security groups in which the IP configuration is included. ApplicationSecurityGroup[]
loadBalancerBackendAddressPools The reference of LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Whether this is a primary customer address on the network interface. bool
privateIPAddress Private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Public IP address bound to the IP configuration. PublicIPAddress
subnet Subnet bound to the IP configuration. Subnet
virtualNetworkTaps The reference to Virtual Network Taps. VirtualNetworkTap[]

NetworkSecurityGroup

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules The default security rules of network security group. SecurityRule[]
resourceGuid The resource GUID property of the network security group resource. string
securityRules A collection of security rules of the network security group. SecurityRule[]

PublicIPAddress

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku The public IP address SKU. PublicIPAddressSku
tags Resource tags. ResourceTags
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings The DDoS protection custom policy associated with the public IP address. DdosSettings
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
publicIPAddressVersion The public IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod The public IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix The Public IP Prefix this Public IP Address should be allocated from. SubResource
resourceGuid The resource GUID property of the public IP address resource. string

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'
Name Description Value
id Resource ID. string
name Name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Resource navigation link properties format. ResourceNavigationLinkFormat

ResourceNavigationLinkFormat

Name Description Value
link Link to the external resource. string
linkedResourceType Resource type of the linked resource. string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

RouteTable

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]
Name Description Value
id Resource ID. string
name Name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Resource navigation link properties format. ServiceAssociationLinkPropertiesFormat
type Resource type. string

ServiceAssociationLinkPropertiesFormat

Name Description Value
allowDelete If true, the resource can be deleted. bool
link Link to the external resource. string
linkedResourceType Resource type of the linked resource. string
locations A list of locations. string[]

ServiceDelegationPropertiesFormat

Name Description Value
actions Describes the actions permitted to the service upon delegation. string[]
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

ServiceEndpointPolicy

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. ResourceTags

ServiceEndpointPolicyDefinition

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPolicyPropertiesFormat

Name Description Value
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
delegations An array of references to the delegations on the subnet. Delegation[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. string
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. string
resourceNavigationLinks An array of references to the external resources using subnet. ResourceNavigationLink[]
routeTable The reference of the RouteTable resource. RouteTable
serviceAssociationLinks An array of references to services injecting into this subnet. ServiceAssociationLink[]
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkTap

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags. ResourceTags

VirtualNetworkTapPropertiesFormat

Name Description Value
destinationLoadBalancerFrontEndIPConfiguration The reference to the private IP address on the internal Load Balancer that will receive the tap. FrontendIPConfiguration
destinationNetworkInterfaceIPConfiguration The reference to the private IP Address of the collector nic that will receive the tap. NetworkInterfaceIPConfiguration
destinationPort The VXLAN destination port that will receive the tapped traffic. int

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
AKS Cluster with a NAT Gateway and an Application Gateway This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with internal API Management and Web App Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Application Gateway with WAF and firewall policy This template creates an Application Gateway with WAF configured along with a firewall policy
Create a Web App, PE and Application Gateway v2 This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint
Create an Application Gateway v2 This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend
Create an Azure Application Gateway v2 This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Azure WAF v2 on Azure Application Gateway This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create API Management in Internal VNet with App Gateway This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create Application Gateway with Certificates This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Deploy a Windows VM scale set with Azure Application Gateway This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Front Door Standard/Premium with Application Gateway origin This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway This template creates a Front Door Standard/Premium with a container group and Application Gateway.

ARM template resource definition

The applicationGateways resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/applicationGateways resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/applicationGateways",
  "apiVersion": "2019-08-01",
  "name": "string",
  "etag": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "authenticationCertificates": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "data": "string"
        },
        "type": "string"
      }
    ],
    "autoscaleConfiguration": {
      "maxCapacity": "int",
      "minCapacity": "int"
    },
    "backendAddressPools": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "backendAddresses": [
            {
              "fqdn": "string",
              "ipAddress": "string"
            }
          ],
          "backendIPConfigurations": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "applicationGatewayBackendAddressPools": [
                  ...
                ],
                "applicationSecurityGroups": [
                  {
                    "id": "string",
                    "location": "string",
                    "properties": {
                    },
                    "tags": {
                      "{customized property}": "string"
                    }
                  }
                ],
                "loadBalancerBackendAddressPools": [
                  {
                    "etag": "string",
                    "id": "string",
                    "name": "string",
                    "properties": {
                    }
                  }
                ],
                "loadBalancerInboundNatRules": [
                  {
                    "etag": "string",
                    "id": "string",
                    "name": "string",
                    "properties": {
                      "backendPort": "int",
                      "enableFloatingIP": "bool",
                      "enableTcpReset": "bool",
                      "frontendIPConfiguration": {
                        "id": "string"
                      },
                      "frontendPort": "int",
                      "idleTimeoutInMinutes": "int",
                      "protocol": "string"
                    }
                  }
                ],
                "primary": "bool",
                "privateIPAddress": "string",
                "privateIPAddressVersion": "string",
                "privateIPAllocationMethod": "string",
                "publicIPAddress": {
                  "etag": "string",
                  "id": "string",
                  "location": "string",
                  "properties": {
                    "ddosSettings": {
                      "ddosCustomPolicy": {
                        "id": "string"
                      },
                      "protectionCoverage": "string"
                    },
                    "dnsSettings": {
                      "domainNameLabel": "string",
                      "fqdn": "string",
                      "reverseFqdn": "string"
                    },
                    "idleTimeoutInMinutes": "int",
                    "ipAddress": "string",
                    "ipTags": [
                      {
                        "ipTagType": "string",
                        "tag": "string"
                      }
                    ],
                    "publicIPAddressVersion": "string",
                    "publicIPAllocationMethod": "string",
                    "publicIPPrefix": {
                      "id": "string"
                    },
                    "resourceGuid": "string"
                  },
                  "sku": {
                    "name": "string"
                  },
                  "tags": {
                    "{customized property}": "string"
                  },
                  "zones": [ "string" ]
                },
                "subnet": {
                  "etag": "string",
                  "id": "string",
                  "name": "string",
                  "properties": {
                    "addressPrefix": "string",
                    "addressPrefixes": [ "string" ],
                    "delegations": [
                      {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "actions": [ "string" ],
                          "serviceName": "string"
                        }
                      }
                    ],
                    "natGateway": {
                      "id": "string"
                    },
                    "networkSecurityGroup": {
                      "etag": "string",
                      "id": "string",
                      "location": "string",
                      "properties": {
                        "defaultSecurityRules": [
                          {
                            "etag": "string",
                            "id": "string",
                            "name": "string",
                            "properties": {
                              "access": "string",
                              "description": "string",
                              "destinationAddressPrefix": "string",
                              "destinationAddressPrefixes": [ "string" ],
                              "destinationApplicationSecurityGroups": [
                                {
                                  "id": "string",
                                  "location": "string",
                                  "properties": {
                                  },
                                  "tags": {
                                    "{customized property}": "string"
                                  }
                                }
                              ],
                              "destinationPortRange": "string",
                              "destinationPortRanges": [ "string" ],
                              "direction": "string",
                              "priority": "int",
                              "protocol": "string",
                              "sourceAddressPrefix": "string",
                              "sourceAddressPrefixes": [ "string" ],
                              "sourceApplicationSecurityGroups": [
                                {
                                  "id": "string",
                                  "location": "string",
                                  "properties": {
                                  },
                                  "tags": {
                                    "{customized property}": "string"
                                  }
                                }
                              ],
                              "sourcePortRange": "string",
                              "sourcePortRanges": [ "string" ]
                            }
                          }
                        ],
                        "resourceGuid": "string",
                        "securityRules": [
                          {
                            "etag": "string",
                            "id": "string",
                            "name": "string",
                            "properties": {
                              "access": "string",
                              "description": "string",
                              "destinationAddressPrefix": "string",
                              "destinationAddressPrefixes": [ "string" ],
                              "destinationApplicationSecurityGroups": [
                                {
                                  "id": "string",
                                  "location": "string",
                                  "properties": {
                                  },
                                  "tags": {
                                    "{customized property}": "string"
                                  }
                                }
                              ],
                              "destinationPortRange": "string",
                              "destinationPortRanges": [ "string" ],
                              "direction": "string",
                              "priority": "int",
                              "protocol": "string",
                              "sourceAddressPrefix": "string",
                              "sourceAddressPrefixes": [ "string" ],
                              "sourceApplicationSecurityGroups": [
                                {
                                  "id": "string",
                                  "location": "string",
                                  "properties": {
                                  },
                                  "tags": {
                                    "{customized property}": "string"
                                  }
                                }
                              ],
                              "sourcePortRange": "string",
                              "sourcePortRanges": [ "string" ]
                            }
                          }
                        ]
                      },
                      "tags": {
                        "{customized property}": "string"
                      }
                    },
                    "privateEndpointNetworkPolicies": "string",
                    "privateLinkServiceNetworkPolicies": "string",
                    "resourceNavigationLinks": [
                      {
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "link": "string",
                          "linkedResourceType": "string"
                        }
                      }
                    ],
                    "routeTable": {
                      "etag": "string",
                      "id": "string",
                      "location": "string",
                      "properties": {
                        "disableBgpRoutePropagation": "bool",
                        "routes": [
                          {
                            "etag": "string",
                            "id": "string",
                            "name": "string",
                            "properties": {
                              "addressPrefix": "string",
                              "nextHopIpAddress": "string",
                              "nextHopType": "string"
                            }
                          }
                        ]
                      },
                      "tags": {
                        "{customized property}": "string"
                      }
                    },
                    "serviceAssociationLinks": [
                      {
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "allowDelete": "bool",
                          "link": "string",
                          "linkedResourceType": "string",
                          "locations": [ "string" ]
                        },
                        "type": "string"
                      }
                    ],
                    "serviceEndpointPolicies": [
                      {
                        "etag": "string",
                        "id": "string",
                        "location": "string",
                        "properties": {
                          "serviceEndpointPolicyDefinitions": [
                            {
                              "etag": "string",
                              "id": "string",
                              "name": "string",
                              "properties": {
                                "description": "string",
                                "service": "string",
                                "serviceResources": [ "string" ]
                              }
                            }
                          ]
                        },
                        "tags": {
                          "{customized property}": "string"
                        }
                      }
                    ],
                    "serviceEndpoints": [
                      {
                        "locations": [ "string" ],
                        "service": "string"
                      }
                    ]
                  }
                },
                "virtualNetworkTaps": [
                  {
                    "etag": "string",
                    "id": "string",
                    "location": "string",
                    "properties": {
                      "destinationLoadBalancerFrontEndIPConfiguration": {
                        "etag": "string",
                        "id": "string",
                        "name": "string",
                        "properties": {
                          "privateIPAddress": "string",
                          "privateIPAddressVersion": "string",
                          "privateIPAllocationMethod": "string",
                          "publicIPAddress": {
                            "etag": "string",
                            "id": "string",
                            "location": "string",
                            "properties": {
                              "ddosSettings": {
                                "ddosCustomPolicy": {
                                  "id": "string"
                                },
                                "protectionCoverage": "string"
                              },
                              "dnsSettings": {
                                "domainNameLabel": "string",
                                "fqdn": "string",
                                "reverseFqdn": "string"
                              },
                              "idleTimeoutInMinutes": "int",
                              "ipAddress": "string",
                              "ipTags": [
                                {
                                  "ipTagType": "string",
                                  "tag": "string"
                                }
                              ],
                              "publicIPAddressVersion": "string",
                              "publicIPAllocationMethod": "string",
                              "publicIPPrefix": {
                                "id": "string"
                              },
                              "resourceGuid": "string"
                            },
                            "sku": {
                              "name": "string"
                            },
                            "tags": {
                              "{customized property}": "string"
                            },
                            "zones": [ "string" ]
                          },
                          "publicIPPrefix": {
                            "id": "string"
                          },
                          "subnet": {
                            "etag": "string",
                            "id": "string",
                            "name": "string",
                            "properties": {
                              "addressPrefix": "string",
                              "addressPrefixes": [ "string" ],
                              "delegations": [
                                {
                                  "etag": "string",
                                  "id": "string",
                                  "name": "string",
                                  "properties": {
                                    "actions": [ "string" ],
                                    "serviceName": "string"
                                  }
                                }
                              ],
                              "natGateway": {
                                "id": "string"
                              },
                              "networkSecurityGroup": {
                                "etag": "string",
                                "id": "string",
                                "location": "string",
                                "properties": {
                                  "defaultSecurityRules": [
                                    {
                                      "etag": "string",
                                      "id": "string",
                                      "name": "string",
                                      "properties": {
                                        "access": "string",
                                        "description": "string",
                                        "destinationAddressPrefix": "string",
                                        "destinationAddressPrefixes": [ "string" ],
                                        "destinationApplicationSecurityGroups": [
                                          {
                                            "id": "string",
                                            "location": "string",
                                            "properties": {
                                            },
                                            "tags": {
                                              "{customized property}": "string"
                                            }
                                          }
                                        ],
                                        "destinationPortRange": "string",
                                        "destinationPortRanges": [ "string" ],
                                        "direction": "string",
                                        "priority": "int",
                                        "protocol": "string",
                                        "sourceAddressPrefix": "string",
                                        "sourceAddressPrefixes": [ "string" ],
                                        "sourceApplicationSecurityGroups": [
                                          {
                                            "id": "string",
                                            "location": "string",
                                            "properties": {
                                            },
                                            "tags": {
                                              "{customized property}": "string"
                                            }
                                          }
                                        ],
                                        "sourcePortRange": "string",
                                        "sourcePortRanges": [ "string" ]
                                      }
                                    }
                                  ],
                                  "resourceGuid": "string",
                                  "securityRules": [
                                    {
                                      "etag": "string",
                                      "id": "string",
                                      "name": "string",
                                      "properties": {
                                        "access": "string",
                                        "description": "string",
                                        "destinationAddressPrefix": "string",
                                        "destinationAddressPrefixes": [ "string" ],
                                        "destinationApplicationSecurityGroups": [
                                          {
                                            "id": "string",
                                            "location": "string",
                                            "properties": {
                                            },
                                            "tags": {
                                              "{customized property}": "string"
                                            }
                                          }
                                        ],
                                        "destinationPortRange": "string",
                                        "destinationPortRanges": [ "string" ],
                                        "direction": "string",
                                        "priority": "int",
                                        "protocol": "string",
                                        "sourceAddressPrefix": "string",
                                        "sourceAddressPrefixes": [ "string" ],
                                        "sourceApplicationSecurityGroups": [
                                          {
                                            "id": "string",
                                            "location": "string",
                                            "properties": {
                                            },
                                            "tags": {
                                              "{customized property}": "string"
                                            }
                                          }
                                        ],
                                        "sourcePortRange": "string",
                                        "sourcePortRanges": [ "string" ]
                                      }
                                    }
                                  ]
                                },
                                "tags": {
                                  "{customized property}": "string"
                                }
                              },
                              "privateEndpointNetworkPolicies": "string",
                              "privateLinkServiceNetworkPolicies": "string",
                              "resourceNavigationLinks": [
                                {
                                  "id": "string",
                                  "name": "string",
                                  "properties": {
                                    "link": "string",
                                    "linkedResourceType": "string"
                                  }
                                }
                              ],
                              "routeTable": {
                                "etag": "string",
                                "id": "string",
                                "location": "string",
                                "properties": {
                                  "disableBgpRoutePropagation": "bool",
                                  "routes": [
                                    {
                                      "etag": "string",
                                      "id": "string",
                                      "name": "string",
                                      "properties": {
                                        "addressPrefix": "string",
                                        "nextHopIpAddress": "string",
                                        "nextHopType": "string"
                                      }
                                    }
                                  ]
                                },
                                "tags": {
                                  "{customized property}": "string"
                                }
                              },
                              "serviceAssociationLinks": [
                                {
                                  "id": "string",
                                  "name": "string",
                                  "properties": {
                                    "allowDelete": "bool",
                                    "link": "string",
                                    "linkedResourceType": "string",
                                    "locations": [ "string" ]
                                  },
                                  "type": "string"
                                }
                              ],
                              "serviceEndpointPolicies": [
                                {
                                  "etag": "string",
                                  "id": "string",
                                  "location": "string",
                                  "properties": {
                                    "serviceEndpointPolicyDefinitions": [
                                      {
                                        "etag": "string",
                                        "id": "string",
                                        "name": "string",
                                        "properties": {
                                          "description": "string",
                                          "service": "string",
                                          "serviceResources": [ "string" ]
                                        }
                                      }
                                    ]
                                  },
                                  "tags": {
                                    "{customized property}": "string"
                                  }
                                }
                              ],
                              "serviceEndpoints": [
                                {
                                  "locations": [ "string" ],
                                  "service": "string"
                                }
                              ]
                            }
                          }
                        },
                        "zones": [ "string" ]
                      },
                      "destinationNetworkInterfaceIPConfiguration": ...,
                      "destinationPort": "int"
                    },
                    "tags": {
                      "{customized property}": "string"
                    }
                  }
                ]
              }
            }
          ]
        },
        "type": "string"
      }
    ],
    "backendHttpSettingsCollection": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "affinityCookieName": "string",
          "authenticationCertificates": [
            {
              "id": "string"
            }
          ],
          "connectionDraining": {
            "drainTimeoutInSec": "int",
            "enabled": "bool"
          },
          "cookieBasedAffinity": "string",
          "hostName": "string",
          "path": "string",
          "pickHostNameFromBackendAddress": "bool",
          "port": "int",
          "probe": {
            "id": "string"
          },
          "probeEnabled": "bool",
          "protocol": "string",
          "requestTimeout": "int",
          "trustedRootCertificates": [
            {
              "id": "string"
            }
          ]
        },
        "type": "string"
      }
    ],
    "customErrorConfigurations": [
      {
        "customErrorPageUrl": "string",
        "statusCode": "string"
      }
    ],
    "enableFips": "bool",
    "enableHttp2": "bool",
    "firewallPolicy": {
      "id": "string"
    },
    "frontendIPConfigurations": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "privateIPAddress": "string",
          "privateIPAllocationMethod": "string",
          "publicIPAddress": {
            "id": "string"
          },
          "subnet": {
            "id": "string"
          }
        },
        "type": "string"
      }
    ],
    "frontendPorts": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "port": "int"
        },
        "type": "string"
      }
    ],
    "gatewayIPConfigurations": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "subnet": {
            "id": "string"
          }
        },
        "type": "string"
      }
    ],
    "httpListeners": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "customErrorConfigurations": [
            {
              "customErrorPageUrl": "string",
              "statusCode": "string"
            }
          ],
          "frontendIPConfiguration": {
            "id": "string"
          },
          "frontendPort": {
            "id": "string"
          },
          "hostName": "string",
          "protocol": "string",
          "requireServerNameIndication": "bool",
          "sslCertificate": {
            "id": "string"
          }
        },
        "type": "string"
      }
    ],
    "probes": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "host": "string",
          "interval": "int",
          "match": {
            "body": "string",
            "statusCodes": [ "string" ]
          },
          "minServers": "int",
          "path": "string",
          "pickHostNameFromBackendHttpSettings": "bool",
          "port": "int",
          "protocol": "string",
          "timeout": "int",
          "unhealthyThreshold": "int"
        },
        "type": "string"
      }
    ],
    "redirectConfigurations": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "includePath": "bool",
          "includeQueryString": "bool",
          "pathRules": [
            {
              "id": "string"
            }
          ],
          "redirectType": "string",
          "requestRoutingRules": [
            {
              "id": "string"
            }
          ],
          "targetListener": {
            "id": "string"
          },
          "targetUrl": "string",
          "urlPathMaps": [
            {
              "id": "string"
            }
          ]
        },
        "type": "string"
      }
    ],
    "requestRoutingRules": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "backendAddressPool": {
            "id": "string"
          },
          "backendHttpSettings": {
            "id": "string"
          },
          "httpListener": {
            "id": "string"
          },
          "priority": "int",
          "redirectConfiguration": {
            "id": "string"
          },
          "rewriteRuleSet": {
            "id": "string"
          },
          "ruleType": "string",
          "urlPathMap": {
            "id": "string"
          }
        },
        "type": "string"
      }
    ],
    "resourceGuid": "string",
    "rewriteRuleSets": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "rewriteRules": [
            {
              "actionSet": {
                "requestHeaderConfigurations": [
                  {
                    "headerName": "string",
                    "headerValue": "string"
                  }
                ],
                "responseHeaderConfigurations": [
                  {
                    "headerName": "string",
                    "headerValue": "string"
                  }
                ]
              },
              "conditions": [
                {
                  "ignoreCase": "bool",
                  "negate": "bool",
                  "pattern": "string",
                  "variable": "string"
                }
              ],
              "name": "string",
              "ruleSequence": "int"
            }
          ]
        }
      }
    ],
    "sku": {
      "capacity": "int",
      "name": "string",
      "tier": "string"
    },
    "sslCertificates": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "data": "string",
          "keyVaultSecretId": "string",
          "password": "string",
          "publicCertData": "string"
        },
        "type": "string"
      }
    ],
    "sslPolicy": {
      "cipherSuites": [ "string" ],
      "disabledSslProtocols": [ "string" ],
      "minProtocolVersion": "string",
      "policyName": "string",
      "policyType": "string"
    },
    "trustedRootCertificates": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "data": "string",
          "keyVaultSecretId": "string"
        },
        "type": "string"
      }
    ],
    "urlPathMaps": [
      {
        "etag": "string",
        "id": "string",
        "name": "string",
        "properties": {
          "defaultBackendAddressPool": {
            "id": "string"
          },
          "defaultBackendHttpSettings": {
            "id": "string"
          },
          "defaultRedirectConfiguration": {
            "id": "string"
          },
          "defaultRewriteRuleSet": {
            "id": "string"
          },
          "pathRules": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "backendAddressPool": {
                  "id": "string"
                },
                "backendHttpSettings": {
                  "id": "string"
                },
                "paths": [ "string" ],
                "redirectConfiguration": {
                  "id": "string"
                },
                "rewriteRuleSet": {
                  "id": "string"
                }
              },
              "type": "string"
            }
          ]
        },
        "type": "string"
      }
    ],
    "webApplicationFirewallConfiguration": {
      "disabledRuleGroups": [
        {
          "ruleGroupName": "string",
          "rules": [ "int" ]
        }
      ],
      "enabled": "bool",
      "exclusions": [
        {
          "matchVariable": "string",
          "selector": "string",
          "selectorMatchOperator": "string"
        }
      ],
      "fileUploadLimitInMb": "int",
      "firewallMode": "string",
      "maxRequestBodySize": "int",
      "maxRequestBodySizeInKb": "int",
      "requestBodyCheck": "bool",
      "ruleSetType": "string",
      "ruleSetVersion": "string"
    }
  },
  "tags": {
    "{customized property}": "string"
  },
  "zones": [ "string" ]
}

Property values

ApplicationGatewayAuthenticationCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the authentication certificate that is unique within an Application Gateway. string
properties Properties of the application gateway authentication certificate. ApplicationGatewayAuthenticationCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewayAuthenticationCertificatePropertiesFormat

Name Description Value
data Certificate public data. string

ApplicationGatewayAutoscaleConfiguration

Name Description Value
maxCapacity Upper bound on number of Application Gateway capacity. int

Constraints:
Min value = 2
minCapacity Lower bound on number of Application Gateway capacity. int

Constraints:
Min value = 0 (required)

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat
type Type of the resource. string

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]
backendIPConfigurations Collection of references to IPs defined in network interfaces. NetworkInterfaceIPConfiguration[]

ApplicationGatewayBackendHttpSettings

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the backend http settings that is unique within an Application Gateway. string
properties Properties of the application gateway backend HTTP settings. ApplicationGatewayBackendHttpSettingsPropertiesFormat
type Type of the resource. string

ApplicationGatewayBackendHttpSettingsPropertiesFormat

Name Description Value
affinityCookieName Cookie name to use for the affinity cookie. string
authenticationCertificates Array of references to application gateway authentication certificates. SubResource[]
connectionDraining Connection draining of the backend http settings resource. ApplicationGatewayConnectionDraining
cookieBasedAffinity Cookie based affinity. 'Disabled'
'Enabled'
hostName Host header to be sent to the backend servers. string
path Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. string
pickHostNameFromBackendAddress Whether to pick host header should be picked from the host name of the backend server. Default value is false. bool
port The destination port on the backend. int
probe Probe resource of an application gateway. SubResource
probeEnabled Whether the probe is enabled. Default value is false. bool
protocol The protocol used to communicate with the backend. 'Http'
'Https'
requestTimeout Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. int
trustedRootCertificates Array of references to application gateway trusted root certificates. SubResource[]

ApplicationGatewayConnectionDraining

Name Description Value
drainTimeoutInSec The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. int

Constraints:
Min value = 1
Max value = 3600 (required)
enabled Whether connection draining is enabled or not. bool (required)

ApplicationGatewayCustomError

Name Description Value
customErrorPageUrl Error page URL of the application gateway customer error. string
statusCode Status code of the application gateway customer error. 'HttpStatus403'
'HttpStatus502'

ApplicationGatewayFirewallDisabledRuleGroup

Name Description Value
ruleGroupName The name of the rule group that will be disabled. string (required)
rules The list of rules that will be disabled. If null, all rules of the rule group will be disabled. int[]

ApplicationGatewayFirewallExclusion

Name Description Value
matchVariable The variable to be excluded. string (required)
selector When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. string (required)
selectorMatchOperator When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. string (required)

ApplicationGatewayFrontendIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the frontend IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway frontend IP configuration. ApplicationGatewayFrontendIPConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayFrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress PrivateIPAddress of the network interface IP Configuration. string
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Reference of the PublicIP resource. SubResource
subnet Reference of the subnet resource. SubResource

ApplicationGatewayFrontendPort

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the frontend port that is unique within an Application Gateway. string
properties Properties of the application gateway frontend port. ApplicationGatewayFrontendPortPropertiesFormat
type Type of the resource. string

ApplicationGatewayFrontendPortPropertiesFormat

Name Description Value
port Frontend port. int

ApplicationGatewayHeaderConfiguration

Name Description Value
headerName Header name of the header configuration. string
headerValue Header value of the header configuration. string

ApplicationGatewayHttpListener

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the HTTP listener that is unique within an Application Gateway. string
properties Properties of the application gateway HTTP listener. ApplicationGatewayHttpListenerPropertiesFormat
type Type of the resource. string

ApplicationGatewayHttpListenerPropertiesFormat

Name Description Value
customErrorConfigurations Custom error configurations of the HTTP listener. ApplicationGatewayCustomError[]
frontendIPConfiguration Frontend IP configuration resource of an application gateway. SubResource
frontendPort Frontend port resource of an application gateway. SubResource
hostName Host name of HTTP listener. string
protocol Protocol of the HTTP listener. 'Http'
'Https'
requireServerNameIndication Applicable only if protocol is https. Enables SNI for multi-hosting. bool
sslCertificate SSL certificate resource of an application gateway. SubResource

ApplicationGatewayIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference of the subnet resource. A subnet from where application gateway gets its private address. SubResource

ApplicationGatewayPathRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the path rule that is unique within an Application Gateway. string
properties Properties of the application gateway path rule. ApplicationGatewayPathRulePropertiesFormat
type Type of the resource. string

ApplicationGatewayPathRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of URL path map path rule. SubResource
backendHttpSettings Backend http settings resource of URL path map path rule. SubResource
paths Path rules of URL path map. string[]
redirectConfiguration Redirect configuration resource of URL path map path rule. SubResource
rewriteRuleSet Rewrite rule set resource of URL path map path rule. SubResource

ApplicationGatewayProbe

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the probe that is unique within an Application Gateway. string
properties Properties of the application gateway probe. ApplicationGatewayProbePropertiesFormat
type Type of the resource. string

ApplicationGatewayProbeHealthResponseMatch

Name Description Value
body Body that must be contained in the health response. Default value is empty. string
statusCodes Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. string[]

ApplicationGatewayProbePropertiesFormat

Name Description Value
host Host name to send the probe to. string
interval The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. int
match Criterion for classifying a healthy probe response. ApplicationGatewayProbeHealthResponseMatch
minServers Minimum number of servers that are always marked healthy. Default value is 0. int
path Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. string
pickHostNameFromBackendHttpSettings Whether the host header should be picked from the backend http settings. Default value is false. bool
port Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. int

Constraints:
Min value = 1
Max value = 65535
protocol The protocol used for the probe. 'Http'
'Https'
timeout The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. int
unhealthyThreshold The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. int

ApplicationGatewayPropertiesFormat

Name Description Value
authenticationCertificates Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayAuthenticationCertificate[]
autoscaleConfiguration Autoscale Configuration. ApplicationGatewayAutoscaleConfiguration
backendAddressPools Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendAddressPool[]
backendHttpSettingsCollection Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendHttpSettings[]
customErrorConfigurations Custom error configurations of the application gateway resource. ApplicationGatewayCustomError[]
enableFips Whether FIPS is enabled on the application gateway resource. bool
enableHttp2 Whether HTTP2 is enabled on the application gateway resource. bool
firewallPolicy Reference of the FirewallPolicy resource. SubResource
frontendIPConfigurations Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendIPConfiguration[]
frontendPorts Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendPort[]
gatewayIPConfigurations Subnets of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayIPConfiguration[]
httpListeners Http listeners of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayHttpListener[]
probes Probes of the application gateway resource. ApplicationGatewayProbe[]
redirectConfigurations Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayRedirectConfiguration[]
requestRoutingRules Request routing rules of the application gateway resource. ApplicationGatewayRequestRoutingRule[]
resourceGuid The resource GUID property of the application gateway resource. string
rewriteRuleSets Rewrite rules for the application gateway resource. ApplicationGatewayRewriteRuleSet[]
sku SKU of the application gateway resource. ApplicationGatewaySku
sslCertificates SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewaySslCertificate[]
sslPolicy SSL policy of the application gateway resource. ApplicationGatewaySslPolicy
trustedRootCertificates Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayTrustedRootCertificate[]
urlPathMaps URL path map of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayUrlPathMap[]
webApplicationFirewallConfiguration Web application firewall configuration. ApplicationGatewayWebApplicationFirewallConfiguration

ApplicationGatewayRedirectConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the redirect configuration that is unique within an Application Gateway. string
properties Properties of the application gateway redirect configuration. ApplicationGatewayRedirectConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayRedirectConfigurationPropertiesFormat

Name Description Value
includePath Include path in the redirected url. bool
includeQueryString Include query string in the redirected url. bool
pathRules Path rules specifying redirect configuration. SubResource[]
redirectType HTTP redirection type. 'Found'
'Permanent'
'SeeOther'
'Temporary'
requestRoutingRules Request routing specifying redirect configuration. SubResource[]
targetListener Reference to a listener to redirect the request to. SubResource
targetUrl Url to redirect the request to. string
urlPathMaps Url path maps specifying default redirect configuration. SubResource[]

ApplicationGatewayRequestRoutingRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the request routing rule that is unique within an Application Gateway. string
properties Properties of the application gateway request routing rule. ApplicationGatewayRequestRoutingRulePropertiesFormat
type Type of the resource. string

ApplicationGatewayRequestRoutingRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of the application gateway. SubResource
backendHttpSettings Backend http settings resource of the application gateway. SubResource
httpListener Http listener resource of the application gateway. SubResource
priority Priority of the request routing rule. int

Constraints:
Min value = 1
Max value = 20000
redirectConfiguration Redirect configuration resource of the application gateway. SubResource
rewriteRuleSet Rewrite Rule Set resource in Basic rule of the application gateway. SubResource
ruleType Rule type. 'Basic'
'PathBasedRouting'
urlPathMap URL path map resource of the application gateway. SubResource

ApplicationGatewayRewriteRule

Name Description Value
actionSet Set of actions to be done as part of the rewrite Rule. ApplicationGatewayRewriteRuleActionSet
conditions Conditions based on which the action set execution will be evaluated. ApplicationGatewayRewriteRuleCondition[]
name Name of the rewrite rule that is unique within an Application Gateway. string
ruleSequence Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. int

ApplicationGatewayRewriteRuleActionSet

Name Description Value
requestHeaderConfigurations Request Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
responseHeaderConfigurations Response Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]

ApplicationGatewayRewriteRuleCondition

Name Description Value
ignoreCase Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. bool
negate Setting this value as truth will force to check the negation of the condition given by the user. bool
pattern The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. string
variable The condition parameter of the RewriteRuleCondition. string

ApplicationGatewayRewriteRuleSet

Name Description Value
id Resource ID. string
name Name of the rewrite rule set that is unique within an Application Gateway. string
properties Properties of the application gateway rewrite rule set. ApplicationGatewayRewriteRuleSetPropertiesFormat

ApplicationGatewayRewriteRuleSetPropertiesFormat

Name Description Value
rewriteRules Rewrite rules in the rewrite rule set. ApplicationGatewayRewriteRule[]

ApplicationGatewaySku

Name Description Value
capacity Capacity (instance count) of an application gateway. int
name Name of an application gateway SKU. 'Standard_Large'
'Standard_Medium'
'Standard_Small'
'Standard_v2'
'WAF_Large'
'WAF_Medium'
'WAF_v2'
tier Tier of an application gateway. 'Standard'
'Standard_v2'
'WAF'
'WAF_v2'

ApplicationGatewaySslCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the SSL certificate that is unique within an Application Gateway. string
properties Properties of the application gateway SSL certificate. ApplicationGatewaySslCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewaySslCertificatePropertiesFormat

Name Description Value
data Base-64 encoded pfx certificate. Only applicable in PUT Request. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string
password Password for the pfx file specified in data. Only applicable in PUT request. string
publicCertData Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. string

ApplicationGatewaySslPolicy

Name Description Value
cipherSuites Ssl cipher suites to be enabled in the specified order to application gateway. String array containing any of:
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_RSA_WITH_AES_128_GCM_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_RSA_WITH_AES_256_GCM_SHA384'
disabledSslProtocols Ssl protocols to be disabled on application gateway. String array containing any of:
'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
minProtocolVersion Minimum version of Ssl protocol to be supported on application gateway. 'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
policyName Name of Ssl predefined policy. 'AppGwSslPolicy20150501'
'AppGwSslPolicy20170401'
'AppGwSslPolicy20170401S'
policyType Type of Ssl Policy. 'Custom'
'Predefined'

ApplicationGatewayTrustedRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the trusted root certificate that is unique within an Application Gateway. string
properties Properties of the application gateway trusted root certificate. ApplicationGatewayTrustedRootCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewayTrustedRootCertificatePropertiesFormat

Name Description Value
data Certificate public data. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string

ApplicationGatewayUrlPathMap

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the URL path map that is unique within an Application Gateway. string
properties Properties of the application gateway URL path map. ApplicationGatewayUrlPathMapPropertiesFormat
type Type of the resource. string

ApplicationGatewayUrlPathMapPropertiesFormat

Name Description Value
defaultBackendAddressPool Default backend address pool resource of URL path map. SubResource
defaultBackendHttpSettings Default backend http settings resource of URL path map. SubResource
defaultRedirectConfiguration Default redirect configuration resource of URL path map. SubResource
defaultRewriteRuleSet Default Rewrite rule set resource of URL path map. SubResource
pathRules Path rule of URL path map resource. ApplicationGatewayPathRule[]

ApplicationGatewayWebApplicationFirewallConfiguration

Name Description Value
disabledRuleGroups The disabled rule groups. ApplicationGatewayFirewallDisabledRuleGroup[]
enabled Whether the web application firewall is enabled or not. bool (required)
exclusions The exclusion list. ApplicationGatewayFirewallExclusion[]
fileUploadLimitInMb Maximum file upload size in Mb for WAF. int

Constraints:
Min value = 0
firewallMode Web application firewall mode. 'Detection'
'Prevention' (required)
maxRequestBodySize Maximum request body size for WAF. int

Constraints:
Min value = 8
Max value = 128
maxRequestBodySizeInKb Maximum request body size in Kb for WAF. int

Constraints:
Min value = 8
Max value = 128
requestBodyCheck Whether allow WAF to check request Body. bool
ruleSetType The type of the web application firewall rule set. Possible values are: 'OWASP'. string (required)
ruleSetVersion The version of the rule set type. string (required)

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

ApplicationSecurityGroupPropertiesFormat

Name Description Value

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

DdosSettings

Name Description Value
ddosCustomPolicy The DDoS custom policy associated with the public IP. SubResource
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

Delegation

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat

FrontendIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. string
properties Properties of the load balancer probe. FrontendIPConfigurationPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

FrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The Private IP allocation method. 'Dynamic'
'Static'
publicIPAddress The reference of the Public IP resource. PublicIPAddress
publicIPPrefix The reference of the Public IP Prefix resource. SubResource
subnet The reference of the subnet resource. Subnet

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer inbound nat rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
enableTcpReset Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The reference to the transport protocol used by the load balancing rule. 'All'
'Tcp'
'Udp'

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/applicationGateways

Name Description Value
apiVersion The api version '2019-08-01'
etag A unique read-only string that changes whenever the resource is updated. string
identity The identity of the application gateway, if configured. ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the application gateway. ApplicationGatewayPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/applicationGateways'
zones A list of availability zones denoting where the resource needs to come from. string[]

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Network interface IP configuration properties. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools The reference of ApplicationGatewayBackendAddressPool resource. ApplicationGatewayBackendAddressPool[]
applicationSecurityGroups Application security groups in which the IP configuration is included. ApplicationSecurityGroup[]
loadBalancerBackendAddressPools The reference of LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Whether this is a primary customer address on the network interface. bool
privateIPAddress Private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Public IP address bound to the IP configuration. PublicIPAddress
subnet Subnet bound to the IP configuration. Subnet
virtualNetworkTaps The reference to Virtual Network Taps. VirtualNetworkTap[]

NetworkSecurityGroup

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules The default security rules of network security group. SecurityRule[]
resourceGuid The resource GUID property of the network security group resource. string
securityRules A collection of security rules of the network security group. SecurityRule[]

PublicIPAddress

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku The public IP address SKU. PublicIPAddressSku
tags Resource tags. ResourceTags
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings The DDoS protection custom policy associated with the public IP address. DdosSettings
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
publicIPAddressVersion The public IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod The public IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix The Public IP Prefix this Public IP Address should be allocated from. SubResource
resourceGuid The resource GUID property of the public IP address resource. string

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'
Name Description Value
id Resource ID. string
name Name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Resource navigation link properties format. ResourceNavigationLinkFormat

ResourceNavigationLinkFormat

Name Description Value
link Link to the external resource. string
linkedResourceType Resource type of the linked resource. string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

RouteTable

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]
Name Description Value
id Resource ID. string
name Name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Resource navigation link properties format. ServiceAssociationLinkPropertiesFormat
type Resource type. string

ServiceAssociationLinkPropertiesFormat

Name Description Value
allowDelete If true, the resource can be deleted. bool
link Link to the external resource. string
linkedResourceType Resource type of the linked resource. string
locations A list of locations. string[]

ServiceDelegationPropertiesFormat

Name Description Value
actions Describes the actions permitted to the service upon delegation. string[]
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

ServiceEndpointPolicy

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. ResourceTags

ServiceEndpointPolicyDefinition

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPolicyPropertiesFormat

Name Description Value
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
delegations An array of references to the delegations on the subnet. Delegation[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. string
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. string
resourceNavigationLinks An array of references to the external resources using subnet. ResourceNavigationLink[]
routeTable The reference of the RouteTable resource. RouteTable
serviceAssociationLinks An array of references to services injecting into this subnet. ServiceAssociationLink[]
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkTap

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags. ResourceTags

VirtualNetworkTapPropertiesFormat

Name Description Value
destinationLoadBalancerFrontEndIPConfiguration The reference to the private IP address on the internal Load Balancer that will receive the tap. FrontendIPConfiguration
destinationNetworkInterfaceIPConfiguration The reference to the private IP Address of the collector nic that will receive the tap. NetworkInterfaceIPConfiguration
destinationPort The VXLAN destination port that will receive the tapped traffic. int

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
App Gateway with WAF, SSL, IIS and HTTPS redirection

Deploy to Azure
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers.
Application Gateway for a Web App with IP Restriction

Deploy to Azure
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App.
Application Gateway for Multi Hosting

Deploy to Azure
This template creates an Application Gateway and configures it for Multi Hosting on port 443.
Application Gateway for Url Path Based Routing

Deploy to Azure
This template creates an Application Gateway and configures it for URL Path Based Routing.
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Application Gateway with WAF and firewall policy

Deploy to Azure
This template creates an Application Gateway with WAF configured along with a firewall policy
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database

Deploy to Azure
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI)
Azure Application Gateway Demo Setup

Deploy to Azure
This template allows you to quickly deploy Azure Application Gateway demo to test load-balancing with or without cookie-based affinity.
Create a Web App protected by Application Gateway v2

Deploy to Azure
This template creates an Azure Web App with Access Restriction for an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet) which has a 'Microsoft.Web' Service Endpoint enabled. The Web App restricts access to traffic from the subnet.
Create a Web App, PE and Application Gateway v2

Deploy to Azure
This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint
Create a WordPress site in a virtual network

Deploy to Azure
This template creates a WordPress site on Container Instance in a virtual network. And output a public site FQDN which could access WordPress site.
Create an Application Gateway

Deploy to Azure
This template creates an application gateway in a virtual network and sets up load balancing rules for any number of virtual machines
Create an Application Gateway (Custom SSL)

Deploy to Azure
This template deploys an Application Gateway configured with a custom ssl policy.
Create an Application Gateway (SSL Policy)

Deploy to Azure
This template deploys an Application Gateway configured with a predefined ssl policy.
Create an Application Gateway (WAF)

Deploy to Azure
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines
Create an Application Gateway for WebApps

Deploy to Azure
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled.
Create an Application Gateway v2

Deploy to Azure
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend
Create an Application Gateway V2 with Key Vault

Deploy to Azure
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway.
Create an Application Gateway with Path Override

Deploy to Azure
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool.
Create an Application Gateway with Probe

Deploy to Azure
This template deploys an Application Gateway with enhanced probe functionality.
Create an Application Gateway with Public IP

Deploy to Azure
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers.
Create an Application Gateway with Public IP (Offload)

Deploy to Azure
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers.
Create an Application Gateway with Redirect

Deploy to Azure
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased)
Create an Application Gateway with Rewrite

Deploy to Azure
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules
Create an Azure Application Gateway v2

Deploy to Azure
This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Azure WAF v2 on Azure Application Gateway

Deploy to Azure
This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an IPv6 Application Gateway

Deploy to Azure
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network.
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Deploy a Windows VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy an Ubuntu VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
eShop Website with ILB ASE

Deploy to Azure
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group and Application Gateway.
Multi tier App with NSG, ILB, AppGateway

Deploy to Azure
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing
Multi tier traffic manager, L4 ILB, L7 AppGateway

Deploy to Azure
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing

Terraform (AzAPI provider) resource definition

The applicationGateways resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/applicationGateways resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/applicationGateways@2019-08-01"
  name = "string"
  etag = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  zones = [
    "string"
  ]
  body = jsonencode({
    properties = {
      authenticationCertificates = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            data = "string"
          }
          type = "string"
        }
      ]
      autoscaleConfiguration = {
        maxCapacity = int
        minCapacity = int
      }
      backendAddressPools = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            backendAddresses = [
              {
                fqdn = "string"
                ipAddress = "string"
              }
            ]
            backendIPConfigurations = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  applicationGatewayBackendAddressPools = [
                    ...
                  ]
                  applicationSecurityGroups = [
                    {
                      id = "string"
                      location = "string"
                      properties = {
                      }
                      tags = {
                        {customized property} = "string"
                      }
                    }
                  ]
                  loadBalancerBackendAddressPools = [
                    {
                      etag = "string"
                      id = "string"
                      name = "string"
                      properties = {
                      }
                    }
                  ]
                  loadBalancerInboundNatRules = [
                    {
                      etag = "string"
                      id = "string"
                      name = "string"
                      properties = {
                        backendPort = int
                        enableFloatingIP = bool
                        enableTcpReset = bool
                        frontendIPConfiguration = {
                          id = "string"
                        }
                        frontendPort = int
                        idleTimeoutInMinutes = int
                        protocol = "string"
                      }
                    }
                  ]
                  primary = bool
                  privateIPAddress = "string"
                  privateIPAddressVersion = "string"
                  privateIPAllocationMethod = "string"
                  publicIPAddress = {
                    etag = "string"
                    id = "string"
                    location = "string"
                    properties = {
                      ddosSettings = {
                        ddosCustomPolicy = {
                          id = "string"
                        }
                        protectionCoverage = "string"
                      }
                      dnsSettings = {
                        domainNameLabel = "string"
                        fqdn = "string"
                        reverseFqdn = "string"
                      }
                      idleTimeoutInMinutes = int
                      ipAddress = "string"
                      ipTags = [
                        {
                          ipTagType = "string"
                          tag = "string"
                        }
                      ]
                      publicIPAddressVersion = "string"
                      publicIPAllocationMethod = "string"
                      publicIPPrefix = {
                        id = "string"
                      }
                      resourceGuid = "string"
                    }
                    sku = {
                      name = "string"
                    }
                    tags = {
                      {customized property} = "string"
                    }
                    zones = [
                      "string"
                    ]
                  }
                  subnet = {
                    etag = "string"
                    id = "string"
                    name = "string"
                    properties = {
                      addressPrefix = "string"
                      addressPrefixes = [
                        "string"
                      ]
                      delegations = [
                        {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            actions = [
                              "string"
                            ]
                            serviceName = "string"
                          }
                        }
                      ]
                      natGateway = {
                        id = "string"
                      }
                      networkSecurityGroup = {
                        etag = "string"
                        id = "string"
                        location = "string"
                        properties = {
                          defaultSecurityRules = [
                            {
                              etag = "string"
                              id = "string"
                              name = "string"
                              properties = {
                                access = "string"
                                description = "string"
                                destinationAddressPrefix = "string"
                                destinationAddressPrefixes = [
                                  "string"
                                ]
                                destinationApplicationSecurityGroups = [
                                  {
                                    id = "string"
                                    location = "string"
                                    properties = {
                                    }
                                    tags = {
                                      {customized property} = "string"
                                    }
                                  }
                                ]
                                destinationPortRange = "string"
                                destinationPortRanges = [
                                  "string"
                                ]
                                direction = "string"
                                priority = int
                                protocol = "string"
                                sourceAddressPrefix = "string"
                                sourceAddressPrefixes = [
                                  "string"
                                ]
                                sourceApplicationSecurityGroups = [
                                  {
                                    id = "string"
                                    location = "string"
                                    properties = {
                                    }
                                    tags = {
                                      {customized property} = "string"
                                    }
                                  }
                                ]
                                sourcePortRange = "string"
                                sourcePortRanges = [
                                  "string"
                                ]
                              }
                            }
                          ]
                          resourceGuid = "string"
                          securityRules = [
                            {
                              etag = "string"
                              id = "string"
                              name = "string"
                              properties = {
                                access = "string"
                                description = "string"
                                destinationAddressPrefix = "string"
                                destinationAddressPrefixes = [
                                  "string"
                                ]
                                destinationApplicationSecurityGroups = [
                                  {
                                    id = "string"
                                    location = "string"
                                    properties = {
                                    }
                                    tags = {
                                      {customized property} = "string"
                                    }
                                  }
                                ]
                                destinationPortRange = "string"
                                destinationPortRanges = [
                                  "string"
                                ]
                                direction = "string"
                                priority = int
                                protocol = "string"
                                sourceAddressPrefix = "string"
                                sourceAddressPrefixes = [
                                  "string"
                                ]
                                sourceApplicationSecurityGroups = [
                                  {
                                    id = "string"
                                    location = "string"
                                    properties = {
                                    }
                                    tags = {
                                      {customized property} = "string"
                                    }
                                  }
                                ]
                                sourcePortRange = "string"
                                sourcePortRanges = [
                                  "string"
                                ]
                              }
                            }
                          ]
                        }
                        tags = {
                          {customized property} = "string"
                        }
                      }
                      privateEndpointNetworkPolicies = "string"
                      privateLinkServiceNetworkPolicies = "string"
                      resourceNavigationLinks = [
                        {
                          id = "string"
                          name = "string"
                          properties = {
                            link = "string"
                            linkedResourceType = "string"
                          }
                        }
                      ]
                      routeTable = {
                        etag = "string"
                        id = "string"
                        location = "string"
                        properties = {
                          disableBgpRoutePropagation = bool
                          routes = [
                            {
                              etag = "string"
                              id = "string"
                              name = "string"
                              properties = {
                                addressPrefix = "string"
                                nextHopIpAddress = "string"
                                nextHopType = "string"
                              }
                            }
                          ]
                        }
                        tags = {
                          {customized property} = "string"
                        }
                      }
                      serviceAssociationLinks = [
                        {
                          id = "string"
                          name = "string"
                          properties = {
                            allowDelete = bool
                            link = "string"
                            linkedResourceType = "string"
                            locations = [
                              "string"
                            ]
                          }
                          type = "string"
                        }
                      ]
                      serviceEndpointPolicies = [
                        {
                          etag = "string"
                          id = "string"
                          location = "string"
                          properties = {
                            serviceEndpointPolicyDefinitions = [
                              {
                                etag = "string"
                                id = "string"
                                name = "string"
                                properties = {
                                  description = "string"
                                  service = "string"
                                  serviceResources = [
                                    "string"
                                  ]
                                }
                              }
                            ]
                          }
                          tags = {
                            {customized property} = "string"
                          }
                        }
                      ]
                      serviceEndpoints = [
                        {
                          locations = [
                            "string"
                          ]
                          service = "string"
                        }
                      ]
                    }
                  }
                  virtualNetworkTaps = [
                    {
                      etag = "string"
                      id = "string"
                      location = "string"
                      properties = {
                        destinationLoadBalancerFrontEndIPConfiguration = {
                          etag = "string"
                          id = "string"
                          name = "string"
                          properties = {
                            privateIPAddress = "string"
                            privateIPAddressVersion = "string"
                            privateIPAllocationMethod = "string"
                            publicIPAddress = {
                              etag = "string"
                              id = "string"
                              location = "string"
                              properties = {
                                ddosSettings = {
                                  ddosCustomPolicy = {
                                    id = "string"
                                  }
                                  protectionCoverage = "string"
                                }
                                dnsSettings = {
                                  domainNameLabel = "string"
                                  fqdn = "string"
                                  reverseFqdn = "string"
                                }
                                idleTimeoutInMinutes = int
                                ipAddress = "string"
                                ipTags = [
                                  {
                                    ipTagType = "string"
                                    tag = "string"
                                  }
                                ]
                                publicIPAddressVersion = "string"
                                publicIPAllocationMethod = "string"
                                publicIPPrefix = {
                                  id = "string"
                                }
                                resourceGuid = "string"
                              }
                              sku = {
                                name = "string"
                              }
                              tags = {
                                {customized property} = "string"
                              }
                              zones = [
                                "string"
                              ]
                            }
                            publicIPPrefix = {
                              id = "string"
                            }
                            subnet = {
                              etag = "string"
                              id = "string"
                              name = "string"
                              properties = {
                                addressPrefix = "string"
                                addressPrefixes = [
                                  "string"
                                ]
                                delegations = [
                                  {
                                    etag = "string"
                                    id = "string"
                                    name = "string"
                                    properties = {
                                      actions = [
                                        "string"
                                      ]
                                      serviceName = "string"
                                    }
                                  }
                                ]
                                natGateway = {
                                  id = "string"
                                }
                                networkSecurityGroup = {
                                  etag = "string"
                                  id = "string"
                                  location = "string"
                                  properties = {
                                    defaultSecurityRules = [
                                      {
                                        etag = "string"
                                        id = "string"
                                        name = "string"
                                        properties = {
                                          access = "string"
                                          description = "string"
                                          destinationAddressPrefix = "string"
                                          destinationAddressPrefixes = [
                                            "string"
                                          ]
                                          destinationApplicationSecurityGroups = [
                                            {
                                              id = "string"
                                              location = "string"
                                              properties = {
                                              }
                                              tags = {
                                                {customized property} = "string"
                                              }
                                            }
                                          ]
                                          destinationPortRange = "string"
                                          destinationPortRanges = [
                                            "string"
                                          ]
                                          direction = "string"
                                          priority = int
                                          protocol = "string"
                                          sourceAddressPrefix = "string"
                                          sourceAddressPrefixes = [
                                            "string"
                                          ]
                                          sourceApplicationSecurityGroups = [
                                            {
                                              id = "string"
                                              location = "string"
                                              properties = {
                                              }
                                              tags = {
                                                {customized property} = "string"
                                              }
                                            }
                                          ]
                                          sourcePortRange = "string"
                                          sourcePortRanges = [
                                            "string"
                                          ]
                                        }
                                      }
                                    ]
                                    resourceGuid = "string"
                                    securityRules = [
                                      {
                                        etag = "string"
                                        id = "string"
                                        name = "string"
                                        properties = {
                                          access = "string"
                                          description = "string"
                                          destinationAddressPrefix = "string"
                                          destinationAddressPrefixes = [
                                            "string"
                                          ]
                                          destinationApplicationSecurityGroups = [
                                            {
                                              id = "string"
                                              location = "string"
                                              properties = {
                                              }
                                              tags = {
                                                {customized property} = "string"
                                              }
                                            }
                                          ]
                                          destinationPortRange = "string"
                                          destinationPortRanges = [
                                            "string"
                                          ]
                                          direction = "string"
                                          priority = int
                                          protocol = "string"
                                          sourceAddressPrefix = "string"
                                          sourceAddressPrefixes = [
                                            "string"
                                          ]
                                          sourceApplicationSecurityGroups = [
                                            {
                                              id = "string"
                                              location = "string"
                                              properties = {
                                              }
                                              tags = {
                                                {customized property} = "string"
                                              }
                                            }
                                          ]
                                          sourcePortRange = "string"
                                          sourcePortRanges = [
                                            "string"
                                          ]
                                        }
                                      }
                                    ]
                                  }
                                  tags = {
                                    {customized property} = "string"
                                  }
                                }
                                privateEndpointNetworkPolicies = "string"
                                privateLinkServiceNetworkPolicies = "string"
                                resourceNavigationLinks = [
                                  {
                                    id = "string"
                                    name = "string"
                                    properties = {
                                      link = "string"
                                      linkedResourceType = "string"
                                    }
                                  }
                                ]
                                routeTable = {
                                  etag = "string"
                                  id = "string"
                                  location = "string"
                                  properties = {
                                    disableBgpRoutePropagation = bool
                                    routes = [
                                      {
                                        etag = "string"
                                        id = "string"
                                        name = "string"
                                        properties = {
                                          addressPrefix = "string"
                                          nextHopIpAddress = "string"
                                          nextHopType = "string"
                                        }
                                      }
                                    ]
                                  }
                                  tags = {
                                    {customized property} = "string"
                                  }
                                }
                                serviceAssociationLinks = [
                                  {
                                    id = "string"
                                    name = "string"
                                    properties = {
                                      allowDelete = bool
                                      link = "string"
                                      linkedResourceType = "string"
                                      locations = [
                                        "string"
                                      ]
                                    }
                                    type = "string"
                                  }
                                ]
                                serviceEndpointPolicies = [
                                  {
                                    etag = "string"
                                    id = "string"
                                    location = "string"
                                    properties = {
                                      serviceEndpointPolicyDefinitions = [
                                        {
                                          etag = "string"
                                          id = "string"
                                          name = "string"
                                          properties = {
                                            description = "string"
                                            service = "string"
                                            serviceResources = [
                                              "string"
                                            ]
                                          }
                                        }
                                      ]
                                    }
                                    tags = {
                                      {customized property} = "string"
                                    }
                                  }
                                ]
                                serviceEndpoints = [
                                  {
                                    locations = [
                                      "string"
                                    ]
                                    service = "string"
                                  }
                                ]
                              }
                            }
                          }
                          zones = [
                            "string"
                          ]
                        }
                        destinationNetworkInterfaceIPConfiguration = ...
                        destinationPort = int
                      }
                      tags = {
                        {customized property} = "string"
                      }
                    }
                  ]
                }
              }
            ]
          }
          type = "string"
        }
      ]
      backendHttpSettingsCollection = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            affinityCookieName = "string"
            authenticationCertificates = [
              {
                id = "string"
              }
            ]
            connectionDraining = {
              drainTimeoutInSec = int
              enabled = bool
            }
            cookieBasedAffinity = "string"
            hostName = "string"
            path = "string"
            pickHostNameFromBackendAddress = bool
            port = int
            probe = {
              id = "string"
            }
            probeEnabled = bool
            protocol = "string"
            requestTimeout = int
            trustedRootCertificates = [
              {
                id = "string"
              }
            ]
          }
          type = "string"
        }
      ]
      customErrorConfigurations = [
        {
          customErrorPageUrl = "string"
          statusCode = "string"
        }
      ]
      enableFips = bool
      enableHttp2 = bool
      firewallPolicy = {
        id = "string"
      }
      frontendIPConfigurations = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            privateIPAddress = "string"
            privateIPAllocationMethod = "string"
            publicIPAddress = {
              id = "string"
            }
            subnet = {
              id = "string"
            }
          }
          type = "string"
        }
      ]
      frontendPorts = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            port = int
          }
          type = "string"
        }
      ]
      gatewayIPConfigurations = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            subnet = {
              id = "string"
            }
          }
          type = "string"
        }
      ]
      httpListeners = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            customErrorConfigurations = [
              {
                customErrorPageUrl = "string"
                statusCode = "string"
              }
            ]
            frontendIPConfiguration = {
              id = "string"
            }
            frontendPort = {
              id = "string"
            }
            hostName = "string"
            protocol = "string"
            requireServerNameIndication = bool
            sslCertificate = {
              id = "string"
            }
          }
          type = "string"
        }
      ]
      probes = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            host = "string"
            interval = int
            match = {
              body = "string"
              statusCodes = [
                "string"
              ]
            }
            minServers = int
            path = "string"
            pickHostNameFromBackendHttpSettings = bool
            port = int
            protocol = "string"
            timeout = int
            unhealthyThreshold = int
          }
          type = "string"
        }
      ]
      redirectConfigurations = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            includePath = bool
            includeQueryString = bool
            pathRules = [
              {
                id = "string"
              }
            ]
            redirectType = "string"
            requestRoutingRules = [
              {
                id = "string"
              }
            ]
            targetListener = {
              id = "string"
            }
            targetUrl = "string"
            urlPathMaps = [
              {
                id = "string"
              }
            ]
          }
          type = "string"
        }
      ]
      requestRoutingRules = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            backendAddressPool = {
              id = "string"
            }
            backendHttpSettings = {
              id = "string"
            }
            httpListener = {
              id = "string"
            }
            priority = int
            redirectConfiguration = {
              id = "string"
            }
            rewriteRuleSet = {
              id = "string"
            }
            ruleType = "string"
            urlPathMap = {
              id = "string"
            }
          }
          type = "string"
        }
      ]
      resourceGuid = "string"
      rewriteRuleSets = [
        {
          id = "string"
          name = "string"
          properties = {
            rewriteRules = [
              {
                actionSet = {
                  requestHeaderConfigurations = [
                    {
                      headerName = "string"
                      headerValue = "string"
                    }
                  ]
                  responseHeaderConfigurations = [
                    {
                      headerName = "string"
                      headerValue = "string"
                    }
                  ]
                }
                conditions = [
                  {
                    ignoreCase = bool
                    negate = bool
                    pattern = "string"
                    variable = "string"
                  }
                ]
                name = "string"
                ruleSequence = int
              }
            ]
          }
        }
      ]
      sku = {
        capacity = int
        name = "string"
        tier = "string"
      }
      sslCertificates = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            data = "string"
            keyVaultSecretId = "string"
            password = "string"
            publicCertData = "string"
          }
          type = "string"
        }
      ]
      sslPolicy = {
        cipherSuites = [
          "string"
        ]
        disabledSslProtocols = [
          "string"
        ]
        minProtocolVersion = "string"
        policyName = "string"
        policyType = "string"
      }
      trustedRootCertificates = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            data = "string"
            keyVaultSecretId = "string"
          }
          type = "string"
        }
      ]
      urlPathMaps = [
        {
          etag = "string"
          id = "string"
          name = "string"
          properties = {
            defaultBackendAddressPool = {
              id = "string"
            }
            defaultBackendHttpSettings = {
              id = "string"
            }
            defaultRedirectConfiguration = {
              id = "string"
            }
            defaultRewriteRuleSet = {
              id = "string"
            }
            pathRules = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  backendAddressPool = {
                    id = "string"
                  }
                  backendHttpSettings = {
                    id = "string"
                  }
                  paths = [
                    "string"
                  ]
                  redirectConfiguration = {
                    id = "string"
                  }
                  rewriteRuleSet = {
                    id = "string"
                  }
                }
                type = "string"
              }
            ]
          }
          type = "string"
        }
      ]
      webApplicationFirewallConfiguration = {
        disabledRuleGroups = [
          {
            ruleGroupName = "string"
            rules = [
              int
            ]
          }
        ]
        enabled = bool
        exclusions = [
          {
            matchVariable = "string"
            selector = "string"
            selectorMatchOperator = "string"
          }
        ]
        fileUploadLimitInMb = int
        firewallMode = "string"
        maxRequestBodySize = int
        maxRequestBodySizeInKb = int
        requestBodyCheck = bool
        ruleSetType = "string"
        ruleSetVersion = "string"
      }
    }
  })
}

Property values

ApplicationGatewayAuthenticationCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the authentication certificate that is unique within an Application Gateway. string
properties Properties of the application gateway authentication certificate. ApplicationGatewayAuthenticationCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewayAuthenticationCertificatePropertiesFormat

Name Description Value
data Certificate public data. string

ApplicationGatewayAutoscaleConfiguration

Name Description Value
maxCapacity Upper bound on number of Application Gateway capacity. int

Constraints:
Min value = 2
minCapacity Lower bound on number of Application Gateway capacity. int

Constraints:
Min value = 0 (required)

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat
type Type of the resource. string

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]
backendIPConfigurations Collection of references to IPs defined in network interfaces. NetworkInterfaceIPConfiguration[]

ApplicationGatewayBackendHttpSettings

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the backend http settings that is unique within an Application Gateway. string
properties Properties of the application gateway backend HTTP settings. ApplicationGatewayBackendHttpSettingsPropertiesFormat
type Type of the resource. string

ApplicationGatewayBackendHttpSettingsPropertiesFormat

Name Description Value
affinityCookieName Cookie name to use for the affinity cookie. string
authenticationCertificates Array of references to application gateway authentication certificates. SubResource[]
connectionDraining Connection draining of the backend http settings resource. ApplicationGatewayConnectionDraining
cookieBasedAffinity Cookie based affinity. 'Disabled'
'Enabled'
hostName Host header to be sent to the backend servers. string
path Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. string
pickHostNameFromBackendAddress Whether to pick host header should be picked from the host name of the backend server. Default value is false. bool
port The destination port on the backend. int
probe Probe resource of an application gateway. SubResource
probeEnabled Whether the probe is enabled. Default value is false. bool
protocol The protocol used to communicate with the backend. 'Http'
'Https'
requestTimeout Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. int
trustedRootCertificates Array of references to application gateway trusted root certificates. SubResource[]

ApplicationGatewayConnectionDraining

Name Description Value
drainTimeoutInSec The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. int

Constraints:
Min value = 1
Max value = 3600 (required)
enabled Whether connection draining is enabled or not. bool (required)

ApplicationGatewayCustomError

Name Description Value
customErrorPageUrl Error page URL of the application gateway customer error. string
statusCode Status code of the application gateway customer error. 'HttpStatus403'
'HttpStatus502'

ApplicationGatewayFirewallDisabledRuleGroup

Name Description Value
ruleGroupName The name of the rule group that will be disabled. string (required)
rules The list of rules that will be disabled. If null, all rules of the rule group will be disabled. int[]

ApplicationGatewayFirewallExclusion

Name Description Value
matchVariable The variable to be excluded. string (required)
selector When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. string (required)
selectorMatchOperator When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. string (required)

ApplicationGatewayFrontendIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the frontend IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway frontend IP configuration. ApplicationGatewayFrontendIPConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayFrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress PrivateIPAddress of the network interface IP Configuration. string
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Reference of the PublicIP resource. SubResource
subnet Reference of the subnet resource. SubResource

ApplicationGatewayFrontendPort

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the frontend port that is unique within an Application Gateway. string
properties Properties of the application gateway frontend port. ApplicationGatewayFrontendPortPropertiesFormat
type Type of the resource. string

ApplicationGatewayFrontendPortPropertiesFormat

Name Description Value
port Frontend port. int

ApplicationGatewayHeaderConfiguration

Name Description Value
headerName Header name of the header configuration. string
headerValue Header value of the header configuration. string

ApplicationGatewayHttpListener

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the HTTP listener that is unique within an Application Gateway. string
properties Properties of the application gateway HTTP listener. ApplicationGatewayHttpListenerPropertiesFormat
type Type of the resource. string

ApplicationGatewayHttpListenerPropertiesFormat

Name Description Value
customErrorConfigurations Custom error configurations of the HTTP listener. ApplicationGatewayCustomError[]
frontendIPConfiguration Frontend IP configuration resource of an application gateway. SubResource
frontendPort Frontend port resource of an application gateway. SubResource
hostName Host name of HTTP listener. string
protocol Protocol of the HTTP listener. 'Http'
'Https'
requireServerNameIndication Applicable only if protocol is https. Enables SNI for multi-hosting. bool
sslCertificate SSL certificate resource of an application gateway. SubResource

ApplicationGatewayIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference of the subnet resource. A subnet from where application gateway gets its private address. SubResource

ApplicationGatewayPathRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the path rule that is unique within an Application Gateway. string
properties Properties of the application gateway path rule. ApplicationGatewayPathRulePropertiesFormat
type Type of the resource. string

ApplicationGatewayPathRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of URL path map path rule. SubResource
backendHttpSettings Backend http settings resource of URL path map path rule. SubResource
paths Path rules of URL path map. string[]
redirectConfiguration Redirect configuration resource of URL path map path rule. SubResource
rewriteRuleSet Rewrite rule set resource of URL path map path rule. SubResource

ApplicationGatewayProbe

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the probe that is unique within an Application Gateway. string
properties Properties of the application gateway probe. ApplicationGatewayProbePropertiesFormat
type Type of the resource. string

ApplicationGatewayProbeHealthResponseMatch

Name Description Value
body Body that must be contained in the health response. Default value is empty. string
statusCodes Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. string[]

ApplicationGatewayProbePropertiesFormat

Name Description Value
host Host name to send the probe to. string
interval The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. int
match Criterion for classifying a healthy probe response. ApplicationGatewayProbeHealthResponseMatch
minServers Minimum number of servers that are always marked healthy. Default value is 0. int
path Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. string
pickHostNameFromBackendHttpSettings Whether the host header should be picked from the backend http settings. Default value is false. bool
port Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. int

Constraints:
Min value = 1
Max value = 65535
protocol The protocol used for the probe. 'Http'
'Https'
timeout The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. int
unhealthyThreshold The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. int

ApplicationGatewayPropertiesFormat

Name Description Value
authenticationCertificates Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayAuthenticationCertificate[]
autoscaleConfiguration Autoscale Configuration. ApplicationGatewayAutoscaleConfiguration
backendAddressPools Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendAddressPool[]
backendHttpSettingsCollection Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendHttpSettings[]
customErrorConfigurations Custom error configurations of the application gateway resource. ApplicationGatewayCustomError[]
enableFips Whether FIPS is enabled on the application gateway resource. bool
enableHttp2 Whether HTTP2 is enabled on the application gateway resource. bool
firewallPolicy Reference of the FirewallPolicy resource. SubResource
frontendIPConfigurations Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendIPConfiguration[]
frontendPorts Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendPort[]
gatewayIPConfigurations Subnets of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayIPConfiguration[]
httpListeners Http listeners of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayHttpListener[]
probes Probes of the application gateway resource. ApplicationGatewayProbe[]
redirectConfigurations Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayRedirectConfiguration[]
requestRoutingRules Request routing rules of the application gateway resource. ApplicationGatewayRequestRoutingRule[]
resourceGuid The resource GUID property of the application gateway resource. string
rewriteRuleSets Rewrite rules for the application gateway resource. ApplicationGatewayRewriteRuleSet[]
sku SKU of the application gateway resource. ApplicationGatewaySku
sslCertificates SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewaySslCertificate[]
sslPolicy SSL policy of the application gateway resource. ApplicationGatewaySslPolicy
trustedRootCertificates Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayTrustedRootCertificate[]
urlPathMaps URL path map of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayUrlPathMap[]
webApplicationFirewallConfiguration Web application firewall configuration. ApplicationGatewayWebApplicationFirewallConfiguration

ApplicationGatewayRedirectConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the redirect configuration that is unique within an Application Gateway. string
properties Properties of the application gateway redirect configuration. ApplicationGatewayRedirectConfigurationPropertiesFormat
type Type of the resource. string

ApplicationGatewayRedirectConfigurationPropertiesFormat

Name Description Value
includePath Include path in the redirected url. bool
includeQueryString Include query string in the redirected url. bool
pathRules Path rules specifying redirect configuration. SubResource[]
redirectType HTTP redirection type. 'Found'
'Permanent'
'SeeOther'
'Temporary'
requestRoutingRules Request routing specifying redirect configuration. SubResource[]
targetListener Reference to a listener to redirect the request to. SubResource
targetUrl Url to redirect the request to. string
urlPathMaps Url path maps specifying default redirect configuration. SubResource[]

ApplicationGatewayRequestRoutingRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the request routing rule that is unique within an Application Gateway. string
properties Properties of the application gateway request routing rule. ApplicationGatewayRequestRoutingRulePropertiesFormat
type Type of the resource. string

ApplicationGatewayRequestRoutingRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of the application gateway. SubResource
backendHttpSettings Backend http settings resource of the application gateway. SubResource
httpListener Http listener resource of the application gateway. SubResource
priority Priority of the request routing rule. int

Constraints:
Min value = 1
Max value = 20000
redirectConfiguration Redirect configuration resource of the application gateway. SubResource
rewriteRuleSet Rewrite Rule Set resource in Basic rule of the application gateway. SubResource
ruleType Rule type. 'Basic'
'PathBasedRouting'
urlPathMap URL path map resource of the application gateway. SubResource

ApplicationGatewayRewriteRule

Name Description Value
actionSet Set of actions to be done as part of the rewrite Rule. ApplicationGatewayRewriteRuleActionSet
conditions Conditions based on which the action set execution will be evaluated. ApplicationGatewayRewriteRuleCondition[]
name Name of the rewrite rule that is unique within an Application Gateway. string
ruleSequence Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. int

ApplicationGatewayRewriteRuleActionSet

Name Description Value
requestHeaderConfigurations Request Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
responseHeaderConfigurations Response Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]

ApplicationGatewayRewriteRuleCondition

Name Description Value
ignoreCase Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. bool
negate Setting this value as truth will force to check the negation of the condition given by the user. bool
pattern The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. string
variable The condition parameter of the RewriteRuleCondition. string

ApplicationGatewayRewriteRuleSet

Name Description Value
id Resource ID. string
name Name of the rewrite rule set that is unique within an Application Gateway. string
properties Properties of the application gateway rewrite rule set. ApplicationGatewayRewriteRuleSetPropertiesFormat

ApplicationGatewayRewriteRuleSetPropertiesFormat

Name Description Value
rewriteRules Rewrite rules in the rewrite rule set. ApplicationGatewayRewriteRule[]

ApplicationGatewaySku

Name Description Value
capacity Capacity (instance count) of an application gateway. int
name Name of an application gateway SKU. 'Standard_Large'
'Standard_Medium'
'Standard_Small'
'Standard_v2'
'WAF_Large'
'WAF_Medium'
'WAF_v2'
tier Tier of an application gateway. 'Standard'
'Standard_v2'
'WAF'
'WAF_v2'

ApplicationGatewaySslCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the SSL certificate that is unique within an Application Gateway. string
properties Properties of the application gateway SSL certificate. ApplicationGatewaySslCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewaySslCertificatePropertiesFormat

Name Description Value
data Base-64 encoded pfx certificate. Only applicable in PUT Request. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string
password Password for the pfx file specified in data. Only applicable in PUT request. string
publicCertData Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. string

ApplicationGatewaySslPolicy

Name Description Value
cipherSuites Ssl cipher suites to be enabled in the specified order to application gateway. String array containing any of:
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_RSA_WITH_AES_128_GCM_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_RSA_WITH_AES_256_GCM_SHA384'
disabledSslProtocols Ssl protocols to be disabled on application gateway. String array containing any of:
'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
minProtocolVersion Minimum version of Ssl protocol to be supported on application gateway. 'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
policyName Name of Ssl predefined policy. 'AppGwSslPolicy20150501'
'AppGwSslPolicy20170401'
'AppGwSslPolicy20170401S'
policyType Type of Ssl Policy. 'Custom'
'Predefined'

ApplicationGatewayTrustedRootCertificate

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the trusted root certificate that is unique within an Application Gateway. string
properties Properties of the application gateway trusted root certificate. ApplicationGatewayTrustedRootCertificatePropertiesFormat
type Type of the resource. string

ApplicationGatewayTrustedRootCertificatePropertiesFormat

Name Description Value
data Certificate public data. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string

ApplicationGatewayUrlPathMap

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name Name of the URL path map that is unique within an Application Gateway. string
properties Properties of the application gateway URL path map. ApplicationGatewayUrlPathMapPropertiesFormat
type Type of the resource. string

ApplicationGatewayUrlPathMapPropertiesFormat

Name Description Value
defaultBackendAddressPool Default backend address pool resource of URL path map. SubResource
defaultBackendHttpSettings Default backend http settings resource of URL path map. SubResource
defaultRedirectConfiguration Default redirect configuration resource of URL path map. SubResource
defaultRewriteRuleSet Default Rewrite rule set resource of URL path map. SubResource
pathRules Path rule of URL path map resource. ApplicationGatewayPathRule[]

ApplicationGatewayWebApplicationFirewallConfiguration

Name Description Value
disabledRuleGroups The disabled rule groups. ApplicationGatewayFirewallDisabledRuleGroup[]
enabled Whether the web application firewall is enabled or not. bool (required)
exclusions The exclusion list. ApplicationGatewayFirewallExclusion[]
fileUploadLimitInMb Maximum file upload size in Mb for WAF. int

Constraints:
Min value = 0
firewallMode Web application firewall mode. 'Detection'
'Prevention' (required)
maxRequestBodySize Maximum request body size for WAF. int

Constraints:
Min value = 8
Max value = 128
maxRequestBodySizeInKb Maximum request body size in Kb for WAF. int

Constraints:
Min value = 8
Max value = 128
requestBodyCheck Whether allow WAF to check request Body. bool
ruleSetType The type of the web application firewall rule set. Possible values are: 'OWASP'. string (required)
ruleSetVersion The version of the rule set type. string (required)

ApplicationSecurityGroup

Name Description Value
id Resource ID. string
location Resource location. string
properties Properties of the application security group. ApplicationSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

ApplicationSecurityGroupPropertiesFormat

Name Description Value

BackendAddressPool

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer backend address pool. BackendAddressPoolPropertiesFormat

BackendAddressPoolPropertiesFormat

Name Description Value

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

DdosSettings

Name Description Value
ddosCustomPolicy The DDoS custom policy associated with the public IP. SubResource
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

Delegation

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a subnet. This name can be used to access the resource. string
properties Properties of the subnet. ServiceDelegationPropertiesFormat

FrontendIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. string
properties Properties of the load balancer probe. FrontendIPConfigurationPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

FrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress The private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The Private IP allocation method. 'Dynamic'
'Static'
publicIPAddress The reference of the Public IP resource. PublicIPAddress
publicIPPrefix The reference of the Public IP Prefix resource. SubResource
subnet The reference of the subnet resource. Subnet

InboundNatRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. string
properties Properties of load balancer inbound nat rule. InboundNatRulePropertiesFormat

InboundNatRulePropertiesFormat

Name Description Value
backendPort The port used for the internal endpoint. Acceptable values range from 1 to 65535. int
enableFloatingIP Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. bool
enableTcpReset Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. bool
frontendIPConfiguration A reference to frontend IP addresses. SubResource
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. int
idleTimeoutInMinutes The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. int
protocol The reference to the transport protocol used by the load balancing rule. 'All'
'Tcp'
'Udp'

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/applicationGateways

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
identity The identity of the application gateway, if configured. ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the application gateway. ApplicationGatewayPropertiesFormat
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/applicationGateways@2019-08-01"
zones A list of availability zones denoting where the resource needs to come from. string[]

NetworkInterfaceIPConfiguration

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Network interface IP configuration properties. NetworkInterfaceIPConfigurationPropertiesFormat

NetworkInterfaceIPConfigurationPropertiesFormat

Name Description Value
applicationGatewayBackendAddressPools The reference of ApplicationGatewayBackendAddressPool resource. ApplicationGatewayBackendAddressPool[]
applicationSecurityGroups Application security groups in which the IP configuration is included. ApplicationSecurityGroup[]
loadBalancerBackendAddressPools The reference of LoadBalancerBackendAddressPool resource. BackendAddressPool[]
loadBalancerInboundNatRules A list of references of LoadBalancerInboundNatRules. InboundNatRule[]
primary Whether this is a primary customer address on the network interface. bool
privateIPAddress Private IP address of the IP configuration. string
privateIPAddressVersion Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. 'IPv4'
'IPv6'
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Public IP address bound to the IP configuration. PublicIPAddress
subnet Subnet bound to the IP configuration. Subnet
virtualNetworkTaps The reference to Virtual Network Taps. VirtualNetworkTap[]

NetworkSecurityGroup

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the network security group. NetworkSecurityGroupPropertiesFormat
tags Resource tags. ResourceTags

NetworkSecurityGroupPropertiesFormat

Name Description Value
defaultSecurityRules The default security rules of network security group. SecurityRule[]
resourceGuid The resource GUID property of the network security group resource. string
securityRules A collection of security rules of the network security group. SecurityRule[]

PublicIPAddress

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku The public IP address SKU. PublicIPAddressSku
tags Resource tags. ResourceTags
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings The DDoS protection custom policy associated with the public IP address. DdosSettings
dnsSettings The FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
publicIPAddressVersion The public IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod The public IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix The Public IP Prefix this Public IP Address should be allocated from. SubResource
resourceGuid The resource GUID property of the public IP address resource. string

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'
Name Description Value
id Resource ID. string
name Name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Resource navigation link properties format. ResourceNavigationLinkFormat

ResourceNavigationLinkFormat

Name Description Value
link Link to the external resource. string
linkedResourceType Resource type of the linked resource. string

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

ResourceTags

Name Description Value

Route

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the route. RoutePropertiesFormat

RoutePropertiesFormat

Name Description Value
addressPrefix The destination CIDR to which the route applies. string
nextHopIpAddress The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. string
nextHopType The type of Azure hop the packet should be sent to. 'Internet'
'None'
'VirtualAppliance'
'VirtualNetworkGateway'
'VnetLocal' (required)

RouteTable

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the route table. RouteTablePropertiesFormat
tags Resource tags. ResourceTags

RouteTablePropertiesFormat

Name Description Value
disableBgpRoutePropagation Whether to disable the routes learned by BGP on that route table. True means disable. bool
routes Collection of routes contained within a route table. Route[]

SecurityRule

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the security rule. SecurityRulePropertiesFormat

SecurityRulePropertiesFormat

Name Description Value
access The network traffic is allowed or denied. 'Allow'
'Deny' (required)
description A description for this rule. Restricted to 140 chars. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationApplicationSecurityGroups The application security group specified as destination. ApplicationSecurityGroup[]
destinationPortRange The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. 'Inbound'
'Outbound' (required)
priority The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int
protocol Network protocol this rule applies to. '*'
'Ah'
'Esp'
'Icmp'
'Tcp'
'Udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourceApplicationSecurityGroups The application security group specified as source. ApplicationSecurityGroup[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]
Name Description Value
id Resource ID. string
name Name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Resource navigation link properties format. ServiceAssociationLinkPropertiesFormat
type Resource type. string

ServiceAssociationLinkPropertiesFormat

Name Description Value
allowDelete If true, the resource can be deleted. bool
link Link to the external resource. string
linkedResourceType Resource type of the linked resource. string
locations A list of locations. string[]

ServiceDelegationPropertiesFormat

Name Description Value
actions Describes the actions permitted to the service upon delegation. string[]
serviceName The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). string

ServiceEndpointPolicy

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Properties of the service end point policy. ServiceEndpointPolicyPropertiesFormat
tags Resource tags. ResourceTags

ServiceEndpointPolicyDefinition

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the service endpoint policy definition. ServiceEndpointPolicyDefinitionPropertiesFormat

ServiceEndpointPolicyDefinitionPropertiesFormat

Name Description Value
description A description for this rule. Restricted to 140 chars. string
service Service endpoint name. string
serviceResources A list of service resources. string[]

ServiceEndpointPolicyPropertiesFormat

Name Description Value
serviceEndpointPolicyDefinitions A collection of service endpoint policy definitions of the service endpoint policy. ServiceEndpointPolicyDefinition[]

ServiceEndpointPropertiesFormat

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string

Subnet

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the subnet. SubnetPropertiesFormat

SubnetPropertiesFormat

Name Description Value
addressPrefix The address prefix for the subnet. string
addressPrefixes List of address prefixes for the subnet. string[]
delegations An array of references to the delegations on the subnet. Delegation[]
natGateway Nat gateway associated with this subnet. SubResource
networkSecurityGroup The reference of the NetworkSecurityGroup resource. NetworkSecurityGroup
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. string
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. string
resourceNavigationLinks An array of references to the external resources using subnet. ResourceNavigationLink[]
routeTable The reference of the RouteTable resource. RouteTable
serviceAssociationLinks An array of references to services injecting into this subnet. ServiceAssociationLink[]
serviceEndpointPolicies An array of service endpoint policies. ServiceEndpointPolicy[]
serviceEndpoints An array of service endpoints. ServiceEndpointPropertiesFormat[]

SubResource

Name Description Value
id Resource ID. string

VirtualNetworkTap

Name Description Value
etag A unique read-only string that changes whenever the resource is updated. string
id Resource ID. string
location Resource location. string
properties Virtual Network Tap Properties. VirtualNetworkTapPropertiesFormat
tags Resource tags. ResourceTags

VirtualNetworkTapPropertiesFormat

Name Description Value
destinationLoadBalancerFrontEndIPConfiguration The reference to the private IP address on the internal Load Balancer that will receive the tap. FrontendIPConfiguration
destinationNetworkInterfaceIPConfiguration The reference to the private IP Address of the collector nic that will receive the tap. NetworkInterfaceIPConfiguration
destinationPort The VXLAN destination port that will receive the tapped traffic. int