Bicep resource definition
The managedEnvironments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.App/managedEnvironments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.App/managedEnvironments@2024-10-02-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
name: 'string'
properties: {
appInsightsConfiguration: {
connectionString: 'string'
}
appLogsConfiguration: {
destination: 'string'
logAnalyticsConfiguration: {
customerId: 'string'
dynamicJsonColumns: bool
sharedKey: 'string'
}
}
availabilityZones: [
'string'
]
customDomainConfiguration: {
certificateKeyVaultProperties: {
identity: 'string'
keyVaultUrl: 'string'
}
certificatePassword: 'string'
certificateValue: any(...)
dnsSuffix: 'string'
}
daprAIConnectionString: 'string'
daprAIInstrumentationKey: 'string'
daprConfiguration: {}
infrastructureResourceGroup: 'string'
kedaConfiguration: {}
openTelemetryConfiguration: {
destinationsConfiguration: {
dataDogConfiguration: {
key: 'string'
site: 'string'
}
otlpConfigurations: [
{
endpoint: 'string'
headers: [
{
key: 'string'
value: 'string'
}
]
insecure: bool
name: 'string'
}
]
}
logsConfiguration: {
destinations: [
'string'
]
}
metricsConfiguration: {
destinations: [
'string'
]
includeKeda: bool
}
tracesConfiguration: {
destinations: [
'string'
]
includeDapr: bool
}
}
peerAuthentication: {
mtls: {
enabled: bool
}
}
peerTrafficConfiguration: {
encryption: {
enabled: bool
}
}
publicNetworkAccess: 'string'
vnetConfiguration: {
dockerBridgeCidr: 'string'
infrastructureSubnetId: 'string'
internal: bool
platformReservedCidr: 'string'
platformReservedDnsIP: 'string'
}
workloadProfiles: [
{
enableFips: bool
maximumCount: int
minimumCount: int
name: 'string'
workloadProfileType: 'string'
}
]
zoneRedundant: bool
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.App/managedEnvironments
| Name |
Description |
Value |
| identity |
Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. |
ManagedServiceIdentity |
| kind |
Kind of the Environment. |
string |
| location |
The geo-location where the resource lives |
string (required) |
| name |
The resource name |
string (required) |
| properties |
Managed environment resource specific properties |
ManagedEnvironmentProperties |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
AppInsightsConfiguration
| Name |
Description |
Value |
| connectionString |
Application Insights connection string |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
AppLogsConfiguration
| Name |
Description |
Value |
| destination |
Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' |
string |
| logAnalyticsConfiguration |
Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' |
LogAnalyticsConfiguration |
CertificateKeyVaultProperties
| Name |
Description |
Value |
| identity |
Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. |
string |
| keyVaultUrl |
URL pointing to the Azure Key Vault secret that holds the certificate. |
string |
CustomDomainConfiguration
| Name |
Description |
Value |
| certificateKeyVaultProperties |
Certificate stored in Azure Key Vault. |
CertificateKeyVaultProperties |
| certificatePassword |
Certificate password |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| certificateValue |
PFX or PEM blob |
any |
| dnsSuffix |
Dns suffix for the environment domain |
string |
DaprConfiguration
DataDogConfiguration
| Name |
Description |
Value |
| key |
The data dog api key |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| site |
The data dog site |
string |
DestinationsConfiguration
| Name |
Description |
Value |
| dataDogConfiguration |
Open telemetry datadog destination configuration |
DataDogConfiguration |
| otlpConfigurations |
Open telemetry otlp configurations |
OtlpConfiguration[] |
| Name |
Description |
Value |
| key |
The key of otlp configuration header |
string |
| value |
The value of otlp configuration header |
string |
KedaConfiguration
LogAnalyticsConfiguration
| Name |
Description |
Value |
| customerId |
Log analytics customer id |
string |
| dynamicJsonColumns |
Boolean indicating whether to parse json string log into dynamic json columns |
bool |
| sharedKey |
Log analytics customer key |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
LogsConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry logs destinations |
string[] |
ManagedEnvironmentProperties
| Name |
Description |
Value |
| appInsightsConfiguration |
Environment level Application Insights configuration |
AppInsightsConfiguration |
| appLogsConfiguration |
Cluster configuration which enables the log daemon to export app logs to configured destination |
AppLogsConfiguration |
| availabilityZones |
The list of availability zones to use for managed environment |
string[] |
| customDomainConfiguration |
Custom domain configuration for the environment |
CustomDomainConfiguration |
| daprAIConnectionString |
Application Insights connection string used by Dapr to export Service to Service communication telemetry |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey |
Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| daprConfiguration |
The configuration of Dapr component. |
DaprConfiguration |
| infrastructureResourceGroup |
Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. |
string |
| kedaConfiguration |
The configuration of Keda component. |
KedaConfiguration |
| openTelemetryConfiguration |
Environment Open Telemetry configuration |
OpenTelemetryConfiguration |
| peerAuthentication |
Peer authentication settings for the Managed Environment |
ManagedEnvironmentPropertiesPeerAuthentication |
| peerTrafficConfiguration |
Peer traffic settings for the Managed Environment |
ManagedEnvironmentPropertiesPeerTrafficConfiguration |
| publicNetworkAccess |
Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. |
'Disabled'
'Enabled' |
| vnetConfiguration |
Vnet configuration for the environment |
VnetConfiguration |
| workloadProfiles |
Workload profiles configured for the Managed Environment. |
WorkloadProfile[] |
| zoneRedundant |
Whether or not this Managed Environment is zone-redundant. |
bool |
ManagedEnvironmentPropertiesPeerAuthentication
| Name |
Description |
Value |
| mtls |
Mutual TLS authentication settings for the Managed Environment |
Mtls |
ManagedEnvironmentPropertiesPeerTrafficConfiguration
ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption
| Name |
Description |
Value |
| enabled |
Boolean indicating whether the peer traffic encryption is enabled |
bool |
ManagedServiceIdentity
| Name |
Description |
Value |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required) |
| userAssignedIdentities |
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. |
UserAssignedIdentities |
MetricsConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry metrics destinations |
string[] |
| includeKeda |
Boolean indicating if including keda metrics |
bool |
Mtls
| Name |
Description |
Value |
| enabled |
Boolean indicating whether the mutual TLS authentication is enabled |
bool |
OpenTelemetryConfiguration
OtlpConfiguration
| Name |
Description |
Value |
| endpoint |
The endpoint of otlp configuration |
string |
| headers |
Headers of otlp configurations |
Header[] |
| insecure |
Boolean indicating if otlp configuration is insecure |
bool |
| name |
The name of otlp configuration |
string |
TracesConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry traces destinations |
string[] |
| includeDapr |
Boolean indicating if including dapr traces |
bool |
UserAssignedIdentities
UserAssignedIdentity
VnetConfiguration
| Name |
Description |
Value |
| dockerBridgeCidr |
CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. |
string |
| infrastructureSubnetId |
Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. |
string |
| internal |
Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property |
bool |
| platformReservedCidr |
IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. |
string |
| platformReservedDnsIP |
An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. |
string |
WorkloadProfile
| Name |
Description |
Value |
| enableFips |
Whether to use a FIPS-enabled OS. Supported only for dedicated workload profiles. |
bool |
| maximumCount |
The maximum capacity. |
int |
| minimumCount |
The minimum capacity. |
int |
| name |
Workload profile type for the workloads to run on. |
string (required) |
| workloadProfileType |
Workload profile type for the workloads to run on. |
string (required) |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
ARM template resource definition
The managedEnvironments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.App/managedEnvironments resource, add the following JSON to your template.
{
"type": "Microsoft.App/managedEnvironments",
"apiVersion": "2024-10-02-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"properties": {
"appInsightsConfiguration": {
"connectionString": "string"
},
"appLogsConfiguration": {
"destination": "string",
"logAnalyticsConfiguration": {
"customerId": "string",
"dynamicJsonColumns": "bool",
"sharedKey": "string"
}
},
"availabilityZones": [ "string" ],
"customDomainConfiguration": {
"certificateKeyVaultProperties": {
"identity": "string",
"keyVaultUrl": "string"
},
"certificatePassword": "string",
"certificateValue": {},
"dnsSuffix": "string"
},
"daprAIConnectionString": "string",
"daprAIInstrumentationKey": "string",
"daprConfiguration": {
},
"infrastructureResourceGroup": "string",
"kedaConfiguration": {
},
"openTelemetryConfiguration": {
"destinationsConfiguration": {
"dataDogConfiguration": {
"key": "string",
"site": "string"
},
"otlpConfigurations": [
{
"endpoint": "string",
"headers": [
{
"key": "string",
"value": "string"
}
],
"insecure": "bool",
"name": "string"
}
]
},
"logsConfiguration": {
"destinations": [ "string" ]
},
"metricsConfiguration": {
"destinations": [ "string" ],
"includeKeda": "bool"
},
"tracesConfiguration": {
"destinations": [ "string" ],
"includeDapr": "bool"
}
},
"peerAuthentication": {
"mtls": {
"enabled": "bool"
}
},
"peerTrafficConfiguration": {
"encryption": {
"enabled": "bool"
}
},
"publicNetworkAccess": "string",
"vnetConfiguration": {
"dockerBridgeCidr": "string",
"infrastructureSubnetId": "string",
"internal": "bool",
"platformReservedCidr": "string",
"platformReservedDnsIP": "string"
},
"workloadProfiles": [
{
"enableFips": "bool",
"maximumCount": "int",
"minimumCount": "int",
"name": "string",
"workloadProfileType": "string"
}
],
"zoneRedundant": "bool"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.App/managedEnvironments
| Name |
Description |
Value |
| apiVersion |
The api version |
'2024-10-02-preview' |
| identity |
Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. |
ManagedServiceIdentity |
| kind |
Kind of the Environment. |
string |
| location |
The geo-location where the resource lives |
string (required) |
| name |
The resource name |
string (required) |
| properties |
Managed environment resource specific properties |
ManagedEnvironmentProperties |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
| type |
The resource type |
'Microsoft.App/managedEnvironments' |
AppInsightsConfiguration
| Name |
Description |
Value |
| connectionString |
Application Insights connection string |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
AppLogsConfiguration
| Name |
Description |
Value |
| destination |
Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' |
string |
| logAnalyticsConfiguration |
Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' |
LogAnalyticsConfiguration |
CertificateKeyVaultProperties
| Name |
Description |
Value |
| identity |
Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. |
string |
| keyVaultUrl |
URL pointing to the Azure Key Vault secret that holds the certificate. |
string |
CustomDomainConfiguration
| Name |
Description |
Value |
| certificateKeyVaultProperties |
Certificate stored in Azure Key Vault. |
CertificateKeyVaultProperties |
| certificatePassword |
Certificate password |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| certificateValue |
PFX or PEM blob |
any |
| dnsSuffix |
Dns suffix for the environment domain |
string |
DaprConfiguration
DataDogConfiguration
| Name |
Description |
Value |
| key |
The data dog api key |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| site |
The data dog site |
string |
DestinationsConfiguration
| Name |
Description |
Value |
| dataDogConfiguration |
Open telemetry datadog destination configuration |
DataDogConfiguration |
| otlpConfigurations |
Open telemetry otlp configurations |
OtlpConfiguration[] |
| Name |
Description |
Value |
| key |
The key of otlp configuration header |
string |
| value |
The value of otlp configuration header |
string |
KedaConfiguration
LogAnalyticsConfiguration
| Name |
Description |
Value |
| customerId |
Log analytics customer id |
string |
| dynamicJsonColumns |
Boolean indicating whether to parse json string log into dynamic json columns |
bool |
| sharedKey |
Log analytics customer key |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
LogsConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry logs destinations |
string[] |
ManagedEnvironmentProperties
| Name |
Description |
Value |
| appInsightsConfiguration |
Environment level Application Insights configuration |
AppInsightsConfiguration |
| appLogsConfiguration |
Cluster configuration which enables the log daemon to export app logs to configured destination |
AppLogsConfiguration |
| availabilityZones |
The list of availability zones to use for managed environment |
string[] |
| customDomainConfiguration |
Custom domain configuration for the environment |
CustomDomainConfiguration |
| daprAIConnectionString |
Application Insights connection string used by Dapr to export Service to Service communication telemetry |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey |
Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| daprConfiguration |
The configuration of Dapr component. |
DaprConfiguration |
| infrastructureResourceGroup |
Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. |
string |
| kedaConfiguration |
The configuration of Keda component. |
KedaConfiguration |
| openTelemetryConfiguration |
Environment Open Telemetry configuration |
OpenTelemetryConfiguration |
| peerAuthentication |
Peer authentication settings for the Managed Environment |
ManagedEnvironmentPropertiesPeerAuthentication |
| peerTrafficConfiguration |
Peer traffic settings for the Managed Environment |
ManagedEnvironmentPropertiesPeerTrafficConfiguration |
| publicNetworkAccess |
Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. |
'Disabled'
'Enabled' |
| vnetConfiguration |
Vnet configuration for the environment |
VnetConfiguration |
| workloadProfiles |
Workload profiles configured for the Managed Environment. |
WorkloadProfile[] |
| zoneRedundant |
Whether or not this Managed Environment is zone-redundant. |
bool |
ManagedEnvironmentPropertiesPeerAuthentication
| Name |
Description |
Value |
| mtls |
Mutual TLS authentication settings for the Managed Environment |
Mtls |
ManagedEnvironmentPropertiesPeerTrafficConfiguration
ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption
| Name |
Description |
Value |
| enabled |
Boolean indicating whether the peer traffic encryption is enabled |
bool |
ManagedServiceIdentity
| Name |
Description |
Value |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required) |
| userAssignedIdentities |
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. |
UserAssignedIdentities |
MetricsConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry metrics destinations |
string[] |
| includeKeda |
Boolean indicating if including keda metrics |
bool |
Mtls
| Name |
Description |
Value |
| enabled |
Boolean indicating whether the mutual TLS authentication is enabled |
bool |
OpenTelemetryConfiguration
OtlpConfiguration
| Name |
Description |
Value |
| endpoint |
The endpoint of otlp configuration |
string |
| headers |
Headers of otlp configurations |
Header[] |
| insecure |
Boolean indicating if otlp configuration is insecure |
bool |
| name |
The name of otlp configuration |
string |
TracesConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry traces destinations |
string[] |
| includeDapr |
Boolean indicating if including dapr traces |
bool |
UserAssignedIdentities
UserAssignedIdentity
VnetConfiguration
| Name |
Description |
Value |
| dockerBridgeCidr |
CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. |
string |
| infrastructureSubnetId |
Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. |
string |
| internal |
Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property |
bool |
| platformReservedCidr |
IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. |
string |
| platformReservedDnsIP |
An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. |
string |
WorkloadProfile
| Name |
Description |
Value |
| enableFips |
Whether to use a FIPS-enabled OS. Supported only for dedicated workload profiles. |
bool |
| maximumCount |
The maximum capacity. |
int |
| minimumCount |
The minimum capacity. |
int |
| name |
Workload profile type for the workloads to run on. |
string (required) |
| workloadProfileType |
Workload profile type for the workloads to run on. |
string (required) |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
The managedEnvironments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.App/managedEnvironments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.App/managedEnvironments@2024-10-02-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
kind = "string"
properties = {
appInsightsConfiguration = {
connectionString = "string"
}
appLogsConfiguration = {
destination = "string"
logAnalyticsConfiguration = {
customerId = "string"
dynamicJsonColumns = bool
sharedKey = "string"
}
}
availabilityZones = [
"string"
]
customDomainConfiguration = {
certificateKeyVaultProperties = {
identity = "string"
keyVaultUrl = "string"
}
certificatePassword = "string"
certificateValue = ?
dnsSuffix = "string"
}
daprAIConnectionString = "string"
daprAIInstrumentationKey = "string"
daprConfiguration = {
}
infrastructureResourceGroup = "string"
kedaConfiguration = {
}
openTelemetryConfiguration = {
destinationsConfiguration = {
dataDogConfiguration = {
key = "string"
site = "string"
}
otlpConfigurations = [
{
endpoint = "string"
headers = [
{
key = "string"
value = "string"
}
]
insecure = bool
name = "string"
}
]
}
logsConfiguration = {
destinations = [
"string"
]
}
metricsConfiguration = {
destinations = [
"string"
]
includeKeda = bool
}
tracesConfiguration = {
destinations = [
"string"
]
includeDapr = bool
}
}
peerAuthentication = {
mtls = {
enabled = bool
}
}
peerTrafficConfiguration = {
encryption = {
enabled = bool
}
}
publicNetworkAccess = "string"
vnetConfiguration = {
dockerBridgeCidr = "string"
infrastructureSubnetId = "string"
internal = bool
platformReservedCidr = "string"
platformReservedDnsIP = "string"
}
workloadProfiles = [
{
enableFips = bool
maximumCount = int
minimumCount = int
name = "string"
workloadProfileType = "string"
}
]
zoneRedundant = bool
}
}
}
Property Values
Microsoft.App/managedEnvironments
| Name |
Description |
Value |
| identity |
Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. |
ManagedServiceIdentity |
| kind |
Kind of the Environment. |
string |
| location |
The geo-location where the resource lives |
string (required) |
| name |
The resource name |
string (required) |
| properties |
Managed environment resource specific properties |
ManagedEnvironmentProperties |
| tags |
Resource tags |
Dictionary of tag names and values. |
| type |
The resource type |
"Microsoft.App/managedEnvironments@2024-10-02-preview" |
AppInsightsConfiguration
| Name |
Description |
Value |
| connectionString |
Application Insights connection string |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
AppLogsConfiguration
| Name |
Description |
Value |
| destination |
Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' |
string |
| logAnalyticsConfiguration |
Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' |
LogAnalyticsConfiguration |
CertificateKeyVaultProperties
| Name |
Description |
Value |
| identity |
Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. |
string |
| keyVaultUrl |
URL pointing to the Azure Key Vault secret that holds the certificate. |
string |
CustomDomainConfiguration
| Name |
Description |
Value |
| certificateKeyVaultProperties |
Certificate stored in Azure Key Vault. |
CertificateKeyVaultProperties |
| certificatePassword |
Certificate password |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| certificateValue |
PFX or PEM blob |
any |
| dnsSuffix |
Dns suffix for the environment domain |
string |
DaprConfiguration
DataDogConfiguration
| Name |
Description |
Value |
| key |
The data dog api key |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| site |
The data dog site |
string |
DestinationsConfiguration
| Name |
Description |
Value |
| dataDogConfiguration |
Open telemetry datadog destination configuration |
DataDogConfiguration |
| otlpConfigurations |
Open telemetry otlp configurations |
OtlpConfiguration[] |
| Name |
Description |
Value |
| key |
The key of otlp configuration header |
string |
| value |
The value of otlp configuration header |
string |
KedaConfiguration
LogAnalyticsConfiguration
| Name |
Description |
Value |
| customerId |
Log analytics customer id |
string |
| dynamicJsonColumns |
Boolean indicating whether to parse json string log into dynamic json columns |
bool |
| sharedKey |
Log analytics customer key |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
LogsConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry logs destinations |
string[] |
ManagedEnvironmentProperties
| Name |
Description |
Value |
| appInsightsConfiguration |
Environment level Application Insights configuration |
AppInsightsConfiguration |
| appLogsConfiguration |
Cluster configuration which enables the log daemon to export app logs to configured destination |
AppLogsConfiguration |
| availabilityZones |
The list of availability zones to use for managed environment |
string[] |
| customDomainConfiguration |
Custom domain configuration for the environment |
CustomDomainConfiguration |
| daprAIConnectionString |
Application Insights connection string used by Dapr to export Service to Service communication telemetry |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey |
Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry |
string
Constraints:
Sensitive value. Pass in as a secure parameter. |
| daprConfiguration |
The configuration of Dapr component. |
DaprConfiguration |
| infrastructureResourceGroup |
Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. |
string |
| kedaConfiguration |
The configuration of Keda component. |
KedaConfiguration |
| openTelemetryConfiguration |
Environment Open Telemetry configuration |
OpenTelemetryConfiguration |
| peerAuthentication |
Peer authentication settings for the Managed Environment |
ManagedEnvironmentPropertiesPeerAuthentication |
| peerTrafficConfiguration |
Peer traffic settings for the Managed Environment |
ManagedEnvironmentPropertiesPeerTrafficConfiguration |
| publicNetworkAccess |
Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. |
'Disabled'
'Enabled' |
| vnetConfiguration |
Vnet configuration for the environment |
VnetConfiguration |
| workloadProfiles |
Workload profiles configured for the Managed Environment. |
WorkloadProfile[] |
| zoneRedundant |
Whether or not this Managed Environment is zone-redundant. |
bool |
ManagedEnvironmentPropertiesPeerAuthentication
| Name |
Description |
Value |
| mtls |
Mutual TLS authentication settings for the Managed Environment |
Mtls |
ManagedEnvironmentPropertiesPeerTrafficConfiguration
ManagedEnvironmentPropertiesPeerTrafficConfigurationEncryption
| Name |
Description |
Value |
| enabled |
Boolean indicating whether the peer traffic encryption is enabled |
bool |
ManagedServiceIdentity
| Name |
Description |
Value |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required) |
| userAssignedIdentities |
The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. |
UserAssignedIdentities |
MetricsConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry metrics destinations |
string[] |
| includeKeda |
Boolean indicating if including keda metrics |
bool |
Mtls
| Name |
Description |
Value |
| enabled |
Boolean indicating whether the mutual TLS authentication is enabled |
bool |
OpenTelemetryConfiguration
OtlpConfiguration
| Name |
Description |
Value |
| endpoint |
The endpoint of otlp configuration |
string |
| headers |
Headers of otlp configurations |
Header[] |
| insecure |
Boolean indicating if otlp configuration is insecure |
bool |
| name |
The name of otlp configuration |
string |
TracesConfiguration
| Name |
Description |
Value |
| destinations |
Open telemetry traces destinations |
string[] |
| includeDapr |
Boolean indicating if including dapr traces |
bool |
UserAssignedIdentities
UserAssignedIdentity
VnetConfiguration
| Name |
Description |
Value |
| dockerBridgeCidr |
CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. |
string |
| infrastructureSubnetId |
Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. |
string |
| internal |
Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property |
bool |
| platformReservedCidr |
IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. |
string |
| platformReservedDnsIP |
An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. |
string |
WorkloadProfile
| Name |
Description |
Value |
| enableFips |
Whether to use a FIPS-enabled OS. Supported only for dedicated workload profiles. |
bool |
| maximumCount |
The maximum capacity. |
int |
| minimumCount |
The minimum capacity. |
int |
| name |
Workload profile type for the workloads to run on. |
string (required) |
| workloadProfileType |
Workload profile type for the workloads to run on. |
string (required) |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
