Search

Please login in for more filter options

Kickstart your project with AVM templates.

AVM Bicep Modules
AVM Terraform Modules

app-config-stores

avm-bicep

report
Report Package app-config-stores

If you believe that this package or its contents contain harmful information, please inform us.
Please be aware that we will never share your credentials.

Please let us know what this package contains.
Please enter a valid email address.

This Bicep AVM module deploys an App Configuration Store.

ipm add --package avm-bicep/app-config-stores --version 0.9.2

Published: 04-09-2025

Project URL: https://ipmhub.io/avm-bicep

Package Type: Bicep

License: MIT

App Configuration Stores [Microsoft.AppConfiguration/configurationStores]

This module deploys an App Configuration Store.

Navigation

Resource Types

Resource Type API Version References
Microsoft.AppConfiguration/configurationStores 2025-02-01-preview
Microsoft.AppConfiguration/configurationStores/keyValues 2025-02-01-preview
Microsoft.AppConfiguration/configurationStores/replicas 2025-02-01-preview
Microsoft.Authorization/locks 2020-05-01
Microsoft.Authorization/roleAssignments 2022-04-01
Microsoft.Insights/diagnosticSettings 2021-05-01-preview
Microsoft.Network/privateEndpoints 2024-05-01
Microsoft.Network/privateEndpoints/privateDnsZoneGroups 2024-05-01

Usage examples

The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.

Note: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.

Note: To reference the module, please use the following syntax ./packages/app-config-stores/main.bicep.

Example 1: Using only defaults

This instance deploys the module with the minimum set of required parameters.

via Bicep module 
module configurationStore './packages/app-config-stores/main.bicep' = {
  name: 'configurationStoreDeployment'
  params: {
    // Required parameters
    name: 'accmin001'
    // Non-required parameters
    enablePurgeProtection: false
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "accmin001"
    },
    // Non-required parameters
    "enablePurgeProtection": {
      "value": false
    }
  }
}

via Bicep parameters file 
using './packages/app-config-stores/main.bicep'

// Required parameters
param name = 'accmin001'
// Non-required parameters
param enablePurgeProtection = false

Example 2: Using Customer-Managed-Keys with User-Assigned identity

This instance deploys the module using Customer-Managed-Keys using a User-Assigned Identity to access the Customer-Managed-Key secret.

via Bicep module 
module configurationStore './packages/app-config-stores/main.bicep' = {
  name: 'configurationStoreDeployment'
  params: {
    // Required parameters
    name: 'accencr001'
    // Non-required parameters
    createMode: 'Default'
    customerManagedKey: {
      keyName: '<keyName>'
      keyVaultResourceId: '<keyVaultResourceId>'
      userAssignedIdentityResourceId: '<userAssignedIdentityResourceId>'
    }
    disableLocalAuth: '<disableLocalAuth>'
    enablePurgeProtection: false
    keyValues: [
      {
        contentType: 'contentType'
        name: 'keyName'
        roleAssignments: [
          {
            principalId: '<principalId>'
            principalType: 'ServicePrincipal'
            roleDefinitionIdOrName: 'Reader'
          }
        ]
        value: 'valueName'
      }
    ]
    managedIdentities: {
      userAssignedResourceIds: [
        '<managedIdentityResourceId>'
      ]
    }
    softDeleteRetentionInDays: 1
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "accencr001"
    },
    // Non-required parameters
    "createMode": {
      "value": "Default"
    },
    "customerManagedKey": {
      "value": {
        "keyName": "<keyName>",
        "keyVaultResourceId": "<keyVaultResourceId>",
        "userAssignedIdentityResourceId": "<userAssignedIdentityResourceId>"
      }
    },
    "disableLocalAuth": {
      "value": "<disableLocalAuth>"
    },
    "enablePurgeProtection": {
      "value": false
    },
    "keyValues": {
      "value": [
        {
          "contentType": "contentType",
          "name": "keyName",
          "roleAssignments": [
            {
              "principalId": "<principalId>",
              "principalType": "ServicePrincipal",
              "roleDefinitionIdOrName": "Reader"
            }
          ],
          "value": "valueName"
        }
      ]
    },
    "managedIdentities": {
      "value": {
        "userAssignedResourceIds": [
          "<managedIdentityResourceId>"
        ]
      }
    },
    "softDeleteRetentionInDays": {
      "value": 1
    }
  }
}

via Bicep parameters file 
using './packages/app-config-stores/main.bicep'

// Required parameters
param name = 'accencr001'
// Non-required parameters
param createMode = 'Default'
param customerManagedKey = {
  keyName: '<keyName>'
  keyVaultResourceId: '<keyVaultResourceId>'
  userAssignedIdentityResourceId: '<userAssignedIdentityResourceId>'
}
param disableLocalAuth = '<disableLocalAuth>'
param enablePurgeProtection = false
param keyValues = [
  {
    contentType: 'contentType'
    name: 'keyName'
    roleAssignments: [
      {
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'Reader'
      }
    ]
    value: 'valueName'
  }
]
param managedIdentities = {
  userAssignedResourceIds: [
    '<managedIdentityResourceId>'
  ]
}
param softDeleteRetentionInDays = 1

Example 3: Using large parameter set

This instance deploys the module with most of its features enabled.

via Bicep module 
module configurationStore './packages/app-config-stores/main.bicep' = {
  name: 'configurationStoreDeployment'
  params: {
    // Required parameters
    name: 'accmax001'
    // Non-required parameters
    createMode: 'Default'
    diagnosticSettings: [
      {
        eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
        eventHubName: '<eventHubName>'
        metricCategories: [
          {
            category: 'AllMetrics'
          }
        ]
        name: 'customSetting'
        storageAccountResourceId: '<storageAccountResourceId>'
        workspaceResourceId: '<workspaceResourceId>'
      }
    ]
    disableLocalAuth: '<disableLocalAuth>'
    enablePurgeProtection: false
    keyValues: [
      {
        contentType: 'contentType'
        name: 'keyName'
        roleAssignments: [
          {
            name: '56e2c190-b31e-4518-84de-170b8a5c1b24'
            principalId: '<principalId>'
            principalType: 'ServicePrincipal'
            roleDefinitionIdOrName: 'Owner'
          }
          {
            principalId: '<principalId>'
            principalType: 'ServicePrincipal'
            roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
          }
          {
            principalId: '<principalId>'
            principalType: 'ServicePrincipal'
            roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
          }
        ]
        value: 'valueName'
      }
      {
        name: 'keyName2'
        value: 'valueName2'
      }
    ]
    location: '<location>'
    lock: {
      kind: 'CanNotDelete'
      name: 'myCustomLockName'
    }
    managedIdentities: {
      systemAssigned: true
      userAssignedResourceIds: [
        '<managedIdentityResourceId>'
      ]
    }
    replicaLocations: [
      {
        name: 'mycentralusreplica'
        replicaLocation: 'centralus'
      }
      {
        replicaLocation: 'westus'
      }
    ]
    roleAssignments: [
      {
        name: '695044c2-3f1f-4843-970a-bed584b95a9a'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'Owner'
      }
      {
        name: '<name>'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
      }
      {
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
      }
    ]
    softDeleteRetentionInDays: 1
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "accmax001"
    },
    // Non-required parameters
    "createMode": {
      "value": "Default"
    },
    "diagnosticSettings": {
      "value": [
        {
          "eventHubAuthorizationRuleResourceId": "<eventHubAuthorizationRuleResourceId>",
          "eventHubName": "<eventHubName>",
          "metricCategories": [
            {
              "category": "AllMetrics"
            }
          ],
          "name": "customSetting",
          "storageAccountResourceId": "<storageAccountResourceId>",
          "workspaceResourceId": "<workspaceResourceId>"
        }
      ]
    },
    "disableLocalAuth": {
      "value": "<disableLocalAuth>"
    },
    "enablePurgeProtection": {
      "value": false
    },
    "keyValues": {
      "value": [
        {
          "contentType": "contentType",
          "name": "keyName",
          "roleAssignments": [
            {
              "name": "56e2c190-b31e-4518-84de-170b8a5c1b24",
              "principalId": "<principalId>",
              "principalType": "ServicePrincipal",
              "roleDefinitionIdOrName": "Owner"
            },
            {
              "principalId": "<principalId>",
              "principalType": "ServicePrincipal",
              "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c"
            },
            {
              "principalId": "<principalId>",
              "principalType": "ServicePrincipal",
              "roleDefinitionIdOrName": "<roleDefinitionIdOrName>"
            }
          ],
          "value": "valueName"
        },
        {
          "name": "keyName2",
          "value": "valueName2"
        }
      ]
    },
    "location": {
      "value": "<location>"
    },
    "lock": {
      "value": {
        "kind": "CanNotDelete",
        "name": "myCustomLockName"
      }
    },
    "managedIdentities": {
      "value": {
        "systemAssigned": true,
        "userAssignedResourceIds": [
          "<managedIdentityResourceId>"
        ]
      }
    },
    "replicaLocations": {
      "value": [
        {
          "name": "mycentralusreplica",
          "replicaLocation": "centralus"
        },
        {
          "replicaLocation": "westus"
        }
      ]
    },
    "roleAssignments": {
      "value": [
        {
          "name": "695044c2-3f1f-4843-970a-bed584b95a9a",
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "Owner"
        },
        {
          "name": "<name>",
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c"
        },
        {
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "<roleDefinitionIdOrName>"
        }
      ]
    },
    "softDeleteRetentionInDays": {
      "value": 1
    },
    "tags": {
      "value": {
        "Environment": "Non-Prod",
        "hidden-title": "This is visible in the resource name",
        "Role": "DeploymentValidation"
      }
    }
  }
}

via Bicep parameters file 
using './packages/app-config-stores/main.bicep'

// Required parameters
param name = 'accmax001'
// Non-required parameters
param createMode = 'Default'
param diagnosticSettings = [
  {
    eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
    eventHubName: '<eventHubName>'
    metricCategories: [
      {
        category: 'AllMetrics'
      }
    ]
    name: 'customSetting'
    storageAccountResourceId: '<storageAccountResourceId>'
    workspaceResourceId: '<workspaceResourceId>'
  }
]
param disableLocalAuth = '<disableLocalAuth>'
param enablePurgeProtection = false
param keyValues = [
  {
    contentType: 'contentType'
    name: 'keyName'
    roleAssignments: [
      {
        name: '56e2c190-b31e-4518-84de-170b8a5c1b24'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'Owner'
      }
      {
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
      }
      {
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
      }
    ]
    value: 'valueName'
  }
  {
    name: 'keyName2'
    value: 'valueName2'
  }
]
param location = '<location>'
param lock = {
  kind: 'CanNotDelete'
  name: 'myCustomLockName'
}
param managedIdentities = {
  systemAssigned: true
  userAssignedResourceIds: [
    '<managedIdentityResourceId>'
  ]
}
param replicaLocations = [
  {
    name: 'mycentralusreplica'
    replicaLocation: 'centralus'
  }
  {
    replicaLocation: 'westus'
  }
]
param roleAssignments = [
  {
    name: '695044c2-3f1f-4843-970a-bed584b95a9a'
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: 'Owner'
  }
  {
    name: '<name>'
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
  }
  {
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
  }
]
param softDeleteRetentionInDays = 1
param tags = {
  Environment: 'Non-Prod'
  'hidden-title': 'This is visible in the resource name'
  Role: 'DeploymentValidation'
}

Example 4: Private endpoint-enabled deployment

This instance deploys the module with private endpoints.

via Bicep module 
module configurationStore './packages/app-config-stores/main.bicep' = {
  name: 'configurationStoreDeployment'
  params: {
    // Required parameters
    name: 'accpe001'
    // Non-required parameters
    createMode: 'Default'
    enablePurgeProtection: false
    privateEndpoints: [
      {
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
            }
          ]
        }
        subnetResourceId: '<subnetResourceId>'
        tags: {
          Environment: 'Non-Prod'
          'hidden-title': 'This is visible in the resource name'
          Role: 'DeploymentValidation'
        }
      }
      {
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
            }
          ]
        }
        subnetResourceId: '<subnetResourceId>'
      }
    ]
    softDeleteRetentionInDays: 1
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "accpe001"
    },
    // Non-required parameters
    "createMode": {
      "value": "Default"
    },
    "enablePurgeProtection": {
      "value": false
    },
    "privateEndpoints": {
      "value": [
        {
          "privateDnsZoneGroup": {
            "privateDnsZoneGroupConfigs": [
              {
                "privateDnsZoneResourceId": "<privateDnsZoneResourceId>"
              }
            ]
          },
          "subnetResourceId": "<subnetResourceId>",
          "tags": {
            "Environment": "Non-Prod",
            "hidden-title": "This is visible in the resource name",
            "Role": "DeploymentValidation"
          }
        },
        {
          "privateDnsZoneGroup": {
            "privateDnsZoneGroupConfigs": [
              {
                "privateDnsZoneResourceId": "<privateDnsZoneResourceId>"
              }
            ]
          },
          "subnetResourceId": "<subnetResourceId>"
        }
      ]
    },
    "softDeleteRetentionInDays": {
      "value": 1
    }
  }
}

via Bicep parameters file 
using './packages/app-config-stores/main.bicep'

// Required parameters
param name = 'accpe001'
// Non-required parameters
param createMode = 'Default'
param enablePurgeProtection = false
param privateEndpoints = [
  {
    privateDnsZoneGroup: {
      privateDnsZoneGroupConfigs: [
        {
          privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
        }
      ]
    }
    subnetResourceId: '<subnetResourceId>'
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
  }
  {
    privateDnsZoneGroup: {
      privateDnsZoneGroupConfigs: [
        {
          privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
        }
      ]
    }
    subnetResourceId: '<subnetResourceId>'
  }
]
param softDeleteRetentionInDays = 1

Example 5: WAF-aligned

This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.

via Bicep module 
module configurationStore './packages/app-config-stores/main.bicep' = {
  name: 'configurationStoreDeployment'
  params: {
    // Required parameters
    name: 'accwaf001'
    // Non-required parameters
    createMode: 'Default'
    diagnosticSettings: [
      {
        eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
        eventHubName: '<eventHubName>'
        storageAccountResourceId: '<storageAccountResourceId>'
        workspaceResourceId: '<workspaceResourceId>'
      }
    ]
    disableLocalAuth: '<disableLocalAuth>'
    enablePurgeProtection: false
    keyValues: [
      {
        contentType: 'contentType'
        name: 'keyName'
        value: 'valueName'
      }
    ]
    replicaLocations: [
      {
        replicaLocation: 'centralus'
      }
      {
        replicaLocation: 'westus'
      }
    ]
    softDeleteRetentionInDays: 1
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "accwaf001"
    },
    // Non-required parameters
    "createMode": {
      "value": "Default"
    },
    "diagnosticSettings": {
      "value": [
        {
          "eventHubAuthorizationRuleResourceId": "<eventHubAuthorizationRuleResourceId>",
          "eventHubName": "<eventHubName>",
          "storageAccountResourceId": "<storageAccountResourceId>",
          "workspaceResourceId": "<workspaceResourceId>"
        }
      ]
    },
    "disableLocalAuth": {
      "value": "<disableLocalAuth>"
    },
    "enablePurgeProtection": {
      "value": false
    },
    "keyValues": {
      "value": [
        {
          "contentType": "contentType",
          "name": "keyName",
          "value": "valueName"
        }
      ]
    },
    "replicaLocations": {
      "value": [
        {
          "replicaLocation": "centralus"
        },
        {
          "replicaLocation": "westus"
        }
      ]
    },
    "softDeleteRetentionInDays": {
      "value": 1
    },
    "tags": {
      "value": {
        "Environment": "Non-Prod",
        "hidden-title": "This is visible in the resource name",
        "Role": "DeploymentValidation"
      }
    }
  }
}

via Bicep parameters file 
using './packages/app-config-stores/main.bicep'

// Required parameters
param name = 'accwaf001'
// Non-required parameters
param createMode = 'Default'
param diagnosticSettings = [
  {
    eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
    eventHubName: '<eventHubName>'
    storageAccountResourceId: '<storageAccountResourceId>'
    workspaceResourceId: '<workspaceResourceId>'
  }
]
param disableLocalAuth = '<disableLocalAuth>'
param enablePurgeProtection = false
param keyValues = [
  {
    contentType: 'contentType'
    name: 'keyName'
    value: 'valueName'
  }
]
param replicaLocations = [
  {
    replicaLocation: 'centralus'
  }
  {
    replicaLocation: 'westus'
  }
]
param softDeleteRetentionInDays = 1
param tags = {
  Environment: 'Non-Prod'
  'hidden-title': 'This is visible in the resource name'
  Role: 'DeploymentValidation'
}

Parameters

Required parameters

Parameter Type Description
name string Name of the Azure App Configuration.

Optional parameters

Parameter Type Description
createMode string Indicates whether the configuration store need to be recovered.
customerManagedKey object The customer managed key definition.
dataPlaneProxy object Property specifying the configuration of data plane proxy for Azure Resource Manager (ARM).
diagnosticSettings array The diagnostic settings of the service.
disableLocalAuth bool Disables all authentication methods other than AAD authentication.
enablePurgeProtection bool Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier.
enableTelemetry bool Enable/Disable usage telemetry for module.
keyValues array All Key / Values to create. Requires local authentication to be enabled.
location string Location for all Resources.
lock object The lock settings of the service.
managedIdentities object The managed identity definition for this resource.
privateEndpoints array Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
publicNetworkAccess string Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.
replicaLocations array All Replicas to create.
roleAssignments array Array of role assignments to create.
sku string Pricing tier of App Configuration.
softDeleteRetentionInDays int The amount of time in days that the configuration store will be retained when it is soft deleted.
tags object Tags of the resource.

Parameter: name

Name of the Azure App Configuration.

  • Required: Yes
  • Type: string

Parameter: createMode

Indicates whether the configuration store need to be recovered.

  • Required: No
  • Type: string
  • Default: 'Default'
  • Allowed:
    [
  'Default'
  'Recover'
]

Parameter: customerManagedKey

The customer managed key definition.

  • Required: No
  • Type: object

Required parameters

Parameter Type Description
keyName string The name of the customer managed key to use for encryption.
keyVaultResourceId string The resource ID of a key vault to reference a customer managed key for encryption from.

Optional parameters

Parameter Type Description
autoRotationEnabled bool Enable or disable auto-rotating to the latest key version. Default is true. If set to false, the latest key version at the time of the deployment is used.
keyVersion string The version of the customer managed key to reference for encryption. If not provided, using version as per 'autoRotationEnabled' setting.
userAssignedIdentityResourceId string User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use.

Parameter: customerManagedKey.keyName

The name of the customer managed key to use for encryption.

  • Required: Yes
  • Type: string

Parameter: customerManagedKey.keyVaultResourceId

The resource ID of a key vault to reference a customer managed key for encryption from.

  • Required: Yes
  • Type: string

Parameter: customerManagedKey.autoRotationEnabled

Enable or disable auto-rotating to the latest key version. Default is true. If set to false, the latest key version at the time of the deployment is used.

  • Required: No
  • Type: bool

Parameter: customerManagedKey.keyVersion

The version of the customer managed key to reference for encryption. If not provided, using version as per 'autoRotationEnabled' setting.

  • Required: No
  • Type: string

Parameter: customerManagedKey.userAssignedIdentityResourceId

User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use.

  • Required: No
  • Type: string

Parameter: dataPlaneProxy

Property specifying the configuration of data plane proxy for Azure Resource Manager (ARM).

  • Required: No
  • Type: object

Required parameters

Parameter Type Description
privateLinkDelegation string The data plane proxy private link delegation. This property manages if a request from delegated Azure Resource Manager (ARM) private link is allowed when the data plane resource requires private link.

Optional parameters

Parameter Type Description
authenticationMode string The data plane proxy authentication mode. This property manages the authentication mode of request to the data plane resources. 'Pass-through' is recommended.

Parameter: dataPlaneProxy.privateLinkDelegation

The data plane proxy private link delegation. This property manages if a request from delegated Azure Resource Manager (ARM) private link is allowed when the data plane resource requires private link.

  • Required: Yes
  • Type: string
  • Allowed:
    [
  'Disabled'
  'Enabled'
]

Parameter: dataPlaneProxy.authenticationMode

The data plane proxy authentication mode. This property manages the authentication mode of request to the data plane resources. 'Pass-through' is recommended.

  • Required: No
  • Type: string
  • Allowed:
    [
  'Local'
  'Pass-through'
]

Parameter: diagnosticSettings

The diagnostic settings of the service.

  • Required: No
  • Type: array

Optional parameters

Parameter Type Description
eventHubAuthorizationRuleResourceId string Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
eventHubName string Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
logAnalyticsDestinationType string A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
logCategoriesAndGroups array The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to [] to disable log collection.
marketplacePartnerResourceId string The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
metricCategories array The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to [] to disable metric collection.
name string The name of the diagnostic setting.
storageAccountResourceId string Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
workspaceResourceId string Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

Parameter: diagnosticSettings.eventHubAuthorizationRuleResourceId

Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.eventHubName

Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.logAnalyticsDestinationType

A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.

  • Required: No
  • Type: string
  • Allowed:
    [
  'AzureDiagnostics'
  'Dedicated'
]

Parameter: diagnosticSettings.logCategoriesAndGroups

The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to [] to disable log collection.

  • Required: No
  • Type: array

Optional parameters

Parameter Type Description
category string Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.
categoryGroup string Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to allLogs to collect all logs.
enabled bool Enable or disable the category explicitly. Default is true.

Parameter: diagnosticSettings.logCategoriesAndGroups.category

Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.logCategoriesAndGroups.categoryGroup

Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to allLogs to collect all logs.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.logCategoriesAndGroups.enabled

Enable or disable the category explicitly. Default is true.

  • Required: No
  • Type: bool

Parameter: diagnosticSettings.marketplacePartnerResourceId

The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.metricCategories

The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to [] to disable metric collection.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
category string Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to AllMetrics to collect all metrics.

Optional parameters

Parameter Type Description
enabled bool Enable or disable the category explicitly. Default is true.

Parameter: diagnosticSettings.metricCategories.category

Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to AllMetrics to collect all metrics.

  • Required: Yes
  • Type: string

Parameter: diagnosticSettings.metricCategories.enabled

Enable or disable the category explicitly. Default is true.

  • Required: No
  • Type: bool

Parameter: diagnosticSettings.name

The name of the diagnostic setting.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.storageAccountResourceId

Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

  • Required: No
  • Type: string

Parameter: diagnosticSettings.workspaceResourceId

Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

  • Required: No
  • Type: string

Parameter: disableLocalAuth

Disables all authentication methods other than AAD authentication.

  • Required: No
  • Type: bool
  • Default: True

Parameter: enablePurgeProtection

Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier.

  • Required: No
  • Type: bool
  • Default: True

Parameter: enableTelemetry

Enable/Disable usage telemetry for module.

  • Required: No
  • Type: bool
  • Default: True

Parameter: keyValues

All Key / Values to create. Requires local authentication to be enabled.

  • Required: No
  • Type: array

Parameter: location

Location for all Resources.

  • Required: No
  • Type: string
  • Default: [resourceGroup().location]

Parameter: lock

The lock settings of the service.

  • Required: No
  • Type: object

Optional parameters

Parameter Type Description
kind string Specify the type of lock.
name string Specify the name of lock.
notes string Specify the notes of the lock.

Parameter: lock.kind

Specify the type of lock.

  • Required: No
  • Type: string
  • Allowed:
    [
  'CanNotDelete'
  'None'
  'ReadOnly'
]

Parameter: lock.name

Specify the name of lock.

  • Required: No
  • Type: string

Parameter: lock.notes

Specify the notes of the lock.

  • Required: No
  • Type: string

Parameter: managedIdentities

The managed identity definition for this resource.

  • Required: No
  • Type: object

Optional parameters

Parameter Type Description
systemAssigned bool Enables system assigned managed identity on the resource.
userAssignedResourceIds array The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.

Parameter: managedIdentities.systemAssigned

Enables system assigned managed identity on the resource.

  • Required: No
  • Type: bool

Parameter: managedIdentities.userAssignedResourceIds

The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.

  • Required: No
  • Type: array

Parameter: privateEndpoints

Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
subnetResourceId string Resource ID of the subnet where the endpoint needs to be created.

Optional parameters

Parameter Type Description
applicationSecurityGroupResourceIds array Application security groups in which the Private Endpoint IP configuration is included.
customDnsConfigs array Custom DNS configurations.
customNetworkInterfaceName string The custom name of the network interface attached to the Private Endpoint.
enableTelemetry bool Enable/Disable usage telemetry for module.
ipConfigurations array A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints.
isManualConnection bool If Manual Private Link Connection is required.
location string The location to deploy the Private Endpoint to.
lock object Specify the type of lock.
manualConnectionRequestMessage string A message passed to the owner of the remote resource with the manual connection request.
name string The name of the Private Endpoint.
privateDnsZoneGroup object The private DNS Zone Group to configure for the Private Endpoint.
privateLinkServiceConnectionName string The name of the private link connection to create.
resourceGroupResourceId string The resource ID of the Resource Group the Private Endpoint will be created in. If not specified, the Resource Group of the provided Virtual Network Subnet is used.
roleAssignments array Array of role assignments to create.
service string The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint.
tags object Tags to be applied on all resources/Resource Groups in this deployment.

Parameter: privateEndpoints.subnetResourceId

Resource ID of the subnet where the endpoint needs to be created.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.applicationSecurityGroupResourceIds

Application security groups in which the Private Endpoint IP configuration is included.

  • Required: No
  • Type: array

Parameter: privateEndpoints.customDnsConfigs

Custom DNS configurations.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
ipAddresses array A list of private IP addresses of the private endpoint.

Optional parameters

Parameter Type Description
fqdn string FQDN that resolves to private endpoint IP address.

Parameter: privateEndpoints.customDnsConfigs.ipAddresses

A list of private IP addresses of the private endpoint.

  • Required: Yes
  • Type: array

Parameter: privateEndpoints.customDnsConfigs.fqdn

FQDN that resolves to private endpoint IP address.

  • Required: No
  • Type: string

Parameter: privateEndpoints.customNetworkInterfaceName

The custom name of the network interface attached to the Private Endpoint.

  • Required: No
  • Type: string

Parameter: privateEndpoints.enableTelemetry

Enable/Disable usage telemetry for module.

  • Required: No
  • Type: bool

Parameter: privateEndpoints.ipConfigurations

A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
name string The name of the resource that is unique within a resource group.
properties object Properties of private endpoint IP configurations.

Parameter: privateEndpoints.ipConfigurations.name

The name of the resource that is unique within a resource group.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.ipConfigurations.properties

Properties of private endpoint IP configurations.

  • Required: Yes
  • Type: object

Required parameters

Parameter Type Description
groupId string The ID of a group obtained from the remote resource that this private endpoint should connect to.
memberName string The member name of a group obtained from the remote resource that this private endpoint should connect to.
privateIPAddress string A private IP address obtained from the private endpoint's subnet.

Parameter: privateEndpoints.ipConfigurations.properties.groupId

The ID of a group obtained from the remote resource that this private endpoint should connect to.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.ipConfigurations.properties.memberName

The member name of a group obtained from the remote resource that this private endpoint should connect to.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.ipConfigurations.properties.privateIPAddress

A private IP address obtained from the private endpoint's subnet.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.isManualConnection

If Manual Private Link Connection is required.

  • Required: No
  • Type: bool

Parameter: privateEndpoints.location

The location to deploy the Private Endpoint to.

  • Required: No
  • Type: string

Parameter: privateEndpoints.lock

Specify the type of lock.

  • Required: No
  • Type: object

Optional parameters

Parameter Type Description
kind string Specify the type of lock.
name string Specify the name of lock.
notes string Specify the notes of the lock.

Parameter: privateEndpoints.lock.kind

Specify the type of lock.

  • Required: No
  • Type: string
  • Allowed:
    [
  'CanNotDelete'
  'None'
  'ReadOnly'
]

Parameter: privateEndpoints.lock.name

Specify the name of lock.

  • Required: No
  • Type: string

Parameter: privateEndpoints.lock.notes

Specify the notes of the lock.

  • Required: No
  • Type: string

Parameter: privateEndpoints.manualConnectionRequestMessage

A message passed to the owner of the remote resource with the manual connection request.

  • Required: No
  • Type: string

Parameter: privateEndpoints.name

The name of the Private Endpoint.

  • Required: No
  • Type: string

Parameter: privateEndpoints.privateDnsZoneGroup

The private DNS Zone Group to configure for the Private Endpoint.

  • Required: No
  • Type: object

Required parameters

Parameter Type Description
privateDnsZoneGroupConfigs array The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones.

Optional parameters

Parameter Type Description
name string The name of the Private DNS Zone Group.

Parameter: privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs

The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones.

  • Required: Yes
  • Type: array

Required parameters

Parameter Type Description
privateDnsZoneResourceId string The resource id of the private DNS zone.

Optional parameters

Parameter Type Description
name string The name of the private DNS Zone Group config.

Parameter: privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId

The resource id of the private DNS zone.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name

The name of the private DNS Zone Group config.

  • Required: No
  • Type: string

Parameter: privateEndpoints.privateDnsZoneGroup.name

The name of the Private DNS Zone Group.

  • Required: No
  • Type: string

Parameter: privateEndpoints.privateLinkServiceConnectionName

The name of the private link connection to create.

  • Required: No
  • Type: string

Parameter: privateEndpoints.resourceGroupResourceId

The resource ID of the Resource Group the Private Endpoint will be created in. If not specified, the Resource Group of the provided Virtual Network Subnet is used.

  • Required: No
  • Type: string

Parameter: privateEndpoints.roleAssignments

Array of role assignments to create.

  • Required: No
  • Type: array
  • Roles configurable by name:
    • 'Contributor'
    • 'DNS Resolver Contributor'
    • 'DNS Zone Contributor'
    • 'Domain Services Contributor'
    • 'Domain Services Reader'
    • 'Network Contributor'
    • 'Owner'
    • 'Private DNS Zone Contributor'
    • 'Reader'
    • 'Role Based Access Control Administrator'

Required parameters

Parameter Type Description
principalId string The principal ID of the principal (user/group/identity) to assign the role to.
roleDefinitionIdOrName string The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

Optional parameters

Parameter Type Description
condition string The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".
conditionVersion string Version of the condition.
delegatedManagedIdentityResourceId string The Resource Id of the delegated managed identity resource.
description string The description of the role assignment.
name string The name (as GUID) of the role assignment. If not provided, a GUID will be generated.
principalType string The principal type of the assigned principal ID.

Parameter: privateEndpoints.roleAssignments.principalId

The principal ID of the principal (user/group/identity) to assign the role to.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.roleAssignments.roleDefinitionIdOrName

The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

  • Required: Yes
  • Type: string

Parameter: privateEndpoints.roleAssignments.condition

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".

  • Required: No
  • Type: string

Parameter: privateEndpoints.roleAssignments.conditionVersion

Version of the condition.

  • Required: No
  • Type: string
  • Allowed:
    [
  '2.0'
]

Parameter: privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId

The Resource Id of the delegated managed identity resource.

  • Required: No
  • Type: string

Parameter: privateEndpoints.roleAssignments.description

The description of the role assignment.

  • Required: No
  • Type: string

Parameter: privateEndpoints.roleAssignments.name

The name (as GUID) of the role assignment. If not provided, a GUID will be generated.

  • Required: No
  • Type: string

Parameter: privateEndpoints.roleAssignments.principalType

The principal type of the assigned principal ID.

  • Required: No
  • Type: string
  • Allowed:
    [
  'Device'
  'ForeignGroup'
  'Group'
  'ServicePrincipal'
  'User'
]

Parameter: privateEndpoints.service

The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint.

  • Required: No
  • Type: string

Parameter: privateEndpoints.tags

Tags to be applied on all resources/Resource Groups in this deployment.

  • Required: No
  • Type: object

Parameter: publicNetworkAccess

Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.

  • Required: No
  • Type: string
  • Allowed:
    [
  'Disabled'
  'Enabled'
]

Parameter: replicaLocations

All Replicas to create.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
replicaLocation string Location of the replica.

Optional parameters

Parameter Type Description
name string Name of the replica.

Parameter: replicaLocations.replicaLocation

Location of the replica.

  • Required: Yes
  • Type: string

Parameter: replicaLocations.name

Name of the replica.

  • Required: No
  • Type: string

Parameter: roleAssignments

Array of role assignments to create.

  • Required: No
  • Type: array
  • Roles configurable by name:
    • 'App Compliance Automation Administrator'
    • 'App Compliance Automation Reader'
    • 'App Configuration Data Owner'
    • 'App Configuration Data Reader'
    • 'App Configuration Reader'
    • 'App Configuration Contributor'
    • 'Contributor'
    • 'Owner'
    • 'Reader'
    • 'Role Based Access Control Administrator'
    • 'User Access Administrator'

Required parameters

Parameter Type Description
principalId string The principal ID of the principal (user/group/identity) to assign the role to.
roleDefinitionIdOrName string The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

Optional parameters

Parameter Type Description
condition string The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".
conditionVersion string Version of the condition.
delegatedManagedIdentityResourceId string The Resource Id of the delegated managed identity resource.
description string The description of the role assignment.
name string The name (as GUID) of the role assignment. If not provided, a GUID will be generated.
principalType string The principal type of the assigned principal ID.

Parameter: roleAssignments.principalId

The principal ID of the principal (user/group/identity) to assign the role to.

  • Required: Yes
  • Type: string

Parameter: roleAssignments.roleDefinitionIdOrName

The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

  • Required: Yes
  • Type: string

Parameter: roleAssignments.condition

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".

  • Required: No
  • Type: string

Parameter: roleAssignments.conditionVersion

Version of the condition.

  • Required: No
  • Type: string
  • Allowed:
    [
  '2.0'
]

Parameter: roleAssignments.delegatedManagedIdentityResourceId

The Resource Id of the delegated managed identity resource.

  • Required: No
  • Type: string

Parameter: roleAssignments.description

The description of the role assignment.

  • Required: No
  • Type: string

Parameter: roleAssignments.name

The name (as GUID) of the role assignment. If not provided, a GUID will be generated.

  • Required: No
  • Type: string

Parameter: roleAssignments.principalType

The principal type of the assigned principal ID.

  • Required: No
  • Type: string
  • Allowed:
    [
  'Device'
  'ForeignGroup'
  'Group'
  'ServicePrincipal'
  'User'
]

Parameter: sku

Pricing tier of App Configuration.

  • Required: No
  • Type: string
  • Default: 'Standard'
  • Allowed:
    [
  'Developer'
  'Free'
  'Premium'
  'Standard'
]

Parameter: softDeleteRetentionInDays

The amount of time in days that the configuration store will be retained when it is soft deleted.

  • Required: No
  • Type: int
  • Default: 1
  • MinValue: 1
  • MaxValue: 7

Parameter: tags

Tags of the resource.

  • Required: No
  • Type: object

Outputs

Output Type Description
endpoint string The endpoint of the app configuration.
location string The location the resource was deployed into.
name string The name of the app configuration.
privateEndpoints array The private endpoints of the app configuration.
resourceGroupName string The resource group the app configuration store was deployed into.
resourceId string The resource ID of the app configuration.
systemAssignedMIPrincipalId string The principal ID of the system assigned identity.

Cross-referenced modules

This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).

Reference Type
./packages/private-endpoints/main.bicep Local Reference
./packages/utl-common-types/0.5.1/main.bicep Local Reference
./packages/utl-common-types/0.6.0/main.bicep Local Reference
./packages/utl-common-types/0.6.1/main.bicep Local Reference

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

Changelog

The latest version of the changelog can be found here.

0.9.2

Changes

  • Updated logic for softDeleteRetentionInDays: now sets retention to 0 when sku is Developer (previously only checked for Free).
  • Updated logic for enablePurgeProtections: now sets retention to false when sku is Developer (previously only checked for Free).

Breaking Changes

  • None

0.9.1

Changes

  • Updated privateEndpoints parameter type to 'avm-common-types' 0.6.1, adding a type to its tags property

Breaking Changes

  • None

0.9.0

Changes

  • Updated the API version for Microsoft.AppConfiguration/configurationStores, keyValues, and replicas resources from 2024-05-01 to 2025-02-01-preview in both Bicep and JSON templates, ensuring support for the latest platform features.
  • Upgraded related resource API versions, including telemetry deployments to 2025-04-01 and Key Vault to 2024-12-01-preview.
  • Added support for new pricing tiers: Developer and Premium, in addition to existing tiers, across documentation, Bicep, and JSON templates.
  • Improved handling of Customer Managed Keys (CMK) by using safe navigation operators and more robust property access, increasing reliability when referencing Key Vault resources and identities.
  • Added built-in role assignments for App Configuration Reader and App Configuration Contributor, both in documentation and implementation, allowing finer-grained access control.
  • Applied @batchSize(1) to the replica deployment module for improved resource management and reliability during parallel deployments.

Breaking Changes

  • None

0.8.0

Changes

  • Updated LockType to 'avm-common-types version' 0.6.0, enabling custom notes for locks.

Breaking Changes

  • Added type for replica location, enabling the specification of the replica name

0.7.0

Changes

  • Upgraded to version 0.11.0 of Private-Endpoint module
  • Updated interface of privateEndpoints parameter to avm-common-types version 0.5.1 which allows defining the additional scope parameter resourceGroupResourceId to optionally deploy a private endpoint into a different resource group in the same or different subscription
  • Updated ReadMe with AzAdvertizer reference

Breaking Changes

  • Added type for Private Endpoint output to allow discovery
    • Changed the contained property name customDnsConfig to customDnsConfigs and networkInterfaceIds to networkInterfaceResourceIds
  • Introduced a type for the tags parameter

0.6.3

Changes

  • Initial version

Breaking Changes

  • None
 
 {
  "workingFolder": "packages",
  "packages": [
    // packages defined earlier
    {
      "name": "avm-bicep/app-config-stores",
      "version": "0.9.2"
    }
  ]
}

Stats

Selected version:

0.9.2

Downloads this version:

0

Downloads all versions:

11

Latest version:

0.9.2

Latest update:

04-09-2025

avm-bicep

Other versions (5)

0.9.2

0.9.0

0.7.0

0.6.0

0.5.2

Other packages

from avm-bicep

aad-domain-services

action-rules

action-groups

View all from publisher