Microsoft.App managedEnvironments
Bicep resource definition
The managedEnvironments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/managedEnvironments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.App/managedEnvironments@2024-03-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
kind: 'string'
properties: {
appLogsConfiguration: {
destination: 'string'
logAnalyticsConfiguration: {
customerId: 'string'
sharedKey: 'string'
}
}
customDomainConfiguration: {
certificatePassword: 'string'
certificateValue: any()
dnsSuffix: 'string'
}
daprAIConnectionString: 'string'
daprAIInstrumentationKey: 'string'
daprConfiguration: {}
infrastructureResourceGroup: 'string'
kedaConfiguration: {}
peerAuthentication: {
mtls: {
enabled: bool
}
}
peerTrafficConfiguration: {
encryption: {
enabled: bool
}
}
vnetConfiguration: {
dockerBridgeCidr: 'string'
infrastructureSubnetId: 'string'
internal: bool
platformReservedCidr: 'string'
platformReservedDnsIP: 'string'
}
workloadProfiles: [
{
maximumCount: int
minimumCount: int
name: 'string'
workloadProfileType: 'string'
}
]
zoneRedundant: bool
}
}
Property values
managedEnvironments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| location | The geo-location where the resource lives | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| kind | Kind of the Environment. | string |
| properties | Managed environment resource specific properties | ManagedEnvironmentProperties |
ManagedEnvironmentProperties
| Name | Description | Value |
|---|---|---|
| appLogsConfiguration | Cluster configuration which enables the log daemon to export app logs to a destination. Currently only "log-analytics" is supported |
AppLogsConfiguration |
| customDomainConfiguration | Custom domain configuration for the environment | CustomDomainConfiguration |
| daprAIConnectionString | Application Insights connection string used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprConfiguration | The configuration of Dapr component. | DaprConfiguration |
| infrastructureResourceGroup | Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. | string |
| kedaConfiguration | The configuration of Keda component. | KedaConfiguration |
| peerAuthentication | Peer authentication settings for the Managed Environment | ManagedEnvironmentPropertiesPeerAuthentication |
| peerTrafficConfiguration | Peer traffic settings for the Managed Environment | ManagedEnvironmentPropertiesPeerTrafficConfiguration |
| vnetConfiguration | Vnet configuration for the environment | VnetConfiguration |
| workloadProfiles | Workload profiles configured for the Managed Environment. | WorkloadProfile[] |
| zoneRedundant | Whether or not this Managed Environment is zone-redundant. | bool |
AppLogsConfiguration
| Name | Description | Value |
|---|---|---|
| destination | Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' | string |
| logAnalyticsConfiguration | Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' | LogAnalyticsConfiguration |
LogAnalyticsConfiguration
| Name | Description | Value |
|---|---|---|
| customerId | Log analytics customer id | string |
| sharedKey | Log analytics customer key | string Constraints: Sensitive value. Pass in as a secure parameter. |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificatePassword | Certificate password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| certificateValue | PFX or PEM blob | For Bicep, you can use the any() function. |
| dnsSuffix | Dns suffix for the environment domain | string |
DaprConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
KedaConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ManagedEnvironmentPropertiesPeerAuthentication
| Name | Description | Value |
|---|---|---|
| mtls | Mutual TLS authentication settings for the Managed Environment | Mtls |
Mtls
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the mutual TLS authentication is enabled | bool |
ManagedEnvironmentPropertiesPeerTrafficConfiguration
| Name | Description | Value |
|---|---|---|
| encryption | Peer traffic encryption settings for the Managed Environment | ManagedEnvironmentPropertiesPeerTrafficConfiguration... |
ManagedEnvironmentPropertiesPeerTrafficConfiguration...
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the peer traffic encryption is enabled | bool |
VnetConfiguration
| Name | Description | Value |
|---|---|---|
| dockerBridgeCidr | CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. | string |
| infrastructureSubnetId | Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. | string |
| internal | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property | bool |
| platformReservedCidr | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. | string |
| platformReservedDnsIP | An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. | string |
WorkloadProfile
| Name | Description | Value |
|---|---|---|
| maximumCount | The maximum capacity. | int |
| minimumCount | The minimum capacity. | int |
| name | Workload profile type for the workloads to run on. | string (required) |
| workloadProfileType | Workload profile type for the workloads to run on. | string (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
| Creates a two Container App with a Container App Environment |
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Container App within a Container App Environment |
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Container App with a defined HTTP scaling rule |
Create a Container App Environment with a basic Container App that scales based on HTTP traffic. |
| Creates an external Container App environment with a VNET |
Creates an external Container App environment with a VNET. |
| Creates an internal Container App environment with a VNET |
Creates an internal Container App environment with a VNET. |
ARM template resource definition
The managedEnvironments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/managedEnvironments resource, add the following JSON to your template.
{
"type": "Microsoft.App/managedEnvironments",
"apiVersion": "2024-03-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"kind": "string",
"properties": {
"appLogsConfiguration": {
"destination": "string",
"logAnalyticsConfiguration": {
"customerId": "string",
"sharedKey": "string"
}
},
"customDomainConfiguration": {
"certificatePassword": "string",
"certificateValue": {},
"dnsSuffix": "string"
},
"daprAIConnectionString": "string",
"daprAIInstrumentationKey": "string",
"daprConfiguration": {},
"infrastructureResourceGroup": "string",
"kedaConfiguration": {},
"peerAuthentication": {
"mtls": {
"enabled": "bool"
}
},
"peerTrafficConfiguration": {
"encryption": {
"enabled": "bool"
}
},
"vnetConfiguration": {
"dockerBridgeCidr": "string",
"infrastructureSubnetId": "string",
"internal": "bool",
"platformReservedCidr": "string",
"platformReservedDnsIP": "string"
},
"workloadProfiles": [
{
"maximumCount": "int",
"minimumCount": "int",
"name": "string",
"workloadProfileType": "string"
}
],
"zoneRedundant": "bool"
}
}
Property values
managedEnvironments
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.App/managedEnvironments' |
| apiVersion | The resource api version | '2024-03-01' |
| name | The resource name | string (required) |
| location | The geo-location where the resource lives | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| kind | Kind of the Environment. | string |
| properties | Managed environment resource specific properties | ManagedEnvironmentProperties |
ManagedEnvironmentProperties
| Name | Description | Value |
|---|---|---|
| appLogsConfiguration | Cluster configuration which enables the log daemon to export app logs to a destination. Currently only "log-analytics" is supported |
AppLogsConfiguration |
| customDomainConfiguration | Custom domain configuration for the environment | CustomDomainConfiguration |
| daprAIConnectionString | Application Insights connection string used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprConfiguration | The configuration of Dapr component. | DaprConfiguration |
| infrastructureResourceGroup | Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. | string |
| kedaConfiguration | The configuration of Keda component. | KedaConfiguration |
| peerAuthentication | Peer authentication settings for the Managed Environment | ManagedEnvironmentPropertiesPeerAuthentication |
| peerTrafficConfiguration | Peer traffic settings for the Managed Environment | ManagedEnvironmentPropertiesPeerTrafficConfiguration |
| vnetConfiguration | Vnet configuration for the environment | VnetConfiguration |
| workloadProfiles | Workload profiles configured for the Managed Environment. | WorkloadProfile[] |
| zoneRedundant | Whether or not this Managed Environment is zone-redundant. | bool |
AppLogsConfiguration
| Name | Description | Value |
|---|---|---|
| destination | Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' | string |
| logAnalyticsConfiguration | Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' | LogAnalyticsConfiguration |
LogAnalyticsConfiguration
| Name | Description | Value |
|---|---|---|
| customerId | Log analytics customer id | string |
| sharedKey | Log analytics customer key | string Constraints: Sensitive value. Pass in as a secure parameter. |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificatePassword | Certificate password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| certificateValue | PFX or PEM blob | |
| dnsSuffix | Dns suffix for the environment domain | string |
DaprConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
KedaConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ManagedEnvironmentPropertiesPeerAuthentication
| Name | Description | Value |
|---|---|---|
| mtls | Mutual TLS authentication settings for the Managed Environment | Mtls |
Mtls
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the mutual TLS authentication is enabled | bool |
ManagedEnvironmentPropertiesPeerTrafficConfiguration
| Name | Description | Value |
|---|---|---|
| encryption | Peer traffic encryption settings for the Managed Environment | ManagedEnvironmentPropertiesPeerTrafficConfiguration... |
ManagedEnvironmentPropertiesPeerTrafficConfiguration...
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the peer traffic encryption is enabled | bool |
VnetConfiguration
| Name | Description | Value |
|---|---|---|
| dockerBridgeCidr | CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. | string |
| infrastructureSubnetId | Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. | string |
| internal | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property | bool |
| platformReservedCidr | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. | string |
| platformReservedDnsIP | An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. | string |
WorkloadProfile
| Name | Description | Value |
|---|---|---|
| maximumCount | The maximum capacity. | int |
| minimumCount | The minimum capacity. | int |
| name | Workload profile type for the workloads to run on. | string (required) |
| workloadProfileType | Workload profile type for the workloads to run on. | string (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
| Creates a two Container App with a Container App Environment |
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Container App within a Container App Environment |
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Container App with a defined HTTP scaling rule |
Create a Container App Environment with a basic Container App that scales based on HTTP traffic. |
| Creates an external Container App environment with a VNET |
Creates an external Container App environment with a VNET. |
| Creates an internal Container App environment with a VNET |
Creates an internal Container App environment with a VNET. |
Terraform (AzAPI provider) resource definition
The managedEnvironments resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/managedEnvironments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.App/managedEnvironments@2024-03-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
appLogsConfiguration = {
destination = "string"
logAnalyticsConfiguration = {
customerId = "string"
sharedKey = "string"
}
}
customDomainConfiguration = {
certificatePassword = "string"
dnsSuffix = "string"
}
daprAIConnectionString = "string"
daprAIInstrumentationKey = "string"
daprConfiguration = {}
infrastructureResourceGroup = "string"
kedaConfiguration = {}
peerAuthentication = {
mtls = {
enabled = bool
}
}
peerTrafficConfiguration = {
encryption = {
enabled = bool
}
}
vnetConfiguration = {
dockerBridgeCidr = "string"
infrastructureSubnetId = "string"
internal = bool
platformReservedCidr = "string"
platformReservedDnsIP = "string"
}
workloadProfiles = [
{
maximumCount = int
minimumCount = int
name = "string"
workloadProfileType = "string"
}
]
zoneRedundant = bool
}
kind = "string"
})
}
Property values
managedEnvironments
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.App/managedEnvironments@2024-03-01" |
| name | The resource name | string (required) |
| location | The geo-location where the resource lives | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. |
| kind | Kind of the Environment. | string |
| properties | Managed environment resource specific properties | ManagedEnvironmentProperties |
ManagedEnvironmentProperties
| Name | Description | Value |
|---|---|---|
| appLogsConfiguration | Cluster configuration which enables the log daemon to export app logs to a destination. Currently only "log-analytics" is supported |
AppLogsConfiguration |
| customDomainConfiguration | Custom domain configuration for the environment | CustomDomainConfiguration |
| daprAIConnectionString | Application Insights connection string used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprConfiguration | The configuration of Dapr component. | DaprConfiguration |
| infrastructureResourceGroup | Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. | string |
| kedaConfiguration | The configuration of Keda component. | KedaConfiguration |
| peerAuthentication | Peer authentication settings for the Managed Environment | ManagedEnvironmentPropertiesPeerAuthentication |
| peerTrafficConfiguration | Peer traffic settings for the Managed Environment | ManagedEnvironmentPropertiesPeerTrafficConfiguration |
| vnetConfiguration | Vnet configuration for the environment | VnetConfiguration |
| workloadProfiles | Workload profiles configured for the Managed Environment. | WorkloadProfile[] |
| zoneRedundant | Whether or not this Managed Environment is zone-redundant. | bool |
AppLogsConfiguration
| Name | Description | Value |
|---|---|---|
| destination | Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' | string |
| logAnalyticsConfiguration | Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' | LogAnalyticsConfiguration |
LogAnalyticsConfiguration
| Name | Description | Value |
|---|---|---|
| customerId | Log analytics customer id | string |
| sharedKey | Log analytics customer key | string Constraints: Sensitive value. Pass in as a secure parameter. |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificatePassword | Certificate password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| certificateValue | PFX or PEM blob | |
| dnsSuffix | Dns suffix for the environment domain | string |
DaprConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
KedaConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ManagedEnvironmentPropertiesPeerAuthentication
| Name | Description | Value |
|---|---|---|
| mtls | Mutual TLS authentication settings for the Managed Environment | Mtls |
Mtls
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the mutual TLS authentication is enabled | bool |
ManagedEnvironmentPropertiesPeerTrafficConfiguration
| Name | Description | Value |
|---|---|---|
| encryption | Peer traffic encryption settings for the Managed Environment | ManagedEnvironmentPropertiesPeerTrafficConfiguration... |
ManagedEnvironmentPropertiesPeerTrafficConfiguration...
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the peer traffic encryption is enabled | bool |
VnetConfiguration
| Name | Description | Value |
|---|---|---|
| dockerBridgeCidr | CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. | string |
| infrastructureSubnetId | Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. | string |
| internal | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property | bool |
| platformReservedCidr | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. | string |
| platformReservedDnsIP | An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. | string |
WorkloadProfile
| Name | Description | Value |
|---|---|---|
| maximumCount | The maximum capacity. | int |
| minimumCount | The minimum capacity. | int |
| name | Workload profile type for the workloads to run on. | string (required) |
| workloadProfileType | Workload profile type for the workloads to run on. | string (required) |