Microsoft.Batch batchAccounts 2023-05-01
Bicep resource definition
The batchAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Batch/batchAccounts@2023-05-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
allowedAuthenticationModes: [
'string'
]
autoStorage: {
authenticationMode: 'string'
nodeIdentityReference: {
resourceId: 'string'
}
storageAccountId: 'string'
}
encryption: {
keySource: 'string'
keyVaultProperties: {
keyIdentifier: 'string'
}
}
keyVaultReference: {
id: 'string'
url: 'string'
}
networkProfile: {
accountAccess: {
defaultAction: 'string'
ipRules: [
{
action: 'Allow'
value: 'string'
}
]
}
nodeManagementAccess: {
defaultAction: 'string'
ipRules: [
{
action: 'Allow'
value: 'string'
}
]
}
}
poolAllocationMode: 'string'
publicNetworkAccess: 'string'
}
}
Property values
batchAccounts
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 3-24 Valid characters: Lowercase letters and numbers. |
| location | The region in which to create the account. | string (required) |
| tags | The user-specified tags associated with the account. | Dictionary of tag names and values. See Tags in templates |
| identity | The identity of the Batch account. | BatchAccountIdentity |
| properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties |
BatchAccountIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities |
BatchAccountIdentityUserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | UserAssignedIdentities |
UserAssignedIdentities
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
BatchAccountCreatePropertiesOrBatchAccountProperties
| Name | Description | Value |
|---|---|---|
| allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' |
| autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties |
| encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties |
| keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference |
| networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile |
| poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Azure Active Directory. If the mode is UserSubscription, clients must use Azure Active Directory. The default is BatchService. | 'BatchService' 'UserSubscription' |
| publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' |
AutoStorageBasePropertiesOrAutoStorageProperties
| Name | Description | Value |
|---|---|---|
| authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' |
| nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference |
| storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) |
ComputeNodeIdentityReference
| Name | Description | Value |
|---|---|---|
| resourceId | The ARM resource id of the user assigned identity. | string |
EncryptionProperties
| Name | Description | Value |
|---|---|---|
| keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' |
| keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled |
string |
KeyVaultReference
| Name | Description | Value |
|---|---|---|
| id | The resource ID of the Azure key vault associated with the Batch account. | string (required) |
| url | The URL of the Azure key vault associated with the Batch account. | string (required) |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile |
| nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile |
EndpointAccessProfile
| Name | Description | Value |
|---|---|---|
| defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) |
| ipRules | Array of IP ranges to filter client IP address. | IPRule[] |
IPRule
| Name | Description | Value |
|---|---|---|
| action | Action when client IP address is matched. | 'Allow' (required) |
| value | IPv4 address, or IPv4 address range in CIDR format. | string (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Azure Batch pool without public IP addresses |
This template creates Azure Batch simplified node communication pool without public IP addresses. |
| Create a Batch Account using a template |
This template creates a Batch Account and a storage account. |
ARM template resource definition
The batchAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following JSON to your template.
{
"type": "Microsoft.Batch/batchAccounts",
"apiVersion": "2023-05-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"allowedAuthenticationModes": [ "string" ],
"autoStorage": {
"authenticationMode": "string",
"nodeIdentityReference": {
"resourceId": "string"
},
"storageAccountId": "string"
},
"encryption": {
"keySource": "string",
"keyVaultProperties": {
"keyIdentifier": "string"
}
},
"keyVaultReference": {
"id": "string",
"url": "string"
},
"networkProfile": {
"accountAccess": {
"defaultAction": "string",
"ipRules": [
{
"action": "Allow",
"value": "string"
}
]
},
"nodeManagementAccess": {
"defaultAction": "string",
"ipRules": [
{
"action": "Allow",
"value": "string"
}
]
}
},
"poolAllocationMode": "string",
"publicNetworkAccess": "string"
}
}
Property values
batchAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Batch/batchAccounts' |
| apiVersion | The resource api version | '2023-05-01' |
| name | The resource name | string (required) Character limit: 3-24 Valid characters: Lowercase letters and numbers. |
| location | The region in which to create the account. | string (required) |
| tags | The user-specified tags associated with the account. | Dictionary of tag names and values. See Tags in templates |
| identity | The identity of the Batch account. | BatchAccountIdentity |
| properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties |
BatchAccountIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the Batch account. | 'None' 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The list of user identities associated with the Batch account. | BatchAccountIdentityUserAssignedIdentities |
BatchAccountIdentityUserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | UserAssignedIdentities |
UserAssignedIdentities
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
BatchAccountCreatePropertiesOrBatchAccountProperties
| Name | Description | Value |
|---|---|---|
| allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: 'AAD' 'SharedKey' 'TaskAuthenticationToken' |
| autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties |
| encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties |
| keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference |
| networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile |
| poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Azure Active Directory. If the mode is UserSubscription, clients must use Azure Active Directory. The default is BatchService. | 'BatchService' 'UserSubscription' |
| publicNetworkAccess | If not specified, the default value is 'enabled'. | 'Disabled' 'Enabled' |
AutoStorageBasePropertiesOrAutoStorageProperties
| Name | Description | Value |
|---|---|---|
| authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | 'BatchAccountManagedIdentity' 'StorageKeys' |
| nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference |
| storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) |
ComputeNodeIdentityReference
| Name | Description | Value |
|---|---|---|
| resourceId | The ARM resource id of the user assigned identity. | string |
EncryptionProperties
| Name | Description | Value |
|---|---|---|
| keySource | Type of the key source. | 'Microsoft.Batch' 'Microsoft.KeyVault' |
| keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled |
string |
KeyVaultReference
| Name | Description | Value |
|---|---|---|
| id | The resource ID of the Azure key vault associated with the Batch account. | string (required) |
| url | The URL of the Azure key vault associated with the Batch account. | string (required) |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile |
| nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile |
EndpointAccessProfile
| Name | Description | Value |
|---|---|---|
| defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | 'Allow' 'Deny' (required) |
| ipRules | Array of IP ranges to filter client IP address. | IPRule[] |
IPRule
| Name | Description | Value |
|---|---|---|
| action | Action when client IP address is matched. | 'Allow' (required) |
| value | IPv4 address, or IPv4 address range in CIDR format. | string (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Azure Batch pool without public IP addresses |
This template creates Azure Batch simplified node communication pool without public IP addresses. |
| Create a Batch Account using a template |
This template creates a Batch Account and a storage account. |
Terraform (AzAPI provider) resource definition
The batchAccounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Batch/batchAccounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Batch/batchAccounts@2023-05-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
allowedAuthenticationModes = [
"string"
]
autoStorage = {
authenticationMode = "string"
nodeIdentityReference = {
resourceId = "string"
}
storageAccountId = "string"
}
encryption = {
keySource = "string"
keyVaultProperties = {
keyIdentifier = "string"
}
}
keyVaultReference = {
id = "string"
url = "string"
}
networkProfile = {
accountAccess = {
defaultAction = "string"
ipRules = [
{
action = "Allow"
value = "string"
}
]
}
nodeManagementAccess = {
defaultAction = "string"
ipRules = [
{
action = "Allow"
value = "string"
}
]
}
}
poolAllocationMode = "string"
publicNetworkAccess = "string"
}
})
}
Property values
batchAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Batch/batchAccounts@2023-05-01" |
| name | The resource name | string (required) Character limit: 3-24 Valid characters: Lowercase letters and numbers. |
| location | The region in which to create the account. | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | The user-specified tags associated with the account. | Dictionary of tag names and values. |
| identity | The identity of the Batch account. | BatchAccountIdentity |
| properties | The properties of the Batch account. | BatchAccountCreatePropertiesOrBatchAccountProperties |
BatchAccountIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the Batch account. | "SystemAssigned" "UserAssigned" (required) |
| identity_ids | The list of user identities associated with the Batch account. | Array of user identity IDs. |
BatchAccountIdentityUserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | UserAssignedIdentities |
UserAssignedIdentities
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
BatchAccountCreatePropertiesOrBatchAccountProperties
| Name | Description | Value |
|---|---|---|
| allowedAuthenticationModes | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. This does not affect authentication with the control plane. | String array containing any of: "AAD" "SharedKey" "TaskAuthenticationToken" |
| autoStorage | The properties related to the auto-storage account. | AutoStorageBasePropertiesOrAutoStorageProperties |
| encryption | Configures how customer data is encrypted inside the Batch account. By default, accounts are encrypted using a Microsoft managed key. For additional control, a customer-managed key can be used instead. | EncryptionProperties |
| keyVaultReference | A reference to the Azure key vault associated with the Batch account. | KeyVaultReference |
| networkProfile | The network profile only takes effect when publicNetworkAccess is enabled. | NetworkProfile |
| poolAllocationMode | The pool allocation mode also affects how clients may authenticate to the Batch Service API. If the mode is BatchService, clients may authenticate using access keys or Azure Active Directory. If the mode is UserSubscription, clients must use Azure Active Directory. The default is BatchService. | "BatchService" "UserSubscription" |
| publicNetworkAccess | If not specified, the default value is 'enabled'. | "Disabled" "Enabled" |
AutoStorageBasePropertiesOrAutoStorageProperties
| Name | Description | Value |
|---|---|---|
| authenticationMode | The authentication mode which the Batch service will use to manage the auto-storage account. | "BatchAccountManagedIdentity" "StorageKeys" |
| nodeIdentityReference | The identity referenced here must be assigned to pools which have compute nodes that need access to auto-storage. | ComputeNodeIdentityReference |
| storageAccountId | The resource ID of the storage account to be used for auto-storage account. | string (required) |
ComputeNodeIdentityReference
| Name | Description | Value |
|---|---|---|
| resourceId | The ARM resource id of the user assigned identity. | string |
EncryptionProperties
| Name | Description | Value |
|---|---|---|
| keySource | Type of the key source. | "Microsoft.Batch" "Microsoft.KeyVault" |
| keyVaultProperties | Additional details when using Microsoft.KeyVault | KeyVaultProperties |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyIdentifier | Full path to the secret with or without version. Example https://mykeyvault.vault.azure.net/keys/testkey/6e34a81fef704045975661e297a4c053. or https://mykeyvault.vault.azure.net/keys/testkey. To be usable the following prerequisites must be met:The Batch Account has a System Assigned identity The account identity has been granted Key/Get, Key/Unwrap and Key/Wrap permissions The KeyVault has soft-delete and purge protection enabled |
string |
KeyVaultReference
| Name | Description | Value |
|---|---|---|
| id | The resource ID of the Azure key vault associated with the Batch account. | string (required) |
| url | The URL of the Azure key vault associated with the Batch account. | string (required) |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| accountAccess | Network access profile for batchAccount endpoint (Batch account data plane API). | EndpointAccessProfile |
| nodeManagementAccess | Network access profile for nodeManagement endpoint (Batch service managing compute nodes for Batch pools). | EndpointAccessProfile |
EndpointAccessProfile
| Name | Description | Value |
|---|---|---|
| defaultAction | Default action for endpoint access. It is only applicable when publicNetworkAccess is enabled. | "Allow" "Deny" (required) |
| ipRules | Array of IP ranges to filter client IP address. | IPRule[] |
IPRule
| Name | Description | Value |
|---|---|---|
| action | Action when client IP address is matched. | "Allow" (required) |
| value | IPv4 address, or IPv4 address range in CIDR format. | string (required) |