Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03' = {
parent: resourceSymbolicName
___location: 'string'
name: 'string'
properties: {
defaultAccess: 'string'
excludeFromLatest: bool
mode: 'string'
rules: {
identities: [
{
exePath: 'string'
groupName: 'string'
name: 'string'
processName: 'string'
userName: 'string'
}
]
privileges: [
{
name: 'string'
path: 'string'
queryParameters: {
{customized property}: 'string'
}
}
]
roleAssignments: [
{
identities: [
'string'
]
role: 'string'
}
]
roles: [
{
name: 'string'
privileges: [
'string'
]
}
]
}
targetLocations: [
{
additionalReplicaSets: [
{
regionalReplicaCount: int
storageAccountType: 'string'
}
]
encryption: {
dataDiskImages: [
{
diskEncryptionSetId: 'string'
lun: int
}
]
osDiskImage: {
diskEncryptionSetId: 'string'
securityProfile: {
confidentialVMEncryptionType: 'string'
secureVMDiskEncryptionSetId: 'string'
}
}
}
excludeFromLatest: bool
name: 'string'
regionalReplicaCount: int
storageAccountType: 'string'
}
]
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Compute/galleries/inVMAccessControlProfiles/versions
| Name | Description | Value |
|---|---|---|
| ___location | The geo-___location where the resource lives | string (required) |
| name | The resource name | string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: galleries/inVMAccessControlProfiles |
| properties | Describes the properties of an inVMAccessControlProfile version. | GalleryInVMAccessControlProfileVersionProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
AccessControlRules
| Name | Description | Value |
|---|---|---|
| identities | A list of identities. | AccessControlRulesIdentity[] |
| privileges | A list of privileges. | AccessControlRulesPrivilege[] |
| roleAssignments | A list of role assignments. | AccessControlRulesRoleAssignment[] |
| roles | A list of roles. | AccessControlRulesRole[] |
AccessControlRulesIdentity
| Name | Description | Value |
|---|---|---|
| exePath | The path to the executable. | string |
| groupName | The groupName corresponding to this identity. | string |
| name | The name of the identity. | string (required) |
| processName | The process name of the executable. | string |
| userName | The username corresponding to this identity. | string |
AccessControlRulesPrivilege
| Name | Description | Value |
|---|---|---|
| name | The name of the privilege. | string (required) |
| path | The HTTP path corresponding to the privilege. | string (required) |
| queryParameters | The query parameters to match in the path. | AccessControlRulesPrivilegeQueryParameters |
AccessControlRulesPrivilegeQueryParameters
| Name | Description | Value |
|---|
AccessControlRulesRole
| Name | Description | Value |
|---|---|---|
| name | The name of the role. | string (required) |
| privileges | A list of privileges needed by this role. | string[] (required) |
AccessControlRulesRoleAssignment
| Name | Description | Value |
|---|---|---|
| identities | A list of identities that can access the privileges defined by the role. | string[] (required) |
| role | The name of the role. | string (required) |
AdditionalReplicaSet
| Name | Description | Value |
|---|---|---|
| regionalReplicaCount | The number of direct drive replicas of the Image Version to be created.This Property is updatable | int |
| storageAccountType | Specifies the storage account type to be used to create the direct drive replicas | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
DataDiskImageEncryption
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
| lun | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. | int (required) |
EncryptionImages
| Name | Description | Value |
|---|---|---|
| dataDiskImages | A list of encryption specifications for data disk images. | DataDiskImageEncryption[] |
| osDiskImage | Contains encryption settings for an OS disk image. | OSDiskImageEncryption |
GalleryInVMAccessControlProfileVersionProperties
| Name | Description | Value |
|---|---|---|
| defaultAccess | This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. | 'Allow' 'Deny' (required) |
| excludeFromLatest | If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. | bool |
| mode | This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. | 'Audit' 'Disabled' 'Enforce' (required) |
| rules | This is the Access Control Rules specification for an inVMAccessControlProfile version. | AccessControlRules |
| targetLocations | The target regions where the Resource Profile version is going to be replicated to. This property is updatable. | TargetRegion[] |
OSDiskImageEncryption
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
| securityProfile | This property specifies the security profile of an OS disk image. | OSDiskImageSecurityProfile |
OSDiskImageSecurityProfile
| Name | Description | Value |
|---|---|---|
| confidentialVMEncryptionType | confidential VM encryption types | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' 'NonPersistedTPM' |
| secureVMDiskEncryptionSetId | secure VM disk encryption set id | string |
TargetRegion
| Name | Description | Value |
|---|---|---|
| additionalReplicaSets | List of storage sku with replica count to create direct drive replicas. | AdditionalReplicaSet[] |
| encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. | EncryptionImages |
| excludeFromLatest | Contains the flag setting to hide an image when users specify version='latest' | bool |
| name | The name of the region. | string (required) |
| regionalReplicaCount | The number of replicas of the Image Version to be created per region. This property is updatable. | int |
| storageAccountType | Specifies the storage account type to be used to store the image. This property is not updatable. | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
TrackedResourceTags
| Name | Description | Value |
|---|
ARM template resource definition
The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions",
"apiVersion": "2024-03-03",
"name": "string",
"___location": "string",
"properties": {
"defaultAccess": "string",
"excludeFromLatest": "bool",
"mode": "string",
"rules": {
"identities": [
{
"exePath": "string",
"groupName": "string",
"name": "string",
"processName": "string",
"userName": "string"
}
],
"privileges": [
{
"name": "string",
"path": "string",
"queryParameters": {
"{customized property}": "string"
}
}
],
"roleAssignments": [
{
"identities": [ "string" ],
"role": "string"
}
],
"roles": [
{
"name": "string",
"privileges": [ "string" ]
}
]
},
"targetLocations": [
{
"additionalReplicaSets": [
{
"regionalReplicaCount": "int",
"storageAccountType": "string"
}
],
"encryption": {
"dataDiskImages": [
{
"diskEncryptionSetId": "string",
"lun": "int"
}
],
"osDiskImage": {
"diskEncryptionSetId": "string",
"securityProfile": {
"confidentialVMEncryptionType": "string",
"secureVMDiskEncryptionSetId": "string"
}
}
},
"excludeFromLatest": "bool",
"name": "string",
"regionalReplicaCount": "int",
"storageAccountType": "string"
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Compute/galleries/inVMAccessControlProfiles/versions
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-03-03' |
| ___location | The geo-___location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Describes the properties of an inVMAccessControlProfile version. | GalleryInVMAccessControlProfileVersionProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Compute/galleries/inVMAccessControlProfiles/versions' |
AccessControlRules
| Name | Description | Value |
|---|---|---|
| identities | A list of identities. | AccessControlRulesIdentity[] |
| privileges | A list of privileges. | AccessControlRulesPrivilege[] |
| roleAssignments | A list of role assignments. | AccessControlRulesRoleAssignment[] |
| roles | A list of roles. | AccessControlRulesRole[] |
AccessControlRulesIdentity
| Name | Description | Value |
|---|---|---|
| exePath | The path to the executable. | string |
| groupName | The groupName corresponding to this identity. | string |
| name | The name of the identity. | string (required) |
| processName | The process name of the executable. | string |
| userName | The username corresponding to this identity. | string |
AccessControlRulesPrivilege
| Name | Description | Value |
|---|---|---|
| name | The name of the privilege. | string (required) |
| path | The HTTP path corresponding to the privilege. | string (required) |
| queryParameters | The query parameters to match in the path. | AccessControlRulesPrivilegeQueryParameters |
AccessControlRulesPrivilegeQueryParameters
| Name | Description | Value |
|---|
AccessControlRulesRole
| Name | Description | Value |
|---|---|---|
| name | The name of the role. | string (required) |
| privileges | A list of privileges needed by this role. | string[] (required) |
AccessControlRulesRoleAssignment
| Name | Description | Value |
|---|---|---|
| identities | A list of identities that can access the privileges defined by the role. | string[] (required) |
| role | The name of the role. | string (required) |
AdditionalReplicaSet
| Name | Description | Value |
|---|---|---|
| regionalReplicaCount | The number of direct drive replicas of the Image Version to be created.This Property is updatable | int |
| storageAccountType | Specifies the storage account type to be used to create the direct drive replicas | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
DataDiskImageEncryption
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
| lun | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. | int (required) |
EncryptionImages
| Name | Description | Value |
|---|---|---|
| dataDiskImages | A list of encryption specifications for data disk images. | DataDiskImageEncryption[] |
| osDiskImage | Contains encryption settings for an OS disk image. | OSDiskImageEncryption |
GalleryInVMAccessControlProfileVersionProperties
| Name | Description | Value |
|---|---|---|
| defaultAccess | This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. | 'Allow' 'Deny' (required) |
| excludeFromLatest | If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. | bool |
| mode | This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. | 'Audit' 'Disabled' 'Enforce' (required) |
| rules | This is the Access Control Rules specification for an inVMAccessControlProfile version. | AccessControlRules |
| targetLocations | The target regions where the Resource Profile version is going to be replicated to. This property is updatable. | TargetRegion[] |
OSDiskImageEncryption
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
| securityProfile | This property specifies the security profile of an OS disk image. | OSDiskImageSecurityProfile |
OSDiskImageSecurityProfile
| Name | Description | Value |
|---|---|---|
| confidentialVMEncryptionType | confidential VM encryption types | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' 'NonPersistedTPM' |
| secureVMDiskEncryptionSetId | secure VM disk encryption set id | string |
TargetRegion
| Name | Description | Value |
|---|---|---|
| additionalReplicaSets | List of storage sku with replica count to create direct drive replicas. | AdditionalReplicaSet[] |
| encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. | EncryptionImages |
| excludeFromLatest | Contains the flag setting to hide an image when users specify version='latest' | bool |
| name | The name of the region. | string (required) |
| regionalReplicaCount | The number of replicas of the Image Version to be created per region. This property is updatable. | int |
| storageAccountType | Specifies the storage account type to be used to store the image. This property is not updatable. | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
TrackedResourceTags
| Name | Description | Value |
|---|
Usage Examples
Terraform (AzAPI provider) resource definition
The galleries/inVMAccessControlProfiles/versions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/galleries/inVMAccessControlProfiles/versions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03"
name = "string"
parent_id = "string"
___location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
defaultAccess = "string"
excludeFromLatest = bool
mode = "string"
rules = {
identities = [
{
exePath = "string"
groupName = "string"
name = "string"
processName = "string"
userName = "string"
}
]
privileges = [
{
name = "string"
path = "string"
queryParameters = {
{customized property} = "string"
}
}
]
roleAssignments = [
{
identities = [
"string"
]
role = "string"
}
]
roles = [
{
name = "string"
privileges = [
"string"
]
}
]
}
targetLocations = [
{
additionalReplicaSets = [
{
regionalReplicaCount = int
storageAccountType = "string"
}
]
encryption = {
dataDiskImages = [
{
diskEncryptionSetId = "string"
lun = int
}
]
osDiskImage = {
diskEncryptionSetId = "string"
securityProfile = {
confidentialVMEncryptionType = "string"
secureVMDiskEncryptionSetId = "string"
}
}
}
excludeFromLatest = bool
name = "string"
regionalReplicaCount = int
storageAccountType = "string"
}
]
}
}
}
Property Values
Microsoft.Compute/galleries/inVMAccessControlProfiles/versions
| Name | Description | Value |
|---|---|---|
| ___location | The geo-___location where the resource lives | string (required) |
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: galleries/inVMAccessControlProfiles |
| properties | Describes the properties of an inVMAccessControlProfile version. | GalleryInVMAccessControlProfileVersionProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Compute/galleries/inVMAccessControlProfiles/versions@2024-03-03" |
AccessControlRules
| Name | Description | Value |
|---|---|---|
| identities | A list of identities. | AccessControlRulesIdentity[] |
| privileges | A list of privileges. | AccessControlRulesPrivilege[] |
| roleAssignments | A list of role assignments. | AccessControlRulesRoleAssignment[] |
| roles | A list of roles. | AccessControlRulesRole[] |
AccessControlRulesIdentity
| Name | Description | Value |
|---|---|---|
| exePath | The path to the executable. | string |
| groupName | The groupName corresponding to this identity. | string |
| name | The name of the identity. | string (required) |
| processName | The process name of the executable. | string |
| userName | The username corresponding to this identity. | string |
AccessControlRulesPrivilege
| Name | Description | Value |
|---|---|---|
| name | The name of the privilege. | string (required) |
| path | The HTTP path corresponding to the privilege. | string (required) |
| queryParameters | The query parameters to match in the path. | AccessControlRulesPrivilegeQueryParameters |
AccessControlRulesPrivilegeQueryParameters
| Name | Description | Value |
|---|
AccessControlRulesRole
| Name | Description | Value |
|---|---|---|
| name | The name of the role. | string (required) |
| privileges | A list of privileges needed by this role. | string[] (required) |
AccessControlRulesRoleAssignment
| Name | Description | Value |
|---|---|---|
| identities | A list of identities that can access the privileges defined by the role. | string[] (required) |
| role | The name of the role. | string (required) |
AdditionalReplicaSet
| Name | Description | Value |
|---|---|---|
| regionalReplicaCount | The number of direct drive replicas of the Image Version to be created.This Property is updatable | int |
| storageAccountType | Specifies the storage account type to be used to create the direct drive replicas | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
DataDiskImageEncryption
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
| lun | This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine. | int (required) |
EncryptionImages
| Name | Description | Value |
|---|---|---|
| dataDiskImages | A list of encryption specifications for data disk images. | DataDiskImageEncryption[] |
| osDiskImage | Contains encryption settings for an OS disk image. | OSDiskImageEncryption |
GalleryInVMAccessControlProfileVersionProperties
| Name | Description | Value |
|---|---|---|
| defaultAccess | This property allows you to specify if the requests will be allowed to access the host endpoints. Possible values are: 'Allow', 'Deny'. | 'Allow' 'Deny' (required) |
| excludeFromLatest | If set to true, Virtual Machines deployed from the latest version of the Resource Profile won't use this Profile version. | bool |
| mode | This property allows you to specify whether the access control rules are in Audit mode, in Enforce mode or Disabled. Possible values are: 'Audit', 'Enforce' or 'Disabled'. | 'Audit' 'Disabled' 'Enforce' (required) |
| rules | This is the Access Control Rules specification for an inVMAccessControlProfile version. | AccessControlRules |
| targetLocations | The target regions where the Resource Profile version is going to be replicated to. This property is updatable. | TargetRegion[] |
OSDiskImageEncryption
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | A relative URI containing the resource ID of the disk encryption set. | string |
| securityProfile | This property specifies the security profile of an OS disk image. | OSDiskImageSecurityProfile |
OSDiskImageSecurityProfile
| Name | Description | Value |
|---|---|---|
| confidentialVMEncryptionType | confidential VM encryption types | 'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk' 'NonPersistedTPM' |
| secureVMDiskEncryptionSetId | secure VM disk encryption set id | string |
TargetRegion
| Name | Description | Value |
|---|---|---|
| additionalReplicaSets | List of storage sku with replica count to create direct drive replicas. | AdditionalReplicaSet[] |
| encryption | Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact. | EncryptionImages |
| excludeFromLatest | Contains the flag setting to hide an image when users specify version='latest' | bool |
| name | The name of the region. | string (required) |
| regionalReplicaCount | The number of replicas of the Image Version to be created per region. This property is updatable. | int |
| storageAccountType | Specifies the storage account type to be used to store the image. This property is not updatable. | 'PremiumV2_LRS' 'Premium_LRS' 'Standard_LRS' 'Standard_ZRS' |
TrackedResourceTags
| Name | Description | Value |
|---|