| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure Resource Manager template functions - resources | Microsoft Docs |
Describes the functions to use in an Azure Resource Manager template to retrieve values about resources. |
azure-resource-manager |
na |
tfitzmac |
timlt |
tysonn |
azure-resource-manager |
na |
article |
na |
na |
10/09/2017 |
tomfitz |
Resource Manager provides the following functions for getting resource values:
To get values from parameters, variables, or the current deployment, see Deployment value functions.
listKeys(resourceName or resourceIdentifier, apiVersion)
list{Value}(resourceName or resourceIdentifier, apiVersion)
Returns the values for any resource type that supports the list operation. The most common usage is listKeys.
| Parameter | Required | Type | Description |
|---|---|---|---|
| resourceName or resourceIdentifier | Yes | string | Unique identifier for the resource. |
| apiVersion | Yes | string | API version of resource runtime state. Typically, in the format, yyyy-mm-dd. |
The returned object from listKeys has the following format:
{
"keys": [
{
"keyName": "key1",
"permissions": "Full",
"value": "{value}"
},
{
"keyName": "key2",
"permissions": "Full",
"value": "{value}"
}
]
}Other list functions have different return formats. To see the format of a function, include it in the outputs section as shown in the example template.
Any operation that starts with list can be used as a function in your template. The available operations include not only listKeys, but also operations like list, listAdminKeys, and listStatus. However, you cannot use list operations that require values in the request body. For example, the List Account SAS operation requires request body parameters like signedExpiry, so you cannot use it within a template.
To determine which resource types have a list operation, you have the following options:
-
View the REST API operations for a resource provider, and look for list operations. For example, storage accounts have the listKeys operation.
-
Use the Get-AzureRmProviderOperation PowerShell cmdlet. The following example gets all list operations for storage accounts:
Get-AzureRmProviderOperation -OperationSearchString "Microsoft.Storage/*" | where {$_.Operation -like "*list*"} | FT Operation
-
Use the following Azure CLI command to filter only the list operations:
az provider operation show --namespace Microsoft.Storage --query "resourceTypes[?name=='storageAccounts'].operations[].name | [?contains(@, 'list')]"
Specify the resource by using either the resourceId function, or the format {providerNamespace}/{resourceType}/{resourceName}.
The following example template shows how to return the primary and secondary keys from a storage account in the outputs section.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
}
},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2016-12-01",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"location": "[resourceGroup().location]",
"tags": {},
"properties": {
}
}
],
"outputs": {
"referenceOutput": {
"type": "object",
"value": "[listKeys(parameters('storageAccountName'), '2016-12-01')]"
}
}
}To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/listkeys.json --parameters storageAccountName=<your-storage-account>
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/listkeys.json -storageAccountName <your-storage-account>providers(providerNamespace, [resourceType])
Returns information about a resource provider and its supported resource types. If you do not provide a resource type, the function returns all the supported types for the resource provider.
| Parameter | Required | Type | Description |
|---|---|---|---|
| providerNamespace | Yes | string | Namespace of the provider |
| resourceType | No | string | The type of resource within the specified namespace. |
Each supported type is returned in the following format:
{
"resourceType": "{name of resource type}",
"locations": [ all supported locations ],
"apiVersions": [ all supported API versions ]
}Array ordering of the returned values is not guaranteed.
The following example template shows how to use the provider function:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"providerNamespace": {
"type": "string"
},
"resourceType": {
"type": "string"
}
},
"resources": [],
"outputs": {
"providerOutput": {
"value": "[providers(parameters('providerNamespace'), parameters('resourceType'))]",
"type" : "object"
}
}
}For the Microsoft.Web resource provider and sites resource type, the preceding example returns an object in the following format:
{
"resourceType": "sites",
"locations": [
"South Central US",
"North Europe",
"West Europe",
"Southeast Asia",
...
],
"apiVersions": [
"2016-08-01",
"2016-03-01",
"2015-08-01-preview",
"2015-08-01",
...
]
}To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/providers.json --parameters providerNamespace=Microsoft.Web resourceType=sites
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/providers.json -providerNamespace Microsoft.Web -resourceType sitesreference(resourceName or resourceIdentifier, [apiVersion], ['Full'])
Returns an object representing a resource's runtime state.
| Parameter | Required | Type | Description |
|---|---|---|---|
| resourceName or resourceIdentifier | Yes | string | Name or unique identifier of a resource. |
| apiVersion | No | string | API version of the specified resource. Include this parameter when the resource is not provisioned within same template. Typically, in the format, yyyy-mm-dd. |
| 'Full' | No | string | Value that specifies whether to return the full resource object. If you do not specify 'Full', only the properties object of the resource is returned. The full object includes values such as the resource ID and location. |
Every resource type returns different properties for the reference function. The function does not return a single, predefined format. Also, the returned value differs based on whether you specified the full object. To see the properties for a resource type, return the object in the outputs section as shown in the example.
The reference function derives its value from a runtime state, and therefore cannot be used in the variables section. It can be used in outputs section of a template.
By using the reference function, you implicitly declare that one resource depends on another resource if the referenced resource is provisioned within same template. You do not need to also use the dependsOn property. The function is not evaluated until the referenced resource has completed deployment.
To see the property names and values for a resource type, create a template that returns the object in the outputs section. If you have an existing resource of that type, your template returns the object without deploying any new resources.
Typically, you use the reference function to return a particular value from an object, such as the blob endpoint URI or fully qualified domain name.
"outputs": {
"BlobUri": {
"value": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName')), '2016-01-01').primaryEndpoints.blob]",
"type" : "string"
},
"FQDN": {
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', parameters('ipAddressName')), '2016-03-30').dnsSettings.fqdn]",
"type" : "string"
}
}Use 'Full' when you need resource values that are not part of the properties schema. For example, to set key vault access policies, get the identity properties for a virtual machine.
{
"type": "Microsoft.KeyVault/vaults",
"properties": {
"tenantId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('vmName')), '2017-03-30', 'Full').identity.tenantId]",
"accessPolicies": [
{
"tenantId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('vmName')), '2017-03-30', 'Full').identity.tenantId]",
"objectId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('vmName')), '2017-03-30', 'Full').identity.principalId]",
"permissions": {
"keys": [
"all"
],
"secrets": [
"all"
]
}
}
],
...For the complete example of the preceding template, see Windows to Key Vault. A similar example is available for Linux.
The following example template deploys a resource, and references that resource.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
}
},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2016-12-01",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"location": "[resourceGroup().location]",
"tags": {},
"properties": {
}
}
],
"outputs": {
"referenceOutput": {
"type": "object",
"value": "[reference(parameters('storageAccountName'))]"
},
"fullReferenceOutput": {
"type": "object",
"value": "[reference(parameters('storageAccountName'), '2016-12-01', 'Full')]"
}
}
}The preceding example returns the two objects. The properties object is in the following format:
{
"creationTime": "2017-10-09T18:55:40.5863736Z",
"primaryEndpoints": {
"blob": "https://examplestorage.blob.core.windows.net/",
"file": "https://examplestorage.file.core.windows.net/",
"queue": "https://examplestorage.queue.core.windows.net/",
"table": "https://examplestorage.table.core.windows.net/"
},
"primaryLocation": "southcentralus",
"provisioningState": "Succeeded",
"statusOfPrimary": "available",
"supportsHttpsTrafficOnly": false
}The full object is in the following format:
{
"apiVersion":"2016-12-01",
"location":"southcentralus",
"sku": {
"name":"Standard_LRS",
"tier":"Standard"
},
"tags":{},
"kind":"Storage",
"properties": {
"creationTime":"2017-10-09T18:55:40.5863736Z",
"primaryEndpoints": {
"blob":"https://examplestorage.blob.core.windows.net/",
"file":"https://examplestorage.file.core.windows.net/",
"queue":"https://examplestorage.queue.core.windows.net/",
"table":"https://examplestorage.table.core.windows.net/"
},
"primaryLocation":"southcentralus",
"provisioningState":"Succeeded",
"statusOfPrimary":"available",
"supportsHttpsTrafficOnly":false
},
"subscriptionId":"<subscription-id>",
"resourceGroupName":"functionexamplegroup",
"resourceId":"Microsoft.Storage/storageAccounts/examplestorage",
"referenceApiVersion":"2016-12-01",
"condition":true,
"isConditionTrue":true,
"isTemplateResource":false,
"isAction":false,
"provisioningOperation":"Read"
}To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/referencewithstorage.json --parameters storageAccountName=<your-storage-account>
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/referencewithstorage.json -storageAccountName <your-storage-account>The following example template references a storage account that is not deployed in this template. The storage account already exists within the same resource group.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
}
},
"resources": [],
"outputs": {
"ExistingStorage": {
"value": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName')), '2016-01-01')]",
"type" : "object"
}
}
}To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/reference.json --parameters storageAccountName=<your-storage-account>
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/reference.json -storageAccountName <your-storage-account>resourceGroup()
Returns an object that represents the current resource group.
The returned object is in the following format:
{
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}",
"name": "{resourceGroupName}",
"location": "{resourceGroupLocation}",
"tags": {
},
"properties": {
"provisioningState": "{status}"
}
}A common use of the resourceGroup function is to create resources in the same location as the resource group. The following example uses the resource group location to assign the location for a web site.
"resources": [
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('siteName')]",
"location": "[resourceGroup().location]",
...
}
]The following example template returns the properties of the resource group.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [],
"outputs": {
"resourceGroupOutput": {
"value": "[resourceGroup()]",
"type" : "object"
}
}
}The preceding example returns an object in the following format:
{
"id": "/subscriptions/{subscription-id}/resourceGroups/examplegroup",
"name": "examplegroup",
"location": "southcentralus",
"properties": {
"provisioningState": "Succeeded"
}
}To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/resourcegroup.json
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/resourcegroup.json resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2]...)
Returns the unique identifier of a resource. You use this function when the resource name is ambiguous or not provisioned within the same template.
| Parameter | Required | Type | Description |
|---|---|---|---|
| subscriptionId | No | string (In GUID format) | Default value is the current subscription. Specify this value when you need to retrieve a resource in another subscription. |
| resourceGroupName | No | string | Default value is current resource group. Specify this value when you need to retrieve a resource in another resource group. |
| resourceType | Yes | string | Type of resource including resource provider namespace. |
| resourceName1 | Yes | string | Name of resource. |
| resourceName2 | No | string | Next resource name segment if resource is nested. |
The identifier is returned in the following format:
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}The parameter values you specify depend on whether the resource is in the same subscription and resource group as the current deployment.
To get the resource ID for a storage account in the same subscription and resource group, use:
"[resourceId('Microsoft.Storage/storageAccounts','examplestorage')]"To get the resource ID for a storage account in the same subscription but a different resource group, use:
"[resourceId('otherResourceGroup', 'Microsoft.Storage/storageAccounts','examplestorage')]"To get the resource ID for a storage account in a different subscription and resource group, use:
"[resourceId('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'otherResourceGroup', 'Microsoft.Storage/storageAccounts','examplestorage')]"To get the resource ID for a database in a different resource group, use:
"[resourceId('otherResourceGroup', 'Microsoft.SQL/servers/databases', parameters('serverName'), parameters('databaseName'))]"Often, you need to use this function when using a storage account or virtual network in an alternate resource group. The following example shows how a resource from an external resource group can easily be used:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string"
},
"virtualNetworkResourceGroup": {
"type": "string"
},
"subnet1Name": {
"type": "string"
},
"nicName": {
"type": "string"
}
},
"variables": {
"vnetID": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
"subnet1Ref": "[concat(variables('vnetID'),'/subnets/', parameters('subnet1Name'))]"
},
"resources": [
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/networkInterfaces",
"name": "[parameters('nicName')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('subnet1Ref')]"
}
}
}]
}
}]
}The following example template returns the resource ID for a storage account in the resource group:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [],
"outputs": {
"sameRGOutput": {
"value": "[resourceId('Microsoft.Storage/storageAccounts','examplestorage')]",
"type" : "string"
},
"differentRGOutput": {
"value": "[resourceId('otherResourceGroup', 'Microsoft.Storage/storageAccounts','examplestorage')]",
"type" : "string"
},
"differentSubOutput": {
"value": "[resourceId('11111111-1111-1111-1111-111111111111', 'otherResourceGroup', 'Microsoft.Storage/storageAccounts','examplestorage')]",
"type" : "string"
},
"nestedResourceOutput": {
"value": "[resourceId('Microsoft.SQL/servers/databases', 'serverName', 'databaseName')]",
"type" : "string"
}
}
}The output from the preceding example with the default values is:
| Name | Type | Value |
|---|---|---|
| sameRGOutput | String | /subscriptions/{current-sub-id}/resourceGroups/examplegroup/providers/Microsoft.Storage/storageAccounts/examplestorage |
| differentRGOutput | String | /subscriptions/{current-sub-id}/resourceGroups/otherResourceGroup/providers/Microsoft.Storage/storageAccounts/examplestorage |
| differentSubOutput | String | /subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/otherResourceGroup/providers/Microsoft.Storage/storageAccounts/examplestorage |
| nestedResourceOutput | String | /subscriptions/{current-sub-id}/resourceGroups/examplegroup/providers/Microsoft.SQL/servers/serverName/databases/databaseName |
To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/resourceid.json
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/resourceid.json subscription()
Returns details about the subscription for the current deployment.
The function returns the following format:
{
"id": "/subscriptions/{subscription-id}",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}",
"displayName": "{name-of-subscription}"
}The following example template shows the subscription function called in the outputs section.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [],
"outputs": {
"subscriptionOutput": {
"value": "[subscription()]",
"type" : "object"
}
}
}To deploy this example template with Azure CLI, use:
az group deployment create -g functionexamplegroup --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/subscription.json
To deploy this example template with PowerShell, use:
New-AzureRmResourceGroupDeployment -ResourceGroupName functionexamplegroup -TemplateUri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/subscription.json - For a description of the sections in an Azure Resource Manager template, see Authoring Azure Resource Manager templates.
- To merge multiple templates, see Using linked templates with Azure Resource Manager.
- To iterate a specified number of times when creating a type of resource, see Create multiple instances of resources in Azure Resource Manager.
- To see how to deploy the template you have created, see Deploy an application with Azure Resource Manager template.