How to validate, plan, and deploy ARM templates

|
Tags:  azure,  arm

Azure Resource Manager templates are used for creating reproducible deployments in Azure.

In this post I will explain the lifecycle of an ARM template.

The sections on this post are in the order that I think the deployments should be made: Validate syntax, execute plan, and Deploy the template, but if you don’t have experience with Azure Deployments I recommend you to read the Deploy template section first because it explains the concept ‘scope’ that you must know to understand the commands in this post.

Software tools used in this post

What is an ARM template?

An Azure Resource Manager (ARM) template is a JSON file that defines the infrastructure and configuration for an Azure solution so that users can deploy and manage those resources consistently and repeatedly.

ARM templates can be used to deploy and manage resources from individual services like virtual machines and storage accounts to entire solutions such websites or streaming farms. It can also be used to change resources already deployed in Azure.

The templates use declarative syntax to define resources and their properties, which means that the file defines the desired final state of the deployment and Azure will calculate and run the necessary steps for deploying or changing those resources.

How to validate an ARM template

The official tool for validating ARM syntax is the Microsoft Powershell module “ARM Template test toolkit1

Open Powershell Core and load the module:

branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ pwsh
PowerShell 7.3.1
PS /home/branyac/Downloads/arm-template-toolkit/arm-ttk> Import-Module ./arm-ttk.psd1
A newer version of the ARM-TTK is available at: https://github.com/Azure/arm-ttk/releases                               
Installed Version: 0.21
Latest Version: 0.22
PS /home/branyac/Downloads/arm-template-toolkit/arm-ttk> 

After, use the command Test-AzTemplate -TemplatePath <path-to-template> to run the Template validation.

The first lines of the command output will show the result of the JSONFile validation which checks file syntax is correct, the next messages are additional checks and recommendations based on the Microsoft Best Practices.

In the next example you will see that the syntax of the template that I use in this post is correct, but there are lots of recommendations because the template was written for an outdated version of the API. At this time fails shown in the output aren’t blockers and the template can be run without any problem. Since this is an example I won’t do any changes to the template, but when working with production templates you should apply the most recommendations you can to have a working and easily maintainable template.

PS /home/branyac/Downloads> Test-AzTemplate -TemplatePath ./Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json 
                                                                                                                        
Validating Downloads\Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json                                    
  JSONFiles Should Be Valid                                                                                             
    [+] JSONFiles Should Be Valid (20 ms)                                                                               
Total : 1                                                                                                               
Pass  : 1                                                                                                               
Fail  : 0                                                                                                               
                                                                                                                        
                                                                                                                        
                                                                                                                        
  adminUsername Should Not Be A Literal                                                                                 
    [+] adminUsername Should Not Be A Literal (53 ms)                                                                   
  apiVersions Should Be Recent In Reference Functions                                                                   
    [+] apiVersions Should Be Recent In Reference Functions (105 ms)                                                    
  apiVersions Should Be Recent                                                                                          
    [-] apiVersions Should Be Recent (102 ms)                                                                           
        Api versions must be the latest or under 2 years old (730 days) - API version 2019-09-01 of Microsoft.KeyVault/vaults is 1241 days old Line: 70, Column: 14
        Valid Api Versions:                                                                                             
        2022-07-01                                                                                                      
        2022-07-01                                                                                                      
        2022-02-01-preview                                                                                              
        2021-11-01-preview                                                                                              
        2021-10-01                                                                                                      
        2021-06-01-preview                                                                                              
        2021-04-01-preview                                                                                              
        Microsoft.KeyVault/vaults/secrets uses a preview version ( 2021-04-01-preview ) and there are more recent versions available. Line: 70, Column: 14
        Valid Api Versions:                                                                                             
        2022-07-01                                                                                                      
        2022-07-01                                                                                                      
        2022-02-01-preview                                                                                              
        2021-11-01-preview                                                                                              
        2021-10-01                                                                                                      
        2021-06-01-preview                                                                                              
        2021-04-01-preview                                                                                              
                                                                                                                        
  artifacts parameter                                                                                                   
    [+] artifacts parameter (12 ms)                                                                                     
  CommandToExecute Must Use ProtectedSettings For Secrets                                                               
    [+] CommandToExecute Must Use ProtectedSettings For Secrets (18 ms)                                                 
  DependsOn Best Practices                                                                                              
    [-] DependsOn Best Practices (30 ms)                                                                                
        Depends On Must not start with [concat(                                                                         
        Depends On Must not start with [concat(                                                                         
        Depends On Must not start with [concat(                                                                         
                                                                                                                        
  Deployment Resources Must Not Be Debug                                                                                
    [+] Deployment Resources Must Not Be Debug (12 ms)                                                                  
  DeploymentTemplate Must Not Contain Hardcoded Uri                                                                     
    [-] DeploymentTemplate Must Not Contain Hardcoded Uri (16 ms)                                                       
        Found hardcoded reference to management.azure.com Line: 2, Column: 31                                           
                                                                                                                        
  DeploymentTemplate Schema Is Correct                                                                                  
    [-] DeploymentTemplate Schema Is Correct (2 ms)                                                                     
        DeploymentTemplate has an unexpected Schema.                                                                    
It should be one of the following:                                                                                      
https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#                                         
https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#                                         
https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#                             
https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#                                   
https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#                          
                                                                                                                        
                                                                                                                        
  Dynamic Variable References Should Not Use Concat                                                                     
    [+] Dynamic Variable References Should Not Use Concat (5 ms)                                                        
  IDs Should Be Derived From ResourceIDs                                                                                
    [+] IDs Should Be Derived From ResourceIDs (25 ms)                                                                  
  Location Should Not Be Hardcoded                                                                                      
    [-] Location Should Not Be Hardcoded (66 ms)                                                                        
        Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json must use the location parameter, not resourceGroup().location or deployment().location (except when used as a default value in the main template)
                                                                                                                        
  ManagedIdentityExtension must not be used                                                                             
    [+] ManagedIdentityExtension must not be used (3 ms)                                                                
  Min And Max Value Are Numbers                                                                                         
    [+] Min And Max Value Are Numbers (7 ms)                                                                            
  Outputs Must Not Contain Secrets                                                                                      
    [+] Outputs Must Not Contain Secrets (10 ms)                                                                        
  Parameter Types Should Be Consistent                                                                                  
    [+] Parameter Types Should Be Consistent (34 ms)                                                                    
  Parameters Must Be Referenced                                                                                         
    [+] Parameters Must Be Referenced (43 ms)                                                                           
  Password params must be secure                                                                                        
    [+] Password params must be secure (5 ms)                                                                           
  providers apiVersions Is Not Permitted                                                                                
    [+] providers apiVersions Is Not Permitted (9 ms)                                                                   
  ResourceIds should not contain                                                                                        
    [+] ResourceIds should not contain (31 ms)                                                                          
  Resources Should Have Location                                                                                        
    [+] Resources Should Have Location (6 ms)                                                                           
  Resources Should Not Be Ambiguous                                                                                     
    [+] Resources Should Not Be Ambiguous (6 ms)                                                                        
  Secure Params In Nested Deployments                                                                                   
    [+] Secure Params In Nested Deployments (31 ms)                                                                     
  Secure String Parameters Cannot Have Default                                                                          
    [+] Secure String Parameters Cannot Have Default (4 ms)                                                             
  Template Should Not Contain Blanks                                                                                    
    [+] Template Should Not Contain Blanks (50 ms)                                                                      
  URIs Should Be Properly Constructed                                                                                   
    [+] URIs Should Be Properly Constructed (16 ms)                                                                     
  Variables Must Be Referenced                                                                                          
    [+] Variables Must Be Referenced (15 ms)                                                                            
  Virtual Machines Should Not Be Preview                                                                                
    [+] Virtual Machines Should Not Be Preview (17 ms)                                                                  
  VM Images Should Use Latest Version                                                                                   
    [+] VM Images Should Use Latest Version (1 ms)                                                                      
  VM Size Should Be A Parameter                                                                                         
    [+] VM Size Should Be A Parameter (16 ms)                                                                           
Total : 31                                                                                                              
Pass  : 26                                                                                                              
Fail  : 5

Alternative: Use Azure deployment Validate Operation

Azure deployment Validate operation checks the syntax of the ARM template. It can be used in automated deployments because its output is in JSON format that can be easily consumed by scripts or other programs.

Unlike ARM Template test toolkit, the validate command doesn’t check for best practices.

To use the Validate operation replace create by validate in the deployment command.

branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az deployment group validate \
    --resource-group whatifexample \
    --template-uri "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json" \
    --parameters keyvaultName=kvexampletac storageAccountName=stexampletac storageKeyNumber=0 \
    --mode complete
{
  "error": null,
  "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Resources/deployments/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
  "name": "Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
  "properties": {
    "correlationId": "bbc186d6-8af5-4643-ace8-d88b88a541f5",
    "debugSetting": null,
    "dependencies": [
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
        "resourceGroup": "whatifexample",
        "resourceName": "stexampletac/default",
        "resourceType": "Microsoft.Storage/storageAccounts/blobServices"
      },
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          },
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac/default",
            "resourceType": "Microsoft.Storage/storageAccounts/blobServices"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
        "resourceGroup": "whatifexample",
        "resourceName": "stexampletac/default",
        "resourceType": "Microsoft.Storage/storageAccounts/fileservices"
      },
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
        "resourceGroup": "whatifexample",
        "resourceName": "kvexampletac",
        "resourceType": "Microsoft.KeyVault/vaults"
      },
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "kvexampletac",
            "resourceType": "Microsoft.KeyVault/vaults"
          },
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          },
          {
            "actionName": "listKeys",
            "apiVersion": "2021-06-01",
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
        "resourceGroup": "whatifexample",
        "resourceName": "kvexampletac/stexampletac-key",
        "resourceType": "Microsoft.KeyVault/vaults/secrets"
      }
    ],
    "duration": "PT0S",
    "error": null,
    "mode": "Complete",
    "onErrorDeployment": null,
    "outputResources": null,
    "outputs": null,
    "parameters": {
      "keyvaultName": {
        "type": "String",
        "value": "kvexampletac"
      },
      "storageAccountName": {
        "type": "String",
        "value": "stexampletac"
      },
      "storageKeyNumber": {
        "type": "Int",
        "value": 0
      }
    },
    "parametersLink": null,
    "providers": [
      {
        "id": null,
        "namespace": "Microsoft.Storage",
        "providerAuthorizationConsentState": null,
        "registrationPolicy": null,
        "registrationState": null,
        "resourceTypes": [
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              "westeurope"
            ],
            "properties": null,
            "resourceType": "storageAccounts",
            "zoneMappings": null
          },
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              null
            ],
            "properties": null,
            "resourceType": "storageAccounts/blobServices",
            "zoneMappings": null
          },
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              null
            ],
            "properties": null,
            "resourceType": "storageAccounts/fileservices",
            "zoneMappings": null
          }
        ]
      },
      {
        "id": null,
        "namespace": "Microsoft.KeyVault",
        "providerAuthorizationConsentState": null,
        "registrationPolicy": null,
        "registrationState": null,
        "resourceTypes": [
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              "westeurope"
            ],
            "properties": null,
            "resourceType": "vaults",
            "zoneMappings": null
          },
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              null
            ],
            "properties": null,
            "resourceType": "vaults/secrets",
            "zoneMappings": null
          }
        ]
      }
    ],
    "provisioningState": "Succeeded",
    "templateHash": "4527112459590866177",
    "templateLink": {
      "contentVersion": "1.0.0.0",
      "id": null,
      "queryString": null,
      "relativePath": null,
      "uri": "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json"
    },
    "timestamp": "0001-01-01T00:00:00+00:00",
    "validatedResources": [
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
        "resourceGroup": "whatifexample"
      }
    ]
  },
  "resourceGroup": "whatifexample",
  "type": "Microsoft.Resources/deployments"
}
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ 

How to execute plan for an ARM template

Plan is a process that simulates the deployment of the template to catch errors that can’t be detected in previous validation steps such duplicated resource names, the lack of permissions for applying some template changes, and check the collateral changes like deletion of resources that are not defined in the template.

The official Microsoft tool for running ARM template plans is the What-If operation2 To use it, add the param (--confirm-with-what-if) at the end of the deployment command.

What-If operation shows a list of operations such creation, modification, and deletion in azure resources or properties in human readable format.

branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az group create --location westeurope --resource-group whatifexample
{
  "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample",
  "location": "westeurope",
  "managedBy": null,
  "name": "whatifexample",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az deployment group create \
    --resource-group whatifexample \
    --template-uri "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json" \
    --parameters keyvaultName=kvexampletac storageAccountName=stexampletac storageKeyNumber=0 \
    --mode complete \
    --confirm-with-what-if
Note: The result may contain false positive predictions (noise).
You can help us improve the accuracy of the result by opening an issue here: https://aka.ms/WhatIfIssues

Resource and property changes are indicated with this symbol:
  + Create

The deployment will update the following scope:

Scope: /subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample

  + Microsoft.KeyVault/vaults/kvexampletac [2019-09-01]

      apiVersion:            "2019-09-01"
      id:                    "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac"
      location:              "westeurope"
      name:                  "kvexampletac"
      properties.sku.family: "A"
      properties.sku.name:   "Standard"
      properties.tenantId:   "xxxx-xxxx-xxxx-xxxx-xxxx"
      type:                  "Microsoft.KeyVault/vaults"

  + Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key [2021-04-01-preview]

      apiVersion:       "2021-04-01-preview"
      id:               "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key"
      name:             "stexampletac-key"
      properties.value: "*******"
      type:             "Microsoft.KeyVault/vaults/secrets"

  + Microsoft.Storage/storageAccounts/stexampletac [2021-06-01]

      apiVersion: "2021-06-01"
      id:         "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac"
      kind:       "StorageV2"
      location:   "westeurope"
      name:       "stexampletac"
      sku.name:   "Standard_LRS"
      type:       "Microsoft.Storage/storageAccounts"

  + Microsoft.Storage/storageAccounts/stexampletac/blobServices/default [2021-06-01]

      apiVersion: "2021-06-01"
      id:         "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default"
      name:       "default"
      type:       "Microsoft.Storage/storageAccounts/blobServices"

  + Microsoft.Storage/storageAccounts/stexampletac/fileservices/default [2021-06-01]

      apiVersion: "2021-06-01"
      id:         "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default"
      name:       "default"
      type:       "Microsoft.Storage/storageAccounts/fileservices"

Resource changes: 5 to create.

Are you sure you want to execute the deployment? (y/n): n
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ 

How to deploy an ARM template

Templates are applied in an scope. Scope is the parent Azure resource where the ARM Template resources will be deployed.

These are the posible scopes for each resource type, and the command to run the deploy:

Scope Command
Resource group az deployment group create –resource-group <resource-group-name> –template-file <path-to-template>
Subscription az deployment sub create –location <location> –template-file <path-to-template>
Management group az deployment mg create –location <location> –template-file <path-to-template>
Tenant az deployment tenant create –location <location> –template-file <path-to-template>

The next example shows a deploy with resource group as scope:

branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ az deployment group create \
    --resource-group whatifexample \
    --template-uri "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json" \
    --parameters keyvaultName=kvexampletac storageAccountName=stexampletac storageKeyNumber=0 \
    --mode complete
{
  "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Resources/deployments/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
  "location": null,
  "name": "Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret",
  "properties": {
    "correlationId": "0bdcdfcd-9919-439e-b375-dfc6f3f6fc26",
    "debugSetting": null,
    "dependencies": [
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
        "resourceGroup": "whatifexample",
        "resourceName": "stexampletac/default",
        "resourceType": "Microsoft.Storage/storageAccounts/blobServices"
      },
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          },
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac/default",
            "resourceType": "Microsoft.Storage/storageAccounts/blobServices"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
        "resourceGroup": "whatifexample",
        "resourceName": "stexampletac/default",
        "resourceType": "Microsoft.Storage/storageAccounts/fileservices"
      },
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
        "resourceGroup": "whatifexample",
        "resourceName": "kvexampletac",
        "resourceType": "Microsoft.KeyVault/vaults"
      },
      {
        "dependsOn": [
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "kvexampletac",
            "resourceType": "Microsoft.KeyVault/vaults"
          },
          {
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          },
          {
            "actionName": "listKeys",
            "apiVersion": "2021-06-01",
            "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
            "resourceGroup": "whatifexample",
            "resourceName": "stexampletac",
            "resourceType": "Microsoft.Storage/storageAccounts"
          }
        ],
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
        "resourceGroup": "whatifexample",
        "resourceName": "kvexampletac/stexampletac-key",
        "resourceType": "Microsoft.KeyVault/vaults/secrets"
      }
    ],
    "duration": "PT44.0666372S",
    "error": null,
    "mode": "Complete",
    "onErrorDeployment": null,
    "outputResources": [
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.KeyVault/vaults/kvexampletac/secrets/stexampletac-key",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/blobServices/default",
        "resourceGroup": "whatifexample"
      },
      {
        "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/whatifexample/providers/Microsoft.Storage/storageAccounts/stexampletac/fileservices/default",
        "resourceGroup": "whatifexample"
      }
    ],
    "outputs": {},
    "parameters": {
      "keyvaultName": {
        "type": "String",
        "value": "kvexampletac"
      },
      "storageAccountName": {
        "type": "String",
        "value": "stexampletac"
      },
      "storageKeyNumber": {
        "type": "Int",
        "value": 0
      }
    },
    "parametersLink": null,
    "providers": [
      {
        "id": null,
        "namespace": "Microsoft.Storage",
        "providerAuthorizationConsentState": null,
        "registrationPolicy": null,
        "registrationState": null,
        "resourceTypes": [
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              "westeurope"
            ],
            "properties": null,
            "resourceType": "storageAccounts",
            "zoneMappings": null
          },
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              null
            ],
            "properties": null,
            "resourceType": "storageAccounts/blobServices",
            "zoneMappings": null
          },
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              null
            ],
            "properties": null,
            "resourceType": "storageAccounts/fileservices",
            "zoneMappings": null
          }
        ]
      },
      {
        "id": null,
        "namespace": "Microsoft.KeyVault",
        "providerAuthorizationConsentState": null,
        "registrationPolicy": null,
        "registrationState": null,
        "resourceTypes": [
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              "westeurope"
            ],
            "properties": null,
            "resourceType": "vaults",
            "zoneMappings": null
          },
          {
            "aliases": null,
            "apiProfiles": null,
            "apiVersions": null,
            "capabilities": null,
            "defaultApiVersion": null,
            "locationMappings": null,
            "locations": [
              null
            ],
            "properties": null,
            "resourceType": "vaults/secrets",
            "zoneMappings": null
          }
        ]
      }
    ],
    "provisioningState": "Succeeded",
    "templateHash": "4527112459590866177",
    "templateLink": {
      "contentVersion": "1.0.0.0",
      "id": null,
      "queryString": null,
      "relativePath": null,
      "uri": "https://gist.githubusercontent.com/Branyac/596fa5face8b5b0d5891b04ba4d75f27/raw/ec446ed10772ac8655fbaadc1b7fcfdc6749fc80/Azure-ARMTemplate-CreateStorageKeyvaultAndStoreKeyInSecret.json"
    },
    "timestamp": "2023-01-24T21:48:49.094338+00:00",
    "validatedResources": null
  },
  "resourceGroup": "whatifexample",
  "tags": null,
  "type": "Microsoft.Resources/deployments"
}
branyac@ubuntu-builder:~/Downloads/arm-template-toolkit/arm-ttk$ 

References and sources

Author

Sergio Monedero

I am excited to share my knowledge and insights on programming and devops through this personal website. I am a lifelong learner with a passion for technology, and I enjoy staying up-to-date on the latest industry trends.


Keep in touch with Me: SergioCoder@LinkedIn | Branyac@Github