A resource
declaration defines a resource that will be either created or updated at deployment time along with its intended state. The resource is also assigned to an identifier. You can reference the identifier in expressions that are part of variables, outputs, or other resource
declarations.
Consider the following declaration that creates or updates a DNS Zone:
resource dnsZone 'Microsoft.Network/dnszones@2018-05-01' = {
name: 'myZone'
location: 'global'
}
A resource
declaration consists of the following components:
resource
keyword- An identifier (
dnsZone
in the example) that can be used in expressions to reference the resource. The identifier does not impact the name of the resource. A resource cannot have the same identifier as any parameter, variable, or another resource in the same scope. - Resource type + API version (
Microsoft.Network/dnsZones
and2018-05-01
in the example, respectively) - Resource body. DNS Zones do not require complicated configuration, so we are only setting the
name
andlocation
properties in the example.
A resource type itself (Microsoft.Network/dnszones@2018-05-01
in our example) consists of the following components:
- An optional provider prefix. The default provider is Azure Resource Manager whose prefix is
az://
- A provider-specific resource type. In the case of the
az
provider, the resource type is of the form:<ARM resource provider namespace>/<ARM resource type(s)>@<ARM API version>
.
Common az
resource types include:
Microsoft.Compute/virtualMachineScaleSets@2018-10-01
Microsoft.Network/virtualNetworks/subnets@2018-11-01
Microsoft.Authorization/roleAssignments@2018-09-01-preview
Their fully qualified equivalents would be:
az://Microsoft.Compute/virtualMachineScaleSets@2018-10-01
az://Microsoft.Network/virtualNetworks/subnets@2018-11-01
az://Microsoft.Authorization/roleAssignments@2018-09-01-preview
Note: Provider prefixes such as
az://
are not yet implemented.
A full resource
declaration with a fully qualified resource type looks like the following:
resource dnsZone 'Microsoft.Network/dnszones@2018-05-01' = {
name: 'myZone'
location: 'global'
}
All declared resources will be deployed concurrently in the compiled template. Order of resource deployment can be influenced in the following ways:
An explicit dependency is declared via the dependsOn
property within the resource declaration. The property accept an array of resource identifiers. Here is an example of one DNS zone depending on another explicitly:
resource dnsZone 'Microsoft.Network/dnszones@2018-05-01' = {
name: 'myZone'
location: 'global'
}
resource otherZone 'Microsoft.Network/dnszones@2018-05-01' = {
name: 'myZone'
location: 'global'
dependsOn: [
dnsZone
]
}
An implicit dependency will be created when one resource declaration references the identifier of another resource declaration in an expression. Here's an example:
resource dnsZone 'Microsoft.Network/dnszones@2018-05-01' = {
name: 'myZone'
location: 'global'
}
resource otherResource 'Microsoft.Example/examples@2020-06-01' = {
name: 'exampleResource'
properties: {
// get read-only DNS zone property
nameServers: dnsZone.properties.nameServers
}
}
Resources may be deployed if and only if a specified condition evaluated to true
. Otherwise, resource deployment will be skipped. This is accomplished by adding a when
keyword and a boolean expression to the resource declaration. The template compiled from the below example will deploy the DNS zone if the deployZone
parameter evaluates to true
:
param deployZone bool
resource dnsZone 'Microsoft.Network/dnszones@2018-05-01' when (deployZone) = {
name: 'myZone'
location: 'global'
}
Conditions may be used with dependency declarations. If the identifier of conditional resource is specified in dependsOn
of another resource (explicit dependency), the dependency will be ignored if the condition evaluates to false
at template deployment time. If the condition evaluates to true
, the dependency will be respected. Referencing a property of a conditional resource (implicit dependency) is allowed but may produce a runtime error in some cases.
resource myStorageAccount `Microsoft.Storage/storageAccounts@2017-10-01` = {
name: storageAccountName
location: resourceGroup().location
properties: {
supportsHttpsTrafficOnly: true
accessTier: 'Hot'
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
enabled: true
}
file: {
enabled: true
}
}
}
}
kind: StorageV2
sku: {
name: 'Standard_LRS'
}
}