I am trying to attach CMK Encryption with Azure Storage Account through ARM Template but I am getting error as below. Need quick help with it. Able to apply it through portal after Storage Account is created but not able to do via ARM Template while creating Storage Account.
Error- [error]FeatureNotSupportedForAccount: Missing pre-requisites to enable EncryptionAtRest/Customer Managed Key for this storage account.
ARM:-
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-04-01",
"name": "[variables('storageaccountname')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageaccountype')]"
},
"kind": "[parameters('storagekind')]",
"properties": {
"supportsHttpsTrafficOnly": true,
"accesstier": "[parameters('accesstier')]",
"largeFileSharesState": "[parameters('largefilesharesstate')]",
"allowBlobPublicAccess": false,
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "[parameters('kvuri')]",
"keyname": "[parameters('keyname')]",
"keyversion": "[parameters('keyversion')]"
}
}
},
"tags": {
"abcid": "[parameters('abcid')]"
}
}
According to the document, if you want to configure encryption with customer-managed keys stored in Azure key valt, we need to do the following steps
Create storage account and Enable Identity
Update Azure Key vault. Enable soft delete and purge protection.
Configure access policy for the storage account's Identity
Configure customer-managed keys for the storage account.
Regarding how to configure these with arm template, please refer to the following template
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyName": {
"type": "string",
"defaultValue": ""
},
"keyVersion": {
"type": "string",
"defaultValue": ""
},
"vaultName": {
"defaultValue": "",
"type": "String"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"accountNmae": {
"type": "string",
"defaultValue": "tetsdfgfgdffd"
},
},
"variables": {},
"resources": [{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "Storage",
"name": "[ parameters('accountNmae')]",
"apiVersion": "2019-06-01",
"location": "[ parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"supportsHttpsTrafficOnly": true
},
"dependsOn": []
}, {
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[parameters('vaultName')]",
"location": "eastasia",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('accountNmae'))]"
],
"properties": {
"sku": {
"family": "A",
"name": "Standard"
},
"tenantId": "[subscription().tenantid]",
"accessPolicies": [],
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"enableSoftDelete": true
}
}, {
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-07-01",
"name": "updateStorageAccount",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "0.1.0.0",
"resources": [{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(parameters('vaultName'), '/add')]",
"apiVersion": "2019-09-01",
"properties": {
"accessPolicies": [{
"tenantId": "[subscription().tenantid]",
"objectId": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('accountNmae')),'2019-06-01', 'full').identity.principalId]",
"permissions": {
"keys": [
"wrapkey",
"unwrapkey",
"get"
],
"secrets": [],
"certificates": []
}
}
]
}
}, {
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "Storage",
"name": "[parameters('accountNmae')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "[reference(resourceId('Microsoft.KeyVault/vaults',parameters('vaultName')),'2016-10-01', 'full').properties.vaultUri]",
"keyname": "[parameters('keyName')]",
"keyversion": "[parameters('keyversion')]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults/accessPolicies', parameters('vaultName'), 'add')]"
]
}
]
}
}
}
]
}
For more details, please refer to the blog
Related
I'm trying to find out where can I find template reference for SendGrid resource in Azure. It's possible to deploy SendGrid through ARM but I can not find any documentation with details about parameters etc.
Here is a sample of SendGrid account for you.
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "String"
},
"location": {
"type": "String"
},
"plan_name": {
"type": "String"
},
"plan_publisher": {
"type": "String"
},
"plan_product": {
"type": "String"
},
"plan_promotion_code": {
"type": "String"
},
"password": {
"type": "SecureString"
},
"email": {
"type": "String"
},
"firstName": {
"type": "String"
},
"lastName": {
"type": "String"
},
"company": {
"type": "String"
},
"website": {
"type": "String"
},
"acceptMarketingEmails": {
"type": "String"
},
"tags": {
"type": "Object"
}
},
"resources": [{
"type": "Sendgrid.Email/accounts",
"apiVersion": "2015-01-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"plan": {
"name": "[parameters('plan_name')]",
"publisher": "[parameters('plan_publisher')]",
"product": "[parameters('plan_product')]",
"promotionCode": "[parameters('plan_promotion_code')]"
},
"properties": {
"password": "[parameters('password')]",
"acceptMarketingEmails": "[parameters('acceptMarketingEmails')]",
"email": "[parameters('email')]",
"firstName": "[parameters('firstName')]",
"lastName": "[parameters('lastName')]",
"company": "[parameters('company')]",
"website": "[parameters('website')]"
}
}]
}
The ARM template below is supposed to create the following resources:
resource group
- user managed identity
- subscription level Contributor role assignment
Currently the deployment is failing with the error "error": { "code": "ResourceGroupNotFound", "message": "Resource group 'rg-myproject-deploy' could not be found." } apparently because the role assignment step seem to not be respecting the dependsOn statements that should enforce that it should only happen after the resource group is created. Is there a way to deploy all these resources in a single ARM template?
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"projectName": {
"type": "string",
"defaultValue": "myproject",
"maxLength": 11,
"metadata": {
"description": "The name of the project"
}
},
"location": {
"type": "string",
"defaultValue": "westus2",
"metadata": {
"description": "The region were to deploy assets"
}
}
},
"variables": {
"resourceGroupName": "[concat('rg-', parameters('projectName'), '-deploy')]",
"managedIdentityName": "[concat('msi-', parameters('projectName'), '-deploy')]",
"bootstrapRoleAssignmentId": "[guid(subscription().id, 'contributor')]",
"contributorRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"managedIdentityId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', variables('managedIdentityName'))]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2019-10-01",
"name": "[variables('resourceGroupName')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "deployment-assets-except-role-assignment",
"resourceGroup": "[variables('resourceGroupName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', variables('resourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[variables('managedIdentityName')]",
"apiVersion": "2018-11-30",
"location": "[parameters('location')]"
}
],
"outputs": {}
}
}
}
,
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2017-09-01",
"name": "[variables('bootstrapRoleAssignmentId')]",
"dependsOn": [
"[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('resourceGroupName'))]",
"deployment-assets-except-role-assignment"
],
"properties": {
"roleDefinitionId": "[variables('contributorRoleDefinitionId')]",
"principalId": "[reference(variables('managedIdentityId'), '2018-11-30').principalId]",
"principalType": "ServicePrincipal",
"scope": "[subscription().id]"
}
}
],
"outputs": {}
}
I think you're running into this:
https://bmoore-msft.blog/2020/07/26/resource-not-found-dependson-is-not-working/
The fix was a little more involved than I thought, but to summarize:
the nested deployment that provisions the MI must be set to inner scope evaluation
output the principalId from that deployment and use that in your reference (i.e. don't directly reference)
Due to #1 I moved some stuff around (params/vars)
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"projectName": {
"type": "string",
"defaultValue": "myproject",
"maxLength": 11,
"metadata": {
"description": "The name of the project"
}
},
"location": {
"type": "string",
"defaultValue": "westus2",
"metadata": {
"description": "The region were to deploy assets"
}
}
},
"variables": {
"identityDeploymentName": "deployment-assets-except-role-assignment",
"resourceGroupName": "[concat('rg-', parameters('projectName'), '-deploy')]",
"managedIdentityName": "[concat('msi-', parameters('projectName'), '-deploy')]",
"managedIdentityId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', variables('managedIdentityName'))]",
"bootstrapRoleAssignmentId": "[guid(subscription().id, variables('contributorRoleDefinitionId'),variables('managedIdentityId'))]",
"contributorRoleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2019-10-01",
"name": "[variables('resourceGroupName')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "[variables('identityDeploymentName')]",
"resourceGroup": "[variables('resourceGroupName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('resourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions":{
"scope": "inner"
},
"parameters": {
"location": {
"value": "[parameters('location')]"
},
"managedIdentityName": {
"value": "[variables('managedIdentityName')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"managedIdentityName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[parameters('managedIdentityName')]",
"apiVersion": "2018-11-30",
"location": "[parameters('location')]"
}
],
"outputs": {
"principalId": {
"type": "string",
"value": "[reference(parameters('managedIdentityName')).principalId]"
}
}
}
}
}
,
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2020-04-01-preview",
"name": "[variables('bootstrapRoleAssignmentId')]",
"dependsOn": [
"[subscriptionResourceId('Microsoft.Resources/resourceGroups', variables('resourceGroupName'))]",
"[variables('identityDeploymentName')]"
],
"properties": {
"roleDefinitionId": "[variables('contributorRoleDefinitionId')]",
"principalId": "[reference(variables('identityDeploymentName')).outputs.principalId.value]",
"principalType": "ServicePrincipal",
"scope": "[subscription().id]"
}
}
]
}
Is it possible to assign both userAssigned identity and system assigned identity to app service with ARM template. if so, how can it be done.
5 seconds in google:
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[variables('appName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"name": "[variables('appName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"hostingEnvironment": "",
"clientAffinityEnabled": false,
"alwaysOn": true
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]"
]
}
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[variables('appName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {}
}
},
"properties": {
"name": "[variables('appName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"hostingEnvironment": "",
"clientAffinityEnabled": false,
"alwaysOn": true
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]"
]
}
https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#add-a-system-assigned-identity
ps. if you are asking to have both at the same time - its not possible
I've been trying to deploy the following arm template (removed the resources that are deploying successfully for brievety) a couple of times now.
I'm always getting the following error on the MySQL deployment part.
New-AzureRmResourceGroupDeployment : 9:21:31 AM - Resource Microsoft.DBforMySQL/servers 'webarm01' failed with
message '{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "OperationTimedOut",
"message": "The operation timed out and automatically rolled back. Please retry the operation."
}
]
}
}'
Here is the arm template
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"administratorLogin": {
"type": "String"
},
"administratorLoginPassword": {
"type": "SecureString"
},
"servers_analytics_name": {
"defaultValue": "analyticsarmmodel",
"type": "String"
},
"databases_analytics_name": {
"defaultValue": "analytics",
"type": "String"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"databases_sys_name": "sys",
"databases_mysql_name": "mysql",
"databases_information_schema_name": "information_schema",
"databases_performance_schema_name": "performance_schema",
"firewallRules_AllowAllWindowsAzureIps_name": "AllowAllWindowsAzureIps"
},
"resources": [
{
"type": "Microsoft.DBforMySQL/servers",
"sku": {
"name": "B_Gen5_1",
"tier": "Basic",
"family": "Gen5",
"capacity": 1
},
"name": "[parameters('servers_analytics_name')]",
"apiVersion": "2017-12-01-preview",
"location": "[parameters('location')]",
"scale": null,
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"storageProfile": {
"storageMB": 5120,
"backupRetentionDays": 7,
"geoRedundantBackup": "Disabled"
},
"version": "5.7",
"sslEnforcement": "Disabled"
},
"dependsOn": []
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('databases_information_schema_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', parameters('databases_analytics_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('databases_mysql_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "latin1",
"collation": "latin1_swedish_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('databases_performance_schema_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('databases_sys_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/firewallRules",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('firewallRules_AllowAllWindowsAzureIps_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
}
]
}
My question: how can I deploy a MySQL server, + databases using arm without running in a timeout?
After some internal discussions with Microsoft it appears that even though the administratorLoginPassword parameter is tagged typed as secure string you are supposed to pass in a clear text password.
The secure string will be too long and make the deployment hang.
Microsoft is working on better error messages and eventually supporting secure strings properly.
Also some parameters might be conflicting, here is an updated template that works for me.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"administratorLogin": {
"type": "String"
},
"administratorLoginPassword": {
"type": "SecureString"
},
"servers_analytics_name": {
"defaultValue": "analyticsarmmodel",
"type": "String"
},
"databases_analytics_name": {
"defaultValue": "analytics",
"type": "String"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"databases_sys_name": "sys",
"databases_mysql_name": "mysql",
"databases_performance_schema_name": "performance_schema",
"firewallRules_AllowAllWindowsAzureIps_name": "AllowAllWindowsAzureIps"
},
"resources": [
{
"type": "Microsoft.DBforMySQL/servers",
"sku": {
"name": "B_Gen5_1",
"tier": "Basic",
"family": "Gen5",
"capacity": 1
},
"name": "[parameters('servers_analytics_name')]",
"apiVersion": "2017-12-01-preview",
"location": "[parameters('location')]",
"scale": null,
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"storageProfile": {
"storageMB": 5120,
"backupRetentionDays": 7,
"geoRedundantBackup": "Disabled"
},
"version": "5.7",
"sslEnforcement": "Disabled"
},
"dependsOn": []
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('databases_information_schema_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', parameters('databases_analytics_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('databases_mysql_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"charset": "latin1",
"collation": "latin1_swedish_ci"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
},
{
"type": "Microsoft.DBforMySQL/servers/firewallRules",
"name": "[concat(parameters('servers_analytics_name'), '/', variables('firewallRules_AllowAllWindowsAzureIps_name'))]",
"apiVersion": "2017-12-01-preview",
"scale": null,
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
},
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', parameters('servers_analytics_name'))]"
]
}
]
}
Im trying to connect our website to a Application Insights component via ARM but havning troubles in setting the Intstrumentation Key as an website application setting. This works sometimes and sometimes not.
My guess is that im having incorrect dependsOn settings. Can anyone have a look on my template and see if im doing something wrong? Have a look on the resource called "appSettings" of type "config" in the website resource. Here I am supposed to wait for completion of the Application Insight and then read the Instrumentation Key.
{
"name": "[variables('webAppNameFinal')]",
"type": "Microsoft.Web/sites",
"location": "[parameters('appServicePlanLocation')]",
"apiVersion": "2015-04-01",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('appServicePlanNameFinal'))]"
],
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanNameFinal'))]": "Resource",
"displayName": "webApp"
},
"properties": {
"name": "[variables('webAppNameFinal')]",
"serverFarmId": "[variables('appServicePlanNameFinal')]"
},
"resources": [
{
"apiVersion": "2015-04-01",
"name": "connectionstrings",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppNameFinal'))]",
"[resourceId('Microsoft.Sql/servers', variables('sqlServerNameFinal'))]"
],
"properties": {
"Watches": {
"value": "[concat('Server=tcp:', reference(concat('Microsoft.Sql/servers/', variables('sqlServerNameFinal'))).fullyQualifiedDomainName, ',1433;Database=', variables('sqlDatabaseNameFinal'), ';User ID=', parameters('sqlServerAdminLogin'), ';Password=', parameters('sqlServerAdminLoginPassword'), ';Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]",
"type": "SQLAzure"
}
}
},
{
"apiVersion": "2015-08-01",
"name": "appsettings",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppNameFinal'))]",
"[concat('Microsoft.Insights/components/', variables('applicationInsightsNameFinal'))]"
],
"properties": {
"Watches.Webjobs.VitecConnect.WatchersExport.Run": "false",
"ApplicationInsights.InstrumentationKey": "[reference(concat('Microsoft.Insights/components/', variables('applicationInsightsNameFinal'))).InstrumentationKey]"
}
},
{
"apiVersion": "2015-04-01",
"name": "web",
"type": "sourcecontrols",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppNameFinal'))]"
],
"properties": {
"RepoUrl": "[parameters('gitUrl')]",
"branch": "[parameters('gitBranch')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "web",
"type": "config",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webAppNameFinal'))]"
],
"properties": "[variables('siteProperties')]"
}
]
},
{
"name": "[variables('applicationInsightsNameFinal')]",
"type": "Microsoft.Insights/components",
"location": "Central US",
"apiVersion": "2014-04-01",
"dependsOn": [ ],
"tags": {
"displayName": "Application Insights"
},
"properties": {
"applicationId": "[variables('webAppNameFinal')]"
}
},
Best reagards
Niclas
Have you tried to place the dependsOn inside the insight resource declaration?
Have a look at the Quickstart template for a web+sql here: https://github.com/Azure/azure-quickstart-templates/blob/master/201-web-app-sql-database/azuredeploy.json
They placed the dependsOn on the Insight declaration and nothing on the website declaration. Would that work for you?
{
"apiVersion": "2015-05-01",
"name": "[concat('AppInsights', variables('webSiteName'))]",
"type": "Microsoft.Insights/components",
"location": "centralus",
"dependsOn": [
"[variables('webSiteName')]"
],
"tags": {
"[concat('hidden-link:', resourceId('Microsoft.Web/sites', variables('webSiteName')))]": "Resource",
"displayName": "AppInsightsComponent"
},
"properties": {
"ApplicationId": "[variables('webSiteName')]"
}
}