Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-10-02-preview
- 2025-07-01
- 2025-02-02-preview
- 2025-01-01
- 2024-10-02-preview
- 2024-08-02-preview
- 2024-03-01
- 2024-02-02-preview
- 2023-11-02-preview
- 2023-08-01-preview
- 2023-05-02-preview
- 2023-05-01
- 2023-04-01-preview
- 2022-11-01-preview
- 2022-10-01
- 2022-06-01-preview
- 2022-03-01
- 2022-01-01-preview
Bicep resource definition
The managedEnvironments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/managedEnvironments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.App/managedEnvironments@2023-05-02-preview' = {
kind: 'string'
location: 'string'
name: 'string'
properties: {
appLogsConfiguration: {
destination: 'string'
logAnalyticsConfiguration: {
customerId: 'string'
sharedKey: 'string'
}
}
customDomainConfiguration: {
certificatePassword: 'string'
certificateValue: any(...)
dnsSuffix: 'string'
}
daprAIConnectionString: 'string'
daprAIInstrumentationKey: 'string'
daprConfiguration: {}
infrastructureResourceGroup: 'string'
kedaConfiguration: {}
peerAuthentication: {
mtls: {
enabled: bool
}
}
vnetConfiguration: {
dockerBridgeCidr: 'string'
infrastructureSubnetId: 'string'
internal: bool
platformReservedCidr: 'string'
platformReservedDnsIP: 'string'
}
workloadProfiles: [
{
maximumCount: int
minimumCount: int
name: 'string'
workloadProfileType: 'string'
}
]
zoneRedundant: bool
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.App/managedEnvironments
| Name | Description | Value |
|---|---|---|
| kind | Kind of the Environment. | string |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Managed environment resource specific properties | ManagedEnvironmentProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
AppLogsConfiguration
| Name | Description | Value |
|---|---|---|
| destination | Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' | string |
| logAnalyticsConfiguration | Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' | LogAnalyticsConfiguration |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificatePassword | Certificate password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| certificateValue | PFX or PEM blob | any |
| dnsSuffix | Dns suffix for the environment domain | string |
DaprConfiguration
| Name | Description | Value |
|---|
KedaConfiguration
| Name | Description | Value |
|---|
LogAnalyticsConfiguration
| Name | Description | Value |
|---|---|---|
| customerId | Log analytics customer id | string |
| sharedKey | Log analytics customer key | string Constraints: Sensitive value. Pass in as a secure parameter. |
ManagedEnvironmentProperties
| Name | Description | Value |
|---|---|---|
| appLogsConfiguration | Cluster configuration which enables the log daemon to export app logs to configured destination. | AppLogsConfiguration |
| customDomainConfiguration | Custom domain configuration for the environment | CustomDomainConfiguration |
| daprAIConnectionString | Application Insights connection string used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprConfiguration | The configuration of Dapr component. | DaprConfiguration |
| infrastructureResourceGroup | Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. | string |
| kedaConfiguration | The configuration of Keda component. | KedaConfiguration |
| peerAuthentication | Peer authentication settings for the Managed Environment | ManagedEnvironmentPropertiesPeerAuthentication |
| vnetConfiguration | Vnet configuration for the environment | VnetConfiguration |
| workloadProfiles | Workload profiles configured for the Managed Environment. | WorkloadProfile[] |
| zoneRedundant | Whether or not this Managed Environment is zone-redundant. | bool |
ManagedEnvironmentPropertiesPeerAuthentication
| Name | Description | Value |
|---|---|---|
| mtls | Mutual TLS authentication settings for the Managed Environment | Mtls |
Mtls
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the mutual TLS authentication is enabled | bool |
TrackedResourceTags
| Name | Description | Value |
|---|
VnetConfiguration
| Name | Description | Value |
|---|---|---|
| dockerBridgeCidr | CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. | string |
| infrastructureSubnetId | Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. | string |
| internal | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property | bool |
| platformReservedCidr | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. | string |
| platformReservedDnsIP | An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. | string |
WorkloadProfile
| Name | Description | Value |
|---|---|---|
| maximumCount | The maximum capacity. | int |
| minimumCount | The minimum capacity. | int |
| name | Workload profile type for the workloads to run on. | string (required) |
| workloadProfileType | Workload profile type for the workloads to run on. | string (required) |
Usage Examples
Bicep Samples
A basic example of deploying Container App Environment.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
name: resourceName
location: location
properties: {
appLogsConfiguration: {
destination: 'log-analytics'
logAnalyticsConfiguration: {
customerId: workspace.properties.customerId
sharedKey: workspace.listKeys().primarySharedKey
}
}
vnetConfiguration: {}
}
}
resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
name: resourceName
location: location
properties: {
features: {
disableLocalAuth: false
enableLogAccessUsingOnlyResourcePermissions: true
}
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
retentionInDays: 30
sku: {
name: 'PerGB2018'
}
workspaceCapping: {
dailyQuotaGb: -1
}
}
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| App Managed Environment | AVM Resource Module for App Managed Environment |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Creates a Container App and Environment with Registry | Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Container App with a defined HTTP scaling rule | Create a Container App Environment with a basic Container App that scales based on HTTP traffic. |
| Creates a Container App within a Container App Environment | Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. |
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. |
| Creates a two Container App with a Container App Environment | Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates an external Container App environment with a VNET | Creates an external Container App environment with a VNET. |
| Creates an internal Container App environment with a VNET | Creates an internal Container App environment with a VNET. |
ARM template resource definition
The managedEnvironments resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/managedEnvironments resource, add the following JSON to your template.
{
"type": "Microsoft.App/managedEnvironments",
"apiVersion": "2023-05-02-preview",
"name": "string",
"kind": "string",
"location": "string",
"properties": {
"appLogsConfiguration": {
"destination": "string",
"logAnalyticsConfiguration": {
"customerId": "string",
"sharedKey": "string"
}
},
"customDomainConfiguration": {
"certificatePassword": "string",
"certificateValue": {},
"dnsSuffix": "string"
},
"daprAIConnectionString": "string",
"daprAIInstrumentationKey": "string",
"daprConfiguration": {
},
"infrastructureResourceGroup": "string",
"kedaConfiguration": {
},
"peerAuthentication": {
"mtls": {
"enabled": "bool"
}
},
"vnetConfiguration": {
"dockerBridgeCidr": "string",
"infrastructureSubnetId": "string",
"internal": "bool",
"platformReservedCidr": "string",
"platformReservedDnsIP": "string"
},
"workloadProfiles": [
{
"maximumCount": "int",
"minimumCount": "int",
"name": "string",
"workloadProfileType": "string"
}
],
"zoneRedundant": "bool"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.App/managedEnvironments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2023-05-02-preview' |
| kind | Kind of the Environment. | string |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Managed environment resource specific properties | ManagedEnvironmentProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.App/managedEnvironments' |
AppLogsConfiguration
| Name | Description | Value |
|---|---|---|
| destination | Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' | string |
| logAnalyticsConfiguration | Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' | LogAnalyticsConfiguration |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificatePassword | Certificate password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| certificateValue | PFX or PEM blob | any |
| dnsSuffix | Dns suffix for the environment domain | string |
DaprConfiguration
| Name | Description | Value |
|---|
KedaConfiguration
| Name | Description | Value |
|---|
LogAnalyticsConfiguration
| Name | Description | Value |
|---|---|---|
| customerId | Log analytics customer id | string |
| sharedKey | Log analytics customer key | string Constraints: Sensitive value. Pass in as a secure parameter. |
ManagedEnvironmentProperties
| Name | Description | Value |
|---|---|---|
| appLogsConfiguration | Cluster configuration which enables the log daemon to export app logs to configured destination. | AppLogsConfiguration |
| customDomainConfiguration | Custom domain configuration for the environment | CustomDomainConfiguration |
| daprAIConnectionString | Application Insights connection string used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprConfiguration | The configuration of Dapr component. | DaprConfiguration |
| infrastructureResourceGroup | Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. | string |
| kedaConfiguration | The configuration of Keda component. | KedaConfiguration |
| peerAuthentication | Peer authentication settings for the Managed Environment | ManagedEnvironmentPropertiesPeerAuthentication |
| vnetConfiguration | Vnet configuration for the environment | VnetConfiguration |
| workloadProfiles | Workload profiles configured for the Managed Environment. | WorkloadProfile[] |
| zoneRedundant | Whether or not this Managed Environment is zone-redundant. | bool |
ManagedEnvironmentPropertiesPeerAuthentication
| Name | Description | Value |
|---|---|---|
| mtls | Mutual TLS authentication settings for the Managed Environment | Mtls |
Mtls
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the mutual TLS authentication is enabled | bool |
TrackedResourceTags
| Name | Description | Value |
|---|
VnetConfiguration
| Name | Description | Value |
|---|---|---|
| dockerBridgeCidr | CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. | string |
| infrastructureSubnetId | Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. | string |
| internal | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property | bool |
| platformReservedCidr | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. | string |
| platformReservedDnsIP | An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. | string |
WorkloadProfile
| Name | Description | Value |
|---|---|---|
| maximumCount | The maximum capacity. | int |
| minimumCount | The minimum capacity. | int |
| name | Workload profile type for the workloads to run on. | string (required) |
| workloadProfileType | Workload profile type for the workloads to run on. | string (required) |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Container App with a defined HTTP scaling rule |
Create a Container App Environment with a basic Container App that scales based on HTTP traffic. |
| Creates a Container App within a Container App Environment |
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates a Dapr microservices app using Container Apps |
Create a Dapr microservices app using Container Apps. |
| Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
| Creates a two Container App with a Container App Environment |
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs. |
| Creates an external Container App environment with a VNET |
Creates an external Container App environment with a VNET. |
| Creates an internal Container App environment with a VNET |
Creates an internal Container App environment with a VNET. |
Terraform (AzAPI provider) resource definition
The managedEnvironments resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.App/managedEnvironments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.App/managedEnvironments@2023-05-02-preview"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
kind = "string"
properties = {
appLogsConfiguration = {
destination = "string"
logAnalyticsConfiguration = {
customerId = "string"
sharedKey = "string"
}
}
customDomainConfiguration = {
certificatePassword = "string"
certificateValue = ?
dnsSuffix = "string"
}
daprAIConnectionString = "string"
daprAIInstrumentationKey = "string"
daprConfiguration = {
}
infrastructureResourceGroup = "string"
kedaConfiguration = {
}
peerAuthentication = {
mtls = {
enabled = bool
}
}
vnetConfiguration = {
dockerBridgeCidr = "string"
infrastructureSubnetId = "string"
internal = bool
platformReservedCidr = "string"
platformReservedDnsIP = "string"
}
workloadProfiles = [
{
maximumCount = int
minimumCount = int
name = "string"
workloadProfileType = "string"
}
]
zoneRedundant = bool
}
}
}
Property Values
Microsoft.App/managedEnvironments
| Name | Description | Value |
|---|---|---|
| kind | Kind of the Environment. | string |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | Managed environment resource specific properties | ManagedEnvironmentProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.App/managedEnvironments@2023-05-02-preview" |
AppLogsConfiguration
| Name | Description | Value |
|---|---|---|
| destination | Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' | string |
| logAnalyticsConfiguration | Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' | LogAnalyticsConfiguration |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificatePassword | Certificate password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| certificateValue | PFX or PEM blob | any |
| dnsSuffix | Dns suffix for the environment domain | string |
DaprConfiguration
| Name | Description | Value |
|---|
KedaConfiguration
| Name | Description | Value |
|---|
LogAnalyticsConfiguration
| Name | Description | Value |
|---|---|---|
| customerId | Log analytics customer id | string |
| sharedKey | Log analytics customer key | string Constraints: Sensitive value. Pass in as a secure parameter. |
ManagedEnvironmentProperties
| Name | Description | Value |
|---|---|---|
| appLogsConfiguration | Cluster configuration which enables the log daemon to export app logs to configured destination. | AppLogsConfiguration |
| customDomainConfiguration | Custom domain configuration for the environment | CustomDomainConfiguration |
| daprAIConnectionString | Application Insights connection string used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprAIInstrumentationKey | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry | string Constraints: Sensitive value. Pass in as a secure parameter. |
| daprConfiguration | The configuration of Dapr component. | DaprConfiguration |
| infrastructureResourceGroup | Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. | string |
| kedaConfiguration | The configuration of Keda component. | KedaConfiguration |
| peerAuthentication | Peer authentication settings for the Managed Environment | ManagedEnvironmentPropertiesPeerAuthentication |
| vnetConfiguration | Vnet configuration for the environment | VnetConfiguration |
| workloadProfiles | Workload profiles configured for the Managed Environment. | WorkloadProfile[] |
| zoneRedundant | Whether or not this Managed Environment is zone-redundant. | bool |
ManagedEnvironmentPropertiesPeerAuthentication
| Name | Description | Value |
|---|---|---|
| mtls | Mutual TLS authentication settings for the Managed Environment | Mtls |
Mtls
| Name | Description | Value |
|---|---|---|
| enabled | Boolean indicating whether the mutual TLS authentication is enabled | bool |
TrackedResourceTags
| Name | Description | Value |
|---|
VnetConfiguration
| Name | Description | Value |
|---|---|---|
| dockerBridgeCidr | CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. | string |
| infrastructureSubnetId | Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. | string |
| internal | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property | bool |
| platformReservedCidr | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. | string |
| platformReservedDnsIP | An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. | string |
WorkloadProfile
| Name | Description | Value |
|---|---|---|
| maximumCount | The maximum capacity. | int |
| minimumCount | The minimum capacity. | int |
| name | Workload profile type for the workloads to run on. | string (required) |
| workloadProfileType | Workload profile type for the workloads to run on. | string (required) |
Usage Examples
Terraform Samples
A basic example of deploying Container App Environment.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "workspace" {
type = "Microsoft.OperationalInsights/workspaces@2022-10-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
features = {
disableLocalAuth = false
enableLogAccessUsingOnlyResourcePermissions = true
}
publicNetworkAccessForIngestion = "Enabled"
publicNetworkAccessForQuery = "Enabled"
retentionInDays = 30
sku = {
name = "PerGB2018"
}
workspaceCapping = {
dailyQuotaGb = -1
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
data "azapi_resource_action" "sharedKeys" {
type = "Microsoft.OperationalInsights/workspaces@2020-08-01"
resource_id = azapi_resource.workspace.id
action = "sharedKeys"
response_export_values = ["*"]
}
resource "azapi_resource" "managedEnvironment" {
type = "Microsoft.App/managedEnvironments@2022-03-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
appLogsConfiguration = {
destination = "log-analytics"
logAnalyticsConfiguration = {
customerId = azapi_resource.workspace.output.properties.customerId
sharedKey = data.azapi_resource_action.sharedKeys.output.primarySharedKey
}
}
vnetConfiguration = {
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| App Managed Environment | AVM Resource Module for App Managed Environment |