Microsoft.App managedEnvironments

Bicep resource definition

The managedEnvironments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.App/managedEnvironments@2024-03-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  kind: 'string'
  properties: {
    appLogsConfiguration: {
      destination: 'string'
      logAnalyticsConfiguration: {
        customerId: 'string'
        sharedKey: 'string'
      }
    }
    customDomainConfiguration: {
      certificatePassword: 'string'
      certificateValue: any()
      dnsSuffix: 'string'
    }
    daprAIConnectionString: 'string'
    daprAIInstrumentationKey: 'string'
    daprConfiguration: {}
    infrastructureResourceGroup: 'string'
    kedaConfiguration: {}
    peerAuthentication: {
      mtls: {
        enabled: bool
      }
    }
    peerTrafficConfiguration: {
      encryption: {
        enabled: bool
      }
    }
    vnetConfiguration: {
      dockerBridgeCidr: 'string'
      infrastructureSubnetId: 'string'
      internal: bool
      platformReservedCidr: 'string'
      platformReservedDnsIP: 'string'
    }
    workloadProfiles: [
      {
        maximumCount: int
        minimumCount: int
        name: 'string'
        workloadProfileType: 'string'
      }
    ]
    zoneRedundant: bool
  }
}

Property values

managedEnvironments

Name Description Value
name The resource name string (required)
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
kind Kind of the Environment. string
properties Managed environment resource specific properties ManagedEnvironmentProperties

ManagedEnvironmentProperties

Name Description Value
appLogsConfiguration Cluster configuration which enables the log daemon to export
app logs to a destination. Currently only "log-analytics" is
supported
AppLogsConfiguration
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprConfiguration The configuration of Dapr component. DaprConfiguration
infrastructureResourceGroup Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. string
kedaConfiguration The configuration of Keda component. KedaConfiguration
peerAuthentication Peer authentication settings for the Managed Environment ManagedEnvironmentPropertiesPeerAuthentication
peerTrafficConfiguration Peer traffic settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

CustomDomainConfiguration

Name Description Value
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob For Bicep, you can use the any() function.
dnsSuffix Dns suffix for the environment domain string

DaprConfiguration

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

KedaConfiguration

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

ManagedEnvironmentPropertiesPeerAuthentication

Name Description Value
mtls Mutual TLS authentication settings for the Managed Environment Mtls

Mtls

Name Description Value
enabled Boolean indicating whether the mutual TLS authentication is enabled bool

ManagedEnvironmentPropertiesPeerTrafficConfiguration

Name Description Value
encryption Peer traffic encryption settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration...

ManagedEnvironmentPropertiesPeerTrafficConfiguration...

Name Description Value
enabled Boolean indicating whether the peer traffic encryption is enabled bool

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property bool
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string

WorkloadProfile

Name Description Value
maximumCount The maximum capacity. int
minimumCount The minimum capacity. int
name Workload profile type for the workloads to run on. string (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

ARM template resource definition

The managedEnvironments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following JSON to your template.

{
  "type": "Microsoft.App/managedEnvironments",
  "apiVersion": "2024-03-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "kind": "string",
  "properties": {
    "appLogsConfiguration": {
      "destination": "string",
      "logAnalyticsConfiguration": {
        "customerId": "string",
        "sharedKey": "string"
      }
    },
    "customDomainConfiguration": {
      "certificatePassword": "string",
      "certificateValue": {},
      "dnsSuffix": "string"
    },
    "daprAIConnectionString": "string",
    "daprAIInstrumentationKey": "string",
    "daprConfiguration": {},
    "infrastructureResourceGroup": "string",
    "kedaConfiguration": {},
    "peerAuthentication": {
      "mtls": {
        "enabled": "bool"
      }
    },
    "peerTrafficConfiguration": {
      "encryption": {
        "enabled": "bool"
      }
    },
    "vnetConfiguration": {
      "dockerBridgeCidr": "string",
      "infrastructureSubnetId": "string",
      "internal": "bool",
      "platformReservedCidr": "string",
      "platformReservedDnsIP": "string"
    },
    "workloadProfiles": [
      {
        "maximumCount": "int",
        "minimumCount": "int",
        "name": "string",
        "workloadProfileType": "string"
      }
    ],
    "zoneRedundant": "bool"
  }
}

Property values

managedEnvironments

Name Description Value
type The resource type 'Microsoft.App/managedEnvironments'
apiVersion The resource api version '2024-03-01'
name The resource name string (required)
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
kind Kind of the Environment. string
properties Managed environment resource specific properties ManagedEnvironmentProperties

ManagedEnvironmentProperties

Name Description Value
appLogsConfiguration Cluster configuration which enables the log daemon to export
app logs to a destination. Currently only "log-analytics" is
supported
AppLogsConfiguration
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprConfiguration The configuration of Dapr component. DaprConfiguration
infrastructureResourceGroup Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. string
kedaConfiguration The configuration of Keda component. KedaConfiguration
peerAuthentication Peer authentication settings for the Managed Environment ManagedEnvironmentPropertiesPeerAuthentication
peerTrafficConfiguration Peer traffic settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

CustomDomainConfiguration

Name Description Value
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob
dnsSuffix Dns suffix for the environment domain string

DaprConfiguration

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

KedaConfiguration

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

ManagedEnvironmentPropertiesPeerAuthentication

Name Description Value
mtls Mutual TLS authentication settings for the Managed Environment Mtls

Mtls

Name Description Value
enabled Boolean indicating whether the mutual TLS authentication is enabled bool

ManagedEnvironmentPropertiesPeerTrafficConfiguration

Name Description Value
encryption Peer traffic encryption settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration...

ManagedEnvironmentPropertiesPeerTrafficConfiguration...

Name Description Value
enabled Boolean indicating whether the peer traffic encryption is enabled bool

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property bool
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string

WorkloadProfile

Name Description Value
maximumCount The maximum capacity. int
minimumCount The minimum capacity. int
name Workload profile type for the workloads to run on. string (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.

Terraform (AzAPI provider) resource definition

The managedEnvironments resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.App/managedEnvironments resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.App/managedEnvironments@2024-03-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      appLogsConfiguration = {
        destination = "string"
        logAnalyticsConfiguration = {
          customerId = "string"
          sharedKey = "string"
        }
      }
      customDomainConfiguration = {
        certificatePassword = "string"
        dnsSuffix = "string"
      }
      daprAIConnectionString = "string"
      daprAIInstrumentationKey = "string"
      daprConfiguration = {}
      infrastructureResourceGroup = "string"
      kedaConfiguration = {}
      peerAuthentication = {
        mtls = {
          enabled = bool
        }
      }
      peerTrafficConfiguration = {
        encryption = {
          enabled = bool
        }
      }
      vnetConfiguration = {
        dockerBridgeCidr = "string"
        infrastructureSubnetId = "string"
        internal = bool
        platformReservedCidr = "string"
        platformReservedDnsIP = "string"
      }
      workloadProfiles = [
        {
          maximumCount = int
          minimumCount = int
          name = "string"
          workloadProfileType = "string"
        }
      ]
      zoneRedundant = bool
    }
    kind = "string"
  })
}

Property values

managedEnvironments

Name Description Value
type The resource type "Microsoft.App/managedEnvironments@2024-03-01"
name The resource name string (required)
location The geo-location where the resource lives string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.
kind Kind of the Environment. string
properties Managed environment resource specific properties ManagedEnvironmentProperties

ManagedEnvironmentProperties

Name Description Value
appLogsConfiguration Cluster configuration which enables the log daemon to export
app logs to a destination. Currently only "log-analytics" is
supported
AppLogsConfiguration
customDomainConfiguration Custom domain configuration for the environment CustomDomainConfiguration
daprAIConnectionString Application Insights connection string used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprAIInstrumentationKey Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry string

Constraints:
Sensitive value. Pass in as a secure parameter.
daprConfiguration The configuration of Dapr component. DaprConfiguration
infrastructureResourceGroup Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. string
kedaConfiguration The configuration of Keda component. KedaConfiguration
peerAuthentication Peer authentication settings for the Managed Environment ManagedEnvironmentPropertiesPeerAuthentication
peerTrafficConfiguration Peer traffic settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration
vnetConfiguration Vnet configuration for the environment VnetConfiguration
workloadProfiles Workload profiles configured for the Managed Environment. WorkloadProfile[]
zoneRedundant Whether or not this Managed Environment is zone-redundant. bool

AppLogsConfiguration

Name Description Value
destination Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' string
logAnalyticsConfiguration Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' LogAnalyticsConfiguration

LogAnalyticsConfiguration

Name Description Value
customerId Log analytics customer id string
sharedKey Log analytics customer key string

Constraints:
Sensitive value. Pass in as a secure parameter.

CustomDomainConfiguration

Name Description Value
certificatePassword Certificate password string

Constraints:
Sensitive value. Pass in as a secure parameter.
certificateValue PFX or PEM blob
dnsSuffix Dns suffix for the environment domain string

DaprConfiguration

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

KedaConfiguration

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

ManagedEnvironmentPropertiesPeerAuthentication

Name Description Value
mtls Mutual TLS authentication settings for the Managed Environment Mtls

Mtls

Name Description Value
enabled Boolean indicating whether the mutual TLS authentication is enabled bool

ManagedEnvironmentPropertiesPeerTrafficConfiguration

Name Description Value
encryption Peer traffic encryption settings for the Managed Environment ManagedEnvironmentPropertiesPeerTrafficConfiguration...

ManagedEnvironmentPropertiesPeerTrafficConfiguration...

Name Description Value
enabled Boolean indicating whether the peer traffic encryption is enabled bool

VnetConfiguration

Name Description Value
dockerBridgeCidr CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. string
infrastructureSubnetId Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. string
internal Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property bool
platformReservedCidr IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. string
platformReservedDnsIP An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. string

WorkloadProfile

Name Description Value
maximumCount The maximum capacity. int
minimumCount The minimum capacity. int
name Workload profile type for the workloads to run on. string (required)
workloadProfileType Workload profile type for the workloads to run on. string (required)