Microsoft.Maps accounts
Bicep resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Maps/accounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Maps/accounts@2024-07-01-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
name: 'string'
properties: {
cors: {
corsRules: [
{
allowedOrigins: [
'string'
]
}
]
}
disableLocalAuth: bool
encryption: {
customerManagedKeyEncryption: {
keyEncryptionKeyIdentity: {
delegatedIdentityClientId: 'string'
federatedClientId: 'string'
identityType: 'string'
userAssignedIdentityResourceId: 'string'
}
keyEncryptionKeyUrl: 'string'
}
infrastructureEncryption: 'string'
}
linkedResources: [
{
id: 'string'
uniqueName: 'string'
}
]
locations: [
{
locationName: 'string'
}
]
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
CorsRule
Name | Description | Value |
---|---|---|
allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) |
CorsRules
Name | Description | Value |
---|---|---|
corsRules | The list of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] |
Encryption
Name | Description | Value |
---|---|---|
customerManagedKeyEncryption | All Customer-managed key encryption properties for the resource. | EncryptionCustomerManagedKeyEncryption |
infrastructureEncryption | (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. | 'disabled' 'enabled' |
EncryptionCustomerManagedKeyEncryption
Name | Description | Value |
---|---|---|
keyEncryptionKeyIdentity | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | EncryptionCustomerManagedKeyEncryptionKeyIdentity |
keyEncryptionKeyUrl | key encryption key Url, versioned or unversioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | string |
EncryptionCustomerManagedKeyEncryptionKeyIdentity
Name | Description | Value |
---|---|---|
delegatedIdentityClientId | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/{resource group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
federatedClientId | application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
identityType | The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. | 'delegatedResourceIdentity' 'systemAssignedIdentity' 'userAssignedIdentity' |
userAssignedIdentityResourceId | User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/{resource group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. | string |
LinkedResource
Name | Description | Value |
---|---|---|
id | ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. | string (required) |
uniqueName | A provided name which uniquely identifies the linked resource. | string (required) |
LocationsItem
Name | Description | Value |
---|---|---|
locationName | The location name. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
MapsAccountProperties
Name | Description | Value |
---|---|---|
cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules |
disableLocalAuth | Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. | bool |
encryption | All encryption configuration for a resource. | Encryption |
linkedResources | The array of associated resources to the Maps account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Maps Account Managed Identity(s) permissions to those resource(s). | LinkedResource[] |
locations | List of additional data processing regions for the Maps Account, which may result in requests being processed in another geography. Some features or results may be restricted to specific regions. By default, Maps REST APIs process requests according to the account location or the geographic scope. | LocationsItem[] |
Microsoft.Maps/accounts
Name | Description | Value |
---|---|---|
identity | Managed service identity (system assigned and/or user assigned identities) | ManagedServiceIdentity |
kind | Get or Set Kind property. | 'Gen2' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string Constraints: Min length = 1 Pattern = ^[^%&:\\/#?]+$ (required) |
properties | The map account properties. | MapsAccountProperties |
sku | The SKU of this account. | Sku (required) |
tags | Resource tags. | TrackedResourceTags |
Sku
Name | Description | Value |
---|---|---|
name | The name of the SKU, in standard format (such as G2). | 'G2' (required) |
TrackedResourceTags
Name | Description | Value |
---|
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Deploy Azure Maps | This template deploys and Azure Maps account and lists the primary key. |
Deploy Azure Maps with Azure Maps Creator (Indoor Maps) | This template deploys and Azure Maps account with the Indoor Maps Creator Feature to allow building Indoor Maps. |
ARM template resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Maps/accounts resource, add the following JSON to your template.
{
"type": "Microsoft.Maps/accounts",
"apiVersion": "2024-07-01-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"properties": {
"cors": {
"corsRules": [
{
"allowedOrigins": [ "string" ]
}
]
},
"disableLocalAuth": "bool",
"encryption": {
"customerManagedKeyEncryption": {
"keyEncryptionKeyIdentity": {
"delegatedIdentityClientId": "string",
"federatedClientId": "string",
"identityType": "string",
"userAssignedIdentityResourceId": "string"
},
"keyEncryptionKeyUrl": "string"
},
"infrastructureEncryption": "string"
},
"linkedResources": [
{
"id": "string",
"uniqueName": "string"
}
],
"locations": [
{
"locationName": "string"
}
]
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
CorsRule
Name | Description | Value |
---|---|---|
allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) |
CorsRules
Name | Description | Value |
---|---|---|
corsRules | The list of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] |
Encryption
Name | Description | Value |
---|---|---|
customerManagedKeyEncryption | All Customer-managed key encryption properties for the resource. | EncryptionCustomerManagedKeyEncryption |
infrastructureEncryption | (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. | 'disabled' 'enabled' |
EncryptionCustomerManagedKeyEncryption
Name | Description | Value |
---|---|---|
keyEncryptionKeyIdentity | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | EncryptionCustomerManagedKeyEncryptionKeyIdentity |
keyEncryptionKeyUrl | key encryption key Url, versioned or unversioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | string |
EncryptionCustomerManagedKeyEncryptionKeyIdentity
Name | Description | Value |
---|---|---|
delegatedIdentityClientId | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/{resource group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
federatedClientId | application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
identityType | The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. | 'delegatedResourceIdentity' 'systemAssignedIdentity' 'userAssignedIdentity' |
userAssignedIdentityResourceId | User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/{resource group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. | string |
LinkedResource
Name | Description | Value |
---|---|---|
id | ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. | string (required) |
uniqueName | A provided name which uniquely identifies the linked resource. | string (required) |
LocationsItem
Name | Description | Value |
---|---|---|
locationName | The location name. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
MapsAccountProperties
Name | Description | Value |
---|---|---|
cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules |
disableLocalAuth | Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. | bool |
encryption | All encryption configuration for a resource. | Encryption |
linkedResources | The array of associated resources to the Maps account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Maps Account Managed Identity(s) permissions to those resource(s). | LinkedResource[] |
locations | List of additional data processing regions for the Maps Account, which may result in requests being processed in another geography. Some features or results may be restricted to specific regions. By default, Maps REST APIs process requests according to the account location or the geographic scope. | LocationsItem[] |
Microsoft.Maps/accounts
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Maps/accounts' |
identity | Managed service identity (system assigned and/or user assigned identities) | ManagedServiceIdentity |
kind | Get or Set Kind property. | 'Gen2' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string Constraints: Min length = 1 Pattern = ^[^%&:\\/#?]+$ (required) |
properties | The map account properties. | MapsAccountProperties |
sku | The SKU of this account. | Sku (required) |
tags | Resource tags. | TrackedResourceTags |
Sku
Name | Description | Value |
---|---|---|
name | The name of the SKU, in standard format (such as G2). | 'G2' (required) |
TrackedResourceTags
Name | Description | Value |
---|
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create Azure Maps SAS token stored in an Azure Key Vault |
This template deploys and Azure Maps account and lists a Sas token based on the provided User Assigned identity to be stored in an Azure Key Vault secret. |
Deploy Azure Maps |
This template deploys and Azure Maps account and lists the primary key. |
Deploy Azure Maps with Azure Maps Creator (Indoor Maps) |
This template deploys and Azure Maps account with the Indoor Maps Creator Feature to allow building Indoor Maps. |
RBAC - Create Managed Identity Access on Azure Maps account |
This template creates a Managed Identity and assigns it access to an a created Azure Maps account. |
Terraform (AzAPI provider) resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Maps/accounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Maps/accounts@2024-07-01-preview"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
kind = "string"
location = "string"
body = jsonencode({
properties = {
cors = {
corsRules = [
{
allowedOrigins = [
"string"
]
}
]
}
disableLocalAuth = bool
encryption = {
customerManagedKeyEncryption = {
keyEncryptionKeyIdentity = {
delegatedIdentityClientId = "string"
federatedClientId = "string"
identityType = "string"
userAssignedIdentityResourceId = "string"
}
keyEncryptionKeyUrl = "string"
}
infrastructureEncryption = "string"
}
linkedResources = [
{
id = "string"
uniqueName = "string"
}
]
locations = [
{
locationName = "string"
}
]
}
})
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
}
Property values
CorsRule
Name | Description | Value |
---|---|---|
allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) |
CorsRules
Name | Description | Value |
---|---|---|
corsRules | The list of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] |
Encryption
Name | Description | Value |
---|---|---|
customerManagedKeyEncryption | All Customer-managed key encryption properties for the resource. | EncryptionCustomerManagedKeyEncryption |
infrastructureEncryption | (Optional) Discouraged to include in resource definition. Only needed where it is possible to disable platform (AKA infrastructure) encryption. Azure SQL TDE is an example of this. Values are enabled and disabled. | 'disabled' 'enabled' |
EncryptionCustomerManagedKeyEncryption
Name | Description | Value |
---|---|---|
keyEncryptionKeyIdentity | All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. | EncryptionCustomerManagedKeyEncryptionKeyIdentity |
keyEncryptionKeyUrl | key encryption key Url, versioned or unversioned. Ex: https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78 or https://contosovault.vault.azure.net/keys/contosokek. | string |
EncryptionCustomerManagedKeyEncryptionKeyIdentity
Name | Description | Value |
---|---|---|
delegatedIdentityClientId | delegated identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/{resource group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity and userAssignedIdentity - internal use only. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
federatedClientId | application client identity to use for accessing key encryption key Url in a different tenant. Ex: f83c6b1b-4d34-47e4-bb34-9d83df58b540 | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
identityType | The type of identity to use. Values can be systemAssignedIdentity, userAssignedIdentity, or delegatedResourceIdentity. | 'delegatedResourceIdentity' 'systemAssignedIdentity' 'userAssignedIdentity' |
userAssignedIdentityResourceId | User assigned identity to use for accessing key encryption key Url. Ex: /subscriptions/fa5fc227-a624-475e-b696-cdd604c735bc/resourceGroups/{resource group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myId. Mutually exclusive with identityType systemAssignedIdentity. | string |
LinkedResource
Name | Description | Value |
---|---|---|
id | ARM resource id in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/accounts/{storageName}'. | string (required) |
uniqueName | A provided name which uniquely identifies the linked resource. | string (required) |
LocationsItem
Name | Description | Value |
---|---|---|
locationName | The location name. | string (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
MapsAccountProperties
Name | Description | Value |
---|---|---|
cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules |
disableLocalAuth | Allows toggle functionality on Azure Policy to disable Azure Maps local authentication support. This will disable Shared Keys and Shared Access Signature Token authentication from any usage. | bool |
encryption | All encryption configuration for a resource. | Encryption |
linkedResources | The array of associated resources to the Maps account. Linked resource in the array cannot individually update, you must update all linked resources in the array together. These resources may be used on operations on the Azure Maps REST API. Access is controlled by the Maps Account Managed Identity(s) permissions to those resource(s). | LinkedResource[] |
locations | List of additional data processing regions for the Maps Account, which may result in requests being processed in another geography. Some features or results may be restricted to specific regions. By default, Maps REST APIs process requests according to the account location or the geographic scope. | LocationsItem[] |
Microsoft.Maps/accounts
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Maps/accounts@2024-07-01-preview" |
identity | Managed service identity (system assigned and/or user assigned identities) | ManagedServiceIdentity |
kind | Get or Set Kind property. | 'Gen2' |
location | The geo-location where the resource lives | string (required) |
name | The resource name | string Constraints: Min length = 1 Pattern = ^[^%&:\\/#?]+$ (required) |
properties | The map account properties. | MapsAccountProperties |
sku | The SKU of this account. | Sku (required) |
tags | Resource tags. | TrackedResourceTags |
Sku
Name | Description | Value |
---|---|---|
name | The name of the SKU, in standard format (such as G2). | 'G2' (required) |
TrackedResourceTags
Name | Description | Value |
---|
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|