Microsoft.Resources deploymentStacks 2024-03-01

2025-10-08

Bicep resource definition

The deploymentStacks resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deploymentStacks resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Resources/deploymentStacks@2024-03-01' = {
  scope: resourceSymbolicName or scope
  location: 'string'
  name: 'string'
  properties: {
    actionOnUnmanage: {
      managementGroups: 'string'
      resourceGroups: 'string'
      resources: 'string'
    }
    bypassStackOutOfSyncError: bool
    debugSetting: {
      detailLevel: 'string'
    }
    denySettings: {
      applyToChildScopes: bool
      excludedActions: [
        'string'
      ]
      excludedPrincipals: [
        'string'
      ]
      mode: 'string'
    }
    deploymentScope: 'string'
    description: 'string'
    error: {}
    parameters: {
      {customized property}: {
        reference: {
          keyVault: {
            id: 'string'
          }
          secretName: 'string'
          secretVersion: 'string'
        }
        type: 'string'
        value: any(...)
      }
    }
    parametersLink: {
      contentVersion: 'string'
      uri: 'string'
    }
    template: {
      {customized property}: any(...)
    }
    templateLink: {
      contentVersion: 'string'
      id: 'string'
      queryString: 'string'
      relativePath: 'string'
      uri: 'string'
    }
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.Resources/deploymentStacks

Name	Description	Value
location	The geo-location where the resource lives. Required for subscription and management group scoped stacks. The location is inherited from the resource group for resource group scoped stacks.	string
name	The resource name	string Constraints: Min length = 1 Max length = 90 Pattern = `^[-\w\._]+$` (required)
properties	Deployment stack properties.	DeploymentStackProperties
scope	Use when creating a resource at a scope that is different than the deployment scope.	Set this property to the symbolic name of a resource to apply the extension resource.
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

ActionOnUnmanage

Name	Description	Value
managementGroups	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach'
resourceGroups	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach'
resources	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach' (required)

DenySettings

Name	Description	Value
applyToChildScopes	DenySettings will be applied to child resource scopes of every managed resource with a deny assignment.	bool
excludedActions	List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed.	string[]
excludedPrincipals	List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.	string[]
mode	denySettings Mode that defines denied actions.	'denyDelete' 'denyWriteAndDelete' 'none' (required)

DeploymentParameter

Name	Description	Value
reference	Azure Key Vault parameter reference.	KeyVaultParameterReference
type	Type of the value.	string
value	Input value to the parameter.	any

DeploymentStackProperties

Name	Description	Value
actionOnUnmanage	Defines the behavior of resources that are no longer managed after the Deployment stack is updated or deleted.	ActionOnUnmanage (required)
bypassStackOutOfSyncError	Flag to bypass service errors that indicate the stack resource list is not correctly synchronized.	bool
debugSetting	The debug setting of the deployment.	DeploymentStacksDebugSetting
denySettings	Defines how resources deployed by the stack are locked.	DenySettings (required)
deploymentScope	The scope at which the initial deployment should be created. If a scope is not specified, it will default to the scope of the deployment stack. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroupId}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}').	string
description	Deployment stack description. Max length of 4096 characters.	string Constraints: Max length = 4096
error	The error detail.	ErrorDetail
parameters	Name and value pairs that define the deployment parameters for the template. Use this element when providing the parameter values directly in the request, rather than linking to an existing parameter file. Use either the parametersLink property or the parameters property, but not both.	DeploymentStackPropertiesParameters
parametersLink	The URI of parameters file. Use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both.	DeploymentStacksParametersLink
template	The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both.	DeploymentStackPropertiesTemplate
templateLink	The URI of the template. Use either the templateLink property or the template property, but not both.	DeploymentStacksTemplateLink

DeploymentStackPropertiesParameters

Name	Description	Value

DeploymentStackPropertiesTemplate

Name	Description	Value

DeploymentStacksDebugSetting

Name	Description	Value
detailLevel	Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information that is being passed in during deployment. By logging information about the request or response, sensitive data that is retrieved through the deployment operations could potentially be exposed.	string

DeploymentStacksParametersLink

Name	Description	Value
contentVersion	If included, must match the ContentVersion in the template.	string
uri	The URI of the parameters file.	string (required)

DeploymentStacksTemplateLink

Name	Description	Value
contentVersion	If included, must match the ContentVersion in the template.	string
id	The resourceId of a Template Spec. Use either the id or uri property, but not both.	string
queryString	The query string (for example, a SAS token) to be used with the templateLink URI.	string
relativePath	The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs.	string
uri	The URI of the template to deploy. Use either the uri or id property, but not both.	string

DeploymentStackTags

Name	Description	Value

ErrorDetail

Name	Description	Value

KeyVaultParameterReference

Name	Description	Value
keyVault	Azure Key Vault reference.	KeyVaultReference (required)
secretName	Azure Key Vault secret name.	string (required)
secretVersion	Azure Key Vault secret version.	string

KeyVaultReference

Name	Description	Value
id	Azure Key Vault resourceId.	string (required)

ARM template resource definition

The deploymentStacks resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deploymentStacks resource, add the following JSON to your template.

{
  "type": "Microsoft.Resources/deploymentStacks",
  "apiVersion": "2024-03-01",
  "name": "string",
  "location": "string",
  "properties": {
    "actionOnUnmanage": {
      "managementGroups": "string",
      "resourceGroups": "string",
      "resources": "string"
    },
    "bypassStackOutOfSyncError": "bool",
    "debugSetting": {
      "detailLevel": "string"
    },
    "denySettings": {
      "applyToChildScopes": "bool",
      "excludedActions": [ "string" ],
      "excludedPrincipals": [ "string" ],
      "mode": "string"
    },
    "deploymentScope": "string",
    "description": "string",
    "error": {
    },
    "parameters": {
      "{customized property}": {
        "reference": {
          "keyVault": {
            "id": "string"
          },
          "secretName": "string",
          "secretVersion": "string"
        },
        "type": "string",
        "value": {}
      }
    },
    "parametersLink": {
      "contentVersion": "string",
      "uri": "string"
    },
    "template": {
      "{customized property}": {}
    },
    "templateLink": {
      "contentVersion": "string",
      "id": "string",
      "queryString": "string",
      "relativePath": "string",
      "uri": "string"
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.Resources/deploymentStacks

Name	Description	Value
apiVersion	The api version	'2024-03-01'
location	The geo-location where the resource lives. Required for subscription and management group scoped stacks. The location is inherited from the resource group for resource group scoped stacks.	string
name	The resource name	string Constraints: Min length = 1 Max length = 90 Pattern = `^[-\w\._]+$` (required)
properties	Deployment stack properties.	DeploymentStackProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Resources/deploymentStacks'

ActionOnUnmanage

Name	Description	Value
managementGroups	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach'
resourceGroups	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach'
resources	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach' (required)

DenySettings

Name	Description	Value
applyToChildScopes	DenySettings will be applied to child resource scopes of every managed resource with a deny assignment.	bool
excludedActions	List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed.	string[]
excludedPrincipals	List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.	string[]
mode	denySettings Mode that defines denied actions.	'denyDelete' 'denyWriteAndDelete' 'none' (required)

DeploymentParameter

Name	Description	Value
reference	Azure Key Vault parameter reference.	KeyVaultParameterReference
type	Type of the value.	string
value	Input value to the parameter.	any

DeploymentStackProperties

Name	Description	Value
actionOnUnmanage	Defines the behavior of resources that are no longer managed after the Deployment stack is updated or deleted.	ActionOnUnmanage (required)
bypassStackOutOfSyncError	Flag to bypass service errors that indicate the stack resource list is not correctly synchronized.	bool
debugSetting	The debug setting of the deployment.	DeploymentStacksDebugSetting
denySettings	Defines how resources deployed by the stack are locked.	DenySettings (required)
deploymentScope	The scope at which the initial deployment should be created. If a scope is not specified, it will default to the scope of the deployment stack. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroupId}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}').	string
description	Deployment stack description. Max length of 4096 characters.	string Constraints: Max length = 4096
error	The error detail.	ErrorDetail
parameters	Name and value pairs that define the deployment parameters for the template. Use this element when providing the parameter values directly in the request, rather than linking to an existing parameter file. Use either the parametersLink property or the parameters property, but not both.	DeploymentStackPropertiesParameters
parametersLink	The URI of parameters file. Use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both.	DeploymentStacksParametersLink
template	The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both.	DeploymentStackPropertiesTemplate
templateLink	The URI of the template. Use either the templateLink property or the template property, but not both.	DeploymentStacksTemplateLink

DeploymentStackPropertiesParameters

Name	Description	Value

DeploymentStackPropertiesTemplate

Name	Description	Value

DeploymentStacksDebugSetting

Name	Description	Value
detailLevel	Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information that is being passed in during deployment. By logging information about the request or response, sensitive data that is retrieved through the deployment operations could potentially be exposed.	string

DeploymentStacksParametersLink

Name	Description	Value
contentVersion	If included, must match the ContentVersion in the template.	string
uri	The URI of the parameters file.	string (required)

DeploymentStacksTemplateLink

Name	Description	Value
contentVersion	If included, must match the ContentVersion in the template.	string
id	The resourceId of a Template Spec. Use either the id or uri property, but not both.	string
queryString	The query string (for example, a SAS token) to be used with the templateLink URI.	string
relativePath	The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs.	string
uri	The URI of the template to deploy. Use either the uri or id property, but not both.	string

DeploymentStackTags

Name	Description	Value

ErrorDetail

Name	Description	Value

KeyVaultParameterReference

Name	Description	Value
keyVault	Azure Key Vault reference.	KeyVaultReference (required)
secretName	Azure Key Vault secret name.	string (required)
secretVersion	Azure Key Vault secret version.	string

KeyVaultReference

Name	Description	Value
id	Azure Key Vault resourceId.	string (required)

Usage Examples

Terraform (AzAPI provider) resource definition

The deploymentStacks resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deploymentStacks resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Resources/deploymentStacks@2024-03-01"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      actionOnUnmanage = {
        managementGroups = "string"
        resourceGroups = "string"
        resources = "string"
      }
      bypassStackOutOfSyncError = bool
      debugSetting = {
        detailLevel = "string"
      }
      denySettings = {
        applyToChildScopes = bool
        excludedActions = [
          "string"
        ]
        excludedPrincipals = [
          "string"
        ]
        mode = "string"
      }
      deploymentScope = "string"
      description = "string"
      error = {
      }
      parameters = {
        {customized property} = {
          reference = {
            keyVault = {
              id = "string"
            }
            secretName = "string"
            secretVersion = "string"
          }
          type = "string"
          value = ?
        }
      }
      parametersLink = {
        contentVersion = "string"
        uri = "string"
      }
      template = {
        {customized property} = ?
      }
      templateLink = {
        contentVersion = "string"
        id = "string"
        queryString = "string"
        relativePath = "string"
        uri = "string"
      }
    }
  }
}

Property Values

Microsoft.Resources/deploymentStacks

Name	Description	Value
location	The geo-location where the resource lives. Required for subscription and management group scoped stacks. The location is inherited from the resource group for resource group scoped stacks.	string
name	The resource name	string Constraints: Min length = 1 Max length = 90 Pattern = `^[-\w\._]+$` (required)
parent_id	The ID of the resource to apply this extension resource to.	string (required)
properties	Deployment stack properties.	DeploymentStackProperties
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Resources/deploymentStacks@2024-03-01"

ActionOnUnmanage

Name	Description	Value
managementGroups	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach'
resourceGroups	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach'
resources	Specifies an action for a newly unmanaged resource. Delete will attempt to delete the resource from Azure. Detach will leave the resource in it's current state.	'delete' 'detach' (required)

DenySettings

Name	Description	Value
applyToChildScopes	DenySettings will be applied to child resource scopes of every managed resource with a deny assignment.	bool
excludedActions	List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted. If the denySetting mode is set to 'denyWriteAndDelete', then the following actions are automatically appended to 'excludedActions': '*/read' and 'Microsoft.Authorization/locks/delete'. If the denySetting mode is set to 'denyDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will be removed.	string[]
excludedPrincipals	List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.	string[]
mode	denySettings Mode that defines denied actions.	'denyDelete' 'denyWriteAndDelete' 'none' (required)

DeploymentParameter

Name	Description	Value
reference	Azure Key Vault parameter reference.	KeyVaultParameterReference
type	Type of the value.	string
value	Input value to the parameter.	any

DeploymentStackProperties

Name	Description	Value
actionOnUnmanage	Defines the behavior of resources that are no longer managed after the Deployment stack is updated or deleted.	ActionOnUnmanage (required)
bypassStackOutOfSyncError	Flag to bypass service errors that indicate the stack resource list is not correctly synchronized.	bool
debugSetting	The debug setting of the deployment.	DeploymentStacksDebugSetting
denySettings	Defines how resources deployed by the stack are locked.	DenySettings (required)
deploymentScope	The scope at which the initial deployment should be created. If a scope is not specified, it will default to the scope of the deployment stack. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroupId}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}').	string
description	Deployment stack description. Max length of 4096 characters.	string Constraints: Max length = 4096
error	The error detail.	ErrorDetail
parameters	Name and value pairs that define the deployment parameters for the template. Use this element when providing the parameter values directly in the request, rather than linking to an existing parameter file. Use either the parametersLink property or the parameters property, but not both.	DeploymentStackPropertiesParameters
parametersLink	The URI of parameters file. Use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both.	DeploymentStacksParametersLink
template	The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both.	DeploymentStackPropertiesTemplate
templateLink	The URI of the template. Use either the templateLink property or the template property, but not both.	DeploymentStacksTemplateLink

DeploymentStackPropertiesParameters

Name	Description	Value

DeploymentStackPropertiesTemplate

Name	Description	Value

DeploymentStacksDebugSetting

Name	Description	Value
detailLevel	Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information that is being passed in during deployment. By logging information about the request or response, sensitive data that is retrieved through the deployment operations could potentially be exposed.	string

DeploymentStacksParametersLink

Name	Description	Value
contentVersion	If included, must match the ContentVersion in the template.	string
uri	The URI of the parameters file.	string (required)

DeploymentStacksTemplateLink

Name	Description	Value
contentVersion	If included, must match the ContentVersion in the template.	string
id	The resourceId of a Template Spec. Use either the id or uri property, but not both.	string
queryString	The query string (for example, a SAS token) to be used with the templateLink URI.	string
relativePath	The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs.	string
uri	The URI of the template to deploy. Use either the uri or id property, but not both.	string

DeploymentStackTags

Name	Description	Value

ErrorDetail

Name	Description	Value

KeyVaultParameterReference

Name	Description	Value
keyVault	Azure Key Vault reference.	KeyVaultReference (required)
secretName	Azure Key Vault secret name.	string (required)
secretVersion	Azure Key Vault secret version.	string

KeyVaultReference

Name	Description	Value
id	Azure Key Vault resourceId.	string (required)

Feedback

Was this page helpful?

Share via

Microsoft.Resources deploymentStacks 2024-03-01

Bicep resource definition

Resource format

Property Values

Microsoft.Resources/deploymentStacks

ActionOnUnmanage

DenySettings

DeploymentParameter

DeploymentStackProperties

DeploymentStackPropertiesParameters

DeploymentStackPropertiesTemplate

DeploymentStacksDebugSetting

DeploymentStacksParametersLink

DeploymentStacksTemplateLink

DeploymentStackTags

ErrorDetail

KeyVaultParameterReference

KeyVaultReference

ARM template resource definition

Resource format

Property Values

Microsoft.Resources/deploymentStacks

ActionOnUnmanage

DenySettings

DeploymentParameter

DeploymentStackProperties

DeploymentStackPropertiesParameters

DeploymentStackPropertiesTemplate

DeploymentStacksDebugSetting

DeploymentStacksParametersLink

DeploymentStacksTemplateLink

DeploymentStackTags

ErrorDetail

KeyVaultParameterReference

KeyVaultReference

Usage Examples

Terraform (AzAPI provider) resource definition

Resource format

Property Values

Microsoft.Resources/deploymentStacks

ActionOnUnmanage

DenySettings

DeploymentParameter

DeploymentStackProperties

DeploymentStackPropertiesParameters

DeploymentStackPropertiesTemplate

DeploymentStacksDebugSetting

DeploymentStacksParametersLink

DeploymentStacksTemplateLink

DeploymentStackTags

ErrorDetail

KeyVaultParameterReference

KeyVaultReference

Feedback

Additional resources