Share via


Microsoft.Resources deploymentScripts

Remarks

To learn about executing scripts during deployment, see Use deployment scripts in Bicep or Use deployment scripts in ARM templates.

Bicep resource definition

The deploymentScripts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deploymentScripts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  tags: {
    {customized property}: 'string'
  }
  kind: 'string'
  // For remaining properties, see Microsoft.Resources/deploymentScripts objects
}

Microsoft.Resources/deploymentScripts objects

Set the kind property to specify the type of object.

For AzureCLI, use:

{
  kind: 'AzureCLI'
  properties: {
    arguments: 'string'
    azCliVersion: 'string'
    cleanupPreference: 'string'
    containerSettings: {
      containerGroupName: 'string'
      subnetIds: [
        {
          id: 'string'
          name: 'string'
        }
      ]
    }
    environmentVariables: [
      {
        name: 'string'
        secureValue: 'string'
        value: 'string'
      }
    ]
    forceUpdateTag: 'string'
    primaryScriptUri: 'string'
    retentionInterval: 'string'
    scriptContent: 'string'
    storageAccountSettings: {
      storageAccountKey: 'string'
      storageAccountName: 'string'
    }
    supportingScriptUris: [
      'string'
    ]
    timeout: 'string'
  }
}

For AzurePowerShell, use:

{
  kind: 'AzurePowerShell'
  properties: {
    arguments: 'string'
    azPowerShellVersion: 'string'
    cleanupPreference: 'string'
    containerSettings: {
      containerGroupName: 'string'
      subnetIds: [
        {
          id: 'string'
          name: 'string'
        }
      ]
    }
    environmentVariables: [
      {
        name: 'string'
        secureValue: 'string'
        value: 'string'
      }
    ]
    forceUpdateTag: 'string'
    primaryScriptUri: 'string'
    retentionInterval: 'string'
    scriptContent: 'string'
    storageAccountSettings: {
      storageAccountKey: 'string'
      storageAccountName: 'string'
    }
    supportingScriptUris: [
      'string'
    ]
    timeout: 'string'
  }
}

Property Values

Microsoft.Resources/deploymentScripts

Name Description Value
identity Optional property. Managed identity to be used for this deployment script. Currently, only user-assigned MSI is supported. ManagedServiceIdentity
kind Set to 'AzureCLI' for type AzureCliScript. Set to 'AzurePowerShell' for type AzurePowerShellScript. 'AzureCLI'
'AzurePowerShell' (required)
location The location of the ACI and the storage account for the deployment script. string (required)
name The resource name string

Constraints:
Min length = 1
Max length = 90 (required)
scope Use when creating a resource at a scope that is different than the deployment scope. Set this property to the symbolic name of a resource to apply the extension resource.
tags Resource tags Dictionary of tag names and values. See Tags in templates

AzureCliScript

Name Description Value
kind Type of the script. 'AzureCLI' (required)
properties Properties of the Azure CLI script object. AzureCliScriptProperties (required)

AzureCliScriptProperties

Name Description Value
arguments Command line arguments to pass to the script. Arguments are separated by spaces. ex: -Name blue* -Location 'West US 2' string
azCliVersion Azure CLI module version to be used. string (required)
cleanupPreference The clean up preference when the script execution gets in a terminal state. Default setting is 'Always'. 'Always'
'OnExpiration'
'OnSuccess'
containerSettings Container settings. ContainerConfiguration
environmentVariables The environment variables to pass over to the script. EnvironmentVariable[]
forceUpdateTag Gets or sets how the deployment script should be forced to execute even if the script resource has not changed. Can be current time stamp or a GUID. string
primaryScriptUri Uri for the script. This is the entry point for the external script. string
retentionInterval Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P1D means one day). string (required)
scriptContent Script body. string
storageAccountSettings Storage Account settings. StorageAccountConfiguration
supportingScriptUris Supporting files for the external script. string[]
timeout Maximum allowed script execution time specified in ISO 8601 format. Default value is P1D string

AzurePowerShellScript

Name Description Value
kind Type of the script. 'AzurePowerShell' (required)
properties Properties of the Azure PowerShell script object. AzurePowerShellScriptProperties (required)

AzurePowerShellScriptProperties

Name Description Value
arguments Command line arguments to pass to the script. Arguments are separated by spaces. ex: -Name blue* -Location 'West US 2' string
azPowerShellVersion Azure PowerShell module version to be used. string (required)
cleanupPreference The clean up preference when the script execution gets in a terminal state. Default setting is 'Always'. 'Always'
'OnExpiration'
'OnSuccess'
containerSettings Container settings. ContainerConfiguration
environmentVariables The environment variables to pass over to the script. EnvironmentVariable[]
forceUpdateTag Gets or sets how the deployment script should be forced to execute even if the script resource has not changed. Can be current time stamp or a GUID. string
primaryScriptUri Uri for the script. This is the entry point for the external script. string
retentionInterval Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P1D means one day). string (required)
scriptContent Script body. string
storageAccountSettings Storage Account settings. StorageAccountConfiguration
supportingScriptUris Supporting files for the external script. string[]
timeout Maximum allowed script execution time specified in ISO 8601 format. Default value is P1D string

ContainerConfiguration

Name Description Value
containerGroupName Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. To specify a 'containerGroupName', add the following object to properties: { "containerSettings": { "containerGroupName": "contoso-container" } }. If you do not want to specify a 'containerGroupName' then do not add 'containerSettings' property. string

Constraints:
Min length = 1
Max length = 63
subnetIds The subnet resource IDs for a container group. ContainerGroupSubnetId[]

ContainerGroupSubnetId

Name Description Value
id Resource ID of subnet. string (required)
name Friendly name for the subnet. string

DeploymentScriptTags

Name Description Value

EnvironmentVariable

Name Description Value
name The name of the environment variable. string (required)
secureValue The value of the secure environment variable. string

Constraints:
Sensitive value. Pass in as a secure parameter.
value The value of the environment variable. string

ManagedServiceIdentity

Name Description Value
type Type of the managed identity. 'UserAssigned'
userAssignedIdentities The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

StorageAccountConfiguration

Name Description Value
storageAccountKey The storage account access key. string

Constraints:
Sensitive value. Pass in as a secure parameter.
storageAccountName The storage account name. string

UserAssignedIdentity

Name Description Value

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Deployment Script AVM Resource Module for Deployment Script

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Azure Container Service (AKS) with Helm Deploy a managed cluster with Azure Container Service (AKS) with Helm
Azure Image Builder with Azure Windows Baseline Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied.
Build container images with ACR Tasks This template uses DeploymentScript to orchestrate ACR to build your container image from code repo.
Configure Dev Box service This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box.
Copy a file from a uri to a blob storage container This module downloads a file from a uri and copies it to an Azure storageAccount blob container. The storageAccount must already exist and the source file must already be staged to the uri.
Create a blob for the data factory copy data tool quickstart This template creates a blob storage and uploads a file for the copy data tool quickstart
Create a Deployment Script with complex inputs & outputs This template demonstrates best practices for passing and reading complex inputs, outputs and logs to an Az CLI Deployment Script
Create a Deployment Script with complex inputs & outputs This template demonstrates best practices for passing and reading complex inputs, outputs and logs to an Az PowerShell Deployment Script
Create a WordPress site This template creates a WordPress site on Container Instance
Create AKS with Prometheus and Grafana with privae link This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an Azure Machine Learning Sweep job This template creates an Azure Machine Learning Sweep job for hyperparameter tuning.
Create an Azure Virtual Network Manager and sample VNETs This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types.
Create an on-demand SFTP Server with persistent storage This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Create Application Gateway with Certificates This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Creates a Container App and Environment with Registry Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Deploy a simple Azure Spring Apps microservice application This template deploys a simple Azure Spring Apps microservice application to run on Azure.
Deploys a static website Deploys a static website with a backing storage account
FinOps hub This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory.
Front Door Standard/Premium with static website origin This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Import Container Images into ACR This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry.
More is possible with Azure Data Factory - One click to try Azure Data Factory This template creates a data factory pipeline for a copy activity from Azure Blob into another Azure Blob
Network Secured Agent with User Managed Identity This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data.
Standard Agent Setup This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage.
Testing environment for Azure Firewall Premium This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Use a deployment script to create Azure AD objects This sample uses a deployment script to create objects in Azure Active Directory.

ARM template resource definition

The deploymentScripts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deploymentScripts resource, add the following JSON to your template.

{
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "name": "string",
  "tags": {
    "{customized property}": "string"
  },
  "kind": "string"
  // For remaining properties, see Microsoft.Resources/deploymentScripts objects
}

Microsoft.Resources/deploymentScripts objects

Set the kind property to specify the type of object.

For AzureCLI, use:

{
  "kind": "AzureCLI",
  "properties": {
    "arguments": "string",
    "azCliVersion": "string",
    "cleanupPreference": "string",
    "containerSettings": {
      "containerGroupName": "string",
      "subnetIds": [
        {
          "id": "string",
          "name": "string"
        }
      ]
    },
    "environmentVariables": [
      {
        "name": "string",
        "secureValue": "string",
        "value": "string"
      }
    ],
    "forceUpdateTag": "string",
    "primaryScriptUri": "string",
    "retentionInterval": "string",
    "scriptContent": "string",
    "storageAccountSettings": {
      "storageAccountKey": "string",
      "storageAccountName": "string"
    },
    "supportingScriptUris": [ "string" ],
    "timeout": "string"
  }
}

For AzurePowerShell, use:

{
  "kind": "AzurePowerShell",
  "properties": {
    "arguments": "string",
    "azPowerShellVersion": "string",
    "cleanupPreference": "string",
    "containerSettings": {
      "containerGroupName": "string",
      "subnetIds": [
        {
          "id": "string",
          "name": "string"
        }
      ]
    },
    "environmentVariables": [
      {
        "name": "string",
        "secureValue": "string",
        "value": "string"
      }
    ],
    "forceUpdateTag": "string",
    "primaryScriptUri": "string",
    "retentionInterval": "string",
    "scriptContent": "string",
    "storageAccountSettings": {
      "storageAccountKey": "string",
      "storageAccountName": "string"
    },
    "supportingScriptUris": [ "string" ],
    "timeout": "string"
  }
}

Property Values

Microsoft.Resources/deploymentScripts

Name Description Value
apiVersion The api version '2023-08-01'
identity Optional property. Managed identity to be used for this deployment script. Currently, only user-assigned MSI is supported. ManagedServiceIdentity
kind Set to 'AzureCLI' for type AzureCliScript. Set to 'AzurePowerShell' for type AzurePowerShellScript. 'AzureCLI'
'AzurePowerShell' (required)
location The location of the ACI and the storage account for the deployment script. string (required)
name The resource name string

Constraints:
Min length = 1
Max length = 90 (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Resources/deploymentScripts'

AzureCliScript

Name Description Value
kind Type of the script. 'AzureCLI' (required)
properties Properties of the Azure CLI script object. AzureCliScriptProperties (required)

AzureCliScriptProperties

Name Description Value
arguments Command line arguments to pass to the script. Arguments are separated by spaces. ex: -Name blue* -Location 'West US 2' string
azCliVersion Azure CLI module version to be used. string (required)
cleanupPreference The clean up preference when the script execution gets in a terminal state. Default setting is 'Always'. 'Always'
'OnExpiration'
'OnSuccess'
containerSettings Container settings. ContainerConfiguration
environmentVariables The environment variables to pass over to the script. EnvironmentVariable[]
forceUpdateTag Gets or sets how the deployment script should be forced to execute even if the script resource has not changed. Can be current time stamp or a GUID. string
primaryScriptUri Uri for the script. This is the entry point for the external script. string
retentionInterval Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P1D means one day). string (required)
scriptContent Script body. string
storageAccountSettings Storage Account settings. StorageAccountConfiguration
supportingScriptUris Supporting files for the external script. string[]
timeout Maximum allowed script execution time specified in ISO 8601 format. Default value is P1D string

AzurePowerShellScript

Name Description Value
kind Type of the script. 'AzurePowerShell' (required)
properties Properties of the Azure PowerShell script object. AzurePowerShellScriptProperties (required)

AzurePowerShellScriptProperties

Name Description Value
arguments Command line arguments to pass to the script. Arguments are separated by spaces. ex: -Name blue* -Location 'West US 2' string
azPowerShellVersion Azure PowerShell module version to be used. string (required)
cleanupPreference The clean up preference when the script execution gets in a terminal state. Default setting is 'Always'. 'Always'
'OnExpiration'
'OnSuccess'
containerSettings Container settings. ContainerConfiguration
environmentVariables The environment variables to pass over to the script. EnvironmentVariable[]
forceUpdateTag Gets or sets how the deployment script should be forced to execute even if the script resource has not changed. Can be current time stamp or a GUID. string
primaryScriptUri Uri for the script. This is the entry point for the external script. string
retentionInterval Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P1D means one day). string (required)
scriptContent Script body. string
storageAccountSettings Storage Account settings. StorageAccountConfiguration
supportingScriptUris Supporting files for the external script. string[]
timeout Maximum allowed script execution time specified in ISO 8601 format. Default value is P1D string

ContainerConfiguration

Name Description Value
containerGroupName Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. To specify a 'containerGroupName', add the following object to properties: { "containerSettings": { "containerGroupName": "contoso-container" } }. If you do not want to specify a 'containerGroupName' then do not add 'containerSettings' property. string

Constraints:
Min length = 1
Max length = 63
subnetIds The subnet resource IDs for a container group. ContainerGroupSubnetId[]

ContainerGroupSubnetId

Name Description Value
id Resource ID of subnet. string (required)
name Friendly name for the subnet. string

DeploymentScriptTags

Name Description Value

EnvironmentVariable

Name Description Value
name The name of the environment variable. string (required)
secureValue The value of the secure environment variable. string

Constraints:
Sensitive value. Pass in as a secure parameter.
value The value of the environment variable. string

ManagedServiceIdentity

Name Description Value
type Type of the managed identity. 'UserAssigned'
userAssignedIdentities The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

StorageAccountConfiguration

Name Description Value
storageAccountKey The storage account access key. string

Constraints:
Sensitive value. Pass in as a secure parameter.
storageAccountName The storage account name. string

UserAssignedIdentity

Name Description Value

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Azure Container Service (AKS) with Helm

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS) with Helm
Azure Image Builder with Azure Windows Baseline

Deploy to Azure
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied.
Build container images with ACR Tasks

Deploy to Azure
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo.
Configure Dev Box service

Deploy to Azure
This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box.
Copy a file from a uri to a blob storage container

Deploy to Azure
This module downloads a file from a uri and copies it to an Azure storageAccount blob container. The storageAccount must already exist and the source file must already be staged to the uri.
Create a blob for the data factory copy data tool quickstart

Deploy to Azure
This template creates a blob storage and uploads a file for the copy data tool quickstart
Create a Deployment Script with complex inputs & outputs

Deploy to Azure
This template demonstrates best practices for passing and reading complex inputs, outputs and logs to an Az CLI Deployment Script
Create a Deployment Script with complex inputs & outputs

Deploy to Azure
This template demonstrates best practices for passing and reading complex inputs, outputs and logs to an Az PowerShell Deployment Script
Create a WordPress site

Deploy to Azure
This template creates a WordPress site on Container Instance
Create AKS with Prometheus and Grafana with privae link

Deploy to Azure
This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an Azure Machine Learning Sweep job

Deploy to Azure
This template creates an Azure Machine Learning Sweep job for hyperparameter tuning.
Create an Azure Virtual Network Manager and sample VNETs

Deploy to Azure
This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types.
Create an on-demand SFTP Server with persistent storage

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Deploy a simple Azure Spring Apps microservice application

Deploy to Azure
This template deploys a simple Azure Spring Apps microservice application to run on Azure.
Deploys a static website

Deploy to Azure
Deploys a static website with a backing storage account
FinOps hub

Deploy to Azure
This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Function App on Linux Consumption Plan with Remote Build

Deploy to Azure
This template provisions a function app on a Linux Consumption plan and perform remote build during code deployment. The app runs on demand and you're billed per execution, with no standing resource committment.
Import Container Images into ACR

Deploy to Azure
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry.
Import VHD Blobs from a ZIP Archive URL

Deploy to Azure
Deploying Virtual Machines based on specialized disk images requires to import VHD files into a Storage Account. In the case there are multiple VHD files compressed in a single ZIP and you got the URL to fetch the ZIP archive, this ARM template will ease the job: Download, Extract and Import into an existing Storage Account Blob Container.
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
More is possible with Azure Data Factory - One click to try Azure Data Factory

Deploy to Azure
This template creates a data factory pipeline for a copy activity from Azure Blob into another Azure Blob
Network Secured Agent with User Managed Identity

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data.
Standard Agent Setup

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage.
Testing environment for Azure Firewall Premium

Deploy to Azure
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Use a deployment script to create Azure AD objects

Deploy to Azure
This sample uses a deployment script to create objects in Azure Active Directory.

Terraform (AzAPI provider) resource definition

The deploymentScripts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deploymentScripts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  name = "string"
  tags = {
    {customized property} = "string"
  }
  kind = "string"
  // For remaining properties, see Microsoft.Resources/deploymentScripts objects
}

Microsoft.Resources/deploymentScripts objects

Set the kind property to specify the type of object.

For AzureCLI, use:

{
  kind = "AzureCLI"
  properties = {
    arguments = "string"
    azCliVersion = "string"
    cleanupPreference = "string"
    containerSettings = {
      containerGroupName = "string"
      subnetIds = [
        {
          id = "string"
          name = "string"
        }
      ]
    }
    environmentVariables = [
      {
        name = "string"
        secureValue = "string"
        value = "string"
      }
    ]
    forceUpdateTag = "string"
    primaryScriptUri = "string"
    retentionInterval = "string"
    scriptContent = "string"
    storageAccountSettings = {
      storageAccountKey = "string"
      storageAccountName = "string"
    }
    supportingScriptUris = [
      "string"
    ]
    timeout = "string"
  }
}

For AzurePowerShell, use:

{
  kind = "AzurePowerShell"
  properties = {
    arguments = "string"
    azPowerShellVersion = "string"
    cleanupPreference = "string"
    containerSettings = {
      containerGroupName = "string"
      subnetIds = [
        {
          id = "string"
          name = "string"
        }
      ]
    }
    environmentVariables = [
      {
        name = "string"
        secureValue = "string"
        value = "string"
      }
    ]
    forceUpdateTag = "string"
    primaryScriptUri = "string"
    retentionInterval = "string"
    scriptContent = "string"
    storageAccountSettings = {
      storageAccountKey = "string"
      storageAccountName = "string"
    }
    supportingScriptUris = [
      "string"
    ]
    timeout = "string"
  }
}

Property Values

Microsoft.Resources/deploymentScripts

Name Description Value
identity Optional property. Managed identity to be used for this deployment script. Currently, only user-assigned MSI is supported. ManagedServiceIdentity
kind Set to 'AzureCLI' for type AzureCliScript. Set to 'AzurePowerShell' for type AzurePowerShellScript. 'AzureCLI'
'AzurePowerShell' (required)
location The location of the ACI and the storage account for the deployment script. string (required)
name The resource name string

Constraints:
Min length = 1
Max length = 90 (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Resources/deploymentScripts@2023-08-01"

AzureCliScript

Name Description Value
kind Type of the script. 'AzureCLI' (required)
properties Properties of the Azure CLI script object. AzureCliScriptProperties (required)

AzureCliScriptProperties

Name Description Value
arguments Command line arguments to pass to the script. Arguments are separated by spaces. ex: -Name blue* -Location 'West US 2' string
azCliVersion Azure CLI module version to be used. string (required)
cleanupPreference The clean up preference when the script execution gets in a terminal state. Default setting is 'Always'. 'Always'
'OnExpiration'
'OnSuccess'
containerSettings Container settings. ContainerConfiguration
environmentVariables The environment variables to pass over to the script. EnvironmentVariable[]
forceUpdateTag Gets or sets how the deployment script should be forced to execute even if the script resource has not changed. Can be current time stamp or a GUID. string
primaryScriptUri Uri for the script. This is the entry point for the external script. string
retentionInterval Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P1D means one day). string (required)
scriptContent Script body. string
storageAccountSettings Storage Account settings. StorageAccountConfiguration
supportingScriptUris Supporting files for the external script. string[]
timeout Maximum allowed script execution time specified in ISO 8601 format. Default value is P1D string

AzurePowerShellScript

Name Description Value
kind Type of the script. 'AzurePowerShell' (required)
properties Properties of the Azure PowerShell script object. AzurePowerShellScriptProperties (required)

AzurePowerShellScriptProperties

Name Description Value
arguments Command line arguments to pass to the script. Arguments are separated by spaces. ex: -Name blue* -Location 'West US 2' string
azPowerShellVersion Azure PowerShell module version to be used. string (required)
cleanupPreference The clean up preference when the script execution gets in a terminal state. Default setting is 'Always'. 'Always'
'OnExpiration'
'OnSuccess'
containerSettings Container settings. ContainerConfiguration
environmentVariables The environment variables to pass over to the script. EnvironmentVariable[]
forceUpdateTag Gets or sets how the deployment script should be forced to execute even if the script resource has not changed. Can be current time stamp or a GUID. string
primaryScriptUri Uri for the script. This is the entry point for the external script. string
retentionInterval Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P1D means one day). string (required)
scriptContent Script body. string
storageAccountSettings Storage Account settings. StorageAccountConfiguration
supportingScriptUris Supporting files for the external script. string[]
timeout Maximum allowed script execution time specified in ISO 8601 format. Default value is P1D string

ContainerConfiguration

Name Description Value
containerGroupName Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. To specify a 'containerGroupName', add the following object to properties: { "containerSettings": { "containerGroupName": "contoso-container" } }. If you do not want to specify a 'containerGroupName' then do not add 'containerSettings' property. string

Constraints:
Min length = 1
Max length = 63
subnetIds The subnet resource IDs for a container group. ContainerGroupSubnetId[]

ContainerGroupSubnetId

Name Description Value
id Resource ID of subnet. string (required)
name Friendly name for the subnet. string

DeploymentScriptTags

Name Description Value

EnvironmentVariable

Name Description Value
name The name of the environment variable. string (required)
secureValue The value of the secure environment variable. string

Constraints:
Sensitive value. Pass in as a secure parameter.
value The value of the environment variable. string

ManagedServiceIdentity

Name Description Value
type Type of the managed identity. 'UserAssigned'
userAssignedIdentities The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

StorageAccountConfiguration

Name Description Value
storageAccountKey The storage account access key. string

Constraints:
Sensitive value. Pass in as a secure parameter.
storageAccountName The storage account name. string

UserAssignedIdentity

Name Description Value

Usage Examples

Terraform Samples

A basic example of deploying Resource Deployment Script.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "deploymentScript" {
  type      = "Microsoft.Resources/deploymentScripts@2020-10-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    kind = "AzurePowerShell"
    properties = {
      azPowerShellVersion  = "8.3"
      cleanupPreference    = "Always"
      environmentVariables = null
      retentionInterval    = "P1D"
      scriptContent        = "\t\t$output = 'Hello'\n\t\tWrite-Output $output\n\t\t$DeploymentScriptOutputs = @{}\n\t\t$DeploymentScriptOutputs['text'] = $output\n"
      supportingScriptUris = null
      timeout              = "P1D"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}