Common Azure Resource Modules Library

Description

This repository includes a library of mature and curated Bicep modules as well as a Continuous Integration (CI) environment leveraged for modules' validation and versioned publishing.

The CI environment supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.

Upcoming breaking changes

In between now and the release of version 0.11.0, the main branch is subject to several upcoming breaking changes that will affect all modules (e.g., the renaming of folders and files).

The rationale is an ongoing effort to prepare our modules for a release in the official Public Bicep Registry, forcing us to align the structural requirements.

For more details, please refer to the issue #3131.

Get started

• For introduction guidance visit the Wiki
• For guidance on which version of the code to leverage, see Disclaimer
• For information on contributing, see Contribution
• File an issue via GitHub Issues
• For reference documentation, visit Enterprise-Scale
• For an outline of the module features, visit Module overview

Note: To ensure the modules and environment work as expected, please ensure you are using the latest version of the used tools such as PowerShell and Bicep. Especially in case of the later, note, that you need to manually update the Bicep CLI. For further information, see our troubleshooting guide.

Available Resource Modules

Provider namespace	Resource Type	Name
aad	domain-services	Azure Active Directory Domain Services
analysis-services	servers	Analysis Services Servers
api-management	service	API Management Services
app	container-apps	Container Apps
	managed-environments	App ManagedEnvironments
app-configuration	configuration-stores	App Configuration Stores
authorization	locks	Authorization Locks (All scopes)
	policy-assignments	Policy Assignments (All scopes)
	policy-definitions	Policy Definitions (All scopes)
	policy-exemptions	Policy Exemptions (All scopes)
	policy-set-definitions	Policy Set Definitions (Initiatives) (All scopes)
	role-assignments	Role Assignments (All scopes)
	role-definitions	Role Definitions (All scopes)
automation	automation-accounts	Automation Accounts
batch	batch-accounts	Batch Accounts
cache	redis	Redis Cache
cdn	profiles	CDN Profiles
cognitive-services	accounts	Cognitive Services
compute	availability-sets	Availability Sets
	disk-encryption-sets	Disk Encryption Sets
	disks	Compute Disks
	galleries	Azure Compute Galleries
	images	Images
	proximity-placement-groups	Proximity Placement Groups
	ssh-public-keys	Public SSH Keys
	virtual-machine-scale-sets	Virtual Machine Scale Sets
	virtual-machines	Virtual Machines
consumption	budgets	Consumption Budgets
container-instance	container-groups	Container Instances Container Groups
container-registry	registries	Azure Container Registries (ACR)
container-service	managed-clusters	Azure Kubernetes Service (AKS) Managed Clusters
data-factory	factories	Data Factories
data-protection	backup-vaults	Data Protection Backup Vaults
databricks	workspaces	Azure Databricks Workspaces
db-for-my-sql	flexible-servers	DBforMySQL Flexible Servers
db-for-postgre-sql	flexible-servers	DBforPostgreSQL Flexible Servers
desktop-virtualization	application-groups	Azure Virtual Desktop (AVD) Application Groups
	host-pools	Azure Virtual Desktop (AVD) Host Pools
	scaling-plans	Azure Virtual Desktop (AVD) Scaling Plans
	workspaces	Azure Virtual Desktop (AVD) Workspaces
dev-test-lab	labs	DevTest Labs
digital-twins	digital-twins-instances	Digital Twins Instances
document-db	database-accounts	DocumentDB Database Accounts
event-grid	domains	Event Grid Domains
	system-topics	Event Grid System Topics
	topics	Event Grid Topics
event-hub	namespaces	Event Hub Namespaces
health-bot	health-bots	Azure Health Bots
healthcare-apis	workspaces	Healthcare API Workspaces
insights	action-groups	Action Groups
	activity-log-alerts	Activity Log Alerts
	components	Application Insights
	data-collection-endpoints	Data Collection Endpoints
	data-collection-rules	Data Collection Rules
	diagnostic-settings	Diagnostic Settings (Activity Logs) for Azure Subscriptions
	metric-alerts	Metric Alerts
	private-link-scopes	Azure Monitor Private Link Scopes
	scheduled-query-rules	Scheduled Query Rules
	webtests	Web Tests
key-vault	vaults	Key Vaults
kubernetes-configuration	extensions	Kubernetes Configuration Extensions
	flux-configurations	Kubernetes Configuration Flux Configurations
logic	workflows	Logic Apps (Workflows)
machine-learning-services	workspaces	Machine Learning Services Workspaces
maintenance	maintenance-configurations	Maintenance Configurations
managed-identity	user-assigned-identities	User Assigned Identities
managed-services	registration-definitions	Registration Definitions
management	management-groups	Management Groups
net-app	net-app-accounts	Azure NetApp Files
network	application-gateway-web-application-firewall-policies	Application Gateway Web Application Firewall (WAF) Policies
	application-gateways	Network Application Gateways
	application-security-groups	Application Security Groups (ASG)
	azure-firewalls	Azure Firewalls
	bastion-hosts	Bastion Hosts
	connections	Virtual Network Gateway Connections
	ddos-protection-plans	DDoS Protection Plans
	dns-resolvers	DNS Resolvers
	dns-zones	Public DNS Zones
	express-route-circuits	ExpressRoute Circuits
	express-route-gateway	Express Route Gateways
	firewall-policies	Firewall Policies
	front-doors	Azure Front Doors
	ip-groups	IP Groups
	load-balancers	Load Balancers
	local-network-gateways	Local Network Gateways
	nat-gateways	NAT Gateways
	network-interfaces	Network Interface
	network-managers	Network Managers
	network-security-groups	Network Security Groups
	network-watchers	Network Watchers
	private-dns-zones	Private DNS Zones
	private-endpoints	Private Endpoints
	private-link-services	Private Link Services
	public-ip-addresses	Public IP Addresses
	public-ip-prefixes	Public IP Prefixes
	route-tables	Route Tables
	service-endpoint-policies	Service Endpoint Policies
	trafficmanagerprofiles	Traffic Manager Profiles
	virtual-hubs	Virtual Hubs
	virtual-network-gateways	Virtual Network Gateways
	virtual-networks	Virtual Networks
	virtual-wans	Virtual WANs
	vpn-gateways	VPN Gateways
	vpn-sites	VPN Sites
operational-insights	workspaces	Log Analytics Workspaces
operations-management	solutions	Operations Management Solutions
policy-insights	remediations	Policy Insights Remediations
power-bi-dedicated	capacities	Power BI Dedicated Capacities
purview	accounts	Purview Accounts
recovery-services	vaults	Recovery Services Vaults
relay	namespaces	Relay Namespaces
resources	deployment-scripts	Deployment Scripts
	resource-groups	Resource Groups
	tags	Resources Tags
security	azure-security-center	Azure Security Center (Defender for Cloud)
service-bus	namespaces	Service Bus Namespaces
service-fabric	clusters	Service Fabric Clusters
signal-r-service	signal-r	SignalR Service SignalR
	web-pub-sub	SignalR Web PubSub Services
sql	managed-instances	SQL Managed Instances
	servers	Azure SQL Servers
storage	storage-accounts	Storage Accounts
synapse	private-link-hubs	Azure Synapse Analytics
	workspaces	Synapse Workspaces
virtual-machine-images	image-templates	Virtual Machine Image Templates
web	connections	API Connections
	hosting-environments	App Service Environments
	serverfarms	App Service Plans
	sites	Web/Function Apps
	static-sites	Static Web Apps

Platform

Name	Status
Update API Specs file
Assign Pull Request to Author
Test - ConvertTo-ARMTemplate.ps1
Clean up deployment history
Library PSRule pre-flight validation
Broken Links Check
Linter (audit)
Manage issues for failing pipelines
Update ReadMe status Tables
Update Static Test Documentation
Sync Docs/Wiki

Disclaimer

Please note that CARML is constantly evolving and introducing new features. The main branch of this repository changes frequently and thus, it always contains the latest available version of the code. Some of the updates may introduce breaking changes as well.

• Default path: To avoid disruptions, use distinct versions available through releases.
• Early adopter path: If the risk of breaking changes is understood and accepted, you can use the code in the main branch directly. However, the CARML team recommends against automatically pulling code from main. It is always recommended to review changes before you pull them into your own repository.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

For specific guidelines on how to contribute to this repository please refer to the Contribution guide Wiki section.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Learn More

• PowerShell Documentation
• Microsoft Azure Documentation
• GitHubDocs
• Azure Resource Manager
• Bicep

Telemetry

Modules provided in this library have telemetry enabled by default. To learn more about this feature, please refer to the Telemetry article in the wiki.