Azure Resource Manager
-
Unlimited deployments
At the moment, there is a limitation of 800 deployments per resource group.
Afterwards, you have to manually delete them in order to be able to perform new deployments.
It would be nice if there wasn't any limit.
Another option would be new deployments overriding old ones (you only get to save latest 800).
54 votesThank you for taking the time to vote for this item.
We are proposing to address this by increasing the limit to 1600 and purging using first in first out.
-
Ability to retrieve Principal ID
In my ARM template I am provisioning Key Vault and I need the user that is deploying the ARM template to be added as a Principal.
Since there is currently no way to retrieve the Principal ID from the ARM template we currently have to add the Principal manually.
I would rather automate this step by getting the Principal Id similar to how we can get the subscription ID (subscription().subscriptionId). Something like principal().principalId
52 votes -
Azure Resource Template Architecture Visualizer
Right now - we have no option to visualize ARM template on a portal. http://armviz.io/ -is a 3rd party tool and it's not connected to a production azure environment.
We need something like it on Azure portal.
52 votes -
Improve access to Key Vault from ARM templates
Accessing secrets from KV in an ARM templates is super important, especially from VSTS release management pipelines yet the support is limited.
The way you get at key vaults secrets from templates currently has very limited application. You use "reference" but this can only be applied to a parameter. Why not a variable or inline? However the real limitation is using a dynamic key vault id. Firstly nobody is going to use a static key vault id. It will nearly always be derived from other parameters or functions e.g. subscription() or resourceGroup(). So to do that you must use nested…
49 votes -
Support ARM Template Deployments on Management Group Scope
Azure Resources can be deployed on subscription or resource group level, but not on management group level.
My particular use case is the deployment of Policy Definitions & Assignments using ARM Templates. While the deployment succeeds, it's not possible to define a management group as the deployment scope. As a result, the policy definition has the subscription assigned as scope and cannot be assigned on a management group level.
The API version 2018-05-01 supports the argument "managementGroupId". https://docs.microsoft.com/en-us/rest/api/resources/policydefinitions/createorupdateatmanagementgroup47 votesHi- We are evaluating and working on the design of supporting deployments at the Management Group Scope. Unfortunately I don’t have a timeline that I can share yet.
Thanks
-Rich -
RBAC rules need an option to block IAM inheritance
Create an option that allows blocking of inheritance for RBAC rules.
ATM if you create a generic rule at a top layer it means you cannot block access to a particular item.
As such the only way to create a rule which doesnt allow access is by creating multiple top layer items that exclude the one item you want to block.
Need a setup similar to NTFS security inheritance blocking options.
47 votesThank you for taking the time to vote for this item. We are glad to let you know that you can accomplish this today using Azure Blueprints locking mechanism. You can read about this here: https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
We encourage customers to use this path.
-
Provide a Resource Manager Template Function that generates a cryptographically strong password
When one designs systems with the assumption that it would be breached at some time in the future, sharing passwords between services (IaaS or PaaS) isn’t recommended. If a password for one service is discovered by a malicious agent, it could be used to compromise other parts of the system. As such, its best to ensure each service (PaaS or IaaS) has its own unique cryptographically strong password.
Having a unique password per service also allows for easier password rotation (through Scipts, DSC and other configuration management systems).
As the number of systems (PaaS or IaaS) increases, we don’t want…
47 votes -
Optional parameters in ARM templates
It would be great if we could define some ARM template parameters as optional or not required.
46 votesYou can make it optional to provide a value for a param, by using a defaultValue and in some cases, just make the value “empty”. For example:
“defaultValue”: ""
If you have scenarios where this isn’t working for you feel free to email…
-
String array function Join
in some cases, I need to concatenate several references (variables) which have rather long names (or complex object structures).
The standard approach (Concat(...)) makes for a very long lines.
Since multi-line values aren't supported (another area for improvement), the current approach I use is to create an array of each segment, since each member of the array can be its own line.
Ideally I'd like to take that array and just Join(string[], "")... but currently I can't, so I'm forced to concat(var[0], "", var[1], "_", var[2]).
The inclusion of a JOIN function would SIGNIFICANTLY simplify the variable's definition.
45 votesThank you for taking the time to vote for this item.
Could you please email us some more information on this scenario.
We would appreciate your feedback.
-
Specify CostCenter when creating Subscription from API
It would be realy helpfull If I could specify the costcenter during the creating of a subscription.
Currently there is no way to do this when creating an subscription
https://docs.microsoft.com/en-us/azure/azure-resource-manager/programmatically-create-subscription?tabs=restWithout this i have to sign in to the EA Portal and specify the cost center manually
40 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Enable using VSTS for Linked Templates
We manage all of our code for use with Azure in Visual Studio Team Services, including our set of ARM Templates. We are using linked templates which work really well but in order to do so we currently have to either mirror our repo out to github or our internal Stash repository, or copy the files to a storage account. We have come up with a neat solution where we publish the templates to a web app that exposes the templates via http but what we would really like to be able to do is call the linked templates directly…
40 votes -
Resource tag inherit from ResourceGroup (or Subscription)
Today we need to TAG all individual resources to get the TAG's available in the billing API for chargeback. Would be much more efficient to set TAGs on subscription level and/or ResourceGroup level and then let all resources inherit the TAG's with option to overide the inherited TAGs on the resources. This way we don't need to add TAG's to every resource.
38 votesThank you for taking the time to vote for this item. This work is currently planned.
-
Enable Cloud Scripts as part of ARM Templates
Add the ability to run a Custom Script as part of the ARM Template (similar to what is available for VMs but this suggestion is in the context of the “subscription” you deploy to).
The “Script Resource” could be described something like this{
"name": "postDeploymentScript",
"type": "Microsoft.CloudShell/script",
"apiVersion": "2017-08-26",
"tags": {
"displayName": "Post Deployment Script"
},
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBAccountName'))]"
],
"properties":{
"scriptType": "bash",
"scriptUrl": "<a rel="nofollow noreferrer" href="https://raw.githubusercontent.com/krist00fer/nether/master/setup.sh"">https://raw.githubusercontent.com/krist00fer/nether/master/setup.sh"</a>,
"scriptParameters": [
{
"name": "cosmosDbEndpoint",
"value": "[reference(concat('Microsoft.DocumentDB/databaseAccounts/', parameters('cosmosDBAccountName'))).documentEndpoint]"
},
{
"name": "cosmosDbKey",
"value": "[listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBAccountName')), '2015-04-08').primaryMasterKey]"
}
]
}}
This is just an example of how it could look…
37 votesThank you for taking the time to vote for this item.
We are looking to options to address this scenario.
-
Custom error messages for RequestDisallowedByPolicy
Please add support for custom error messages for Azure Resource Policies RequestDisallowedByPolicy errors, so users don't have to lookup for policy definition by its id.
Current behavior is described here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-policy-requestdisallowedbypolicy-error
Supporting custom error messages would require handling an extra field in Resource Policy JSON definition.
37 votes -
Allow Renaming of Azure Resources
Allow for the renaming of Azure resources such as VNET, Subnet, Resource Group, Network Security Group, Load Balancer, etc..
36 votes -
ARM template parameter validation
It should be possible to validate and restrict ARM template parameters using a regex.
This would greatly reduce the change for parameter value errors causing a template deployment to fail.
This would also make ARM templates a more competitive alternative to AZ CLI and Azure PowerShell.
34 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature
-
Parameters in Nested Templates is broken
For nested templates, you cannot use parameters or variables that are defined within the nested template. It is currently broken (as per the documentation).
It'd be great if this could be fixed. An example of what I'm talking about can be seen here:
https://github.com/bmoore-msft/AzureRM-Samples/blob/master/dynamicSecretId/azuredeploy.inline.json
Note: It's not only with Keyvault references that this is broken, but rather all inline parameters when using an inline template.
Thanks!
33 votesThank you for taking the time to vote for this item.
This is something we plan to address.
-
Rename any Azure object and ability to have different name and DNS name
The main idea is an option to rename any Azure object (rename VM, Sql DB ...) into ANY desired name at ANY time, unique only per user, not globally. If dns name is already used a random one should be given or asked user to input a new one.
It would greatly help organizing Azure object.
33 votes -
The limit of tag count for a resource is too small
The limit of tag count for a resource is 15, which is too small.
Is it possible to increase the value?32 votes -
Copy resource groups
We have a great need for the ability to copy whole resource groups with all resources. If you could do that you would be able to setup a template resource group with a domain controller, sql server and so on and when running training sessions or testing new software versions we could simply copy the template resource group for all attendees.
29 votes
- Don't see your idea?