Azure Resource Manager

How can we improve the Azure Resource Manager?

Enter your idea

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

Increase Keyvault Reference Limit in Parameters from 29 to 60+

As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

This limitation is quite low for mature systems. Take, for example, the following potential data points:

- Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings
- App to app communication creds/API keys
- Programmatically created dynamically named/numbered resources
- References to signing keys for different purposes

Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit to a larger number. Doing so will alleviate reasonable use scenarios while allowing for basic protections as there is still a reasonable limit.

Please consider doing so ASAP; many of our templates now need to be arbitrarily split into multiple deployments to work around this issue, which is working directly against the labor savings one can incur by utilizing infrastructure templates in the first place. Also, it is forcing alternative solutions not leveraging the keyvault, which can reduce overall security, and, as MSFT gets paid by the transaction in the KV product, strip MSFT of revenue that would have been generated by that resource.

Thank you!

As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

This limitation is quite low for mature systems. Take, for example, the following potential data points:

- Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings
- App to app communication creds/API keys
- Programmatically created dynamically named/numbered resources
- References to signing keys for different purposes

Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit…
- 2019-05-20 09_21_09-Window.png 8 KB
16 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

3 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog. Since this request came out of an escalation, I’ve engaged the feature owner to take a look and suggest next best step to validate and resolve the reported bug.
Set schedule to delete deployments history

Currently, The deployment history limits are 800 per resource group so if we will use many resources for long term, we might be upper limit.
I hope we can use a feature that setting schedule to delete the history.

14 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

2 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →
Run Ansible/Chef/Salt on deployment via ARM

When you deploy a Linux or Windows virtual machine deployment, via ARM. Allow an Ansible playbook to be run.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.
[Request] Suggession on Deployment Modes in Azure

Hi Microsoft Team,

I really appreciate the Microsoft efforts for rapidly catching up market for Azure.
I have little suggestion over here for Azure Dev ops CI/CD using ARM Templates.There are two options given for deployment mode. i.e "Incremental" and "Complete".
"Complete" Mode of deployment deletes the existing services under that Resource Group. Even though it will be useful to discard unwanted services, still it is very dangerous. 'An Err is Human.' By mistake if this option is selected in pipline then all the services will be deleted and its difficult to restore it. This leads to raising support tickets and making them restore if possible. This will case loss of time and Efforts of developer if we could not restore.

Suggession:

For any Delete Operation we should Prompt user and make aware about what is getting deleted.

We could have option if "Complete" mode is selected in pipeline then user should be prompted that action will be undone and it will delete the list of services from Resource Group, Instead of deleting it automatically. This would save everybody valuable efforts and Time.

However Lock Option is given but still nothing should get deleted automatically.

Regards,
Bhavini

Hi Microsoft Team,

I really appreciate the Microsoft efforts for rapidly catching up market for Azure.
I have little suggestion over here for Azure Dev ops CI/CD using ARM Templates.There are two options given for deployment mode. i.e "Incremental" and "Complete".
"Complete" Mode of deployment deletes the existing services under that Resource Group. Even though it will be useful to discard unwanted services, still it is very dangerous. 'An Err is Human.' By mistake if this option is selected in pipline then all the services will be deleted and its difficult to restore it. This leads to raising support tickets…

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.
Allow actual output of type "securestring"

When defining ARM outputs, "securestring" is a valid type, but nothing is actually outputted. This raises the question as to why it's a valid type, if it serves no purpose.

The "securestring" should be returned for further processing. (Alternately, there should be a schema error for specifying a type that can't work.)

Additional discussion at https://github.com/MicrosoftDocs/azure-docs/issues/32931.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
CopyIndex - add staged length for count

Add CopyIndex function to allow a numerical length to count. Enterprise may have their naming standards end with "01", "02", "03", etc. CopyIndex currently will only count logically from 0. "1" "2" "3", etc.

Suggested framework:
CopyIndex(loopName, offset, stagedlength)

Suggest framework example:
CopyIndex('VM',1,000)

Results would be:
VM001
VM002
VM003
VM004

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Allow usage of function arrays in the dependsOn section

The dependsOn section needs an array of strings, and each string added can call some functions like resourceId, parameters, and variables. But it does not accept a parameter or variable that contains an array of strings. It also doesn't allow the use of copy.

Allowing this would make it much easier (actually make it possible) to dynamically generate a list of dependencies based on parameters.

For instance, creating alerts links to action group resources. It is very likely that the action groups to use are given as a parameter (array of strings). Converting those strings to resourceIds (multiple) is easy using the copy feature in variables, creating an array of resourceId strings. However, using this variable in the dependsOn section fails as it doesn't allow the use of anything but strings. It should however accept an array of strings.

The dependsOn section needs an array of strings, and each string added can call some functions like resourceId, parameters, and variables. But it does not accept a parameter or variable that contains an array of strings. It also doesn't allow the use of copy.

Allowing this would make it much easier (actually make it possible) to dynamically generate a list of dependencies based on parameters.

For instance, creating alerts links to action group resources. It is very likely that the action groups to use are given as a parameter (array of strings). Converting those strings to resourceIds (multiple) is easy…

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

Don't see your idea?

Azure Resource Manager

How can we improve the Azure Resource Manager?

Increase Keyvault Reference Limit in Parameters from 29 to 60+

Set schedule to delete deployments history

Run Ansible/Chef/Salt on deployment via ARM

[Request] Suggession on Deployment Modes in Azure

Allow actual output of type "securestring"

CopyIndex - add staged length for count

Allow usage of function arrays in the dependsOn section

Feedback

Azure Resource Manager

Feedback and Knowledge Base

Searching…

Give feedback

Microsoft Azure

Your password has been reset