Azure Resource Manager

How can we improve the Azure Resource Manager?

Enter your idea

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

Automatically delete old deployments as DeploymentQuotaExceeded error occurs

We are often hitting the DeploymentQuotaExceeded error, exceeding the quota of 800 deployments. This happens because old deployments are never deleted, no matter how old they are. We would like to request as a feature a rolling behavior where, as the quota is reached, the oldest deployment is automatically deleted.

20 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Increase Keyvault Reference Limit in Parameters from 29 to 60+

As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

This limitation is quite low for mature systems. Take, for example, the following potential data points:

- Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings
- App to app communication creds/API keys
- Programmatically created dynamically named/numbered resources
- References to signing keys for different purposes

Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit to a larger number. Doing so will alleviate reasonable use scenarios while allowing for basic protections as there is still a reasonable limit.

Please consider doing so ASAP; many of our templates now need to be arbitrarily split into multiple deployments to work around this issue, which is working directly against the labor savings one can incur by utilizing infrastructure templates in the first place. Also, it is forcing alternative solutions not leveraging the keyvault, which can reduce overall security, and, as MSFT gets paid by the transaction in the KV product, strip MSFT of revenue that would have been generated by that resource.

Thank you!

As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

This limitation is quite low for mature systems. Take, for example, the following potential data points:

- Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings
- App to app communication creds/API keys
- Programmatically created dynamically named/numbered resources
- References to signing keys for different purposes

Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit…
- 2019-05-20 09_21_09-Window.png 8 KB
18 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

3 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog. Since this request came out of an escalation, I’ve engaged the feature owner to take a look and suggest next best step to validate and resolve the reported bug.
Set schedule to delete deployments history

Currently, The deployment history limits are 800 per resource group so if we will use many resources for long term, we might be upper limit.
I hope we can use a feature that setting schedule to delete the history.

14 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

2 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →
Delete resource with ARM template

With delivery pipeline it is often needed to create and drop resources for the environments.
Currently resource manager does not support deprovision deployment mode.
It means that there is no way to delete exact resources which are specified within the template and were deployed during environment creation.
Unfortunately Delete Resource Group is not an option because often resources are deployed in different resource groups.
Actually Delete is part of Complete mode deployment, could you please just make it separate.

7 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
YAML/YML support for ARM

Can we have YAML support for ARM just like AWS cloudformation

2 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for bringing this to our attention. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
“created date” and “created by” should be default attributes for every azure resource

By default every azure resource should have "Created Date" and "Created By" metadata.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature
Cancel resource movement

Currently, once you start moving a resource between resource groups, you cannot cancel it.
In some cases, it takes a long time to move, and if the event described on the left occurs, it will interfere with the work, so we strongly hope to change the function so that you can cancel the movement.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
About resource locking when moving resources between resource groups

Currently, when moving a resource between resource groups, the resources in the source and destination resource groups are locked.
We strongly recommend that you change the function so that resources that are not related to the movement are not locked when moving between resource groups.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Assign resources in ARM templates a simple unique reference ID

The dependsOn array (for example) uses a horrible syntax to refer to resources within the same ARM template. I don't know why since they're all objects in the same "memory space" so when the template is run, they could have simple IDs and a simple way to refer to them.

Imagine if we were able to assign our own GUID or other unique surrogate ID to each resource, it could be used to refer to resources in the same template without the nightmare addressing syntax you have.

The deployment manager can maintain a memory structure containing the ID and the template settings, as well as the outcome of creating/updating the resource.

This would then make it easy for one resource to refer to the config/state/results of another.

For example, in my template I am creating a SB Queue and adding auth roles that generate an access key at deploy-time. However, in the same ARM template I also need to set the access key as an app-setting for a website/Function I'm also deploying, so I need to somehow refer to a value that has just been created in the same template.

Today this is hard because the "resource addressing syntax" is unpleasant and because the identifiers that ARM uses are not visible in the Portal so its hard to know what a correct resource ID looks like and how to compose one using concat.

If I could label my resources with my own ID I could write "dependsOn": [ '[templateResource('abc123')]' ]

Further, I think each deployed/updated resource should write a standard set of outputs to a dictionary where those values can be looked-up using something like this.

"someKey": '[outputs(templateResource('abc123'), 'sharedAccessKey')]'

Alternatively you just make the dictionaries of outputs available to the next resource via the dependsOn mechanism. So if your resource has a dependsOn array with 2 items, then the outputs from those 2 previously executed resource deployments can be accessed simply via something like:

"someKey": '[dependsOutputs(0, 'sharedAccessKey')]'
"someIPAddress": '[dependsOutputs(1, 'nicIPv4Address')]'

Where 0 is the index of the output dictionary of the first dependency.

You'd obviously need to document the standard outputs emitted by each resource type.

The ability to flow values from one resource to another like a pipeline would make ARM templates much tamer.

Today, sorry to say it, but I think ARM templates are the worst part of what is otherwise a remarkable technical achievement. As we move more into the cloud, millions of engineers are going to spend a lot of time experiencing Microsoft's brand via its horrible templating system.

The dependsOn array (for example) uses a horrible syntax to refer to resources within the same ARM template. I don't know why since they're all objects in the same "memory space" so when the template is run, they could have simple IDs and a simple way to refer to them.

Imagine if we were able to assign our own GUID or other unique surrogate ID to each resource, it could be used to refer to resources in the same template without the nightmare addressing syntax you have.

The deployment manager can maintain a memory structure containing the ID and the…

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

1 comment · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
to make Custom ARM Template available in the Deployment Section of the Resource Group even if the Subscription get suspended

As the subscription get suspended, in the deployment section of the resource group the Template gets unavailable or unresponsive without any error just the Template shows "Generating Template..." and also the redeploy option get unresponsive. All of the options are responsive like "Overview", "Input", "Output" but "Template" shows "Generating Template...". Further "Redeploy" option should work because as in Custom Template there is an option to change the Subscription but it gets Unresponse. Although the template is just a CODE a static content what it would be charging?

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Automated Destruction of Resource, planned on deployment

It would be cool if i can give a date on deployment when a certain resource i deploy is automatically destroyed again. Either after a certain amount of time or with a certain date. i could do this myself with a account/vm which manages the rest of the resources, but give a date with azure cli on creation would be much nicer :)

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Run Ansible/Chef/Salt on deployment via ARM

When you deploy a Linux or Windows virtual machine deployment, via ARM. Allow an Ansible playbook to be run.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.
[Request] Suggession on Deployment Modes in Azure

Hi Microsoft Team,

I really appreciate the Microsoft efforts for rapidly catching up market for Azure.
I have little suggestion over here for Azure Dev ops CI/CD using ARM Templates.There are two options given for deployment mode. i.e "Incremental" and "Complete".
"Complete" Mode of deployment deletes the existing services under that Resource Group. Even though it will be useful to discard unwanted services, still it is very dangerous. 'An Err is Human.' By mistake if this option is selected in pipline then all the services will be deleted and its difficult to restore it. This leads to raising support tickets and making them restore if possible. This will case loss of time and Efforts of developer if we could not restore.

Suggession:

For any Delete Operation we should Prompt user and make aware about what is getting deleted.

We could have option if "Complete" mode is selected in pipeline then user should be prompted that action will be undone and it will delete the list of services from Resource Group, Instead of deleting it automatically. This would save everybody valuable efforts and Time.

However Lock Option is given but still nothing should get deleted automatically.

Regards,
Bhavini

Hi Microsoft Team,

I really appreciate the Microsoft efforts for rapidly catching up market for Azure.
I have little suggestion over here for Azure Dev ops CI/CD using ARM Templates.There are two options given for deployment mode. i.e "Incremental" and "Complete".
"Complete" Mode of deployment deletes the existing services under that Resource Group. Even though it will be useful to discard unwanted services, still it is very dangerous. 'An Err is Human.' By mistake if this option is selected in pipline then all the services will be deleted and its difficult to restore it. This leads to raising support tickets…

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.
Allow actual output of type "securestring"

When defining ARM outputs, "securestring" is a valid type, but nothing is actually outputted. This raises the question as to why it's a valid type, if it serves no purpose.

The "securestring" should be returned for further processing. (Alternately, there should be a schema error for specifying a type that can't work.)

Additional discussion at https://github.com/MicrosoftDocs/azure-docs/issues/32931.

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
CopyIndex - add staged length for count

Add CopyIndex function to allow a numerical length to count. Enterprise may have their naming standards end with "01", "02", "03", etc. CopyIndex currently will only count logically from 0. "1" "2" "3", etc.

Suggested framework:
CopyIndex(loopName, offset, stagedlength)

Suggest framework example:
CopyIndex('VM',1,000)

Results would be:
VM001
VM002
VM003
VM004

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Allow usage of function arrays in the dependsOn section

The dependsOn section needs an array of strings, and each string added can call some functions like resourceId, parameters, and variables. But it does not accept a parameter or variable that contains an array of strings. It also doesn't allow the use of copy.

Allowing this would make it much easier (actually make it possible) to dynamically generate a list of dependencies based on parameters.

For instance, creating alerts links to action group resources. It is very likely that the action groups to use are given as a parameter (array of strings). Converting those strings to resourceIds (multiple) is easy using the copy feature in variables, creating an array of resourceId strings. However, using this variable in the dependsOn section fails as it doesn't allow the use of anything but strings. It should however accept an array of strings.

The dependsOn section needs an array of strings, and each string added can call some functions like resourceId, parameters, and variables. But it does not accept a parameter or variable that contains an array of strings. It also doesn't allow the use of copy.

Allowing this would make it much easier (actually make it possible) to dynamically generate a list of dependencies based on parameters.

For instance, creating alerts links to action group resources. It is very likely that the action groups to use are given as a parameter (array of strings). Converting those strings to resourceIds (multiple) is easy…

1 vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure Deployment Manager · Flag idea as inappropriate… · Delete… · Admin →

triaged · Adminazurecxpuservoice (Product Manager, Microsoft Azure) responded

Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

Don't see your idea?

Azure Resource Manager

How can we improve the Azure Resource Manager?

Automatically delete old deployments as DeploymentQuotaExceeded error occurs

Increase Keyvault Reference Limit in Parameters from 29 to 60+

Set schedule to delete deployments history

Delete resource with ARM template

YAML/YML support for ARM

“created date” and “created by” should be default attributes for every azure resource

Cancel resource movement

About resource locking when moving resources between resource groups

Assign resources in ARM templates a simple unique reference ID

to make Custom ARM Template available in the Deployment Section of the Resource Group even if the Subscription get suspended

Automated Destruction of Resource, planned on deployment

Run Ansible/Chef/Salt on deployment via ARM

[Request] Suggession on Deployment Modes in Azure

Allow actual output of type "securestring"

CopyIndex - add staged length for count

Allow usage of function arrays in the dependsOn section

Feedback

Azure Resource Manager

Feedback and Knowledge Base

Searching…

Give feedback

Microsoft Azure

Your password has been reset

How can we improve the Azure Resource Manager?

Azure Resource Manager

Categories

Searching…

Your password has been reset