Azure Resource Manager

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Resource Template Architecture Visualizer

    Right now - we have no option to visualize ARM template on a portal. http://armviz.io/ -is a 3rd party tool and it's not connected to a production azure environment.

    We need something like it on Azure portal.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support ARM Template Deployments on Management Group Scope

    Azure Resources can be deployed on subscription or resource group level, but not on management group level.
    My particular use case is the deployment of Policy Definitions & Assignments using ARM Templates. While the deployment succeeds, it's not possible to define a management group as the deployment scope. As a result, the policy definition has the subscription assigned as scope and cannot be assigned on a management group level.
    The API version 2018-05-01 supports the argument "managementGroupId". https://docs.microsoft.com/en-us/rest/api/resources/policydefinitions/createorupdateatmanagementgroup

    44 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Optional parameters in ARM templates

    It would be great if we could define some ARM template parameters as optional or not required.

    44 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. String array function Join

    in some cases, I need to concatenate several references (variables) which have rather long names (or complex object structures).

    The standard approach (Concat(...)) makes for a very long lines.

    Since multi-line values aren't supported (another area for improvement), the current approach I use is to create an array of each segment, since each member of the array can be its own line.

    Ideally I'd like to take that array and just Join(string[], "")... but currently I can't, so I'm forced to concat(var[0], "", var[1], "_", var[2]).

    The inclusion of a JOIN function would SIGNIFICANTLY simplify the variable's definition.

    40 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable using VSTS for Linked Templates

    We manage all of our code for use with Azure in Visual Studio Team Services, including our set of ARM Templates. We are using linked templates which work really well but in order to do so we currently have to either mirror our repo out to github or our internal Stash repository, or copy the files to a storage account. We have come up with a neat solution where we publish the templates to a web app that exposes the templates via http but what we would really like to be able to do is call the linked templates directly…

    40 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Certificate Manager on Azure like AWS Certificate Manager

    AWS has a Certificate Manager service that can easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services.

    https://aws.amazon.com/certificate-manager/

    It would be great if Azure can provide similar service so that customers don't have to buy and bring their own ssl certificates when using Azure services.

    I am aware that Azure CDN supports custom domains and it can automatically provision a custom ssl certificate for that domain for free. But you can't do similar things on Application Gateway, or Azure Web Apps, etc.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide a Resource Manager Template Function that generates a cryptographically strong password

    When one designs systems with the assumption that it would be breached at some time in the future, sharing passwords between services (IaaS or PaaS) isn’t recommended. If a password for one service is discovered by a malicious agent, it could be used to compromise other parts of the system. As such, its best to ensure each service (PaaS or IaaS) has its own unique cryptographically strong password.

    Having a unique password per service also allows for easier password rotation (through Scipts, DSC and other configuration management systems).

    As the number of systems (PaaS or IaaS) increases, we don’t want…

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable Cloud Scripts as part of ARM Templates

    Add the ability to run a Custom Script as part of the ARM Template (similar to what is available for VMs but this suggestion is in the context of the “subscription” you deploy to).
    The “Script Resource” could be described something like this

    {

    "name": "postDeploymentScript",
    
    "type": "Microsoft.CloudShell/script",
    "apiVersion": "2017-08-26",
    "tags": {
    "displayName": "Post Deployment Script"
    },
    "dependsOn": [
    "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBAccountName'))]"
    ],
    "properties":{
    "scriptType": "bash",
    &quot;scriptUrl&quot;: &quot;<a rel="nofollow noreferrer" href="https://raw.githubusercontent.com/krist00fer/nether/master/setup.sh&quot;">https://raw.githubusercontent.com/krist00fer/nether/master/setup.sh&quot;</a>,
    &quot;scriptParameters&quot;: [
    {
    &quot;name&quot;: &quot;cosmosDbEndpoint&quot;,
    &quot;value&quot;: &quot;[reference(concat(&#39;Microsoft.DocumentDB/databaseAccounts/&#39;, parameters(&#39;cosmosDBAccountName&#39;))).documentEndpoint]&quot;
    },
    {
    &quot;name&quot;: &quot;cosmosDbKey&quot;,
    &quot;value&quot;: &quot;[listKeys(resourceId(&#39;Microsoft.DocumentDB/databaseAccounts&#39;, parameters(&#39;cosmosDBAccountName&#39;)), &#39;2015-04-08&#39;).primaryMasterKey]&quot;
    }
    ]
    }

    }

    This is just an example of how it could look…

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Resource tag inherit from ResourceGroup (or Subscription)

    Today we need to TAG all individual resources to get the TAG's available in the billing API for chargeback. Would be much more efficient to set TAGs on subscription level and/or ResourceGroup level and then let all resources inherit the TAG's with option to overide the inherited TAGs on the resources. This way we don't need to add TAG's to every resource.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to retrieve Principal ID

    In my ARM template I am provisioning Key Vault and I need the user that is deploying the ARM template to be added as a Principal.

    Since there is currently no way to retrieve the Principal ID from the ARM template we currently have to add the Principal manually.

    I would rather automate this step by getting the Principal Id similar to how we can get the subscription ID (subscription().subscriptionId). Something like principal().principalId

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. RBAC rules need an option to block IAM inheritance

    Create an option that allows blocking of inheritance for RBAC rules.

    ATM if you create a generic rule at a top layer it means you cannot block access to a particular item.

    As such the only way to create a rule which doesnt allow access is by creating multiple top layer items that exclude the one item you want to block.

    Need a setup similar to NTFS security inheritance blocking options.

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Specify CostCenter when creating Subscription from API

    It would be realy helpfull If I could specify the costcenter during the creating of a subscription.

    Currently there is no way to do this when creating an subscription
    https://docs.microsoft.com/en-us/azure/azure-resource-manager/programmatically-create-subscription?tabs=rest

    Without this i have to sign in to the EA Portal and specify the cost center manually

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  13. Improve access to Key Vault from ARM templates

    Accessing secrets from KV in an ARM templates is super important, especially from VSTS release management pipelines yet the support is limited.

    The way you get at key vaults secrets from templates currently has very limited application. You use "reference" but this can only be applied to a parameter. Why not a variable or inline? However the real limitation is using a dynamic key vault id. Firstly nobody is going to use a static key vault id. It will nearly always be derived from other parameters or functions e.g. subscription() or resourceGroup(). So to do that you must use nested…

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Increase Keyvault Reference Limit in Parameters from 29 to 60+

    As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

    This limitation is quite low for mature systems. Take, for example, the following potential data points:


    • Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings

    • App to app communication creds/API keys

    • Programmatically created dynamically named/numbered resources

    • References to signing keys for different purposes

    Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit to a larger number.…

    34 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog. Since this request came out of an escalation, I’ve engaged the feature owner to take a look and suggest next best step to validate and resolve the reported bug.

  15. Allow Renaming of Azure Resources

    Allow for the renaming of Azure resources such as VNET, Subnet, Resource Group, Network Security Group, Load Balancer, etc..

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Custom error messages for RequestDisallowedByPolicy

    Please add support for custom error messages for Azure Resource Policies RequestDisallowedByPolicy errors, so users don't have to lookup for policy definition by its id.

    Current behavior is described here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-policy-requestdisallowedbypolicy-error

    Supporting custom error messages would require handling an extra field in Resource Policy JSON definition.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Rename any Azure object and ability to have different name and DNS name

    The main idea is an option to rename any Azure object (rename VM, Sql DB ...) into ANY desired name at ANY time, unique only per user, not globally. If dns name is already used a random one should be given or asked user to input a new one.

    It would greatly help organizing Azure object.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Parameters in Nested Templates is broken

    For nested templates, you cannot use parameters or variables that are defined within the nested template. It is currently broken (as per the documentation).

    It'd be great if this could be fixed. An example of what I'm talking about can be seen here:

    https://github.com/bmoore-msft/AzureRM-Samples/blob/master/dynamicSecretId/azuredeploy.inline.json

    Note: It's not only with Keyvault references that this is broken, but rather all inline parameters when using an inline template.

    Thanks!

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. The limit of tag count for a resource is too small

    The limit of tag count for a resource is 15, which is too small.
    Is it possible to increase the value?

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure ARM Templates vague error messages

    The request content was invalid and could not be deserialized: 'Required property 'type' not found in JSON. Path 'properties.template.resources[0].resources[2]', line 1, position 4150.'. (Code: InvalidRequestContent)

    I just find that error messages like these are no help what so ever. Example, (line 1, position 4150). Can we get a little more specific?

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Resource Manager

Categories

Feedback and Knowledge Base