Azure Resource Manager

How can we improve the Azure Resource Manager?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable using VSTS for Linked Templates

    We manage all of our code for use with Azure in Visual Studio Team Services, including our set of ARM Templates. We are using linked templates which work really well but in order to do so we currently have to either mirror our repo out to github or our internal Stash repository, or copy the files to a storage account. We have come up with a neat solution where we publish the templates to a web app that exposes the templates via http but what we would really like to be able to do is call the linked templates directly…

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Application Gateway configuration operations are extremely slow

    I know there is already a post on this, but as it has apparently been resolved (it has not) it seems to be being overlooked.

    https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/19119910-application-gateway-management-operations-are-agon

    When configuring any resources within the Application Gateway, everything takes such a long time, 5-10+ minutes is not uncommon to add a listener or a rule.

    I have also found that you have to wait for the last request to complete before starting to add any other gateway feature as if you do not it is likely to error the original request.

    Please can you look into this, as it is unbelievably time consuming.

    34 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  3. Enable Cloud Scripts as part of ARM Templates

    Add the ability to run a Custom Script as part of the ARM Template (similar to what is available for VMs but this suggestion is in the context of the “subscription” you deploy to).
    The “Script Resource” could be described something like this

    {
    "name": "postDeploymentScript",
    "type": "Microsoft.CloudShell/script",
    "apiVersion": "2017-08-26",
    "tags": {
    "displayName": "Post Deployment Script"
    },
    "dependsOn": [
    "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBAccountName'))]"
    ],
    "properties":{
    "scriptType": "bash",
    "scriptUrl": "https://raw.githubusercontent.com/krist00fer/nether/master/setup.sh",
    "scriptParameters": [
    {
    "name": "cosmosDbEndpoint",
    "value": "[reference(concat('Microsoft.DocumentDB/databaseAccounts/', parameters('cosmosDBAccountName'))).documentEndpoint]"
    },
    {
    "name": "cosmosDbKey",
    "value": "[listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBAccountName')), '2015-04-08').primaryMasterKey]"
    }
    ]
    }
    }

    This is just an example of how it could look when…

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Rename any Azure object and ability to have different name and DNS name

    The main idea is an option to rename any Azure object (rename VM, Sql DB ...) into ANY desired name at ANY time, unique only per user, not globally. If dns name is already used a random one should be given or asked user to input a new one.

    It would greatly help organizing Azure object.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. conditional output from ARM template

    ARM template supports condition for resources which is a great feature. I can now include a storage account resource in the ARM template, but it will only be created under certain condition. However, if I would like to output the storage account's keys using reference() function, there will be an error when the resource isn't actually created. This would cause a deployment failure and no other output will be returned.

    I would love to have the ability to set conditions on outputs so the reference() function won't be evaluated if the condition is not met.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Resource tag inherit from ResourceGroup (or Subscription)

    Today we need to TAG all individual resources to get the TAG's available in the billing API for chargeback. Would be much more efficient to set TAGs on subscription level and/or ResourceGroup level and then let all resources inherit the TAG's with option to overide the inherited TAGs on the resources. This way we don't need to add TAG's to every resource.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add TAG to subscription

    Please add the possibility to add TAG's to subscriptions in the same way it is possible for ResourceGroups. We use TAG's for chargeback (add tag for project codes to charges) and in most cases we do charge back on subscription level. Hence, the possibility to add TAG's on subscriptions would be great.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Increase maximum Resource group limit when using linked deployment templates

    I'm trying to create a script to deploy my entire system in one deployment using linked templates (the system consists of many microservices, which are isolated in their own resource groups). However I am hitting the following error:

    The template deployment and its nested deployments specifies too many target resource groups. At most '5' different resource groups is allowed

    Can this seemingly arbitrary limit be lifted/removed as this is blocking is from continuing our automation scripts.

    thank you

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Unlimited deployments

    At the moment, there is a limitation of 800 deployments per resource group.

    Afterwards, you have to manually delete them in order to be able to perform new deployments.

    It would be nice if there wasn't any limit.

    Another option would be new deployments overriding old ones (you only get to save latest 800).

    30 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. RBAC rules need an option to block IAM inheritance

    Create an option that allows blocking of inheritance for RBAC rules.

    ATM if you create a generic rule at a top layer it means you cannot block access to a particular item.

    As such the only way to create a rule which doesnt allow access is by creating multiple top layer items that exclude the one item you want to block.

    Need a setup similar to NTFS security inheritance blocking options.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. String array function Join

    in some cases, I need to concatenate several references (variables) which have rather long names (or complex object structures).

    The standard approach (Concat(...)) makes for a very long lines.

    Since multi-line values aren't supported (another area for improvement), the current approach I use is to create an array of each segment, since each member of the array can be its own line.

    Ideally I'd like to take that array and just Join(string[], "_")... but currently I can't, so I'm forced to concat(var[0], "_", var[1], "_", var[2]).

    The inclusion of a JOIN function would SIGNIFICANTLY simplify the variable's definition.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add DateTime calculation Capabilities with utcnow() in ARM Templates

    Having the possibility to generate SAS Tokens using listaccountsas() is a great step forward in arm template functions as it enables us to generate tokens to make use of linked templates residing on protected storage. However, we still have to provide a static value for token expiration to make use of that function.
    Being able to use datetime calculation functions together with utcnow() would enable us to close a gap and generate SAS tokens dynamically.

    A possible scenario could look like:

    addhours(parameters(utcnow(),1))

    and provide the result as expiration time inside the listaccountsas() function

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  13. Parameters in Nested Templates is broken

    For nested templates, you cannot use parameters or variables that are defined within the nested template. It is currently broken (as per the documentation).

    It'd be great if this could be fixed. An example of what I'm talking about can be seen here:

    https://github.com/bmoore-msft/AzureRM-Samples/blob/master/dynamicSecretId/azuredeploy.inline.json

    Note: It's not only with Keyvault references that this is broken, but rather all inline parameters when using an inline template.

    Thanks!

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide a Resource Manager Template Function that generates a cryptographically strong password

    When one designs systems with the assumption that it would be breached at some time in the future, sharing passwords between services (IaaS or PaaS) isn’t recommended. If a password for one service is discovered by a malicious agent, it could be used to compromise other parts of the system. As such, its best to ensure each service (PaaS or IaaS) has its own unique cryptographically strong password.

    Having a unique password per service also allows for easier password rotation (through Scipts, DSC and other configuration management systems).

    As the number of systems (PaaS or IaaS) increases, we don’t want…

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improve access to Key Vault from ARM templates

    Accessing secrets from KV in an ARM templates is super important, especially from VSTS release management pipelines yet the support is limited.

    The way you get at key vaults secrets from templates currently has very limited application. You use "reference" but this can only be applied to a parameter. Why not a variable or inline? However the real limitation is using a dynamic key vault id. Firstly nobody is going to use a static key vault id. It will nearly always be derived from other parameters or functions e.g. subscription() or resourceGroup(). So to do that you must use nested…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Custom RBAC role to only allow the assignment of TAGS on resources.

    Would be nice to have a custom RBAC role in the Azure portal created that allows a user to ONLY be able to set TAGS on resources, resource groups and/or subscriptions for billing purposes.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Custom error messages for RequestDisallowedByPolicy

    Please add support for custom error messages for Azure Resource Policies RequestDisallowedByPolicy errors, so users don't have to lookup for policy definition by its id.

    Current behavior is described here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-policy-requestdisallowedbypolicy-error

    Supporting custom error messages would require handling an extra field in Resource Policy JSON definition.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure ARM Templates vague error messages

    The request content was invalid and could not be deserialized: 'Required property 'type' not found in JSON. Path 'properties.template.resources[0].resources[2]', line 1, position 4150.'. (Code: InvalidRequestContent)

    I just find that error messages like these are no help what so ever. Example, (line 1, position 4150). Can we get a little more specific?

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for taking the time to vote for this item.

    This is something we are actively working on improving but will be a ongoing effort.

    Please let us know of specific errors that you may run into as well as we would like to address them.

  19. Reset account

    I want to have ability to reset account

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Show "created by" user

    It would be handy if the Properties blade showed the Created By user so we didn't have to search through audit logs. Creation Date, Last Modified Date, and Last Modified By would also potentially be useful.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Resource Manager

Feedback and Knowledge Base