⚠️ Upcoming breaking changes ⚠️

Following the recent release of 0.11.0, the upcoming period will focus on implementing the remaining changes required to align CARML's modules to the specifications of Azure Verified Modules (currently in development). This will enable us to move & publish the modules of the CARML library to the official Public Bicep Registry. You can read more about CARML's future in AVM here.

Please note that these changes will affect many interfaces (e.g., the diagnostic settings). We intend to keep this period as short as possible, but are limited by our own available capacity. As we want to avoid one 'big bang' migration, we will incrementally align & move modules, and keep a copy in this repository until the move is concluded. For modules that were already published, we will redirect the proposed changes to the AVM folder of the new repository. In its final state, this AVM folder will contain all modules you can currently find in the modules folder of this repository.

Possible changes include (but are not limited to):

• An update of the extension resource interfaces (i.e., diagnostic settings, RBAC, etc.)
• An update of the README.md that comes with each module (including an update of the utility itself) to allow for a more detailed parameter description
• An update to individual folder names
• The addition of several user defined types (requiring Bicep version 0.21.1)

Once the move concluded, the library & CI environment is planned to be maintained. However, several changes to the CARML CI environment will become necessary to ensure a low entry barrier when onboarding both (for example, as per the AVM specs we will need to be less restrictive in our tests).

Common Azure Resource Modules Library

Description

This repository includes a library of mature and curated Bicep modules as well as a Continuous Integration (CI) environment leveraged for modules' validation and versioned publishing.

The CI environment supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.

Get started

• For introduction guidance visit the Wiki
• For guidance on which version of the code to leverage, see Disclaimer
• For information on contributing, see Contribution
• File an issue via GitHub Issues
• For reference documentation, visit Enterprise-Scale
• For an outline of the module features, visit Module overview

Note: To ensure the modules and environment work as expected, please ensure you are using the latest version of the used tools such as PowerShell and Bicep. Especially in case of the later, note, that you need to manually update the Bicep CLI. For further information, see our troubleshooting guide.

Available Resource Modules

Provider namespace	Resource Type	Name	Deploy
Microsoft.AAD	domainServices	Azure Active Directory Domain Services
Microsoft.AnalysisServices	servers	Analysis Services Servers
Microsoft.ApiManagement	service	API Management Services
Microsoft.App	containerApps	Container Apps
	managedEnvironments	App ManagedEnvironments
Microsoft.AppConfiguration	configurationStores	App Configuration Stores
Microsoft.Authorization	locks	Authorization Locks (All scopes)
	policyassignments	Policy Assignments (All scopes)
	policydefinitions	Policy Definitions (All scopes)
	policyExemptions	Policy Exemptions (All scopes)
	policySetDefinitions	Policy Set Definitions (Initiatives) (All scopes)
	roleAssignments	Role Assignments (All scopes)
	roleDefinitions	Role Definitions (All scopes)
Microsoft.Automation	automationAccounts	Automation Accounts
Microsoft.Batch	batchAccounts	Batch Accounts
Microsoft.Cache	redis	Redis Cache
	redisEnterprise	Redis Cache Enterprise
Microsoft.Cdn	profiles	CDN Profiles
Microsoft.CognitiveServices	accounts	Cognitive Services
Microsoft.Compute	availabilitySets	Availability Sets
	disks	Compute Disks
	diskEncryptionSets	Disk Encryption Sets
	galleries	Azure Compute Galleries
	images	Images
	proximityPlacementGroups	Proximity Placement Groups
	sshPublicKeys	Public SSH Keys
	virtualMachines	Virtual Machines
	virtualMachineScaleSets	Virtual Machine Scale Sets
Microsoft.Consumption	budgets	Consumption Budgets
Microsoft.ContainerInstance	containerGroups	Container Instances Container Groups
Microsoft.ContainerRegistry	registries	Azure Container Registries (ACR)
Microsoft.ContainerService	managedClusters	Azure Kubernetes Service (AKS) Managed Clusters
Microsoft.DataFactory	factories	Data Factories
Microsoft.DataProtection	backupVaults	Data Protection Backup Vaults
Microsoft.Databricks	workspaces	Azure Databricks Workspaces
Microsoft.DBforMySQL	flexibleServers	DBforMySQL Flexible Servers
Microsoft.DBforPostgreSQL	flexibleServers	DBforPostgreSQL Flexible Servers
Microsoft.DesktopVirtualization	applicationGroups	Azure Virtual Desktop (AVD) Application Groups
	hostPools	Azure Virtual Desktop (AVD) Host Pools
	scalingPlans	Azure Virtual Desktop (AVD) Scaling Plans
	workspaces	Azure Virtual Desktop (AVD) Workspaces
Microsoft.DevTestLab	labs	DevTest Labs
Microsoft.DigitalTwins	digitalTwinsInstances	Digital Twins Instances
Microsoft.DocumentDB	databaseAccounts	DocumentDB Database Accounts
Microsoft.EventGrid	domains	Event Grid Domains
	systemTopics	Event Grid System Topics
	topics	Event Grid Topics
Microsoft.EventHub	namespaces	Event Hub Namespaces
Microsoft.HealthBot	healthBots	Azure Health Bots
Microsoft.HealthcareApis	workspaces	Healthcare API Workspaces
microsoft.insights	actionGroups	Action Groups
	activityLogAlerts	Activity Log Alerts
	components	Application Insights
	dataCollectionEndpoints	Data Collection Endpoints
	dataCollectionRules	Data Collection Rules
	diagnosticSettings	Diagnostic Settings (Activity Logs) for Azure Subscriptions
	metricAlerts	Metric Alerts
	privateLinkScopes	Azure Monitor Private Link Scopes
	scheduledQueryRules	Scheduled Query Rules
	webtests	Web Tests
Microsoft.KeyVault	vaults	Key Vaults
Microsoft.KubernetesConfiguration	extensions	Kubernetes Configuration Extensions
	fluxConfigurations	Kubernetes Configuration Flux Configurations
Microsoft.Logic	workflows	Logic Apps (Workflows)
Microsoft.MachineLearningServices	workspaces	Machine Learning Services Workspaces
Microsoft.Maintenance	maintenanceConfigurations	Maintenance Configurations
Microsoft.ManagedIdentity	userAssignedIdentities	User Assigned Identities
Microsoft.ManagedServices	registrationDefinitions	Registration Definitions
Microsoft.Management	managementGroups	Management Groups
Microsoft.NetApp	netAppAccounts	Azure NetApp Files
Microsoft.Network	applicationGateways	Network Application Gateways
	ApplicationGatewayWebApplicationFirewallPolicies	Application Gateway Web Application Firewall (WAF) Policies
	applicationSecurityGroups	Application Security Groups (ASG)
	azureFirewalls	Azure Firewalls
	bastionHosts	Bastion Hosts
	connections	Virtual Network Gateway Connections
	ddosProtectionPlans	DDoS Protection Plans
	dnsForwardingRulesets	Dns Forwarding Rulesets
	dnsResolvers	DNS Resolvers
	dnsZones	Public DNS Zones
	expressRouteCircuits	ExpressRoute Circuits
	expressRouteGateways	Express Route Gateways
	firewallPolicies	Firewall Policies
	frontDoors	Azure Front Doors
	FrontDoorWebApplicationFirewallPolicies	Front Door Web Application Firewall (WAF) Policies
	ipGroups	IP Groups
	loadBalancers	Load Balancers
	localNetworkGateways	Local Network Gateways
	natGateways	NAT Gateways
	networkInterfaces	Network Interface
	networkManagers	Network Managers
	networkSecurityGroups	Network Security Groups
	networkWatchers	Network Watchers
	privateDnsZones	Private DNS Zones
	privateEndpoints	Private Endpoints
	privateLinkServices	Private Link Services
	publicIPAddresses	Public IP Addresses
	publicIPPrefixes	Public IP Prefixes
	routeTables	Route Tables
	serviceEndpointPolicies	Service Endpoint Policies
	trafficmanagerprofiles	Traffic Manager Profiles
	virtualHubs	Virtual Hubs
	virtualnetworks	Virtual Networks
	virtualnetworkgateways	Virtual Network Gateways
	virtualWans	Virtual WANs
	vpnGateways	VPN Gateways
	vpnSites	VPN Sites
Microsoft.OperationalInsights	workspaces	Log Analytics Workspaces
Microsoft.OperationsManagement	solutions	Operations Management Solutions
Microsoft.PolicyInsights	remediations	Policy Insights Remediations
Microsoft.PowerBIDedicated	capacities	Power BI Dedicated Capacities
Microsoft.Purview	accounts	Purview Accounts
Microsoft.RecoveryServices	vaults	Recovery Services Vaults
Microsoft.Relay	namespaces	Relay Namespaces
Microsoft.ResourceGraph	queries	Resource Graph Queries
Microsoft.Resources	deploymentScripts	Deployment Scripts
	resourceGroups	Resource Groups
	tags	Resources Tags
Microsoft.Search	searchServices	Search Services
Microsoft.Security	azuresecuritycenter	Azure Security Center (Defender for Cloud)
Microsoft.ServiceBus	namespaces	Service Bus Namespaces
Microsoft.ServiceFabric	clusters	Service Fabric Clusters
Microsoft.SignalRService	signalR	SignalR Service SignalR
	webPubSub	SignalR Web PubSub Services
Microsoft.Sql	managedInstances	SQL Managed Instances
	servers	Azure SQL Servers
Microsoft.Storage	storageAccounts	Storage Accounts
Microsoft.Synapse	privateLinkHubs	Azure Synapse Analytics
	workspaces	Synapse Workspaces
Microsoft.VirtualMachineImages	imageTemplates	Virtual Machine Image Templates
Microsoft.Web	connections	API Connections
	hostingEnvironments	App Service Environments
	serverfarms	App Service Plans
	sites	Web/Function Apps
	staticSites	Static Web Apps

Platform

Name	Status
Update API Specs file
Assign Pull Request to Author
Test - ConvertTo-ARMTemplate.ps1
Clean up deployment history
Library PSRule pre-flight validation
Broken Links Check
Linter (audit)
Manage issues for failing pipelines
Update ReadMe Module Tables
Update Static Test Documentation
Sync Docs/Wiki

Disclaimer

Please note that CARML is constantly evolving and introducing new features. The main branch of this repository changes frequently and thus, it always contains the latest available version of the code. Some of the updates may introduce breaking changes as well.

• Default path: To avoid disruptions, use distinct versions available through releases.
• Early adopter path: If the risk of breaking changes is understood and accepted, you can use the code in the main branch directly. However, the CARML team recommends against automatically pulling code from main. It is always recommended to review changes before you pull them into your own repository.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

For specific guidelines on how to contribute to this repository please refer to the Contribution guide Wiki section.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Learn More

• PowerShell Documentation
• Microsoft Azure Documentation
• GitHubDocs
• Azure Resource Manager
• Bicep

Telemetry

Modules provided in this library have telemetry enabled by default. To learn more about this feature, please refer to the Telemetry article in the wiki.