Microsoft.Security securityConnectors 2021-07-01-preview
Article 01/11/2024
1 contributor
Feedback
In this article
Bicep resource definition
The securityConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Security/securityConnectors resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/securityConnectors@2021-07-01-preview' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
kind: 'string'
etag: 'string'
properties: {
cloudName: 'string'
hierarchyIdentifier: 'string'
offerings: [
{
offeringType: 'string'
// For remaining properties, see CloudOffering objects
}
]
organizationalData: {
excludedAccountIds: [
'string'
]
organizationMembershipType: 'string'
parentHierarchyId: 'string'
stacksetName: 'string'
}
}
}
CloudOffering objects
Set the offeringType property to specify the type of object.
For CspmMonitorAws , use:
offeringType: 'CspmMonitorAws'
nativeCloudConnection: {
cloudRoleArn: 'string'
}
For DefenderForContainersAws , use:
offeringType: 'DefenderForContainersAws'
cloudWatchToKinesis: {
cloudRoleArn: 'string'
}
kinesisToS3: {
cloudRoleArn: 'string'
}
kubernetesScubaReader: {
cloudRoleArn: 'string'
}
kubernetesService: {
cloudRoleArn: 'string'
}
For DefenderForServersAws , use:
offeringType: 'DefenderForServersAws'
arcAutoProvisioning: {
enabled: bool
servicePrincipalSecretMetadata: {
expiryDate: 'string'
parameterNameInStore: 'string'
parameterStoreRegion: 'string'
}
}
defenderForServers: {
cloudRoleArn: 'string'
}
For InformationProtectionAws , use:
offeringType: 'InformationProtectionAws'
informationProtection: {
cloudRoleArn: 'string'
}
Property values
securityConnectors
Name
Description
Value
name
The resource name
string (required)
location
Location where the resource is stored
string
tags
A list of key value pairs that describe the resource.
Dictionary of tag names and values. See Tags in templates
kind
Kind of the resource
string
etag
Entity tag is used for comparing two or more entities from the same requested resource.
string
properties
Security connector data
SecurityConnectorProperties
SecurityConnectorProperties
Name
Description
Value
cloudName
The multi cloud resource's cloud name.
'AWS' 'Azure' 'GCP'
hierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector).
string
offerings
A collection of offerings for the security connector.
CloudOffering []
organizationalData
The multi cloud account's organizational data
SecurityConnectorPropertiesOrganizationalData
CloudOffering
CspmMonitorAwsOffering
CspmMonitorAwsOfferingNativeCloudConnection
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOffering
DefenderForContainersAwsOfferingCloudWatchToKinesis
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKinesisToS3
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKubernetesScubaReade...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKubernetesService
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForServersAwsOffering
DefenderForServersAwsOfferingArcAutoProvisioning
DefenderForServersAwsOfferingArcAutoProvisioningServ...
Name
Description
Value
expiryDate
expiration date of service principal secret
string
parameterNameInStore
name of secret resource in parameter store
string
parameterStoreRegion
region of parameter store where secret is kept
string
DefenderForServersAwsOfferingDefenderForServers
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
SecurityConnectorPropertiesOrganizationalData
Name
Description
Value
excludedAccountIds
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
organizationMembershipType
The multi cloud account's membership type in the organization
'Member' 'Organization'
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the account's parent
string
stacksetName
If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset
string
ARM template resource definition
The securityConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Security/securityConnectors resource, add the following JSON to your template.
{
"type": "Microsoft.Security/securityConnectors",
"apiVersion": "2021-07-01-preview",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"kind": "string",
"etag": "string",
"properties": {
"cloudName": "string",
"hierarchyIdentifier": "string",
"offerings": [
{
"offeringType": "string"
// For remaining properties, see CloudOffering objects
}
],
"organizationalData": {
"excludedAccountIds": [ "string" ],
"organizationMembershipType": "string",
"parentHierarchyId": "string",
"stacksetName": "string"
}
}
}
CloudOffering objects
Set the offeringType property to specify the type of object.
For CspmMonitorAws , use:
"offeringType": "CspmMonitorAws",
"nativeCloudConnection": {
"cloudRoleArn": "string"
}
For DefenderForContainersAws , use:
"offeringType": "DefenderForContainersAws",
"cloudWatchToKinesis": {
"cloudRoleArn": "string"
},
"kinesisToS3": {
"cloudRoleArn": "string"
},
"kubernetesScubaReader": {
"cloudRoleArn": "string"
},
"kubernetesService": {
"cloudRoleArn": "string"
}
For DefenderForServersAws , use:
"offeringType": "DefenderForServersAws",
"arcAutoProvisioning": {
"enabled": "bool",
"servicePrincipalSecretMetadata": {
"expiryDate": "string",
"parameterNameInStore": "string",
"parameterStoreRegion": "string"
}
},
"defenderForServers": {
"cloudRoleArn": "string"
}
For InformationProtectionAws , use:
"offeringType": "InformationProtectionAws",
"informationProtection": {
"cloudRoleArn": "string"
}
Property values
securityConnectors
Name
Description
Value
type
The resource type
'Microsoft.Security/securityConnectors'
apiVersion
The resource api version
'2021-07-01-preview'
name
The resource name
string (required)
location
Location where the resource is stored
string
tags
A list of key value pairs that describe the resource.
Dictionary of tag names and values. See Tags in templates
kind
Kind of the resource
string
etag
Entity tag is used for comparing two or more entities from the same requested resource.
string
properties
Security connector data
SecurityConnectorProperties
SecurityConnectorProperties
Name
Description
Value
cloudName
The multi cloud resource's cloud name.
'AWS' 'Azure' 'GCP'
hierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector).
string
offerings
A collection of offerings for the security connector.
CloudOffering []
organizationalData
The multi cloud account's organizational data
SecurityConnectorPropertiesOrganizationalData
CloudOffering
CspmMonitorAwsOffering
CspmMonitorAwsOfferingNativeCloudConnection
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOffering
DefenderForContainersAwsOfferingCloudWatchToKinesis
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKinesisToS3
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKubernetesScubaReade...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKubernetesService
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForServersAwsOffering
DefenderForServersAwsOfferingArcAutoProvisioning
DefenderForServersAwsOfferingArcAutoProvisioningServ...
Name
Description
Value
expiryDate
expiration date of service principal secret
string
parameterNameInStore
name of secret resource in parameter store
string
parameterStoreRegion
region of parameter store where secret is kept
string
DefenderForServersAwsOfferingDefenderForServers
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
SecurityConnectorPropertiesOrganizationalData
Name
Description
Value
excludedAccountIds
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
organizationMembershipType
The multi cloud account's membership type in the organization
'Member' 'Organization'
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the account's parent
string
stacksetName
If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset
string
The securityConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Security/securityConnectors resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/securityConnectors@2021-07-01-preview"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
cloudName = "string"
hierarchyIdentifier = "string"
offerings = [
{
offeringType = "string"
// For remaining properties, see CloudOffering objects
}
]
organizationalData = {
excludedAccountIds = [
"string"
]
organizationMembershipType = "string"
parentHierarchyId = "string"
stacksetName = "string"
}
}
kind = "string"
etag = "string"
})
}
CloudOffering objects
Set the offeringType property to specify the type of object.
For CspmMonitorAws , use:
offeringType = "CspmMonitorAws"
nativeCloudConnection = {
cloudRoleArn = "string"
}
For DefenderForContainersAws , use:
offeringType = "DefenderForContainersAws"
cloudWatchToKinesis = {
cloudRoleArn = "string"
}
kinesisToS3 = {
cloudRoleArn = "string"
}
kubernetesScubaReader = {
cloudRoleArn = "string"
}
kubernetesService = {
cloudRoleArn = "string"
}
For DefenderForServersAws , use:
offeringType = "DefenderForServersAws"
arcAutoProvisioning = {
enabled = bool
servicePrincipalSecretMetadata = {
expiryDate = "string"
parameterNameInStore = "string"
parameterStoreRegion = "string"
}
}
defenderForServers = {
cloudRoleArn = "string"
}
For InformationProtectionAws , use:
offeringType = "InformationProtectionAws"
informationProtection = {
cloudRoleArn = "string"
}
Property values
securityConnectors
Name
Description
Value
type
The resource type
"Microsoft.Security/securityConnectors@2021-07-01-preview"
name
The resource name
string (required)
location
Location where the resource is stored
string
parent_id
To deploy to a resource group, use the ID of that resource group.
string (required)
tags
A list of key value pairs that describe the resource.
Dictionary of tag names and values.
kind
Kind of the resource
string
etag
Entity tag is used for comparing two or more entities from the same requested resource.
string
properties
Security connector data
SecurityConnectorProperties
SecurityConnectorProperties
Name
Description
Value
cloudName
The multi cloud resource's cloud name.
"AWS" "Azure" "GCP"
hierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector).
string
offerings
A collection of offerings for the security connector.
CloudOffering []
organizationalData
The multi cloud account's organizational data
SecurityConnectorPropertiesOrganizationalData
CloudOffering
CspmMonitorAwsOffering
CspmMonitorAwsOfferingNativeCloudConnection
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOffering
DefenderForContainersAwsOfferingCloudWatchToKinesis
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKinesisToS3
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKubernetesScubaReade...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKubernetesService
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForServersAwsOffering
DefenderForServersAwsOfferingArcAutoProvisioning
DefenderForServersAwsOfferingArcAutoProvisioningServ...
Name
Description
Value
expiryDate
expiration date of service principal secret
string
parameterNameInStore
name of secret resource in parameter store
string
parameterStoreRegion
region of parameter store where secret is kept
string
DefenderForServersAwsOfferingDefenderForServers
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
SecurityConnectorPropertiesOrganizationalData
Name
Description
Value
excludedAccountIds
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
organizationMembershipType
The multi cloud account's membership type in the organization
"Member" "Organization"
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the account's parent
string
stacksetName
If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset
string