Microsoft.Security securityConnectors 2021-07-01-preview

• Latest
• 2023-10-01-preview
• 2023-03-01-preview
• 2022-08-01-preview
• 2022-05-01-preview
• 2021-12-01-preview
• 2021-07-01-preview

Bicep resource definition

The securityConnectors resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/securityConnectors resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Security/securityConnectors@2021-07-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  kind: 'string'
  etag: 'string'
  properties: {
    cloudName: 'string'
    hierarchyIdentifier: 'string'
    offerings: [
      {
        offeringType: 'string'
        // For remaining properties, see CloudOffering objects
      }
    ]
    organizationalData: {
      excludedAccountIds: [
        'string'
      ]
      organizationMembershipType: 'string'
      parentHierarchyId: 'string'
      stacksetName: 'string'
    }
  }
}

CloudOffering objects

Set the offeringType property to specify the type of object.

For CspmMonitorAws, use:

  offeringType: 'CspmMonitorAws'
  nativeCloudConnection: {
    cloudRoleArn: 'string'
  }

For DefenderForContainersAws, use:

  offeringType: 'DefenderForContainersAws'
  cloudWatchToKinesis: {
    cloudRoleArn: 'string'
  }
  kinesisToS3: {
    cloudRoleArn: 'string'
  }
  kubernetesScubaReader: {
    cloudRoleArn: 'string'
  }
  kubernetesService: {
    cloudRoleArn: 'string'
  }

For DefenderForServersAws, use:

  offeringType: 'DefenderForServersAws'
  arcAutoProvisioning: {
    enabled: bool
    servicePrincipalSecretMetadata: {
      expiryDate: 'string'
      parameterNameInStore: 'string'
      parameterStoreRegion: 'string'
    }
  }
  defenderForServers: {
    cloudRoleArn: 'string'
  }

For InformationProtectionAws, use:

  offeringType: 'InformationProtectionAws'
  informationProtection: {
    cloudRoleArn: 'string'
  }

Property values

securityConnectors

Name	Description	Value
name	The resource name	string (required)
location	Location where the resource is stored	string
tags	A list of key value pairs that describe the resource.	Dictionary of tag names and values. See Tags in templates
kind	Kind of the resource	string
etag	Entity tag is used for comparing two or more entities from the same requested resource.	string
properties	Security connector data	SecurityConnectorProperties

SecurityConnectorProperties

Name	Description	Value
cloudName	The multi cloud resource's cloud name.	'AWS' 'Azure' 'GCP'
hierarchyIdentifier	The multi cloud resource identifier (account id in case of AWS connector).	string
offerings	A collection of offerings for the security connector.	CloudOffering[]
organizationalData	The multi cloud account's organizational data	SecurityConnectorPropertiesOrganizationalData

CloudOffering

Name	Description	Value
offeringType	Set the object type	CspmMonitorAws DefenderForContainersAws DefenderForServersAws InformationProtectionAws (required)

CspmMonitorAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'CspmMonitorAws' (required)
nativeCloudConnection	The native cloud connection configuration	CspmMonitorAwsOfferingNativeCloudConnection

CspmMonitorAwsOfferingNativeCloudConnection

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'DefenderForContainersAws' (required)
cloudWatchToKinesis	The cloudwatch to kinesis connection configuration	DefenderForContainersAwsOfferingCloudWatchToKinesis
kinesisToS3	The kinesis to s3 connection configuration	DefenderForContainersAwsOfferingKinesisToS3
kubernetesScubaReader	The kubernetes to scuba connection configuration	DefenderForContainersAwsOfferingKubernetesScubaReade...
kubernetesService	The kubernetes service connection configuration	DefenderForContainersAwsOfferingKubernetesService

DefenderForContainersAwsOfferingCloudWatchToKinesis

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKinesisToS3

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKubernetesScubaReade...

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKubernetesService

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForServersAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'DefenderForServersAws' (required)
arcAutoProvisioning	The ARC autoprovisioning configuration	DefenderForServersAwsOfferingArcAutoProvisioning
defenderForServers	The Defender for servers connection configuration	DefenderForServersAwsOfferingDefenderForServers

DefenderForServersAwsOfferingArcAutoProvisioning

Name	Description	Value
enabled	Is arc auto provisioning enabled	bool
servicePrincipalSecretMetadata	Metadata of Service Principal secret for autoprovisioning	DefenderForServersAwsOfferingArcAutoProvisioningServ...

DefenderForServersAwsOfferingArcAutoProvisioningServ...

Name	Description	Value
expiryDate	expiration date of service principal secret	string
parameterNameInStore	name of secret resource in parameter store	string
parameterStoreRegion	region of parameter store where secret is kept	string

DefenderForServersAwsOfferingDefenderForServers

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

InformationProtectionAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'InformationProtectionAws' (required)
informationProtection	The native cloud connection configuration	InformationProtectionAwsOfferingInformationProtectio...

InformationProtectionAwsOfferingInformationProtectio...

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

SecurityConnectorPropertiesOrganizationalData

Name	Description	Value
excludedAccountIds	If the multi cloud account is of membership type organization, list of accounts excluded from offering	string[]
organizationMembershipType	The multi cloud account's membership type in the organization	'Member' 'Organization'
parentHierarchyId	If the multi cloud account is not of membership type organization, this will be the ID of the account's parent	string
stacksetName	If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset	string

ARM template resource definition

The securityConnectors resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/securityConnectors resource, add the following JSON to your template.

{
  "type": "Microsoft.Security/securityConnectors",
  "apiVersion": "2021-07-01-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "kind": "string",
  "etag": "string",
  "properties": {
    "cloudName": "string",
    "hierarchyIdentifier": "string",
    "offerings": [
      {
        "offeringType": "string"
        // For remaining properties, see CloudOffering objects
      }
    ],
    "organizationalData": {
      "excludedAccountIds": [ "string" ],
      "organizationMembershipType": "string",
      "parentHierarchyId": "string",
      "stacksetName": "string"
    }
  }
}

CloudOffering objects

Set the offeringType property to specify the type of object.

For CspmMonitorAws, use:

  "offeringType": "CspmMonitorAws",
  "nativeCloudConnection": {
    "cloudRoleArn": "string"
  }

For DefenderForContainersAws, use:

  "offeringType": "DefenderForContainersAws",
  "cloudWatchToKinesis": {
    "cloudRoleArn": "string"
  },
  "kinesisToS3": {
    "cloudRoleArn": "string"
  },
  "kubernetesScubaReader": {
    "cloudRoleArn": "string"
  },
  "kubernetesService": {
    "cloudRoleArn": "string"
  }

For DefenderForServersAws, use:

  "offeringType": "DefenderForServersAws",
  "arcAutoProvisioning": {
    "enabled": "bool",
    "servicePrincipalSecretMetadata": {
      "expiryDate": "string",
      "parameterNameInStore": "string",
      "parameterStoreRegion": "string"
    }
  },
  "defenderForServers": {
    "cloudRoleArn": "string"
  }

For InformationProtectionAws, use:

  "offeringType": "InformationProtectionAws",
  "informationProtection": {
    "cloudRoleArn": "string"
  }

Property values

securityConnectors

Name	Description	Value
type	The resource type	'Microsoft.Security/securityConnectors'
apiVersion	The resource api version	'2021-07-01-preview'
name	The resource name	string (required)
location	Location where the resource is stored	string
tags	A list of key value pairs that describe the resource.	Dictionary of tag names and values. See Tags in templates
kind	Kind of the resource	string
etag	Entity tag is used for comparing two or more entities from the same requested resource.	string
properties	Security connector data	SecurityConnectorProperties

SecurityConnectorProperties

Name	Description	Value
cloudName	The multi cloud resource's cloud name.	'AWS' 'Azure' 'GCP'
hierarchyIdentifier	The multi cloud resource identifier (account id in case of AWS connector).	string
offerings	A collection of offerings for the security connector.	CloudOffering[]
organizationalData	The multi cloud account's organizational data	SecurityConnectorPropertiesOrganizationalData

CloudOffering

Name	Description	Value
offeringType	Set the object type	CspmMonitorAws DefenderForContainersAws DefenderForServersAws InformationProtectionAws (required)

CspmMonitorAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'CspmMonitorAws' (required)
nativeCloudConnection	The native cloud connection configuration	CspmMonitorAwsOfferingNativeCloudConnection

CspmMonitorAwsOfferingNativeCloudConnection

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'DefenderForContainersAws' (required)
cloudWatchToKinesis	The cloudwatch to kinesis connection configuration	DefenderForContainersAwsOfferingCloudWatchToKinesis
kinesisToS3	The kinesis to s3 connection configuration	DefenderForContainersAwsOfferingKinesisToS3
kubernetesScubaReader	The kubernetes to scuba connection configuration	DefenderForContainersAwsOfferingKubernetesScubaReade...
kubernetesService	The kubernetes service connection configuration	DefenderForContainersAwsOfferingKubernetesService

DefenderForContainersAwsOfferingCloudWatchToKinesis

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKinesisToS3

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKubernetesScubaReade...

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKubernetesService

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForServersAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'DefenderForServersAws' (required)
arcAutoProvisioning	The ARC autoprovisioning configuration	DefenderForServersAwsOfferingArcAutoProvisioning
defenderForServers	The Defender for servers connection configuration	DefenderForServersAwsOfferingDefenderForServers

DefenderForServersAwsOfferingArcAutoProvisioning

Name	Description	Value
enabled	Is arc auto provisioning enabled	bool
servicePrincipalSecretMetadata	Metadata of Service Principal secret for autoprovisioning	DefenderForServersAwsOfferingArcAutoProvisioningServ...

DefenderForServersAwsOfferingArcAutoProvisioningServ...

Name	Description	Value
expiryDate	expiration date of service principal secret	string
parameterNameInStore	name of secret resource in parameter store	string
parameterStoreRegion	region of parameter store where secret is kept	string

DefenderForServersAwsOfferingDefenderForServers

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

InformationProtectionAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	'InformationProtectionAws' (required)
informationProtection	The native cloud connection configuration	InformationProtectionAwsOfferingInformationProtectio...

InformationProtectionAwsOfferingInformationProtectio...

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

SecurityConnectorPropertiesOrganizationalData

Name	Description	Value
excludedAccountIds	If the multi cloud account is of membership type organization, list of accounts excluded from offering	string[]
organizationMembershipType	The multi cloud account's membership type in the organization	'Member' 'Organization'
parentHierarchyId	If the multi cloud account is not of membership type organization, this will be the ID of the account's parent	string
stacksetName	If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset	string

Terraform (AzAPI provider) resource definition

The securityConnectors resource type can be deployed with operations that target:

• Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/securityConnectors resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Security/securityConnectors@2021-07-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      cloudName = "string"
      hierarchyIdentifier = "string"
      offerings = [
        {
          offeringType = "string"
          // For remaining properties, see CloudOffering objects
        }
      ]
      organizationalData = {
        excludedAccountIds = [
          "string"
        ]
        organizationMembershipType = "string"
        parentHierarchyId = "string"
        stacksetName = "string"
      }
    }
    kind = "string"
    etag = "string"
  })
}

CloudOffering objects

Set the offeringType property to specify the type of object.

For CspmMonitorAws, use:

  offeringType = "CspmMonitorAws"
  nativeCloudConnection = {
    cloudRoleArn = "string"
  }

For DefenderForContainersAws, use:

  offeringType = "DefenderForContainersAws"
  cloudWatchToKinesis = {
    cloudRoleArn = "string"
  }
  kinesisToS3 = {
    cloudRoleArn = "string"
  }
  kubernetesScubaReader = {
    cloudRoleArn = "string"
  }
  kubernetesService = {
    cloudRoleArn = "string"
  }

For DefenderForServersAws, use:

  offeringType = "DefenderForServersAws"
  arcAutoProvisioning = {
    enabled = bool
    servicePrincipalSecretMetadata = {
      expiryDate = "string"
      parameterNameInStore = "string"
      parameterStoreRegion = "string"
    }
  }
  defenderForServers = {
    cloudRoleArn = "string"
  }

For InformationProtectionAws, use:

  offeringType = "InformationProtectionAws"
  informationProtection = {
    cloudRoleArn = "string"
  }

Property values

securityConnectors

Name	Description	Value
type	The resource type	"Microsoft.Security/securityConnectors@2021-07-01-preview"
name	The resource name	string (required)
location	Location where the resource is stored	string
parent_id	To deploy to a resource group, use the ID of that resource group.	string (required)
tags	A list of key value pairs that describe the resource.	Dictionary of tag names and values.
kind	Kind of the resource	string
etag	Entity tag is used for comparing two or more entities from the same requested resource.	string
properties	Security connector data	SecurityConnectorProperties

SecurityConnectorProperties

Name	Description	Value
cloudName	The multi cloud resource's cloud name.	"AWS" "Azure" "GCP"
hierarchyIdentifier	The multi cloud resource identifier (account id in case of AWS connector).	string
offerings	A collection of offerings for the security connector.	CloudOffering[]
organizationalData	The multi cloud account's organizational data	SecurityConnectorPropertiesOrganizationalData

CloudOffering

Name	Description	Value
offeringType	Set the object type	CspmMonitorAws DefenderForContainersAws DefenderForServersAws InformationProtectionAws (required)

CspmMonitorAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	"CspmMonitorAws" (required)
nativeCloudConnection	The native cloud connection configuration	CspmMonitorAwsOfferingNativeCloudConnection

CspmMonitorAwsOfferingNativeCloudConnection

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	"DefenderForContainersAws" (required)
cloudWatchToKinesis	The cloudwatch to kinesis connection configuration	DefenderForContainersAwsOfferingCloudWatchToKinesis
kinesisToS3	The kinesis to s3 connection configuration	DefenderForContainersAwsOfferingKinesisToS3
kubernetesScubaReader	The kubernetes to scuba connection configuration	DefenderForContainersAwsOfferingKubernetesScubaReade...
kubernetesService	The kubernetes service connection configuration	DefenderForContainersAwsOfferingKubernetesService

DefenderForContainersAwsOfferingCloudWatchToKinesis

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKinesisToS3

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKubernetesScubaReade...

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForContainersAwsOfferingKubernetesService

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

DefenderForServersAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	"DefenderForServersAws" (required)
arcAutoProvisioning	The ARC autoprovisioning configuration	DefenderForServersAwsOfferingArcAutoProvisioning
defenderForServers	The Defender for servers connection configuration	DefenderForServersAwsOfferingDefenderForServers

DefenderForServersAwsOfferingArcAutoProvisioning

Name	Description	Value
enabled	Is arc auto provisioning enabled	bool
servicePrincipalSecretMetadata	Metadata of Service Principal secret for autoprovisioning	DefenderForServersAwsOfferingArcAutoProvisioningServ...

DefenderForServersAwsOfferingArcAutoProvisioningServ...

Name	Description	Value
expiryDate	expiration date of service principal secret	string
parameterNameInStore	name of secret resource in parameter store	string
parameterStoreRegion	region of parameter store where secret is kept	string

DefenderForServersAwsOfferingDefenderForServers

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

InformationProtectionAwsOffering

Name	Description	Value
offeringType	The type of the security offering.	"InformationProtectionAws" (required)
informationProtection	The native cloud connection configuration	InformationProtectionAwsOfferingInformationProtectio...

InformationProtectionAwsOfferingInformationProtectio...

Name	Description	Value
cloudRoleArn	The cloud role ARN in AWS for this feature	string

SecurityConnectorPropertiesOrganizationalData

Name	Description	Value
excludedAccountIds	If the multi cloud account is of membership type organization, list of accounts excluded from offering	string[]
organizationMembershipType	The multi cloud account's membership type in the organization	"Member" "Organization"
parentHierarchyId	If the multi cloud account is not of membership type organization, this will be the ID of the account's parent	string
stacksetName	If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset	string