Top / Microsoft Azure / Azure Cognitive Services / Account Customer Managed Key

Azure Cognitive Services Account Customer Managed Key

This page shows how to write Terraform and Azure Resource Manager for Cognitive Services Account Customer Managed Key and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_cognitive_account_customer_managed_key (Terraform)

The Account Customer Managed Key in Cognitive Services can be configured in Terraform with the resource name azurerm_cognitive_account_customer_managed_key. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • cognitive_account_id - (Required) The ID of the Cognitive Account. Changing this forces a new resource to be created.

  • key_vault_key_id - (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this Cognitive Account.

  • identity_client_id - (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the Cognitive Account.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Cognitive Account.

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Customer Managed Key for a Cognitive Services Account.

>> from Terraform Registry

Microsoft.CognitiveServices/accounts (Azure Resource Manager)

The accounts in Microsoft.CognitiveServices can be configured in Azure Resource Manager with the resource name Microsoft.CognitiveServices/accounts. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
dash.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",

Parameters

  • apiVersion required - string
  • identity optional
      • type optional - string

        The identity type.

      • userAssignedIdentities optional - undefined

        The list of user assigned identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}

  • kind optional - string

    The kind (type) of cognitive service account.

  • location optional - string

    The geo-location where the resource lives

  • name required - string

    The name of Cognitive Services account.

  • properties required
      • allowedFqdnList optional - array
      • apiProperties optional
          • aadClientId optional - string

            (Metrics Advisor Only) The Azure AD Client Id (Application Id).

          • aadTenantId optional - string

            (Metrics Advisor Only) The Azure AD Tenant Id.

          • additionalProperties optional - object

            Unmatched properties from the message are deserialized this collection

          • eventHubConnectionString optional - string

            (Personalization Only) The flag to enable statistics of Bing Search.

          • qnaAzureSearchEndpointId optional - string

            (QnAMaker Only) The Azure Search endpoint id of QnAMaker.

          • qnaAzureSearchEndpointKey optional - string

            (QnAMaker Only) The Azure Search endpoint key of QnAMaker.

          • qnaRuntimeEndpoint optional - string

            (QnAMaker Only) The runtime endpoint of QnAMaker.

          • statisticsEnabled optional - boolean

            (Bing Search Only) The flag to enable statistics of Bing Search.

          • storageAccountConnectionString optional - string

            (Personalization Only) The storage account connection string.

          • superUser optional - string

            (Metrics Advisor Only) The super user of Metrics Advisor.

          • websiteName optional - string

            (Metrics Advisor Only) The website name of Metrics Advisor.

      • customSubDomainName optional - string

        Optional subdomain name used for token-based authentication.

      • disableLocalAuth optional - boolean
      • encryption optional
          • keySource optional - string

            Enumerates the possible value of keySource for Encryption.

          • keyVaultProperties optional
              • identityClientId optional - string
              • keyName optional - string

                Name of the Key from KeyVault

              • keyVaultUri optional - string

                Uri of KeyVault

              • keyVersion optional - string

                Version of the Key from KeyVault

      • migrationToken optional - string

        Resource migration token.

      • networkAcls optional
          • defaultAction optional - string

            The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.

          • ipRules optional array
              • value required - string

                An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

          • virtualNetworkRules optional array
              • id required - string

                Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.

              • ignoreMissingVnetServiceEndpoint optional - boolean

                Ignore missing vnet service endpoint or not.

              • state optional - string

                Gets the state of virtual network rule.

      • publicNetworkAccess optional - string

        Whether or not public endpoint access is allowed for this account. Value is optional but if passed in, must be 'Enabled' or 'Disabled'.

      • restore optional - boolean
      • restrictOutboundNetworkAccess optional - boolean
      • userOwnedStorage optional array
          • identityClientId optional - string
          • resourceId optional - string

            Full resource id of a Microsoft.Storage resource.

  • sku optional
      • capacity optional - integer

        If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted.

      • family optional - string

        If the service has different generations of hardware, for the same SKU, then that can be captured here.

      • name required - string

        The name of the SKU. Ex - P3. It is typically a letter+number code

      • size optional - string

        The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code.

      • tier optional - string

        This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT.

  • tags optional - string

    Resource tags.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Cognitive Services Resources

Frequently asked questions

What is Azure Cognitive Services Account Customer Managed Key?

Azure Cognitive Services Account Customer Managed Key is a resource for Cognitive Services of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents