Awesome

<h1 style="color: steelblue;">⚠️ CARML - AVM transition ⚠️</h1>

CARML evolved to and has been rebranded as the Bicep version of Azure Verifiefd Modules (AVM). AVM is a straight-line successor of CARML, the next evolutionary step. A lot of CARML’s principles and architecture decisions have formed the basis for AVM.

While this means some minor changes in things such as parameter names or "standard interfaces" (e.g., diagnostic settings, etc.), you can still use the same modules you're used to and love, as they have been transitioned to AVM as resource or pattern modules.

You can find the full list of all AVM modules in the AVM Module Indexes.
Each module is published in the Public Bicep Registry and their source code can be found in the underlying repository (BRM)!

A notice with additional details has been placed in each module. If for any reason, you still need access to the CARML version of the module, you can find it in the CARML repository by following the links in the module's README.md file.

Going forward, only the AVM version of the modules will receive updates and new features.

Please do not file issues in CARML or work on improving the module in CARML as further contributions to these modules will not be integrated in the CARML repository!
To open an AVM module issue, use the Module Issue template in the BRM repository.
If you accidentally raise an issue in the wrong place, we will transfer it to its correct home - the AVM Bicep repository (BRM).

NOTE: A few modules have been retired without being moved to AVM as is. In most of these cases, capabilities originally provided by these modules have been implemented differently in AVM - e.g., as part of all AVM modules.

In the upcoming period, the AVM team will work on ensuring full compatibility of CARML's inner-sourcing solution (CI environment) with AVM.

Common Azure Resource Modules Library

Description

This repository includes a library of mature and curated Bicep modules as well as a Continuous Integration (CI) environment leveraged for modules' validation and versioned publishing.

The CI environment supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.

Get started

For introduction guidance visit the Wiki
For guidance on which version of the code to leverage, see Disclaimer
For information on contributing, see Contribution
File an issue via GitHub Issues
For reference documentation, visit Enterprise-Scale
For an outline of the module features, visit Module overview

Note: To ensure the modules and environment work as expected, please ensure you are using the latest version of the used tools such as PowerShell and Bicep. Especially in case of the latter, note, that you need to manually update the Bicep CLI. For further information, see our troubleshooting guide.

Available Resource Modules

Provider namespace	Resource Type	Name
`Microsoft.AAD`	domainServices	Azure Active Directory Domain Services
`Microsoft.AnalysisServices`	servers	Analysis Services Servers
`Microsoft.ApiManagement`	service	API Management Services
`Microsoft.App`	containerApps	Container Apps
	jobs	Container App Jobs
	managedEnvironments	App ManagedEnvironments
`Microsoft.AppConfiguration`	configurationStores	App Configuration Stores
`Microsoft.Authorization`	locks	Authorization Locks (All scopes)
	policyAssignments	Policy Assignments (All scopes)
	policyDefinitions	Policy Definitions (All scopes)
	policyExemptions	Policy Exemptions (All scopes)
	policySetDefinitions	Policy Set Definitions (Initiatives) (All scopes)
	roleAssignments	Role Assignments (All scopes)
	roleDefinitions	Role Definitions (All scopes)
`Microsoft.Automation`	automationAccounts	Automation Accounts
`Microsoft.Batch`	batchAccounts	Batch Accounts
`Microsoft.Cache`	redis	Redis Cache
	redisEnterprise	Redis Cache Enterprise
`Microsoft.Cdn`	profiles	CDN Profiles
`Microsoft.CognitiveServices`	accounts	Cognitive Services
`Microsoft.Compute`	availabilitySets	Availability Sets
	disks	Compute Disks
	diskEncryptionSets	Disk Encryption Sets
	galleries	Azure Compute Galleries
	images	Images
	proximityPlacementGroups	Proximity Placement Groups
	sshPublicKeys	Public SSH Keys
	virtualMachines	Virtual Machines
	virtualMachineScaleSets	Virtual Machine Scale Sets
`Microsoft.Consumption`	budgets	Consumption Budgets
`Microsoft.ContainerInstance`	containerGroups	Container Instances Container Groups
`Microsoft.ContainerRegistry`	registries	Azure Container Registries (ACR)
`Microsoft.ContainerService`	managedClusters	Azure Kubernetes Service (AKS) Managed Clusters
`Microsoft.DataFactory`	factories	Data Factories
`Microsoft.DataProtection`	backupVaults	Data Protection Backup Vaults
`Microsoft.Databricks`	accessConnectors	Azure Databricks Access Connectors
	workspaces	Azure Databricks Workspaces
`Microsoft.DBforMySQL`	flexibleServers	DBforMySQL Flexible Servers
`Microsoft.DBforPostgreSQL`	flexibleServers	DBforPostgreSQL Flexible Servers
`Microsoft.DesktopVirtualization`	applicationGroups	Azure Virtual Desktop (AVD) Application Groups
	hostPools	Azure Virtual Desktop (AVD) Host Pools
	scalingPlans	Azure Virtual Desktop (AVD) Scaling Plans
	workspaces	Azure Virtual Desktop (AVD) Workspaces
`Microsoft.DevTestLab`	labs	DevTest Labs
`Microsoft.DigitalTwins`	digitalTwinsInstances	Digital Twins Instances
`Microsoft.DocumentDB`	databaseAccounts	DocumentDB Database Accounts
`Microsoft.EventGrid`	domains	Event Grid Domains
	systemTopics	Event Grid System Topics
	topics	Event Grid Topics
`Microsoft.EventHub`	namespaces	Event Hub Namespaces
`Microsoft.HealthBot`	healthBots	Azure Health Bots
`Microsoft.HealthcareApis`	workspaces	Healthcare API Workspaces
`microsoft.insights`	actionGroups	Action Groups
	activityLogAlerts	Activity Log Alerts
	components	Application Insights
	dataCollectionEndpoints	Data Collection Endpoints
	dataCollectionRules	Data Collection Rules
	diagnosticSettings	Diagnostic Settings (Activity Logs) for Azure Subscriptions
	metricAlerts	Metric Alerts
	privateLinkScopes	Azure Monitor Private Link Scopes
	scheduledQueryRules	Scheduled Query Rules
	webtests	Web Tests
`Microsoft.KeyVault`	vaults	Key Vaults
`Microsoft.KubernetesConfiguration`	extensions	Kubernetes Configuration Extensions
	fluxConfigurations	Kubernetes Configuration Flux Configurations
`Microsoft.Logic`	workflows	Logic Apps (Workflows)
`Microsoft.MachineLearningServices`	workspaces	Machine Learning Services Workspaces
`Microsoft.Maintenance`	maintenanceConfigurations	Maintenance Configurations
`Microsoft.ManagedIdentity`	userAssignedIdentities	User Assigned Identities
`Microsoft.ManagedServices`	registrationDefinitions	Registration Definitions
`Microsoft.Management`	managementGroups	Management Groups
`Microsoft.NetApp`	netAppAccounts	Azure NetApp Files
`Microsoft.Network`	applicationGateways	Network Application Gateways
	ApplicationGatewayWebApplicationFirewallPolicies	Application Gateway Web Application Firewall (WAF) Policies
	applicationSecurityGroups	Application Security Groups (ASG)
	azureFirewalls	Azure Firewalls
	bastionHosts	Bastion Hosts
	connections	Virtual Network Gateway Connections
	ddosProtectionPlans	DDoS Protection Plans
	dnsForwardingRulesets	Dns Forwarding Rulesets
	dnsResolvers	DNS Resolvers
	dnsZones	Public DNS Zones
	expressRouteCircuits	ExpressRoute Circuits
	expressRouteGateways	Express Route Gateways
	firewallPolicies	Firewall Policies
	frontDoors	Azure Front Doors
	FrontDoorWebApplicationFirewallPolicies	Front Door Web Application Firewall (WAF) Policies
	ipGroups	IP Groups
	loadBalancers	Load Balancers
	localNetworkGateways	Local Network Gateways
	natGateways	NAT Gateways
	networkInterfaces	Network Interface
	networkManagers	Network Managers
	networkSecurityGroups	Network Security Groups
	networkWatchers	Network Watchers
	privateDnsZones	Private DNS Zones
	privateEndpoints	Private Endpoints
	privateLinkServices	Private Link Services
	publicIPAddresses	Public IP Addresses
	publicIPPrefixes	Public IP Prefixes
	routeTables	Route Tables
	serviceEndpointPolicies	Service Endpoint Policies
	trafficmanagerprofiles	Traffic Manager Profiles
	virtualHubs	Virtual Hubs
	virtualNetworks	Virtual Networks
	virtualNetworkGateways	Virtual Network Gateways
	virtualWans	Virtual WANs
	vpnGateways	VPN Gateways
	vpnSites	VPN Sites
`Microsoft.OperationalInsights`	workspaces	Log Analytics Workspaces
`Microsoft.OperationsManagement`	solutions	Operations Management Solutions
`Microsoft.PolicyInsights`	remediations	Policy Insights Remediations
`Microsoft.PowerBIDedicated`	capacities	Power BI Dedicated Capacities
`Microsoft.Purview`	accounts	Purview Accounts
`Microsoft.RecoveryServices`	vaults	Recovery Services Vaults
`Microsoft.Relay`	namespaces	Relay Namespaces
`Microsoft.ResourceGraph`	queries	Resource Graph Queries
`Microsoft.Resources`	deploymentScripts	Deployment Scripts
	resourceGroups	Resource Groups
	tags	Resources Tags
`Microsoft.Search`	searchServices	Search Services
`Microsoft.Security`	azuresecuritycenter	Azure Security Center (Defender for Cloud)
`Microsoft.ServiceBus`	namespaces	Service Bus Namespaces
`Microsoft.ServiceFabric`	clusters	Service Fabric Clusters
`Microsoft.SignalRService`	signalR	SignalR Service SignalR
	webPubSub	SignalR Web PubSub Services
`Microsoft.Sql`	managedInstances	SQL Managed Instances
	servers	Azure SQL Servers
`Microsoft.Storage`	storageAccounts	Storage Accounts
`Microsoft.Synapse`	privateLinkHubs	Azure Synapse Analytics
	workspaces	Synapse Workspaces
`Microsoft.VirtualMachineImages`	imageTemplates	Virtual Machine Image Templates
`Microsoft.Web`	connections	API Connections
	hostingEnvironments	App Service Environments
	serverfarms	App Service Plans
	sites	Web/Function Apps
	staticSites	Static Web Apps

Platform

Name	Status
Update API Specs file
Assign Pull Request to Author
Test - ConvertTo-ARMTemplate.ps1
Clean up deployment history
Library PSRule pre-flight validation
Broken Links Check
Linter (audit)
Manage issues for failing pipelines
Update ReadMe Module Tables
Update Static Test Documentation
Sync Docs/Wiki

Disclaimer

Please note that the main branch of this repository always contains the latest available version of the code. Some of the updates may introduce breaking changes as well.

Default path: To avoid disruptions, use distinct versions available through releases.
Early adopter path: If the risk of breaking changes is understood and accepted, you can use the code in the main branch directly. However, the CARML team recommends against automatically pulling code from main. It is always recommended to review changes before you pull them into your own repository.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

For specific guidelines on how to contribute to this repository please refer to the Contribution guide Wiki section.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Learn More

Telemetry

Modules provided in this library have telemetry enabled by default. To learn more about this feature, please refer to the Telemetry article in the wiki.