Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The workspaces/fhirservices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.HealthcareApis/workspaces/fhirservices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.HealthcareApis/workspaces/fhirservices@2025-03-01-preview' = {
parent: resourceSymbolicName
etag: 'string'
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
kind: 'string'
location: 'string'
name: 'string'
properties: {
acrConfiguration: {
loginServers: [
'string'
]
ociArtifacts: [
{
digest: 'string'
imageName: 'string'
loginServer: 'string'
}
]
}
authenticationConfiguration: {
audience: 'string'
authority: 'string'
smartIdentityProviders: [
{
applications: [
{
allowedDataActions: [
'string'
]
audience: 'string'
clientId: 'string'
}
]
authority: 'string'
}
]
smartProxyEnabled: bool
}
corsConfiguration: {
allowCredentials: bool
headers: [
'string'
]
maxAge: int
methods: [
'string'
]
origins: [
'string'
]
}
encryption: {
customerManagedKeyEncryption: {
keyEncryptionKeyUrl: 'string'
}
}
exportConfiguration: {
storageAccountName: 'string'
}
implementationGuidesConfiguration: {
usCoreMissingData: bool
}
importConfiguration: {
enabled: bool
initialImportMode: bool
integrationDataStore: 'string'
}
publicNetworkAccess: 'string'
resourceVersionPolicyConfiguration: {
default: 'string'
resourceTypeOverrides: {
{customized property}: 'string'
}
}
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.HealthcareApis/workspaces/fhirservices
| Name | Description | Value |
|---|---|---|
| etag | An etag associated with the resource, used for optimistic concurrency when editing it. | string |
| identity | Setting indicating whether the service has a managed identity associated with it. | ServiceManagedIdentityIdentity |
| kind | The kind of the service. | 'fhir-R4' 'fhir-Stu3' |
| location | The resource location. | string |
| name | The resource name | string Constraints: Min length = 3 Max length = 24 (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: workspaces |
| properties | Fhir Service configuration. | FhirServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
Encryption
| Name | Description | Value |
|---|---|---|
| customerManagedKeyEncryption | The encryption settings for the customer-managed key | EncryptionCustomerManagedKeyEncryption |
EncryptionCustomerManagedKeyEncryption
| Name | Description | Value |
|---|---|---|
| keyEncryptionKeyUrl | The URL of the key to use for encryption | string |
FhirServiceAcrConfiguration
| Name | Description | Value |
|---|---|---|
| loginServers | The list of the Azure container registry login servers. | string[] |
| ociArtifacts | The list of Open Container Initiative (OCI) artifacts. | ServiceOciArtifactEntry[] |
FhirServiceAuthenticationConfiguration
| Name | Description | Value |
|---|---|---|
| audience | The audience url for the service | string |
| authority | The authority url for the service | string |
| smartIdentityProviders | The array of identity provider configurations for SMART on FHIR authentication. | SmartIdentityProviderConfiguration[] |
| smartProxyEnabled | If the SMART on FHIR proxy is enabled | bool |
FhirServiceCorsConfiguration
| Name | Description | Value |
|---|---|---|
| allowCredentials | If credentials are allowed via CORS. | bool |
| headers | The headers to be allowed via CORS. | string[] |
| maxAge | The max age to be allowed via CORS. | int Constraints: Min value = 0 Max value = 99999 |
| methods | The methods to be allowed via CORS. | string[] |
| origins | The origins to be allowed via CORS. | string Constraints: Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[] |
FhirServiceExportConfiguration
| Name | Description | Value |
|---|---|---|
| storageAccountName | The name of the default export storage account. | string |
FhirServiceImportConfiguration
| Name | Description | Value |
|---|---|---|
| enabled | If the import operation is enabled. | bool |
| initialImportMode | If the FHIR service is in InitialImportMode. | bool |
| integrationDataStore | The name of the default integration storage account. | string |
FhirServiceProperties
| Name | Description | Value |
|---|---|---|
| acrConfiguration | Fhir Service Azure container registry configuration. | FhirServiceAcrConfiguration |
| authenticationConfiguration | Fhir Service authentication configuration. | FhirServiceAuthenticationConfiguration |
| corsConfiguration | Fhir Service Cors configuration. | FhirServiceCorsConfiguration |
| encryption | The encryption settings of the FHIR service | Encryption |
| exportConfiguration | Fhir Service export configuration. | FhirServiceExportConfiguration |
| implementationGuidesConfiguration | Implementation Guides configuration. | ImplementationGuidesConfiguration |
| importConfiguration | Fhir Service import configuration. | FhirServiceImportConfiguration |
| publicNetworkAccess | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | 'Disabled' 'Enabled' |
| resourceVersionPolicyConfiguration | Determines tracking of history for resources. | ResourceVersionPolicyConfiguration |
ImplementationGuidesConfiguration
| Name | Description | Value |
|---|---|---|
| usCoreMissingData | If US Core Missing Data requirement is enabled. | bool |
ResourceTags
| Name | Description | Value |
|---|
ResourceVersionPolicyConfiguration
| Name | Description | Value |
|---|---|---|
| default | The default value for tracking history across all resources. | 'no-version' 'versioned' 'versioned-update' |
| resourceTypeOverrides | A list of FHIR Resources and their version policy overrides. | ResourceVersionPolicyConfigurationResourceTypeOverrides |
ResourceVersionPolicyConfigurationResourceTypeOverrides
| Name | Description | Value |
|---|
ServiceManagedIdentityIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of identity being specified, currently SystemAssigned and None are allowed. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
ServiceOciArtifactEntry
| Name | Description | Value |
|---|---|---|
| digest | The artifact digest. | string |
| imageName | The artifact name. | string |
| loginServer | The Azure Container Registry login server. | string |
SmartIdentityProviderApplication
| Name | Description | Value |
|---|---|---|
| allowedDataActions | The actions that are permitted to be performed on FHIR resources for the application. | String array containing any of: 'Read' |
| audience | The audience that will be used to validate bearer tokens against the given authority. | string |
| clientId | The application client id defined in the identity provider. This value will be used to validate bearer tokens against the given authority. | string |
SmartIdentityProviderConfiguration
| Name | Description | Value |
|---|---|---|
| applications | The array of identity provider applications for SMART on FHIR authentication. | SmartIdentityProviderApplication[] |
| authority | The identity provider token authority also known as the token issuing authority. | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
Usage Examples
Bicep Samples
A basic example of deploying Healthcare FHIR (Fast Healthcare Interoperability Resources) Service.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource workspace 'Microsoft.HealthcareApis/workspaces@2022-12-01' = {
name: resourceName
location: location
}
resource fhirService 'Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01' = {
parent: workspace
name: resourceName
location: location
kind: 'fhir-R4'
properties: {
acrConfiguration: {}
authenticationConfiguration: {
audience: 'https://acctestfhir.fhir.azurehealthcareapis.com'
authority: 'https://login.microsoftonline.com/deployer().tenantId'
smartProxyEnabled: false
}
corsConfiguration: {
allowCredentials: false
headers: []
methods: []
origins: []
}
}
}
resource fhirService2 'Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01' = {
parent: workspace
name: resourceName
location: location
kind: 'fhir-R4'
properties: {
acrConfiguration: {}
authenticationConfiguration: {
audience: fhirService.properties.authenticationConfiguration.audience
authority: fhirService.properties.authenticationConfiguration.authority
smartProxyEnabled: false
}
corsConfiguration: {
allowCredentials: false
headers: []
methods: []
origins: []
}
}
}
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Configure FHIR service to enable $import | This template provisions FHIR service to enable $import for initial data loading |
| Deploy the MedTech service | The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. |
| Deploy the MedTech service including an Azure IoT Hub | The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. |
ARM template resource definition
The workspaces/fhirservices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.HealthcareApis/workspaces/fhirservices resource, add the following JSON to your template.
{
"type": "Microsoft.HealthcareApis/workspaces/fhirservices",
"apiVersion": "2025-03-01-preview",
"name": "string",
"etag": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"kind": "string",
"location": "string",
"properties": {
"acrConfiguration": {
"loginServers": [ "string" ],
"ociArtifacts": [
{
"digest": "string",
"imageName": "string",
"loginServer": "string"
}
]
},
"authenticationConfiguration": {
"audience": "string",
"authority": "string",
"smartIdentityProviders": [
{
"applications": [
{
"allowedDataActions": [ "string" ],
"audience": "string",
"clientId": "string"
}
],
"authority": "string"
}
],
"smartProxyEnabled": "bool"
},
"corsConfiguration": {
"allowCredentials": "bool",
"headers": [ "string" ],
"maxAge": "int",
"methods": [ "string" ],
"origins": [ "string" ]
},
"encryption": {
"customerManagedKeyEncryption": {
"keyEncryptionKeyUrl": "string"
}
},
"exportConfiguration": {
"storageAccountName": "string"
},
"implementationGuidesConfiguration": {
"usCoreMissingData": "bool"
},
"importConfiguration": {
"enabled": "bool",
"initialImportMode": "bool",
"integrationDataStore": "string"
},
"publicNetworkAccess": "string",
"resourceVersionPolicyConfiguration": {
"default": "string",
"resourceTypeOverrides": {
"{customized property}": "string"
}
}
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.HealthcareApis/workspaces/fhirservices
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-03-01-preview' |
| etag | An etag associated with the resource, used for optimistic concurrency when editing it. | string |
| identity | Setting indicating whether the service has a managed identity associated with it. | ServiceManagedIdentityIdentity |
| kind | The kind of the service. | 'fhir-R4' 'fhir-Stu3' |
| location | The resource location. | string |
| name | The resource name | string Constraints: Min length = 3 Max length = 24 (required) |
| properties | Fhir Service configuration. | FhirServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.HealthcareApis/workspaces/fhirservices' |
Encryption
| Name | Description | Value |
|---|---|---|
| customerManagedKeyEncryption | The encryption settings for the customer-managed key | EncryptionCustomerManagedKeyEncryption |
EncryptionCustomerManagedKeyEncryption
| Name | Description | Value |
|---|---|---|
| keyEncryptionKeyUrl | The URL of the key to use for encryption | string |
FhirServiceAcrConfiguration
| Name | Description | Value |
|---|---|---|
| loginServers | The list of the Azure container registry login servers. | string[] |
| ociArtifacts | The list of Open Container Initiative (OCI) artifacts. | ServiceOciArtifactEntry[] |
FhirServiceAuthenticationConfiguration
| Name | Description | Value |
|---|---|---|
| audience | The audience url for the service | string |
| authority | The authority url for the service | string |
| smartIdentityProviders | The array of identity provider configurations for SMART on FHIR authentication. | SmartIdentityProviderConfiguration[] |
| smartProxyEnabled | If the SMART on FHIR proxy is enabled | bool |
FhirServiceCorsConfiguration
| Name | Description | Value |
|---|---|---|
| allowCredentials | If credentials are allowed via CORS. | bool |
| headers | The headers to be allowed via CORS. | string[] |
| maxAge | The max age to be allowed via CORS. | int Constraints: Min value = 0 Max value = 99999 |
| methods | The methods to be allowed via CORS. | string[] |
| origins | The origins to be allowed via CORS. | string Constraints: Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[] |
FhirServiceExportConfiguration
| Name | Description | Value |
|---|---|---|
| storageAccountName | The name of the default export storage account. | string |
FhirServiceImportConfiguration
| Name | Description | Value |
|---|---|---|
| enabled | If the import operation is enabled. | bool |
| initialImportMode | If the FHIR service is in InitialImportMode. | bool |
| integrationDataStore | The name of the default integration storage account. | string |
FhirServiceProperties
| Name | Description | Value |
|---|---|---|
| acrConfiguration | Fhir Service Azure container registry configuration. | FhirServiceAcrConfiguration |
| authenticationConfiguration | Fhir Service authentication configuration. | FhirServiceAuthenticationConfiguration |
| corsConfiguration | Fhir Service Cors configuration. | FhirServiceCorsConfiguration |
| encryption | The encryption settings of the FHIR service | Encryption |
| exportConfiguration | Fhir Service export configuration. | FhirServiceExportConfiguration |
| implementationGuidesConfiguration | Implementation Guides configuration. | ImplementationGuidesConfiguration |
| importConfiguration | Fhir Service import configuration. | FhirServiceImportConfiguration |
| publicNetworkAccess | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | 'Disabled' 'Enabled' |
| resourceVersionPolicyConfiguration | Determines tracking of history for resources. | ResourceVersionPolicyConfiguration |
ImplementationGuidesConfiguration
| Name | Description | Value |
|---|---|---|
| usCoreMissingData | If US Core Missing Data requirement is enabled. | bool |
ResourceTags
| Name | Description | Value |
|---|
ResourceVersionPolicyConfiguration
| Name | Description | Value |
|---|---|---|
| default | The default value for tracking history across all resources. | 'no-version' 'versioned' 'versioned-update' |
| resourceTypeOverrides | A list of FHIR Resources and their version policy overrides. | ResourceVersionPolicyConfigurationResourceTypeOverrides |
ResourceVersionPolicyConfigurationResourceTypeOverrides
| Name | Description | Value |
|---|
ServiceManagedIdentityIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of identity being specified, currently SystemAssigned and None are allowed. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
ServiceOciArtifactEntry
| Name | Description | Value |
|---|---|---|
| digest | The artifact digest. | string |
| imageName | The artifact name. | string |
| loginServer | The Azure Container Registry login server. | string |
SmartIdentityProviderApplication
| Name | Description | Value |
|---|---|---|
| allowedDataActions | The actions that are permitted to be performed on FHIR resources for the application. | String array containing any of: 'Read' |
| audience | The audience that will be used to validate bearer tokens against the given authority. | string |
| clientId | The application client id defined in the identity provider. This value will be used to validate bearer tokens against the given authority. | string |
SmartIdentityProviderConfiguration
| Name | Description | Value |
|---|---|---|
| applications | The array of identity provider applications for SMART on FHIR authentication. | SmartIdentityProviderApplication[] |
| authority | The identity provider token authority also known as the token issuing authority. | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Configure FHIR service to enable $import |
This template provisions FHIR service to enable $import for initial data loading |
| Deploy the MedTech service |
The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. |
| Deploy the MedTech service including an Azure IoT Hub |
The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. |
Terraform (AzAPI provider) resource definition
The workspaces/fhirservices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.HealthcareApis/workspaces/fhirservices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.HealthcareApis/workspaces/fhirservices@2025-03-01-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
etag = "string"
kind = "string"
properties = {
acrConfiguration = {
loginServers = [
"string"
]
ociArtifacts = [
{
digest = "string"
imageName = "string"
loginServer = "string"
}
]
}
authenticationConfiguration = {
audience = "string"
authority = "string"
smartIdentityProviders = [
{
applications = [
{
allowedDataActions = [
"string"
]
audience = "string"
clientId = "string"
}
]
authority = "string"
}
]
smartProxyEnabled = bool
}
corsConfiguration = {
allowCredentials = bool
headers = [
"string"
]
maxAge = int
methods = [
"string"
]
origins = [
"string"
]
}
encryption = {
customerManagedKeyEncryption = {
keyEncryptionKeyUrl = "string"
}
}
exportConfiguration = {
storageAccountName = "string"
}
implementationGuidesConfiguration = {
usCoreMissingData = bool
}
importConfiguration = {
enabled = bool
initialImportMode = bool
integrationDataStore = "string"
}
publicNetworkAccess = "string"
resourceVersionPolicyConfiguration = {
default = "string"
resourceTypeOverrides = {
{customized property} = "string"
}
}
}
}
}
Property Values
Microsoft.HealthcareApis/workspaces/fhirservices
| Name | Description | Value |
|---|---|---|
| etag | An etag associated with the resource, used for optimistic concurrency when editing it. | string |
| identity | Setting indicating whether the service has a managed identity associated with it. | ServiceManagedIdentityIdentity |
| kind | The kind of the service. | 'fhir-R4' 'fhir-Stu3' |
| location | The resource location. | string |
| name | The resource name | string Constraints: Min length = 3 Max length = 24 (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: workspaces |
| properties | Fhir Service configuration. | FhirServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.HealthcareApis/workspaces/fhirservices@2025-03-01-preview" |
Encryption
| Name | Description | Value |
|---|---|---|
| customerManagedKeyEncryption | The encryption settings for the customer-managed key | EncryptionCustomerManagedKeyEncryption |
EncryptionCustomerManagedKeyEncryption
| Name | Description | Value |
|---|---|---|
| keyEncryptionKeyUrl | The URL of the key to use for encryption | string |
FhirServiceAcrConfiguration
| Name | Description | Value |
|---|---|---|
| loginServers | The list of the Azure container registry login servers. | string[] |
| ociArtifacts | The list of Open Container Initiative (OCI) artifacts. | ServiceOciArtifactEntry[] |
FhirServiceAuthenticationConfiguration
| Name | Description | Value |
|---|---|---|
| audience | The audience url for the service | string |
| authority | The authority url for the service | string |
| smartIdentityProviders | The array of identity provider configurations for SMART on FHIR authentication. | SmartIdentityProviderConfiguration[] |
| smartProxyEnabled | If the SMART on FHIR proxy is enabled | bool |
FhirServiceCorsConfiguration
| Name | Description | Value |
|---|---|---|
| allowCredentials | If credentials are allowed via CORS. | bool |
| headers | The headers to be allowed via CORS. | string[] |
| maxAge | The max age to be allowed via CORS. | int Constraints: Min value = 0 Max value = 99999 |
| methods | The methods to be allowed via CORS. | string[] |
| origins | The origins to be allowed via CORS. | string Constraints: Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[] |
FhirServiceExportConfiguration
| Name | Description | Value |
|---|---|---|
| storageAccountName | The name of the default export storage account. | string |
FhirServiceImportConfiguration
| Name | Description | Value |
|---|---|---|
| enabled | If the import operation is enabled. | bool |
| initialImportMode | If the FHIR service is in InitialImportMode. | bool |
| integrationDataStore | The name of the default integration storage account. | string |
FhirServiceProperties
| Name | Description | Value |
|---|---|---|
| acrConfiguration | Fhir Service Azure container registry configuration. | FhirServiceAcrConfiguration |
| authenticationConfiguration | Fhir Service authentication configuration. | FhirServiceAuthenticationConfiguration |
| corsConfiguration | Fhir Service Cors configuration. | FhirServiceCorsConfiguration |
| encryption | The encryption settings of the FHIR service | Encryption |
| exportConfiguration | Fhir Service export configuration. | FhirServiceExportConfiguration |
| implementationGuidesConfiguration | Implementation Guides configuration. | ImplementationGuidesConfiguration |
| importConfiguration | Fhir Service import configuration. | FhirServiceImportConfiguration |
| publicNetworkAccess | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | 'Disabled' 'Enabled' |
| resourceVersionPolicyConfiguration | Determines tracking of history for resources. | ResourceVersionPolicyConfiguration |
ImplementationGuidesConfiguration
| Name | Description | Value |
|---|---|---|
| usCoreMissingData | If US Core Missing Data requirement is enabled. | bool |
ResourceTags
| Name | Description | Value |
|---|
ResourceVersionPolicyConfiguration
| Name | Description | Value |
|---|---|---|
| default | The default value for tracking history across all resources. | 'no-version' 'versioned' 'versioned-update' |
| resourceTypeOverrides | A list of FHIR Resources and their version policy overrides. | ResourceVersionPolicyConfigurationResourceTypeOverrides |
ResourceVersionPolicyConfigurationResourceTypeOverrides
| Name | Description | Value |
|---|
ServiceManagedIdentityIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of identity being specified, currently SystemAssigned and None are allowed. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
ServiceOciArtifactEntry
| Name | Description | Value |
|---|---|---|
| digest | The artifact digest. | string |
| imageName | The artifact name. | string |
| loginServer | The Azure Container Registry login server. | string |
SmartIdentityProviderApplication
| Name | Description | Value |
|---|---|---|
| allowedDataActions | The actions that are permitted to be performed on FHIR resources for the application. | String array containing any of: 'Read' |
| audience | The audience that will be used to validate bearer tokens against the given authority. | string |
| clientId | The application client id defined in the identity provider. This value will be used to validate bearer tokens against the given authority. | string |
SmartIdentityProviderConfiguration
| Name | Description | Value |
|---|---|---|
| applications | The array of identity provider applications for SMART on FHIR authentication. | SmartIdentityProviderApplication[] |
| authority | The identity provider token authority also known as the token issuing authority. | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
Usage Examples
Terraform Samples
A basic example of deploying Healthcare FHIR (Fast Healthcare Interoperability Resources) Service.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
azurerm = {
source = "hashicorp/azurerm"
}
}
}
provider "azurerm" {
features {
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
data "azurerm_client_config" "current" {
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "workspace" {
type = "Microsoft.HealthcareApis/workspaces@2022-12-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "fhirService" {
type = "Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01"
parent_id = azapi_resource.workspace.id
name = var.resource_name
location = var.location
body = {
kind = "fhir-R4"
properties = {
acrConfiguration = {
}
authenticationConfiguration = {
audience = "https://acctestfhir.fhir.azurehealthcareapis.com"
authority = "https://login.microsoftonline.com/${data.azurerm_client_config.current.tenant_id}"
smartProxyEnabled = false
}
corsConfiguration = {
allowCredentials = false
headers = [
]
methods = [
]
origins = [
]
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "fhirService2" {
type = "Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01"
parent_id = azapi_resource.workspace.id
name = var.resource_name
location = var.location
body = {
kind = "fhir-R4"
properties = {
acrConfiguration = {
}
authenticationConfiguration = {
audience = azapi_resource.fhirService.output.properties.authenticationConfiguration.audience
authority = azapi_resource.fhirService.output.properties.authenticationConfiguration.authority
smartProxyEnabled = false
}
corsConfiguration = {
allowCredentials = false
headers = [
]
methods = [
]
origins = [
]
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}