I want to deploy a AzureKeyVault that contains AzureStorageAccount connection string from another resource group. I know you can do this if AzureKeyVault and AzureStorageAccount are in the same resource group, like in the following:
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "secretName",
"properties": {
"value": "[concat('DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=', 'StorageAccountName', ';AccountKey=', first(listKeys(resourceId('Microsoft.Storage/storageAccounts', 'StorageAccountName'), variables('storageApiVersion')).keys).value)]"
},
"dependsOn": []
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "StorageAccountName",
...
},
{
"type": "Microsoft.KeyVault/vaults",
"name": "KeyVaultName",
...
}
]
My question is how can an change this to get the connection string from a different resource group that has already been deployed?
use the built-in functionality of the resourceId() function:
resourceId(%different_rg_name%, 'Microsoft.Storage/storageAccounts', 'StorageAccountName')