Getting the ID's of resources created using a loop in bicep

Question

I have got a module that creates managed identities within bicep, I designed it as a module which accepts an array as parameter so that I can pass an array of managed identities that I want created and it can be created at once, the issue here is that I need the ID's of the created user managed identity, I was wondering how I can retrieve the ID's and use it elsewhere.

one thing that springs to mind is declaring an array to store the ID's but that doesnt appear to work when I tested it, I am doing this incorrectly.

param managedIdentities array
param location string
param tagging object
param managed_identity_properties object

 
  resource create_managed_identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = [ for name in managedIdentities: {
    name: name
    location: location
    tags: tagging.tags
  } ]
  
  // output managedIdentityIds array = [for identity in managedIdentities: identity.id]
  output managedIdentityIds array = [resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', name) for name in managedIdentities]

How can I reference the value of the ID in other modules ? Ideally I would like to reference it by providing the managed instance, the array that I am sending to the module looks like this

        "mi_resources": [
            "mi-01",
            "mi-02",
            "mi-03",
            "mi-04"
        ]

Answer 1

Getting the ID's of resources created using a loop in bicep:

Use below code to achieve your requirement.

param  managedIdentities  array
param  location  string = resourceGroup().location
resource  create_managed_identity  'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = [ for  name  in  managedIdentities: {
  name: name
  location: location
} ]
output  managedIdentityIds  array = [for  i  in  range(0,  length(managedIdentities)) : create_managed_identity[i].id]

Output:

Answer 2

How can I reference the value of the ID in other modules ? Regarding this issue, many people will fall into a dilemma, may be encountered in following issue:

which requires a value that can be calculated at the start of the deployment. Properties of xxx which can be calculated at the start include "name"

Module resource reference is tricky in bicep template, learn more from this, Merely refer the output from module will result in an error as above.

Using modules + existing keyword to refer id or properties.
below is a sample code:

managedIdentity.bicep

param location string

param managedIdentities array = [
]

resource create_managed_identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = [ for name in managedIdentities: {
  name: name
  location: location
} ]

main.bicep

param location string = 'eastus'

param managedIdentities array = [
  'wbidentity11'
  'wbidentity22'
]

param containerGroupNames array = [
  'wbcontainer11'
  'wbcontainer22'
]

module idModules 'managedIdentity.bicep' = {
  name: 'idDeploy'
  params: {
    location: location
    managedIdentities: managedIdentities
  }
}

resource identityIds 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = [ for item in managedIdentities: {
  name: item
}]

resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2021-09-01' = [for (name, i) in containerGroupNames: {
  name: name
  location: location
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${identityIds[i].id}': {}
    }
  }
  properties: {
    containers: [
      {
        name: name
        properties: {
          image: 'mcr.microsoft.com/azuredocs/aci-helloworld'
          ports: [
            {
              port: 80
              protocol: 'TCP'
            }
          ]
          resources: {
            requests: {
              cpu: 1
              memoryInGB: 2
            }
          }
        }
      }
    ]
    osType: 'Linux'
    restartPolicy: 'Always'
    ipAddress: {
      type: 'Public'
      ports: [
        {
          port: 80
          protocol: 'TCP'
        }
      ]
    }
  }
  dependsOn: [
    idModules
  ]
}]

---

or you can do it in a simple way to avoid using module.

singleFileResources.bicep

param location string = 'eastus'

param managedIdentities array = [
  'wbidentity1'
  'wbidentity2'
]
param containerGroupNames array = [
  'wbcontainer1'
  'wbcontainer2'
]

resource create_managed_identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = [ for name in managedIdentities: {
  name: name
  location: location
} ]

resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2021-09-01' = [for (name, i) in containerGroupNames: {
  name: name
  location: location
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${create_managed_identity[i].id}': {}
    }
  }
  properties: {
    containers: [
      {
        name: name
        properties: {
          image: 'mcr.microsoft.com/azuredocs/aci-helloworld'
          ports: [
            {
              port: 80
              protocol: 'TCP'
            }
          ]
          resources: {
            requests: {
              cpu: 1
              memoryInGB: 2
            }
          }
        }
      }
    ]
    osType: 'Linux'
    restartPolicy: 'Always'
    ipAddress: {
      type: 'Public'
      ports: [
        {
          port: 80
          protocol: 'TCP'
        }
      ]
    }
  }
}]