The azure-native:search:Service resource, part of the Pulumi Azure Native provider, provisions an Azure AI Search service instance with its capacity tier, authentication methods, and network access controls. This guide focuses on four capabilities: capacity configuration, authentication options, network access control, and encryption and semantic search features.
Search services run in Azure resource groups and may reference Azure AD identities, Key Vault keys, or virtual network infrastructure that must exist separately. The examples are intentionally small. Combine them with your own identity management, networking, and security policies.
Create a search service with capacity and tags
Most deployments start by choosing a SKU and setting replica and partition counts to match expected query volume and index size.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
computeType: azure_native.search.ComputeType.Default,
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
partitionCount: 1,
replicaCount: 3,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
compute_type=azure_native.search.ComputeType.DEFAULT,
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
partition_count=1,
replica_count=3,
resource_group_name="rg1",
search_service_name="mysearchservice",
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
ComputeType: pulumi.String(search.ComputeTypeDefault),
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
PartitionCount: pulumi.Int(1),
ReplicaCount: pulumi.Int(3),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
ComputeType = AzureNative.Search.ComputeType.Default,
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
PartitionCount = 1,
ReplicaCount = 3,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.computeType("Default")
.hostingMode("Default")
.location("westus")
.partitionCount(1)
.replicaCount(3)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
computeType: Default
hostingMode: Default
location: westus
partitionCount: 1
replicaCount: 3
resourceGroupName: rg1
searchServiceName: mysearchservice
sku:
name: standard
tags:
app-name: My e-commerce app
The sku property determines pricing tier and capacity limits. The replicaCount controls query throughput and availability (1-12 for Standard, 1-3 for Basic). The partitionCount controls index storage capacity (1, 2, 3, 4, 6, or 12 for Standard). Tags provide metadata for organization and cost tracking.
Configure Azure AD authentication with fallback behavior
Teams integrating with Azure AD can control what happens when Azure AD authentication fails.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
authOptions: {
aadOrApiKey: {
aadAuthFailureMode: azure_native.search.AadAuthFailureMode.Http401WithBearerChallenge,
},
},
computeType: azure_native.search.ComputeType.Default,
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
partitionCount: 1,
replicaCount: 3,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
auth_options={
"aad_or_api_key": {
"aad_auth_failure_mode": azure_native.search.AadAuthFailureMode.HTTP401_WITH_BEARER_CHALLENGE,
},
},
compute_type=azure_native.search.ComputeType.DEFAULT,
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
partition_count=1,
replica_count=3,
resource_group_name="rg1",
search_service_name="mysearchservice",
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
AuthOptions: &search.DataPlaneAuthOptionsArgs{
AadOrApiKey: &search.DataPlaneAadOrApiKeyAuthOptionArgs{
AadAuthFailureMode: search.AadAuthFailureModeHttp401WithBearerChallenge,
},
},
ComputeType: pulumi.String(search.ComputeTypeDefault),
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
PartitionCount: pulumi.Int(1),
ReplicaCount: pulumi.Int(3),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
AuthOptions = new AzureNative.Search.Inputs.DataPlaneAuthOptionsArgs
{
AadOrApiKey = new AzureNative.Search.Inputs.DataPlaneAadOrApiKeyAuthOptionArgs
{
AadAuthFailureMode = AzureNative.Search.AadAuthFailureMode.Http401WithBearerChallenge,
},
},
ComputeType = AzureNative.Search.ComputeType.Default,
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
PartitionCount = 1,
ReplicaCount = 3,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.DataPlaneAuthOptionsArgs;
import com.pulumi.azurenative.search.inputs.DataPlaneAadOrApiKeyAuthOptionArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.authOptions(DataPlaneAuthOptionsArgs.builder()
.aadOrApiKey(DataPlaneAadOrApiKeyAuthOptionArgs.builder()
.aadAuthFailureMode("http401WithBearerChallenge")
.build())
.build())
.computeType("Default")
.hostingMode("Default")
.location("westus")
.partitionCount(1)
.replicaCount(3)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
authOptions:
aadOrApiKey:
aadAuthFailureMode: http401WithBearerChallenge
computeType: Default
hostingMode: Default
location: westus
partitionCount: 1
replicaCount: 3
resourceGroupName: rg1
searchServiceName: mysearchservice
sku:
name: standard
tags:
app-name: My e-commerce app
The authOptions property enables Azure AD authentication alongside API keys. The aadAuthFailureMode determines whether failed Azure AD requests return HTTP 401 with a bearer challenge or fall back to API key authentication. This allows gradual migration from API keys to Azure AD.
Disable API key authentication entirely
Organizations with strict security policies may require Azure AD as the only authentication method.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
computeType: azure_native.search.ComputeType.Default,
disableLocalAuth: true,
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
partitionCount: 1,
replicaCount: 3,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
compute_type=azure_native.search.ComputeType.DEFAULT,
disable_local_auth=True,
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
partition_count=1,
replica_count=3,
resource_group_name="rg1",
search_service_name="mysearchservice",
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
ComputeType: pulumi.String(search.ComputeTypeDefault),
DisableLocalAuth: pulumi.Bool(true),
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
PartitionCount: pulumi.Int(1),
ReplicaCount: pulumi.Int(3),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
ComputeType = AzureNative.Search.ComputeType.Default,
DisableLocalAuth = true,
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
PartitionCount = 1,
ReplicaCount = 3,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.computeType("Default")
.disableLocalAuth(true)
.hostingMode("Default")
.location("westus")
.partitionCount(1)
.replicaCount(3)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
computeType: Default
disableLocalAuth: true
hostingMode: Default
location: westus
partitionCount: 1
replicaCount: 3
resourceGroupName: rg1
searchServiceName: mysearchservice
sku:
name: standard
tags:
app-name: My e-commerce app
Setting disableLocalAuth to true blocks all API key authentication, forcing clients to use Azure AD tokens. This cannot be combined with authOptions; choose one authentication strategy. Azure AD identities and role assignments must be configured separately.
Restrict access to private endpoints only
Services handling sensitive data often disable public internet access entirely.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
computeType: azure_native.search.ComputeType.Default,
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
partitionCount: 1,
publicNetworkAccess: azure_native.search.PublicNetworkAccess.Disabled,
replicaCount: 3,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
compute_type=azure_native.search.ComputeType.DEFAULT,
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
partition_count=1,
public_network_access=azure_native.search.PublicNetworkAccess.DISABLED,
replica_count=3,
resource_group_name="rg1",
search_service_name="mysearchservice",
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
ComputeType: pulumi.String(search.ComputeTypeDefault),
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
PartitionCount: pulumi.Int(1),
PublicNetworkAccess: pulumi.String(search.PublicNetworkAccessDisabled),
ReplicaCount: pulumi.Int(3),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
ComputeType = AzureNative.Search.ComputeType.Default,
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
PartitionCount = 1,
PublicNetworkAccess = AzureNative.Search.PublicNetworkAccess.Disabled,
ReplicaCount = 3,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.computeType("Default")
.hostingMode("Default")
.location("westus")
.partitionCount(1)
.publicNetworkAccess("Disabled")
.replicaCount(3)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
computeType: Default
hostingMode: Default
location: westus
partitionCount: 1
publicNetworkAccess: Disabled
replicaCount: 3
resourceGroupName: rg1
searchServiceName: mysearchservice
sku:
name: standard
tags:
app-name: My e-commerce app
The publicNetworkAccess property controls whether the service accepts connections from the public internet. Setting it to Disabled requires all access to go through private endpoints within a virtual network. Private endpoint resources must be created and approved separately.
Allow access from specific IP addresses
Development environments often need to allow access from known office IPs or CI/CD pipelines.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
computeType: azure_native.search.ComputeType.Default,
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
networkRuleSet: {
ipRules: [
{
value: "123.4.5.6",
},
{
value: "123.4.6.0/18",
},
],
},
partitionCount: 1,
replicaCount: 1,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
compute_type=azure_native.search.ComputeType.DEFAULT,
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
network_rule_set={
"ip_rules": [
{
"value": "123.4.5.6",
},
{
"value": "123.4.6.0/18",
},
],
},
partition_count=1,
replica_count=1,
resource_group_name="rg1",
search_service_name="mysearchservice",
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
ComputeType: pulumi.String(search.ComputeTypeDefault),
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
NetworkRuleSet: &search.NetworkRuleSetArgs{
IpRules: search.IpRuleArray{
&search.IpRuleArgs{
Value: pulumi.String("123.4.5.6"),
},
&search.IpRuleArgs{
Value: pulumi.String("123.4.6.0/18"),
},
},
},
PartitionCount: pulumi.Int(1),
ReplicaCount: pulumi.Int(1),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
ComputeType = AzureNative.Search.ComputeType.Default,
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
NetworkRuleSet = new AzureNative.Search.Inputs.NetworkRuleSetArgs
{
IpRules = new[]
{
new AzureNative.Search.Inputs.IpRuleArgs
{
Value = "123.4.5.6",
},
new AzureNative.Search.Inputs.IpRuleArgs
{
Value = "123.4.6.0/18",
},
},
},
PartitionCount = 1,
ReplicaCount = 1,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.NetworkRuleSetArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.computeType("Default")
.hostingMode("Default")
.location("westus")
.networkRuleSet(NetworkRuleSetArgs.builder()
.ipRules(
IpRuleArgs.builder()
.value("123.4.5.6")
.build(),
IpRuleArgs.builder()
.value("123.4.6.0/18")
.build())
.build())
.partitionCount(1)
.replicaCount(1)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
computeType: Default
hostingMode: Default
location: westus
networkRuleSet:
ipRules:
- value: 123.4.5.6
- value: 123.4.6.0/18
partitionCount: 1
replicaCount: 1
resourceGroupName: rg1
searchServiceName: mysearchservice
sku:
name: standard
tags:
app-name: My e-commerce app
The networkRuleSet property defines IP-based access control. The ipRules array accepts individual IPs or CIDR ranges. This restricts public access to known addresses while blocking general internet traffic.
Enforce customer-managed key encryption
Compliance requirements may mandate encryption with keys managed in Azure Key Vault.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
computeType: azure_native.search.ComputeType.Default,
encryptionWithCmk: {
enforcement: azure_native.search.SearchEncryptionWithCmk.Enabled,
},
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
partitionCount: 1,
replicaCount: 3,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
compute_type=azure_native.search.ComputeType.DEFAULT,
encryption_with_cmk={
"enforcement": azure_native.search.SearchEncryptionWithCmk.ENABLED,
},
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
partition_count=1,
replica_count=3,
resource_group_name="rg1",
search_service_name="mysearchservice",
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
ComputeType: pulumi.String(search.ComputeTypeDefault),
EncryptionWithCmk: &search.EncryptionWithCmkArgs{
Enforcement: search.SearchEncryptionWithCmkEnabled,
},
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
PartitionCount: pulumi.Int(1),
ReplicaCount: pulumi.Int(3),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
ComputeType = AzureNative.Search.ComputeType.Default,
EncryptionWithCmk = new AzureNative.Search.Inputs.EncryptionWithCmkArgs
{
Enforcement = AzureNative.Search.SearchEncryptionWithCmk.Enabled,
},
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
PartitionCount = 1,
ReplicaCount = 3,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.EncryptionWithCmkArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.computeType("Default")
.encryptionWithCmk(EncryptionWithCmkArgs.builder()
.enforcement("Enabled")
.build())
.hostingMode("Default")
.location("westus")
.partitionCount(1)
.replicaCount(3)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
computeType: Default
encryptionWithCmk:
enforcement: Enabled
hostingMode: Default
location: westus
partitionCount: 1
replicaCount: 3
resourceGroupName: rg1
searchServiceName: mysearchservice
sku:
name: standard
tags:
app-name: My e-commerce app
The encryptionWithCmk property controls whether indexes and other resources must be encrypted with customer-managed keys. Setting enforcement to Enabled requires all encrypted resources to use keys from Azure Key Vault. The Key Vault, keys, and access policies must be configured separately.
Enable semantic search capabilities
Applications needing natural language understanding can enable semantic search for improved relevance.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const service = new azure_native.search.Service("service", {
computeType: azure_native.search.ComputeType.Default,
hostingMode: azure_native.search.HostingMode.Default,
location: "westus",
partitionCount: 1,
replicaCount: 3,
resourceGroupName: "rg1",
searchServiceName: "mysearchservice",
semanticSearch: azure_native.search.SearchSemanticSearch.Free,
sku: {
name: azure_native.search.SkuName.Standard,
},
tags: {
"app-name": "My e-commerce app",
},
});
import pulumi
import pulumi_azure_native as azure_native
service = azure_native.search.Service("service",
compute_type=azure_native.search.ComputeType.DEFAULT,
hosting_mode=azure_native.search.HostingMode.DEFAULT,
location="westus",
partition_count=1,
replica_count=3,
resource_group_name="rg1",
search_service_name="mysearchservice",
semantic_search=azure_native.search.SearchSemanticSearch.FREE,
sku={
"name": azure_native.search.SkuName.STANDARD,
},
tags={
"app-name": "My e-commerce app",
})
package main
import (
search "github.com/pulumi/pulumi-azure-native-sdk/search/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := search.NewService(ctx, "service", &search.ServiceArgs{
ComputeType: pulumi.String(search.ComputeTypeDefault),
HostingMode: search.HostingModeDefault,
Location: pulumi.String("westus"),
PartitionCount: pulumi.Int(1),
ReplicaCount: pulumi.Int(3),
ResourceGroupName: pulumi.String("rg1"),
SearchServiceName: pulumi.String("mysearchservice"),
SemanticSearch: pulumi.String(search.SearchSemanticSearchFree),
Sku: &search.SkuArgs{
Name: pulumi.String(search.SkuNameStandard),
},
Tags: pulumi.StringMap{
"app-name": pulumi.String("My e-commerce app"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var service = new AzureNative.Search.Service("service", new()
{
ComputeType = AzureNative.Search.ComputeType.Default,
HostingMode = AzureNative.Search.HostingMode.Default,
Location = "westus",
PartitionCount = 1,
ReplicaCount = 3,
ResourceGroupName = "rg1",
SearchServiceName = "mysearchservice",
SemanticSearch = AzureNative.Search.SearchSemanticSearch.Free,
Sku = new AzureNative.Search.Inputs.SkuArgs
{
Name = AzureNative.Search.SkuName.Standard,
},
Tags =
{
{ "app-name", "My e-commerce app" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.search.Service;
import com.pulumi.azurenative.search.ServiceArgs;
import com.pulumi.azurenative.search.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var service = new Service("service", ServiceArgs.builder()
.computeType("Default")
.hostingMode("Default")
.location("westus")
.partitionCount(1)
.replicaCount(3)
.resourceGroupName("rg1")
.searchServiceName("mysearchservice")
.semanticSearch("free")
.sku(SkuArgs.builder()
.name("standard")
.build())
.tags(Map.of("app-name", "My e-commerce app"))
.build());
}
}
resources:
service:
type: azure-native:search:Service
properties:
computeType: Default
hostingMode: Default
location: westus
partitionCount: 1
replicaCount: 3
resourceGroupName: rg1
searchServiceName: mysearchservice
semanticSearch: free
sku:
name: standard
tags:
app-name: My e-commerce app
The semanticSearch property enables AI-powered query interpretation and semantic ranking. Setting it to Free enables the feature at no additional cost (subject to usage limits). This is only available for certain SKUs in specific Azure regions.
Beyond these examples
These snippets focus on specific search service features: capacity planning, authentication and network access control, and encryption and semantic search. They’re intentionally minimal rather than full search solutions.
The examples may reference pre-existing infrastructure such as Azure resource groups and subscriptions, Azure AD identities and role assignments, Azure Key Vault with keys, and virtual networks and private endpoints. They focus on configuring the search service rather than provisioning the surrounding infrastructure.
To keep things focused, common service patterns are omitted, including:
- High-density hosting mode for standard3 SKU (hostingMode)
- Data exfiltration protection (dataExfiltrationProtections)
- Managed identity configuration (identity)
- Shared private link resources for indexer data sources
These omissions are intentional: the goal is to illustrate how each search service feature is wired, not provide drop-in search modules. See the Azure AI Search Service resource reference for all available configuration options.
Let's deploy Azure AI Search Services
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Authentication & Security
Can I use both API key and Azure AD authentication?
You can’t set both
disableLocalAuth to true and configure authOptions. Choose one approach: either disable API keys entirely with disableLocalAuth, or configure specific authentication options with authOptions.How do I disable API key authentication?
Set
disableLocalAuth to true. This prevents all API key authentication, requiring Azure AD or other configured auth methods.How do I configure Azure AD authentication with bearer challenge?
Set
authOptions.aadOrApiKey.aadAuthFailureMode to Http401WithBearerChallenge to return a 401 with WWW-Authenticate header when Azure AD auth fails.How do I enable customer-managed key encryption?
Set
encryptionWithCmk.enforcement to Enabled to require customer-managed keys for encrypting indexes and other resources.How do I prevent data exfiltration from my search service?
Set
dataExfiltrationProtections to ["BlockAll"] to disable all data export scenarios.Network Access & Connectivity
How do I restrict my search service to private endpoints only?
Set
publicNetworkAccess to Disabled. This blocks all public internet access and requires private endpoint connections.How do I allow access from specific IP addresses?
Configure
networkRuleSet.ipRules with an array of IP addresses or CIDR ranges (e.g., 123.4.5.6 or 123.4.6.0/18).How do I allow Azure services to bypass IP restrictions?
Set
networkRuleSet.bypass to AzureServices along with your IP rules to allow trusted Azure services to access your search service.Capacity & Scaling
What are the partition count limits for my search service?
Standard SKUs support 1, 2, 3, 4, 6, or 12 partitions (default: 1). For standard3 with
hostingMode set to HighDensity, only 1-3 partitions are allowed.What are the replica count limits?
Standard SKUs support 1-12 replicas, while Basic SKU supports 1-3 replicas (default: 1 for both).
What's high density hosting mode and when should I use it?
High density mode is only available for standard3 SKU and allows up to 1,000 indexes (much higher than other SKUs). Set
hostingMode to HighDensity to enable it, but note that partition count is limited to 1-3 in this mode.Resource Configuration
What properties can't be changed after creating the search service?
The
location, resourceGroupName, and searchServiceName are immutable and require recreating the service to change.How do I enable semantic search?
Set
semanticSearch to Free or another available tier. Note that semantic search is only available for certain SKUs in certain Azure regions.