| Parameter | Choices/Defaults | Comments | 
                
                                                            | aad_profile 
                    -
                                                                 added in 2.8 |  | Profile of Azure Active Directory configuration. | 
                                                        
                                                |  | client_app_id 
                    -
                                                                 |  | The client AAD application ID. | 
                            
                                                |  | server_app_id 
                    -
                                                                 |  | The server AAD application ID. | 
                            
                                                |  | server_app_secret 
                    -
                                                                 |  | The server AAD application secret. | 
                            
                                                |  | tenant_id 
                    -
                                                                 |  | The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. | 
                                            
                                                            | ad_user 
                    string
                                                                 |  | Active Directory username. Use when authenticating with an Active Directory user rather than service principal. | 
                            
                                                            | addon 
                    dictionary
                                                                 added in 2.8 |  | Profile of managed cluster add-on. Key can be http_application_routing,monitoring,virtual_node. Value must be a dict contains a bool variable enabled. | 
                                                        
                                                |  | http_application_routing 
                    dictionary
                                                                 |  | The HTTP application routing solution makes it easy to access applications that are deployed to your cluster. | 
                                                        
                                                |  |  | enabled 
                    boolean
                                                                 |  | Whether the solution enabled. | 
                                            
                                                |  | monitoring 
                    dictionary
                                                                 |  | It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. | 
                                                        
                                                |  |  | enabled 
                    boolean
                                                                 |  | Whether the solution enabled. | 
                            
                                                |  |  | log_analytics_workspace_resource_id 
                    -
                                                                 |  | Where to store the container metrics. | 
                                            
                                                |  | virtual_node 
                    dictionary
                                                                 |  | With virtual nodes, you have quick provisioning of pods, and only pay per second for their execution time. You don't need to wait for Kubernetes cluster autoscaler to deploy VM compute nodes to run the additional pods. | 
                                                        
                                                |  |  | enabled 
                    boolean
                                                                 |  | Whether the solution enabled. | 
                            
                                                |  |  | subnet_resource_id 
                    -
                                                                 |  | Subnet associated to the cluster. | 
                                            
                                                            | adfs_authority_url 
                    string
                                                                 added in 2.6 |  | Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. | 
                            
                                                            | agent_pool_profiles 
                    -
                                                                 |  | The agent pool profile suboptions. | 
                                                        
                                                |  | count 
                    -
                                             / required                     |  | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 1to100(inclusive). | 
                            
                                                |  | name 
                    -
                                             / required                     |  | Unique name of the agent pool profile in the context of the subscription and resource group. | 
                            
                                                |  | os_disk_size_gb 
                    -
                                                                 |  | Size of the OS disk. | 
                            
                                                |  | vm_size 
                    -
                                             / required                     |  | The VM Size of each of the Agent Pool VM's (e.g. Standard_F1/Standard_D2v2). | 
                                            
                                                            | api_profile 
                    string
                                                                 added in 2.5 | Default: 
 "latest" | Selects an API profile to use when communicating with Azure services. Default value of latestis appropriate for public clouds; future values will allow use with Azure Stack. | 
                            
                                                            | append_tags 
                    boolean
                                                                 |  | Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object's metadata. | 
                            
                                                            | auth_source 
                    string
                                                                 added in 2.5 | Choices:
                                                                                                                                                            autoclicredential_fileenvmsi | Controls the source of the credentials to use for authentication. If not specified, ANSIBLE_AZURE_AUTH_SOURCE environment variable will be used and default to autoif variable is not defined. autowill follow the default precedence of module parameters -> environment variables -> default profile in credential file~/.azure/credentials.
 When set to cli, the credentials will be sources from the default Azure CLI profile. Can also be set via the ANSIBLE_AZURE_AUTH_SOURCEenvironment variable. When set to msi, the host machine must be an azure resource with an enabled MSI extension.subscription_idor the environment variableAZURE_SUBSCRIPTION_IDcan be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen. The msiwas added in Ansible 2.6. | 
                            
                                                            | cert_validation_mode 
                    string
                                                                 added in 2.5 |  | Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing ignore. Can also be set via credential file profile or theAZURE_CERT_VALIDATIONenvironment variable. | 
                            
                                                            | client_id 
                    string
                                                                 |  | Azure client ID. Use when authenticating with a Service Principal. | 
                            
                                                            | cloud_environment 
                    string
                                                                 added in 2.4 | Default: 
 "AzureCloud" | For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, AzureChinaCloud,AzureUSGovernment), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or theAZURE_CLOUD_ENVIRONMENTenvironment variable. | 
                            
                                                            | dns_prefix 
                    -
                                                                 |  | DNS prefix specified when creating the managed cluster. | 
                            
                                                            | enable_rbac 
                    boolean
                                                                 added in 2.8 |  | Enable RBAC. Existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. | 
                            
                                                            | kubernetes_version 
                    -
                                                                 |  | Version of Kubernetes specified when creating the managed cluster. | 
                            
                                                            | linux_profile 
                    -
                                                                 |  | The Linux profile suboptions. | 
                                                        
                                                |  | admin_username 
                    -
                                             / required                     |  | The Admin Username for the cluster. | 
                            
                                                |  | ssh_key 
                    -
                                             / required                     |  | The Public SSH Key used to access the cluster. | 
                                            
                                                            | location 
                    -
                                                                 |  | Valid azure location. Defaults to location of the resource group. | 
                            
                                                            | name 
                    -
                                             / required                     |  | Name of the managed Azure Container Services (AKS) instance. | 
                            
                                                            | network_profile 
                    -
                                                                 added in 2.8 |  | Profile of network configuration. | 
                                                        
                                                |  | dns_service_ip 
                    -
                                                                 | Default: 
 "10.0.0.10" | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | 
                            
                                                |  | docker_bridge_cidr 
                    -
                                                                 | Default: 
 "172.17.0.1/16" | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | 
                            
                                                |  | network_plugin 
                    -
                                                                 |  | Network plugin used for building Kubernetes network. This property cannot been changed. With kubenet, nodes get an IP address from the Azure virtual network subnet. AKS features such as Virtual Nodes or network policies aren't supported with kubenet. azureenables Azure Container Networking Interface(CNI), every pod gets an IP address from the subnet and can be accessed directly.
 | 
                            
                                                |  | network_policy 
                    -
                                                                 |  | Network policy used for building Kubernetes network. | 
                            
                                                |  | pod_cidr 
                    -
                                                                 | Default: 
 "10.244.0.0/16" | A CIDR notation IP range from which to assign pod IPs when network_plugin=kubenet is used. It should be a large address space that isn't in use elsewhere in your network environment. This address range must be large enough to accommodate the number of nodes that you expect to scale up to. | 
                            
                                                |  | service_cidr 
                    -
                                                                 | Default: 
 "10.0.0.0/16" | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. It should be the *.10 address of your service IP address range. | 
                                            
                                                            | password 
                    string
                                                                 |  | Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. | 
                            
                                                            | profile 
                    string
                                                                 |  | Security profile found in ~/.azure/credentials file. | 
                            
                                                            | resource_group 
                    -
                                             / required                     |  | Name of a resource group where the managed Azure Container Services (AKS) exists or will be created. | 
                            
                                                            | secret 
                    string
                                                                 |  | Azure client secret. Use when authenticating with a Service Principal. | 
                            
                                                            | service_principal 
                    -
                                                                 |  | The service principal suboptions. | 
                                                        
                                                |  | client_id 
                    -
                                             / required                     |  | The ID for the Service Principal. | 
                            
                                                |  | client_secret 
                    -
                                             / required                     |  | The secret password associated with the service principal. | 
                                            
                                                            | state 
                    -
                                                                 | Choices:
                                                                                                                                                            absentpresent ← | Assert the state of the AKS. Use presentto create or update an AKS andabsentto delete it. | 
                            
                                                            | subscription_id 
                    string
                                                                 |  | Your Azure subscription Id. | 
                            
                                                            | tags 
                    dictionary
                                                                 |  | Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. | 
                            
                                                            | tenant 
                    string
                                                                 |  | Azure tenant ID. Use when authenticating with a Service Principal. |