Terraform - Azure 资源组:错误:ID 不能是资源组 ID
[英]Terraform - Azure Resource Group: Error: ID cannot be a Resource Group ID
问题描述
I am currently migrating our cloud infrastructure over to Terraform.
我目前正在将我们的云基础架构迁移到 Terraform。 I am trying to assign a policy to a resource group.我正在尝试将策略分配给资源组。 However it fails with an error但是它失败并出现错误
│ Error: ID cannot be a Resource Group ID
│ with azurerm_resource_policy_assignment.example, on main.tf line 50, in resource a zurerm_resource_policy_assignment" "example":
│ 50: resource_id = azurerm_resource_group.example.id
# Configure the Microsoft Azure provider
provider "azurerm" {
features {}
}
data "azurerm_subscription" "primary" {
}
data "azurerm_client_config" "example" {
}
# Define Policy
resource "azurerm_policy_definition" "example" {
display_name = "only-deploy-in-westus"
name = "only-deploy-in-westus"
policy_type = "Custom"
mode = "All"
policy_rule = <<POLICY_RULE
{
"if": {
"not": {
"field": "location",
"equals": "westus"
}
},
"then": {
"effect": "Deny"
}
}
POLICY_RULE
}
# Create a Resource Group if it doesn’t exist
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West US"
}
# Assign Permission
resource "azurerm_role_assignment" "example" {
scope = azurerm_resource_group.example.id
role_definition_name = "Reader"
principal_id = data.azurerm_client_config.example.object_id
}
# Assign Policy
resource "azurerm_resource_policy_assignment" "example" {
name = "example-policy-assignment"
resource_id = azurerm_resource_group.example.id
policy_definition_id = azurerm_policy_definition.example.id
}
2 个解决方案
解决方案1
0 2022-09-20 01:53:41
It should be:它应该是:
resource_group_id = azurerm_resource_group.example.id
rather then而不是
resource_id = azurerm_resource_group.example.id
解决方案2
0 已采纳 2022-09-20 07:28:58
In order to assign a policy to a resource group you cannot use azurerm_resource_policy_assignment but would need to use azurerm_resource_group_policy_assignment .为了将策略分配给资源组,您不能使用azurerm_resource_policy_assignment但需要使用azurerm_resource_group_policy_assignment 。
resource "azurerm_resource_group_policy_assignment" "example" {
name = "example"
resource_group_id = azurerm_resource_group.example.id
policy_definition_id = azurerm_policy_definition.example.id
}
Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_assignment参考: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_assignment
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.