[AVM Module Issue]: Assigning VM to recovery vault in different rg fails

[guidovanbrakel]

Check for previous/existing GitHub issues

• [x] I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/recovery-services/vault

(Optional) Module Version

No response

Description

Describe the bug

Bicep version Bicep CLI version 0.29.47 (132ade51bc)

Describe the bug We have created a module to add an vm to a recovery services vault and use that in template but then it fails with message that only a recovery services vault can be assigned from the current resource group, while in the portal it is possible to assign a vault in a different resource group

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/subid/providers/Microsoft.Resources/deployments/ApplicationDeployment","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see
https://aka.ms/arm-deployment-operations
for usage details.","details":[{"code":"ResourceDeploymentFailure","target":"/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Resources/deployments/deploy-fileserver","message":"The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'.","details":[{"code":"DeploymentFailed","target":"/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Resources/deployments/deploy-fileserver","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see
https://aka.ms/arm-deployment-operations
for usage details.","details":[{"code":"ResourceNotFound","message":"The Resource 'Microsoft.RecoveryServices/vaults/rg' under resource group 'rg' was not found. For more details please go to
https://aka.ms/ARMResourceNotFoundFix"}]}]}]}}

To reproduce

param location string
param subnetName string
param virtualNetworkId string

// param virtualMachineName string

param code string // parameter
param vmenviroment string // parameter
param vmnumber string // parameter
param vmfunction string // parameter
param vmsku string // default 2022-datacenter-azure-edition
// param zones string

var VMComputerName = 'variable' 
var VMNICName = 'variable'

param vmAcceleratedNetworking bool
param virtualMachineSize string
param adminUsername string
@secure()
param adminPassword string

var vnetId = virtualNetworkId

var subnetRef = '${vnetId}/subnets/${subnetName}'

resource networkInterface 'Microsoft.Network/networkInterfaces@2021-08-01' = {
  name: VMNICName 
  location: location
  properties: {
    enableAcceleratedNetworking: vmAcceleratedNetworking
    ipConfigurations: [
      {
        name: 'ipconfig1'
        properties: {
          subnet: {
            id: subnetRef
          }
          privateIPAllocationMethod: 'Dynamic'
        }
      }
    ]
  }
  dependsOn: []
}

resource virtualMachine 'Microsoft.Compute/virtualMachines@2022-03-01' = {
  name: VMComputerName
  // zones: [
  //   zones
  // ]
  location: location
  properties: {
    hardwareProfile: {
      vmSize: virtualMachineSize
    }
    storageProfile: {
      osDisk: {
        name: '${VMComputerName}_osdisk_1'
        createOption: 'fromImage'
        managedDisk: {
          storageAccountType: 'Premium_LRS'
        }
        deleteOption: 'Detach'
      }
      imageReference: {
        publisher: 'MicrosoftWindowsServer'
        offer: 'WindowsServer'
        sku: vmsku
        version: 'latest'
      }
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: networkInterface.id
          properties: {
            deleteOption: 'Detach'
          }
        }
      ]
    }
    securityProfile: {
      encryptionAtHost: true
      securityType: 'TrustedLaunch'
      uefiSettings: {
        secureBootEnabled: true
        vTpmEnabled: true
      }
    }
    osProfile: {
      computerName: VMComputerName
      adminUsername: adminUsername
      adminPassword: adminPassword
      windowsConfiguration: {
        enableAutomaticUpdates: false
        provisionVMAgent: true
        patchSettings: {
          enableHotpatching: false
          assessmentMode: 'ImageDefault'
          patchMode: 'Manual'
        }
      }
    }
  }
}

resource virtualMachineName_GuestAttestation 'Microsoft.Compute/virtualMachines/extensions@2018-10-01' = {
  parent: virtualMachine
  name: 'GuestAttestation'
  location: location
  properties: {
    publisher: 'Microsoft.Azure.Security.WindowsAttestation'
    type: 'GuestAttestation'
    typeHandlerVersion: '1.0'
    autoUpgradeMinorVersion: true
    settings: {
      AttestationConfig: {
        MaaSettings: {
          maaEndpoint: ''
          maaTenantName: 'GuestAttestation'
        }
        AscSettings: {
          ascReportingEndpoint: ''
          ascReportingFrequency: ''
        }
        useCustomToken: 'false'
        disableAlerts: 'false'
      }
    }
  }
}

output adminUsername string = adminUsername

This is our recoveryservices module:

@minLength(5)
@maxLength(5)
@description('Customer/Shared code')
param pCustcode string // c0001

@minLength(3)
@maxLength(3)
@description('Instance number')
param pInstanceNumber string // 001

@description('Name of the Recovery Services vault')
param vaultName string

@description('Location for the Recovery Services vault')
param pLocation string //= resourceGroup().location

@description('SKU for the Recovery Services vault')
param skuName string = 'Standard'

var timeZone = pLocation == 'westeurope' ? 'W. Europe Standard Time' : 'Pacific Standard Time' // New Logic required for multiple regions do we specify TimeZone for each option?

resource recoveryServicesVault 'Microsoft.RecoveryServices/vaults@2024-04-01' = {
  name: vaultName
  location: pLocation
  sku: {
    name: skuName
  }
  properties: {
    publicNetworkAccess: 'Enabled'
    redundancySettings: {
      standardTierStorageRedundancy: 'GeoRedundant'
      crossRegionRestore: 'Disabled' // Could be enabled but only for GRS
    }
  }
}

resource sqlbackuppolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2024-04-01' = {
  name: 'rsv-db-${pCustcode}-${pInstanceNumber}'
  location: pLocation

  parent: recoveryServicesVault
  properties: {
    backupManagementType: 'AzureWorkload'
    workLoadType: 'SQLDataBase'
    settings: {
      timeZone: timeZone
      issqlcompression: true
      isCompression: true
    }

    subProtectionPolicy: [
      {

        policyType: 'Full'
        schedulePolicy: {
          schedulePolicyType: 'SimpleSchedulePolicy'
          scheduleRunFrequency: 'Weekly'
          scheduleRunDays: [ 'Sunday' ]
          scheduleRunTimes: [
            '2022-12-01T01:00:00.000Z'
          ]
        }
        tieringPolicy: {
          ArchivedRP: {
            tieringMode: 'DoNotTier'
          }

        }
        retentionPolicy: {
          retentionPolicyType: 'LongTermRetentionPolicy'
          dailySchedule: null
          weeklySchedule: {
            daysOfTheWeek: [ 'Sunday' ]
            retentionTimes: [
              '2022-12-01T01:00:00.000Z'
            ]
            retentionDuration: {
              count: 5
              durationType: 'Weeks'
            }
          }
          monthlySchedule: null
          yearlySchedule: null
        }

      }
      {
        policyType: 'Log'
        schedulePolicy: {
          schedulePolicyType: 'LogSchedulePolicy'
          scheduleFrequencyInMins: 30
        }
        retentionPolicy: {
          retentionPolicyType: 'SimpleRetentionPolicy'
          retentionDuration: {
            count: 30
            durationType: 'Days'
          }
        }
      }
      {
        policyType: 'Differential'
        schedulePolicy: {
          schedulePolicyType: 'SimpleSchedulePolicy'
          scheduleRunFrequency: 'Weekly'
          scheduleRunDays: [
            'Monday'
            'Tuesday'
            'Wednesday'
            'Thursday'
            'Friday'
            'Saturday'
          ]
          scheduleRunTimes: [
            '2022-12-01T01:00:00.000Z'
          ]
        }
        retentionPolicy: {
          retentionPolicyType: 'SimpleRetentionPolicy'
          retentionDuration: {
            count: 30
            durationType: 'Days'
          }
        }
      }
    ]

  }

}

// resource SQLDifferentialbackuppolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2022-03-01' = {
//   name: 'SQLDifferential'
//   location: pLocation

//   parent: recoveryServicesVault
//   properties: {
//     backupManagementType: 'AzureWorkload'
//     workLoadType: 'SQLDataBase'
//     settings: {
//       timeZone: timeZone
//       issqlcompression: false
//       isCompression: true
//     }
//     subProtectionPolicy: [
//       {
//         policyType: 'Full'
//         schedulePolicy: {
//           schedulePolicyType: 'SimpleSchedulePolicy'
//           scheduleRunFrequency: 'Weekly'
//           scheduleRunDays: [
//             'Sunday'
//           ]
//           scheduleRunTimes: [
//             '2022-07-13T01:00:00.000Z'
//           ]
//         }
//         retentionPolicy: {
//           retentionPolicyType: 'LongTermRetentionPolicy'
//           dailySchedule: null
//           weeklySchedule: {
//             daysOfTheWeek: [
//               'Sunday'
//             ]
//             retentionTimes: [
//               '2022-07-13T01:00:00.000Z'
//             ]
//             retentionDuration: {
//               count: 5
//               durationType: 'Weeks'
//             }
//           }
//           monthlySchedule: null
//           yearlySchedule: null
//         }

//       }
//       {
//         policyType: 'Log'
//         schedulePolicy: {
//           schedulePolicyType: 'LogSchedulePolicy'
//           scheduleFrequencyInMins: 30
//         }
//         retentionPolicy: {
//           retentionPolicyType: 'SimpleRetentionPolicy'
//           retentionDuration: {
//             count: 30
//             durationType: 'Days'
//           }
//         }
//       }
//       {
//         policyType: 'Differential'
//         schedulePolicy: {
//           schedulePolicyType: 'SimpleSchedulePolicy'
//           scheduleRunFrequency: 'Weekly'
//           scheduleRunDays: [
//             'Monday'
//             'Tuesday'
//             'Wednesday'
//             'Thursday'
//             'Friday'
//             'Saturday'
//           ]
//           scheduleRunTimes: [
//             '2022-07-13T01:00:00.000Z'
//           ]
//         }
//         retentionPolicy: {
//           retentionPolicyType: 'SimpleRetentionPolicy'
//           retentionDuration: {
//             count: 30
//             durationType: 'Days'
//           }
//         }
//       }
//     ]
//   }
// }

resource fileServerBackupPolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2024-04-01' = {
  name: 'rsv-fl-${pCustcode}-${pInstanceNumber}'
  location: pLocation
  parent: recoveryServicesVault
  properties: {
    backupManagementType: 'AzureIaasVM'
    policyType: 'V2'
    instantRPDetails: {}
    schedulePolicy: {
      schedulePolicyType: 'SimpleSchedulePolicyV2'
      scheduleRunFrequency: 'Hourly'
      hourlySchedule: {
        interval: 6
        scheduleWindowStartTime: '2024-06-05T06:00:00Z'
        scheduleWindowDuration: 24
      }
    }
    retentionPolicy: {
      retentionPolicyType: 'LongTermRetentionPolicy'
      dailySchedule: {
        retentionTimes: [
          '2024-06-05T06:00:00Z'
        ]
        retentionDuration: {
          count: 30
          durationType: 'Days'
        }
      }
    }
    tieringPolicy: {
    }
    instantRpRetentionRangeInDays: 1
    timeZone: timeZone
  }
}

resource vmServerBackupPolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2024-04-01' = {
  name: 'rsv-vm-${pCustcode}-${pInstanceNumber}'
  location: pLocation
  parent: recoveryServicesVault
  properties: {
    backupManagementType: 'AzureIaasVM'
    policyType: 'V2'
    instantRPDetails: {}
    schedulePolicy: {
      schedulePolicyType: 'SimpleSchedulePolicyV2'
      scheduleRunFrequency: 'Daily'
      dailySchedule: {
        scheduleRunTimes: [
          '2024-06-05T23:00:00Z'
        ]
      }
    }
    retentionPolicy: {
      retentionPolicyType: 'LongTermRetentionPolicy'
      dailySchedule: {
        retentionTimes: [
          '2024-06-05T23:00:00Z'
        ]
        retentionDuration: {
          count: 30
          durationType: 'Days'
        }
      }
    }
    tieringPolicy: {
    }
    instantRpRetentionRangeInDays: 1
    timeZone: timeZone
  }
}

output vaultId string = recoveryServicesVault.id
output vmServerBackupPolicy string = vmServerBackupPolicy.id
output fileServerBackupPolicy string = fileServerBackupPolicy.id
output sqlbackuppolicy string = sqlbackuppolicy.id

Code snippet

No response

Relevant log output

No response

(Optional) Correlation Id

No response

[microsoft-github-policy-service[bot]]

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

[avm-team-linter[bot]]

@guidovanbrakel, thanks for submitting this issue for the avm/res/recovery-services/vault module!

[!IMPORTANT] A member of the @Azure/avm-res-recoveryservices-vault-module-owners-bicep or @Azure/avm-res-recoveryservices-vault-module-contributors-bicep team will review it soon!

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

• To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

• To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

• To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

• To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service[bot]]

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

• To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.