azcloudfarmer
commented
1 year ago Hi @slavizh - deploying to the MG scope is work still in progress. We will notify this thread once this becomes available.
Closed slavizh closed 8 months ago
azcloudfarmer
commented
1 year ago Hi @slavizh - deploying to the MG scope is work still in progress. We will notify this thread once this becomes available.
slavizh
commented
1 year ago @apclouds btw will deployment at management group scope allow the stack to be deployed at one management group but the resources to be deployed at another that is child of it?
alex-frankel
commented
1 year ago Yes
slavizh
commented
1 year ago good to know. Completely forgot about that scenario and it will be useful for planning on how to refactor they way we do deployments and deployment stacks.
D-Bissell
commented
12 months ago Just came across this myself.
I tried putting in a subscriptionId, but got an Internal Server Error
New-AzManagementGroupDeploymentStack: Operation returned an invalid status code 'InternalServerError' : DeploymentStackOperationFailed : Resource Provider has encountered an internal server error.
dantedallag
commented
12 months ago @D-Bissell this seems to be a different issue if you were passing in a subid, but getting an error from the service. Could you create a new issue in github with all the information you have on the failed command?
EelcoLabordus
commented
9 months ago Could anyone give me an update about this?
plagroen
commented
9 months ago I'd like to know where this is on the roadmap, please?
azcloudfarmer
commented
9 months ago Hello All - Management Group scope deployment support is planned to be available beginning December. I will update this thread with any changes/updates. Thanks!
azcloudfarmer
commented
8 months ago Hi @slavizh - just wanted to let you know that MG Deployment support for Stacks is now available.
slavizh
commented
8 months ago @azcloudfarmer true but not quite. Deny settings does not seems to work and no option to deploy the stack at one MG and the resources at another.
alex-frankel
commented
8 months ago Unfortunately, for now we don't have a reliable way to implement deny assignments at the MG scope. We should create a separate issue to track that feature ask.
dantedallag
commented
8 months ago Adding to that, we do not currently support a management group stack with an underlying deployment existing in a different MG. We can also create an issue for this if it is a requested feature.
slavizh
commented
8 months ago @alex-frankel @dantedallag yes both are needed. I believe the cmdlet even ask you provide DenySettings even when only None is allowed.
dantedallag
commented
8 months ago @slavizh I've created an issue in response to your comment on DenySettings still being required with mg scoped stacks that have an underlying mg scoped deployment: https://github.com/Azure/deployment-stacks/issues/140.
When I use New-AzManagementGroupDeploymentStack command it asks me for DeploymentSubscriptionId parameter. Obviously the stack will be deployed at management group scope but I also want the resources that will be deployed by the template to also be deployed at management group scope, not at subscription scope. For example I am deploying policies that I want to apply at management group scope not at subscription scope. Is there a way I can do this or currently this is not available? Is there any plan to enable it?