Closed slavizh closed 8 months ago
Hi @slavizh - deploying to the MG scope is work still in progress. We will notify this thread once this becomes available.
@apclouds btw will deployment at management group scope allow the stack to be deployed at one management group but the resources to be deployed at another that is child of it?
Yes
good to know. Completely forgot about that scenario and it will be useful for planning on how to refactor they way we do deployments and deployment stacks.
Just came across this myself.
I tried putting in a subscriptionId, but got an Internal Server Error
New-AzManagementGroupDeploymentStack: Operation returned an invalid status code 'InternalServerError' : DeploymentStackOperationFailed : Resource Provider has encountered an internal server error.
@D-Bissell this seems to be a different issue if you were passing in a subid, but getting an error from the service. Could you create a new issue in github with all the information you have on the failed command?
Could anyone give me an update about this?
I'd like to know where this is on the roadmap, please?
Hello All - Management Group scope deployment support is planned to be available beginning December. I will update this thread with any changes/updates. Thanks!
Hi @slavizh - just wanted to let you know that MG Deployment support for Stacks is now available.
@azcloudfarmer true but not quite. Deny settings does not seems to work and no option to deploy the stack at one MG and the resources at another.
Unfortunately, for now we don't have a reliable way to implement deny assignments at the MG scope. We should create a separate issue to track that feature ask.
Adding to that, we do not currently support a management group stack with an underlying deployment existing in a different MG. We can also create an issue for this if it is a requested feature.
@alex-frankel @dantedallag yes both are needed. I believe the cmdlet even ask you provide DenySettings even when only None is allowed.
@slavizh I've created an issue in response to your comment on DenySettings still being required with mg scoped stacks that have an underlying mg scoped deployment: https://github.com/Azure/deployment-stacks/issues/140.
When I use New-AzManagementGroupDeploymentStack command it asks me for DeploymentSubscriptionId parameter. Obviously the stack will be deployed at management group scope but I also want the resources that will be deployed by the template to also be deployed at management group scope, not at subscription scope. For example I am deploying policies that I want to apply at management group scope not at subscription scope. Is there a way I can do this or currently this is not available? Is there any plan to enable it?