Open samrobillard opened 1 month ago
Have you tried creating the root manually as a custom MG and assigning the es_root archetype? I think by disabling core landing zones, it also disables deploying root, so the initiatives you need aren’t available to the child MGs.
Community Note
Versions
terraform: 1.9.2
azure provider: 3.114
module: 6.0.0
Description
Describe the bug
I'm trying to deploy a custom management group hierarchy similar to es-lite. The Terraform plan gives those 2 errors:
Error: reading Policy Set Definition "Enforce-EncryptTransit_20240509": policy.SetDefinitionsClient#GetAtManagementGroup: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="PolicySetDefinitionNotFound" Message="The policy set definition 'Enforce-EncryptTransit_20240509' could not be found."
Error: reading Policy Set Definition "Deploy-AUM-CheckUpdates": policy.SetDefinitionsClient#GetAtManagementGroup: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="PolicySetDefinitionNotFound" Message="The policy set definition 'Deploy-AUM-CheckUpdates' could not be found."
Steps to Reproduce
main.tf
It looks like the policy definitions are created on the management groups and will give an error when trying to use of the archetype without the associated management group. Is it possible to create all the policy and policy set definitions on the root management group that gets created?
Screenshots
Additional context