Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Versions
terraform:
azure provider:
module:
Description
Describe the bug
When deploying core management groups and policy definitions, I get error:
Error: A resource with the ID "/providers/Microsoft.Management/managementGroups/root_mg_xxx/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_policy_definition" for more information.
│
│ with module.enterprise_scale.azurerm_policy_definition.enterprise_scale["/providers/Microsoft.Management/managementGroups/root_mg_xxx/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs"],
│ on .terraform\modules\enterprise_scale\resources.policy_definitions.tf line 1, in resource "azurerm_policy_definition" "enterprise_scale":
│ 1: resource "azurerm_policy_definition" "enterprise_scale" {
... When searching for this Policy, the only one I can find that defines flow logs for NSG's is a Microsoft "built-in" initiative, which cannot be deleted. Should I be importing pre--existing Microsoft initiative policies into the statefile?
Steps to Reproduce
Standard deployment of core management groups and policies.
Community Note
Versions
terraform:
azure provider:
module:
Description
Describe the bug
When deploying core management groups and policy definitions, I get error:
Error: A resource with the ID "/providers/Microsoft.Management/managementGroups/root_mg_xxx/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_policy_definition" for more information. │ │ with module.enterprise_scale.azurerm_policy_definition.enterprise_scale["/providers/Microsoft.Management/managementGroups/root_mg_xxx/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs"], │ on .terraform\modules\enterprise_scale\resources.policy_definitions.tf line 1, in resource "azurerm_policy_definition" "enterprise_scale": │ 1: resource "azurerm_policy_definition" "enterprise_scale" {
... When searching for this Policy, the only one I can find that defines flow logs for NSG's is a Microsoft "built-in" initiative, which cannot be deleted. Should I be importing pre--existing Microsoft initiative policies into the statefile?
Steps to Reproduce
Standard deployment of core management groups and policies.
Screenshots
Additional context