search

MicrosoftDocs / mslearn-end-to-end-encryption-with-app-gateway

Sample code for the "Encrypt network traffic end-to-end with Azure Application Gateway" Microsoft Learn module
Creative Commons Attribution 4.0 International
8 stars 15 forks source link

bash setup-infra.sh fails at "Creating App Gateway" - The template deployment failed because of policy violation. : Resource 'gw-shipping' was disallowed by policy #3

Open based3 opened 2 years ago

based3 commented 2 years ago

While using https://docs.microsoft.com/en-gb/learn/modules/end-to-end-encryption-with-app-gateway/4-exercise-configure-backend-pools-for-encryption, the installation fails at 'bash setup-infra.sh' Creating App Gateway with error: {"error":{"code":"InvalidTemplateDeployment", "message":"The template deployment failed because of policy violation. Please see details for more information.", "details":[{"code":"RequestDisallowedByPolicy","target":"gw-shipping", "message":"Resource 'gw-shipping' was disallowed by policy. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"webapps-assignment\", \"id\":\"/providers/Microsoft.Management/managementGroups/192fe359-e72a-fa7e-dcd5-95e985e7eac9/providers/Microsoft.Authorization/policyAssignments/webapps-assignment\"}, \"policyDefinition\":{\"name\":\"Allowed resource types\", \"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\"}, \"policySetDefinition\":{\"name\":\"webapps-initiative\", \"id\":\"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/webapps-initiative\"}, \"policyDefinitionReferenceId\":\"allowed-resource-types_1\"}]'.", "additionalInfo":[{"type":"PolicyViolation", "info":{"policyDefinitionDisplayName":"Allowed resource types","policySetDefinitionDisplayName": "webapps-initiative","evaluationDetails":{"evaluatedExpressions": [{"result":"False","expressionKind":"Field","expression":"type","path":"type","expressionValue": "Microsoft.Network/applicationGateways","targetValue":["Microsoft.ApiManagement/service", "Microsoft.AlertsManagement/SmartDetectorAlertRules","Microsoft.Cache/Redis","Microsoft.Cdn/profiles", "Microsoft.Cdn/profiles/endpoints","Microsoft.CognitiveServices/accounts","Microsoft.ContainerRegistry/registries", "Microsoft.ContainerRegistry/registries/webhooks","Microsoft.DBforMySQL/flexibleServers", "Microsoft.DBforPostgreSQL/servers","Microsoft.DBforPostgreSQL/serversv2","Microsoft.DocumentDB/databaseAccounts", "microsoft.insights/actiongroups","microsoft.insights/components","microsoft.insights/metricAlerts", "Microsoft.KeyVault/vaults","Microsoft.Logic/workflows","Microsoft.MixedReality/remoteRenderingAccounts", "Microsoft.Network/connections","Microsoft.Network/localNetworkGateways","Microsoft.Network/networkSecurityGroups", "Microsoft.Network/publicIPAddresses","Microsoft.Network/trafficmanagerprofiles", "Microsoft.Network/virtualNetworkGateways","Microsoft.Network/virtualNetworks","Microsoft.Portal/dashboards", "Microsoft.Relay/namespaces","Microsoft.Resources/resourceGroups","Microsoft.Search/searchServices", "Microsoft.Security/automations","Microsoft.ServiceBus/namespaces","Microsoft.ServiceBus/namespaces/authorizationrules", "Microsoft.ServiceBus/namespaces/queues","Microsoft.ServiceBus/namespaces/queues/authorizationrules", "Microsoft.ServiceBus/namespaces/topics","Microsoft.ServiceBus/namespaces/topics/authorizationrules", "Microsoft.ServiceBus/namespaces/topics/subscriptions","Microsoft.ServiceBus/namespaces/topics/subscriptions/rules", "Microsoft.SignalRService/SignalR","Microsoft.Sql/servers","Microsoft.Sql/servers/databases", "Microsoft.Storage/storageAccounts","Microsoft.Web/certificates","Microsoft.Web/connections", "Microsoft.Web/customApis","Microsoft.Web/serverFarms","Microsoft.Web/serverfarms/workers", "Microsoft.Web/sites","Microsoft.Web/sites/instances","Microsoft.Web/sites/metricdefinitions", "Microsoft.Web/sites/metrics","Microsoft.Web/sites/slots","Microsoft.Web/sites/slots/instances", "Microsoft.Web/sites/slots/metricdefinitions","Microsoft.Web/sites/slots/metrics", "Microsoft.Web/staticSites"],"operator":"In"}]},"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c", "policySetDefinitionId":"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/webapps-initiative", "policyDefinitionReferenceId":"allowed-resource-types_1","policySetDefinitionName": "webapps-initiative","policyDefinitionName":"a08ec900-254a-4555-9bf5-e42af04b5c5c", "policyDefinitionEffect":"deny","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/192fe359-e72a-fa7e-dcd5-95e985e7eac9/providers/Microsoft.Authorization/policyAssignments/webapps-assignment","policyAssignmentName":"webapps-assignment", "policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/192fe359-e72a-fa7e-dcd5-95e985e7eac9"}}]}]}}

before "Creating subnet for VM".

based3 commented 2 years ago

https://docs.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/error-code-requestdisallowedbypolicy

https://stackoverflow.com/questions/61987966/resource-was-disallowed-by-policy

https://docs.microsoft.com/en-us/answers/questions/334512/resource-was-disallowed-by-policy.html