ARM templates for Azure
This is my personal repo where I tend to put stuff I am working on, which may include samples, prototypes, and other experiments.
Twitter: KristianNese
LinkedIn: Kristian Nese
has description copied from audit/deploy ade on vmss, not "this policy deploys backup if not enabled"
"properties": {
"displayName": "[Preview]: Enable ADE on VMSS",
"description": "This policy deploys ADE VM Extensions on Windows VMSS, and connects to the regional KeyVault",
Hi Kristian,
Thanks for sharing the solution. I have the solution installed successfully but unfortunately No data is being written to my workspace. I've spent some time troubleshooting the Runbook. Through this I established that Backup logs are being returned but not ingested into the OMS workspace.
Do you have any tips on troubleshooting that step?
Thanks,
Simon.
Hi Kristian,
I'm running into the following exception while trying to deploy the Azure Recovery Services Analytics for Recovery Services Vault:
/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/OMSAutomation/providers/Microsoft.Resources/deployments/azureBackupAnalytics
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.",
"details": [
{
"code": "Conflict",
"message": "{\r\n \"code\": \"Conflict\",\r\n \"message\": \"A jobSchedule with same id already exists.\"\r\n}"
}
]
}
]
}
}
I've tried deploying multiple times to no avail.
In /ARM/deployments/rgCreate.json the Microsoft.Resources/deployment references API version 2017-05-10. For deployments at subscription scope at least API version 2018-05-01 is required.
/subscriptions/14aa6c84-a04a-4dcc-a284-25ee6c690b99/resourceGroups/rg-oms-workspace/providers/Microsoft.Resources/deployments/azureBackupAnalytics
StatusMessage{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.",
"details": [
{
"code": "Conflict",
"message": "{\r\n "code": "Conflict",\r\n "message": "Automation account is linked to workspace, it's pricing plan must be same as workspace. SubscriptionId: 14aa6c84-a04a-4dcc-a284-25ee6c690b99 AccountName: MSPG-Automation-OMS WorkspaceId: /subscriptions/14aa6c84-a04a-4dcc-a284-25ee6c690b99/resourcegroups/rg-oms-workspace/providers/microsoft.operationalinsights/workspaces/msplayground."\r\n}"
Important files for the running of the script are missing and were deleted on December 15h. These need to be fixed for the asrautomation template to work.
Deployment Fails with:
New-AzureRmResourceGroupDeployment : 09:15:32 - Resource Microsoft.Resources/deployments
'deployVMs' failed with message '{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment
operations for details. Please see https://aka.ms/arm-debug for usage details.",
"details": [
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "DnsRecordInUse",\r\n
"message": "DNS record workloadvm1.westeurope.cloudapp.azure.com is already used by another
public IP.",\r\n "details": []\r\n }\r\n}"
},
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "DnsRecordInUse",\r\n
"message": "DNS record workloadvm0.westeurope.cloudapp.azure.com is already used by another
public IP.",\r\n "details": []\r\n }\r\n}"
},
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "DnsRecordInUse",\r\n
"message": "DNS record workloadvm2.westeurope.cloudapp.azure.com is already used by another
public IP.",\r\n "details": []\r\n }\r\n}"
},
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "DnsRecordInUse",\r\n
"message": "DNS record workloadvm3.westeurope.cloudapp.azure.com is already used by another
public IP.",\r\n "details": []\r\n }\r\n}"
}
]
}
]
}
}'
At line:18 char:1
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.New
AzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : 09:15:33 - At least one resource deployment operation
failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for
usage details.
At line:18 char:1
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.New
AzureResourceGroupDeploymentCmdlet
Is there a way to change the name of the VM's that are deployed?
I followed the ARM template here https://github.com/krnese/AzureDeploy/blob/master/ARM/deployments/subscriptionLevelDeployment.json to construct policy definition and assignment. I also used Azure CLI to deploy the ARM template as follows
az group deployment create --name policyarm --resource-group "policy-arm" --template-file {rules.json}
However after running the Azure CLI, I always got the error message as follows:
The policy request scope '/subscription/XXXX/resourcegroups/policy-arm' should be '/', 'supscriptions/d' or '/providers/Microsoft.Management/managementGroups/id'
It looks like the subscription().id has an issue.
Hi Kristian,
Your template seems to be solution I'm looking for but I'm not able to set up workspace using resource "Microsoft.Security/workspaceSettings". To be 100% sure that I'm passing correct values I've used the same Request Body as I provided in ARM template in REST API PUT method and it has worked for me here : https://docs.microsoft.com/en-us/rest/api/securitycenter/workspacesettings/create.
But when I'm trying to use VS for template deployment I'm constantly receiving this error:
"error": {
"code": "BadRequest",
"message": ""
}
by exploring API for microsft.security provider I have found also setting for Microsoft.Security/autoProvisioningSettings, I think that would be useful to enable this during deployment, but I got exact same error as above.
Australia South East needs to be added to acceptable regions for OMS and Automation Accounts.
thanks
Cassie
Hi Kristian,
I am trying to assign a policy Initiative definition known by name : [Preview]: Enable Monitoring in Azure Security Center
when I try to execute the below code. I get following error.
"error": {
"code": "InvalidRequestContent",
"message": "The request content was invalid and could not be deserialized: 'Error converting value "AuditIfNotExists" to type
'Microsoft.WindowsAzure.ResourceStack.Providers.Authorization.Data.Entities.PolicyParameter'. Path 'properties.parameters.systemUpdatesMonitoringEffect',
line 1, position 113.'.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"systemUpdatesMonitoringEffect": {
"type": "String",
"metadata": {
"displayName": "Monitor system updates ",
"description": "Enable or disable system updates monitoring"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
]
},
"systemConfigurationsMonitoringEffect": {
"type": "String",
"metadata": {
"displayName": "Monitor OS vulnerabilities",
"description": "Enable or disable OS vulnerabilities monitoring (based on a configured baseline)"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
]
},
},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2018-03-01",
"name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
"Properties": {
"parameters": {
"systemUpdatesMonitoringEffect": "AuditIfNotExists",
"systemConfigurationsMonitoringEffect": "AuditIfNotExists"
},
"metadata": {
"assignedBy": "[email protected] "
}
},
"Sku": {
"name": "A0",
"tier": "Free"
}
}
],
"outputs": {}
}
================
azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"systemUpdatesMonitoringEffect": {
"value": "AuditIfNotExists"
},
"systemConfigurationsMonitoringEffect": {
"value": "AuditIfNotExists"
}
}
}
Hi,
I am trying to deploy the template. It does not work. It shows this error:
"Template deployment returned the following errors:
16:06:55 - 4:06:49 PM - Resource Microsoft.Resources/resourceGroups 'lsh' failed with message '{
16:06:55 - "message": "No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/fcebdb0c-44cf-4d89-8248-e9acdbafd358/resourcegroups/lsh4/providers/Microsoft.Resources/resourceGroups/lsh?api-version=2018-05-01'."
Any idea what is wrong?
Hello,
I've the following error message when I try to deploy the solution:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.",
"details": [
{
"code": "Conflict",
"message": "{\r\n \"code\": \"Conflict\",\r\n \"message\": \"A jobSchedule with same id already exists.\"\r\n}"
}
]
}
]
}
}
Any idea?
Thanks.
Florent
It failed with existing OMS WS, AA account, and Recovery Vault. The error referenced the WS and AA already being linked and the pricing plans not matching.....they do match. Forked the template and looking to see if there is a hard coded pricing plan.
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n "code": "Conflict",\r\n "message": "Automation account is linked to workspace, it's pricing plan must be same as workspace. SubscriptionId: aaasdfaserasvadfdsf AccountName: pres-use-automation WorkspaceId: /subscriptions/aaasdfaserasvadfdsf/resourcegroups/pres-use-oms-rg/providers/microsoft.operationalinsights/workspaces/pres-use-oms."\r\n}"}]}
Error deploying "AzureDeploy/OMS/MSOMS/OMSDemo/"
The DSC Configuration within Automation Account don't get created with following error.
new-AzureRmResourceGroupDeployment : 21:07:21 - Resource Microsoft.Automation/automationAccounts/Configurations
maDemoAutomationAccount/OMSASR' failed with message '{
"error": {
"code": "LocationRequired",
"message": "The location property is required for this definition."
}
'
n Zeile:1 Zeichen:1
New-AzureRmResourceGroupDeployment -Name maDemo `
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
ew-AzureRmResourceGroupDeployment : 21:07:21 - Resource Microsoft.Automation/automationAccounts/Configurations
maDemoAutomationAccount/OMS' failed with message '{
"error": {
"code": "LocationRequired",
"message": "The location property is required for this definition."
}
'
n Zeile:1 Zeichen:1
New-AzureRmResourceGroupDeployment -Name maDemo `
ew-AzureRmResourceGroupDeployment : 21:07:21 - Resource Microsoft.Automation/automationAccounts/Configurations
maDemoAutomationAccount/OMSSERVICE' failed with message '{
"error": {
"code": "LocationRequired",
"message": "The location property is required for this definition."
}
'
n Zeile:1 Zeichen:1
New-AzureRmResourceGroupDeployment -Name maDemo `
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
I think the api not ready that's why I have the following error
"No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/f42b4319-067a-4548-a650-33a1553b3a42/resourcegroups/qstci-4952f590-f80b-da48-bf2d-af63a32294dc/providers/Microsoft.Resources/resourceGroups/azure-rg?api-version=2018-05-01'
I noticed that
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
so I changed also the parametters as 1.0.0.1 version ( don't change schema )
Could you please check that ? thanks
Hello,
using createNewMgmtGroup.json and New-AzMgmtGroupDeployment.ps1
Management Group Deployment fails with:
500 - Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.