Arm template: cannot configure event hub with application gateway diagnostic settings - azure

I have created an Event Hub namespace with event hub and trying to add it into application gateway diagnostic settings but it is not working. (Note: Using nested template)
Here is a working arm template for event-hub:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hapiEnvironmentName": {
"type": "string"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
},
"eventHubSku": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [ "Basic", "Standard" ]
}
},
"variables": {
"eventHubNamespaceName": "[concat(parameters('hapiEnvironmentName'), 'GatewayWafLogs')]",
"eventHubName": "[concat(parameters('hapiEnvironmentName'), 'AppGWafLogs')]"
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces",
"apiVersion": "2017-04-01",
"name": "[variables('eventHubNamespaceName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('eventHubSku')]",
"tier": "[parameters('eventHubSku')]",
"capacity": 5
},
"properties": {
"isAutoInflateEnabled": true,
"maximumThroughputUnits": 10
}
},
{
"type": "Microsoft.EventHub/namespaces/eventhubs",
"apiVersion": "2017-04-01",
"name": "[concat(variables('eventHubNamespaceName'), '/', variables('eventHubName'))]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubNamespaceName'))]"
],
"properties": {
"messageRetentionInDays": 5,
"partitionCount": 1
}
}
]
}
And here is a piece of application gateway arm template through which I am trying to add Event hub as diagnostic setting.
{
"apiVersion": "2017-05-01-preview",
"type": "Microsoft.Network/applicationGateways/providers/diagnosticSettings",
"name": "[variables('diagnosticSettingsNameForWafLogs')]",
"properties": {
"storageAccountId": null,
"workspaceId": null,
"eventHubAuthorizationRuleId": "/subscriptions/xxx-xxxx-xxxx-xxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.EventHub/namespaces/xxxxxxxxx/authorizationrules/RootManageSharedAccessKey",
"eventHubName": "param[('eventhubname')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": false,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"logs": [
{
"category": "ApplicationGatewayAccessLog",
"enabled": false,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ApplicationGatewayFirewallLog",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
},
{
"category": "ApplicationGatewayPerformanceLog",
"enabled": false,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/applicationGateways', variables('agwafv2Name'))]"
]
}
The error I am getting is:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "NoRegisteredProviderFound",
"message": "No registered resource provider found for location 'westcentralus' and API version '2017-05-01-preview' for type 'applicationGateways'. The supported api-versions are '2014-12-01-preview, 2015-05-01-preview, 2015-06-15, 2016-03-30, 2016-06-01, 2016-07-01, 2016-08-01, 2016-09-01, 2016-10-01, 2016-11-01, 2016-12-01, 2017-03-01, 2017-04-01, 2017-06-01, 2017-08-01, 2017-09-01, 2017-10-01, 2017-11-01, 2018-01-01, 2018-02-01, 2018-03-01, 2018-04-01, 2018-05-01, 2018-06-01, 2018-07-01, 2018-08-01, 2018-10-01, 2018-11-01, 2018-12-01, 2019-02-01, 2019-04-01, 2019-06-01, 2019-07-01, 2019-08-01, 2019-09-01, 2019-11-01, 2019-12-01, 2020-01-01, 2020-03-01, 2020-04-01, 2020-05-01, 2020-06-01, 2020-07-01, 2020-08-01, 2020-11-01, 2021-01-01, 2021-02-01, 2021-03-01'. The supported locations are 'westus, eastus, northeurope, westeurope, eastasia, southeastasia, northcentralus, southcentralus, centralus, eastus2, japaneast, japanwest, brazilsouth, australiaeast, australiasoutheast, centralindia, southindia, westindia, canadacentral, canadaeast, westcentralus, westus2, ukwest, uksouth, koreacentral, koreasouth, francecentral, australiacentral, southafricanorth, uaenorth, switzerlandnorth, germanywestcentral, norwayeast, westus3, jioindiawest'."
}
]
}
But the same is working for Log Analytics.

Your template use 2017-05-01-preview api version. In the error message states that this API version is not supported. Does it help if you update api to 2021-03-01.

Related

How to Create Identity Provider using ARM template for azure function app?

How to Create azure identity provider in azure portal using ARM template for the azure functions.
ARM template to deploy the azure resources. I am able to create the azure functions but I also need to create the Authentication -> Identity provider (Microsoft) on the fly .
We have tried in our environment to create an Azure function with azure AD Authentication and Identity provider(Microsoft) with below template:
Prerequisites:-
Register an Application in Azure AD(AZURE AD>APP REGISTRATION).
Enable ID tokens (used for implicit and hybrid flows) .
ARM TEMPLATE:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string",
"defaultValue": "[concat('FuncApp-', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of your Web Site."
}
},
"storageAccountName": {
"type": "String",
"defaultValue": "[concat('store', uniqueString(resourceGroup().id))]"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"clientId": {
"type": "string",
"metadata": {
"description": "ClientId of the APP registration to be used by the Function APP authentication"
}
}
},
"variables": {
"hostingPlanName": "[concat('hpn-', resourceGroup().name)]",
"storageAccountid": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-02-01",
"name": "[parameters('siteName')]",
"kind": "functionapp,linux",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
],
"properties": {
"name": "[parameters('siteName')]",
"adminEnabled": true,
"enabledHostNames": [
"[concat(parameters('siteName'),'.azurewebsites.net')]",
"[concat(parameters('siteName'),'.scm.azurewebsites.net')]"
],
"hostNameSslStates": [
{
"name": "[concat(parameters('siteName'),'.azurewebsites.net')]",
"sslState": "Disabled",
"ipBasedSslState": "NotConfigured",
"hostType": "Standard"
},
{
"name": "[concat(parameters('siteName'),'.scm.azurewebsites.net')]",
"sslState": "Disabled",
"ipBasedSslState": "NotConfigured",
"hostType": "Repository"
}
],
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "python"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2019-06-01').keys[0].value)]"
}
]
},
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
"clientAffinityEnabled": false
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2021-02-01",
"name": "[variables('hostingPlanName')]",
"location": "[parameters('location')]",
"kind": "linux",
"properties": {
"reserved": true
},
"sku": {
"Tier": "Standard",
"Name": "S1"
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
}
},
{
"name": "[concat(parameters('siteName'), '/authsettingsV2')]",
"type": "Microsoft.Web/sites/config",
"apiVersion": "2021-02-01",
"location": "[parameters('location')]",
"properties": {
"platform": {
"enabled": true,
"runtimeVersion": "~1"
},
"globalValidation": {
"requireAuthentication": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"redirectToProvider": "azureactivedirectory"
},
"identityProviders": {
"azureActiveDirectory": {
"enabled": true,
"registration": {
"openIdIssuer": "[concat('https://sts.windows.net/',tenant().tenantId,'/v2.0')]",
"clientId": "[parameters('clientId')]",
"clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
},
"login": {
"disableWWWAuthenticate": false
},
"validation": {
"jwtClaimChecks": {},
"allowedAudiences": [],
"defaultAuthorizationPolicy": {
"allowedPrincipals": {}
}
}
},
"facebook": {
"enabled": true,
"registration": {},
"login": {}
},
"gitHub": {
"enabled": true,
"registration": {},
"login": {}
},
"google": {
"enabled": true,
"registration": {},
"login": {},
"validation": {}
},
"twitter": {
"enabled": true,
"registration": {}
},
"legacyMicrosoftAccount": {
"enabled": true,
"registration": {},
"login": {},
"validation": {}
},
"apple": {
"enabled": true,
"registration": {},
"login": {}
}
},
"login": {
"routes": {},
"tokenStore": {
"enabled": true,
"tokenRefreshExtensionHours": 72,
"fileSystem": {},
"azureBlobStorage": {}
},
"preserveUrlFragmentsForLogins": false,
"cookieExpiration": {
"convention": "FixedTime",
"timeToExpiration": "08:00:00"
},
"nonce": {
"validateNonce": true,
"nonceExpirationInterval": "00:05:00"
}
},
"httpSettings": {
"requireHttps": true,
"routes": {
"apiPrefix": "/.auth"
},
"forwardProxy": {
"convention": "NoProxy"
}
}
}
}
]
}
NOTE: In client id provide the app registration application id which you have created earlier
OUTPUT:-
Deployed using:
az deployment group create -n TestDeployment -g <resourcegroupname> --template-file "C:\Path\to\template.json"
NOTE:- In APP Registration we have to add reply uri by using azure cli cmd with https://yourfunctionappname.azurewebsites.net/.auth/login/aad/callback
az ad app update --id <objectid> --reply-urls https://funcapp-xxxxxxx.azurewebsites.net/.auth/login/aad/callback
Tested Function app output:

A nested resource type must have identical number of segments as its resource name

When i try to deploy/enable diagnostic settings on Azure Firewall through ARM template. Though i get error.
I'm following this link
code snippet which i'm using:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {
"workspaceId": "[Concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', 'Fw-LA')]"
},
"resources": [
{
"type": "Microsoft.Network/azureFirewalls/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat('FWHM/','Microsoft.Insights/', 'dignostic')]",
"properties": {
"name": "diagnostic",
"workspaceId": "[variables('workspaceId')]",
"logs": [
{
"category": "AzureFirewallApplicationRule",
"enabled": true,
"retentionPolicy": {
"days": 10,
"enabled": false
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
]
}
}
]
}
this:
"type": "Microsoft.Network/azureFirewalls/diagnosticSettings",
should be this instead:
"type": "Microsoft.Network/azureFirewalls/providers/diagnosticSettings",
read the article you linked carefully

Azure CosmoDB deployment fails with "The resource operation completed with terminal provisioning state 'Failed'."

My template is this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"cosmosdbname": {
"type": "string"
},
"allowedIps": {
"type": "string"
},
"vnetName": {
"type": "string"
},
"subnetName": {
"type": "string"
}
},
"variables": {
"subnetIdA": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]",
"location": "[resourcegroup().location]"
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2015-04-08",
"name": "[parameters('cosmosdbname')]",
"location": "[variables('location')]",
"kind": "GlobalDocumentDB",
"properties": {
"ipRangeFilter": "[parameters('allowedIps')]",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": true,
"virtualNetworkRules": [
{
"id": "[variables('subnetIdA')]"
}
],
"databaseAccountOfferType": "Standard",
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "[variables('location')]",
"failoverPriority": 0
}
],
"capabilities": []
}
}
]
}
I exported it from Azure and made some modifications. However, I just get the "The resource operation completed with terminal provisioning state 'Failed'." when trying to deploy it and cannot figure out what is wrong with the template.
I removed the virtualnetworkrules completely from my json and now it works.

Azure template deployment for IoT Hub and diagnostics settings does not work

I'm using Azure RM Template deployments with a Visual Studio 2017 Resource Group project to deploy IoTHub instance with diagnostics settings in Log Analytics.
Deploying IoTHub alone is successful, the problem is with deployment of the Diagnostics Settings template.
I'm following the instructions for deploying Diagnostics Settings as Non-Compute resource template
The strange error that I receive is the following:
Error: Code=InvalidTemplate; Message=Deployment template validation
failed: 'The template resource 'Microsoft.Insights/BasicDiagnostics'
for type 'providers/diagnosticSettings' at line '69' and column '9'
has incorrect segment lengths. A nested resource type must have
identical number of segments as its resource name. A root resource
type must have segment length one greater than its resource name.
Why does it fail like this, even though I follow the documentation with the provided example?
Here are my template definitions:
"resources": [
{
"type": "Microsoft.Devices/IotHubs",
"sku": {
"name": "[parameters('sku.name')]",
"capacity": "[parameters('sku.units')]"
},
"name": "[parameters('iothubname')]",
"apiVersion": "2018-04-01",
"location": "[resourceGroup().location]",
"properties": {
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": "[parameters('endpoints.events.retention')]",
"partitionCount": "[parameters('endpoints.events.partitions')]"
},
"operationsMonitoringEvents": {
"retentionTimeInDays": "[parameters('endpoints.operationsMonitoringEvents.retention')]",
"partitionCount": "[parameters('endpoints.operationsMonitoringEvents.partitions')]"
}
},
"features": "[parameters('features')]"
}
},
{
"type": "providers/diagnosticSettings",
"name": "[concat('Microsoft.Insights/', parameters('iotHub.diagnostics.settingName'))]",
"dependsOn": [
"[resourceId('Microsoft.Devices/IoTHubs', parameters('iothubname'))]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "[parameters('iotHub.diagnostics.settingName')]",
"workspaceId": "[parameters('iotHub.diagnostics.workspaceId')]",
"logs": [
{
"category": "Connections",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "Configurations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "D2CTwinOperations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "C2DTwinOperations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
]
}
}
]
Any help much appreciated!
this needs to be a sub resource of the IOT hub, not a separate resource.
{
"type": "Microsoft.Devices/IotHubs",
"sku": {
"name": "[parameters('sku.name')]",
"capacity": "[parameters('sku.units')]"
},
"name": "[parameters('iothubname')]",
"apiVersion": "2018-04-01",
"location": "[resourceGroup().location]",
"properties": {
xxx
},
"features": "[parameters('features')]",
"resources": [
{
"type": "providers/diagnosticsSettings",
xxx
}
]
}
},

Rerunning ARM template cause error

I have a very simple ARM template which spins up an app service plan and a website. When I delete plan or resource group it works fine and creates new plan and website. Following is the template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"environment": {
"type": "string",
"metadata": {
"comments": "The environment to suffix to distinguish resources in different groups"
}
"allowedValues": ["Test","Uat","Stage"]
},
"planName": {
"type": "string"
},
/*Other Parameters*/
}
},
"variables": {
"planNameFull": /*expression*/,
"siteTestNameFull": /*expression*/,
"appDomainName": /*expression*/
},
"resources": [
{
"comments": "Application Plan (Serverfarm)",
"type": "Microsoft.Web/serverfarms",
"sku": {
"name": "S1",
"tier": "Standard",
"Size": "S1",
"family": "S",
"capacity": "1"
},
"kind": "app",
"name": "[variables('planNameFull')]",
"apiVersion": "2016-09-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('planNameFull'))]": "empty",
"displayName": "[variables('planNameFull')]"
},
"properties": {
"name": "[variables('planNameFull')]",
"workerTierName": null,
"adminSiteName": null,
"hostingEnvironmentProfile": null,
"perSiteScaling": false,
"reserved": false,
"targetWorkerCount": 0,
"targetWorkerSizeId": 0
}
},
{
"comments": "Test Web Site",
"type": "Microsoft.Web/sites",
"kind": "app",
"name": "[variables('siteTestNameFull')]",
"apiVersion": "2016-08-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('planNameFull'))]": "empty",
"displayName": "[variables('siteTestNameFull')]"
},
"properties": {
"clientAffinityEnabled": true,
"enabled": true,
"hostNameSslStates": [
{
"name:": "[concat(variables('siteTestNameFull') ,'.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Standard"
},
{
"name:": "[concat(variables('siteTestNameFull') ,'scm.azurewebsites.net')]",
"sslState": "Disabled",
"hostType": "Repository"
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms',variables('planNameFull'))]"
},
"dependsOn": [ "[resourceId('Microsoft.Web/serverfarms',variables('planNameFull'))]" ],
"resources": [
{
"comments": "Test Web Site Config.",
"type": "Microsoft.Web/sites/config",
"name": "[concat(variables('siteTestNameFull'),'/web')]",
"apiVersion": "2015-08-01",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('planNameFull'))]": "empty",
"description": "[concat('Moula ', variables('siteTestNameFull'),' Settings')]",
"displayName": "[concat(variables('siteTestNameFull'),' App Settings')]"
},
"properties": {
"numberOfWorkers": 1,
"defaultDocuments": [ "index.html" ],
"netFrameworkVersion": "v4.7",
"publishingUsername": "[parameters('webPublishingUser')]",
"publishingPassword": "[parameters('webPublishingPwd')]",
"siteAuthSettings": { "isAadAutoProvisioned": false },
"ipSecurityRestrictions": [
{
"ipAddress": "115.xx.xxx.27",
"subnetMask": null
},
{
"ipAddress": "34.xxx.xx.90",
"subnetMask": null
}
],
"appSettings": {
"WEBSITE_TIME_ZONE": "[parameters('websiteTimezone')]",
"WEBSITE_LOAD_CERTIFICATES": "[parameters('testCertificate')]"
},
"use32BitWorkerProcess": false,
"managedPipelineMode": "Integrated",
"virtualApplications": [
{
"virtualPath": "/",
"physicalPath": "site\\wwwroot",
"preloadEnabled": false,
"vitualDirectories": null
}
],
"loadBalancingRules": [ "LeastRequests" ]
},
"dependsOn": [ "[resourceId('Microsoft.Web/sites',variables('siteTestNameFull'))]" ]
}
]
}
],
"outputs": {
"planId": {
"type": "string",
"value": "[resourceId('Microsoft.Web/serverfarms', variables('planNameFull'))]"
},
"TestAppId": {
"type": "string",
"value": "[resourceId('Microsoft.Web/sites',variables('siteTestNameFull'))]"
}
}
}
My problem is that I want to run this template as VSTS build pipeline step. When I try to run template again without making any changes, it causes following error always:
Template deployment returned the following errors:
1:09:17 PM - Resource Microsoft.Web/sites 'TestWebsite' failed with message '{
"error": {
"code": "InternalServerError",
"message": "There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 8cd06d54-vvvv-wwww-xxxx-5e55029fc640"
}
}'
What I'm doing wrong?
There are multiple reasons for this type of error. This is the official documenation.
Downtime of either the service you're deploying to in the region you're deploying to.
Downtime of Azure DevOps itself.
The resource type you're trying to deploy isn't yet available in that region.

Resources