Develop Reference

Deploying Azure ResourceGroup by template returns "not found"

I have an Azure template and am attempting to deploy two extra resource groups.
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2019-08-01",
"location": "eastus",
"name": "[variables('galleryResourceGroupName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2019-08-01",
"location": "[resourceGroup().location]",
"name": "[variables('tempResourceGroupName')]",
"properties": {}
},
When I run this template, the result for these two resources is:
{
"message": "No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/59b4b...9074/resourcegroups/rgMain/providers/Microsoft.Resources/resourceGroups/rgTemp?api-version=2019-08-01'."
}
NotFound
The docs say you can deploy a resourceGroup:
https://learn.microsoft.com/en-us/azure/templates/microsoft.resources/2019-08-01/resourcegroups
But it is not working...
Any ideas why ?

This template is a subscription level template that creates a resource group. In this documentation you can find the ways to deploy this template.

From the URI you seem to be targeting another resource group. You can't create a resource group within another resource group. You need to target the subscription instead!

Azure ARM template resourceId problem with nested deployments on subscription level

I'm working on an ARM template to
A. deploy a resource group
B. deploy an ASE env.
To do both, as I understand I need to run a deployment on scope subscription level
New-AzDeployment -Name TestingASE -TemplateFile $HOME/azuredeploy.json -TemplateParameterFile $HOME/parameters.json -Location 'West Europe'
My template is pretty long already - so here are the most important parts (I think).
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
....
"resources": [
// Resource Group
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('Location')]",
"name": "[parameters('rgName')]",
"properties": {}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "storageDeployment",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
....
{
"apiVersion": "2019-04-01",
"name": "[parameters('asevnetname')]",
"type": "Microsoft.Network/virtualNetworks",
"location": "[parameters('Location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
...
{
"apiVersion": "2019-02-01",
"type": "Microsoft.Web/hostingEnvironments",
"name": "[parameters('aseName')]",
"kind": "ASEV2",
"location": "[parameters('Location')]",
"properties": {
"name": "[parameters('aseName')]",
"location": "[parameters('Location')]",
"InternalLoadBalancingMode": "[parameters('ilbMode')]",
"virtualNetwork": {
"Id": "[resourceId(subscription().id, resourceGroup().Id, 'Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
}
....
This give me an output "The template function 'RESOURCEGROUP' is not expected at thislocation"
As far as I understand I'm following the guidelines
https://learn.microsoft.com/en-gb/azure/azure-resource-manager/templates/template-functions-resource#resourcegroup
The resourceGroup() function can't be used in a template that is deployed at the subscription level. It can only be used in templates that are deployed to a resource group. You can use the resourceGroup() function in a linked or nested template (with inner scope) that targets a resource group, even when the parent template is deployed to the subscription. In that scenario, the linked or nested template is deployed at the resource group level.
Thanks for helping with this.

The error happened at the resourceId format, it should be
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2], ...)
To get the resource ID for a resource in the same subscription but a
different resource group, provide the resource group name.
"[resourceId('otherResourceGroup', 'Microsoft.Storage/storageAccounts', 'examplestorage')]"
So, in this case, the virtualNetwork ID in the properties of Microsoft.Web/hostingEnvironments should be
"virtualNetwork": {
"Id": "[resourceId(parameters('rgName'), 'Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
}
or
"Id": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
For more information, you could get more references to deploy an ASE within a subnet from this template.

Your deployment schema is subscriptionDeploymentTemplate and the New-AzDeployment cmdlet creates a deployment at the subscription scope. As per the docs you can't use that function when deploying at the subscription scope. You'll also encounter problems with the resourceId() function that wraps around it. The subscriptionResourceId() function should solve your problem.
"virtualNetwork": {
"Id": "[subscriptionResourceId('Microsoft.Network/virtualNetworks/subnets',parameters('asevnetname'),parameters('subnetName'))]"
}
The resource id will be returned in the subscription format as described here, if that isn't an acceptable format for the virtualNetwork.Id property of the Microsoft.Web/hostingEnvironments resource you're trying to deploy you might need to construct the resource id using the concat() function instead.

Deployment Agents in Azure VM Scale Set

I am currently deploying a VM Scale Set (VMSS) using an ARM template which has a resource inside VMSS to install Azure extension for Azure DevOps (ADO) Deployment Agent. All is deployed successfully and a node is registered in ADO with all details as are in the ARM template. However the problem is that it installs the agent only on first node and (as far as I see) ignores the rest of the nodes. I've tested this with multiple nodes during creation of the scale set and with auto-scale as well. Both scenarios result in only first agent registered.
This is the code layout I'm using (I've removed the VMSS bits to reduce the template length here, there are of course OS, storage and network settings inside):
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[parameters('VMSSName')]",
"apiVersion": "2018-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('VMSSSize')]",
"capacity": "[parameters('VMSSCount')]",
"tier": "Standard"
},
"dependsOn": [],
"properties": {
"overprovision": "[variables('overProvision')]",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {},
"storageProfile": {},
"networkProfile": {},
"extensionProfile": {
"extensions": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
"name": "VMSS-NetworkWatcher",
"location": "[resourceGroup().location]",
"properties": {
"publisher": "Microsoft.Azure.NetworkWatcher",
"type": "[if(equals(parameters('Platform'), 'Windows'), 'NetworkWatcherAgentWindows', 'NetworkWatcherAgentLinux')]",
"typeHandlerVersion": "1.4",
"autoUpgradeMinorVersion": true
}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
"name": "VMSS-TeamServicesAgent",
"location": "[resourceGroup().location]",
"properties": {
"publisher": "Microsoft.VisualStudio.Services",
"type": "[if(equals(parameters('Platform'), 'Windows'), 'TeamServicesAgent', 'TeamServicesAgentLinux')]",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"settings": {
"VSTSAccountName": "[parameters('VSTSAccountName')]",
"TeamProject": "[parameters('VSTSTeamProjectName')]",
"DeploymentGroup": "[parameters('VSTSDeploymentGroupName')]",
"AgentName": "[concat(parameters('VMSSName'),'-DG')]",
"Tags": "[parameters('VSTSDeploymentAgentTags')]"
},
"protectedSettings": {
"PATToken": "[parameters('VSTSPATToken')]"
}
}
}
]
}
}
}
}
Now the desired state, of course, is that all nodes will have agent installed so that I can use the Deployment Group inside Release pipeline.

your problem is in the fact that all agents have the same AgentName, so it effectively overwrites the agent and only the latest one "survives". I dont think there is anything you can do, unless you just amend the AgentName and it auto assigns based on computer name.
You can convert this to a script\dsc extension, that way you can calculate everything on the fly.

How to obtain Cross regional deployment using ARMTemplate

I want to do cross regional deployment using ARM Template.
Example 1:
I have two resource group's A & B. A resource group has one storage account. I want to access A's storage account in B's resource group services.
Example 2:
I have two resource group's A & B. A resource group has one application insight service. I want to access A's application insight in B's ApiApp service with Instrumentation key added in ApiApp "appsettings".
I have tried adding below code snippet in ARMTemplate:
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "testresgrp01",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/components",
"name": "[parameters('appinsightname')]",
"apiVersion": "2015-06-15",
"location": "South Central US",
"properties": {
}
}
]
},
"parameters": {}
}
},
{
"type": "Microsoft.Insights/components",
"name": "[parameters('appinsightname')]",
"apiVersion": "2015-06-15",
"location": "South Central US",
"properties": {
}
}
But this section errors while deployment giving below error:
New-AzureRmResourceGroupDeployment : - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The
template resource 'nestedTemplate' at line '224' and column '10' is invalid. The api-version '2016-07-01' used to deploy the
template does not support 'ResourceGroup' property. Please use api-version '2017-05-10' or later to deploy the template.
If I remove "resourceGroup": "testresgrp01", section, the resource deployment creates a new service in resourcegroup.
How to resolve this issue?
Thank you

I'm pretty sure your Azure Powershell modules are outdated, update them to the latest and try again.
I usually delete all modules and install from scratch to ensure no conflicts.

"Cannot find Web space" error when provisioning web app using Azure Resource Manager

I am trying to provision some resources on Azure using the Azure Resource Manager with a template I have put together;
I am provisioning several web apps with independent Service Plans concurrently. Of course each web app resource "dependsOn" its Service plan.
Everyone once in a while when I deploy using Powershell I get the following error:
New-AzureRmResourceGroupDeployment : 4:21:22 PM - Resource Microsoft.Web/serverfarms 'ServicePlanA' failed with message 'Cannot find Web space
ExampleResourceGroup-AustraliaEastwebspace for subscription ...'
This fails randomly on one or more of the Service Plans.
I also found this GitHub issue, but since I am not using the CLI I couldn't see how this would help https://github.com/Azure/azure-xplat-cli/issues/1646
I also have the latest AzureRM packages from https://www.powershellgallery.com/packages/AzureRM/
The API version I am using is "2015-08-01", and the schema of the deployment template is https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
Here is a segment from the template that creates the mentioned resources:
{
"name": "[variables('WebFrontServicePlanAName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[parameters('DataCenterALocation')]",
"apiVersion": "2015-08-01",
"dependsOn": [ ],
"tags": {
"displayName": "WebFrontServicePlanA"
},
"sku": {
"name": "[parameters('WebFrontServicePlanSKU')]"
},
"properties": {
"name": "[variables('WebFrontServicePlanAName')]",
"workerSize": "[parameters('WebFrontServicePlanAWorkerSize')]",
"numberOfWorkers": 1
}
},
....
{
"name": "[variables('webAppName')]",
"type": "Microsoft.Web/sites",
"location": "[parameters('DataCenterALocation')]",
"apiVersion": "2015-08-01",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('WebFrontServicePlanAName'))]"
],
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('WebFrontServicePlanAName'))]": "Resource",
"displayName": "webApp"
},
"properties": {
"name": "[variables('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('WebFrontServicePlanAName'))]"
},
}

Do you already have an existing resource group that you're deploying to? If not try using the cmdlet New-AzureRmResourceGroupinstead of New-AzureRmResourceGroupDeployment.
In Azure Web Apps, resource groups are backed by webspaces. Thus a resource group may contain multiple webspaces each in a different geo region. If you don't have the resource group, and you're not creating it, then you wouldn't have the corresponding webspace, which would cause the error you're seeing.