The template reference 'not valid error in arm template - azure

I am deploying resource group using arm templates
Below is the command and error I am getting
az deployment create --name test-deployment --template-file azuredeploy.json --parameters azuredeploy.parameters.json -l westus2
This command has been deprecated and will be removed in a future release. Use 'deployment sub create' instead.
{'additionalProperties': {}, 'code': 'InvalidTemplate', 'message': "Deployment template validation failed: 'The template reference 'DEV-AI-POC-WESTUS2-RG' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'.", 'target': None, 'details': None, 'additionalInfo': [{'additionalProperties': {}, 'type': 'TemplateViolation', 'info': {'lineNumber': 0, 'linePosition': 0, 'path': ''}}]}
azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enviroment": {
"type": "string",
"defaultValue": "poc"
},
"location": {
"type": "string",
"defaultValue": "West US"
},
"depattmentName": {
"type": "string"
},
"project": {
"type": "string"
}
},
"variables": {
"rgName": "[concat(toupper(parameters('depattmentName')), '-', toupper(parameters('project')), '-', toupper(parameters('enviroment')), '-', toupper(replace(parameters('location'), ' ', '')), '-', 'RG')]",
"rgDeploymentName": "[concat(deployment().name, '-rg')]",
"_artifactsLocation": "https://xxxxxxx/xxxxxx"
},
"resources": [
{
"name": "[variables('rgDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"ResourceGroup": "[variables('rgName')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(variables('_artifactsLocation'),'/src/arm/templates/resourcegroup.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"rgName": {
"value": "[variables('rgName')]"
},
"rgLocation": {
"value": "[parameters('location')]"
}
}
}
}
],
"outputs": {
"resourceGroups": {
"type": "object",
"value": "[reference(variables('rgName'))]"
}
}
}
azuredeploy.parameters.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "westus2"
},
"depattmentName": {
"value": "Dev"
},
"project": {
"value": "AI"
},
"enviroment": {
"value": "poc"
}
}
}
resourcegroup.json(calling template)
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
}
},
"variables": {
"storageAccountType": "Standard_LRS"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage"
}
],
"outputs": {
"storageDetails": {
"type": "string",
"value": "[concat(parameters('storageAccountName'), '-', variables('storageAccountType'))]"
}
}
}
Can anyone please help me to fix,
I have to deploy/crease resource group if not exist in azure portal using arm template. arm template should be called through uri in blob storage.


what it tells you is that your output is not valid, you dont have a resource or resource copy with that name, because you are attempting to create a deployment (not a resource group) in another resource group, so the reference function doesnt know about that and hence fails.
So you need to first create the resource group and then create a deployment to that group

Related

How can I use dependsOn on copy resources in nested deployment?

I'm trying to deploy a RG tag for saving the roleAssignments version. I want that the tag deployment will be depended on the creation of the roleassignments. the roleassignments are created by using "copy" and the deployment is nested (since I need to change the scope to another RG and subscription).
I'm getting the following error message: {"code":"InvalidTemplate","message":"Deployment template validation failed: 'The template resource '[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]' at line '82' and column '9' is not valid: The template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see https://aka.ms/arm-template-expressions for usage details.'."}
How can I resolve it?
The template:
{
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"parameters": {
"managedIdentityName": {
"type": "String",
"metadata": {
"description": "The name of the managed identity resource."
}
},
"roleAssignmentsDefinitionIds": {
"type": "Array"
},
"roleAssignmentsVersion": {
"defaultValue": 0,
"type": "Int"
},
"resourceId": {
"type": "String"
},
"rolesAssignmentsResourceGroup": {
"type": "String"
},
"rolesAssignmentSubscriptionID": {
"type": "String"
}
},
"variables": {
"copy": [
{
"name": "roleAssignmentsToCreate",
"count": "[length(parameters('roleAssignmentsDefinitionIds'))]",
"input": {
"name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName')), resourceGroup().id, parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')])]",
"roleDefinitionId": "[parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')]]"
}
}
],
"roleAssignmentVersionTagName": "[concat(parameters('managedIdentityName'), 'RoleAssignmentVersion')]",
"roleAssignmentsVersionTags": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": "[parameters('roleAssignmentsVersion')]"
}
},
"updatedResourceGroupTags": "[union(resourceGroup(), variables('roleAssignmentsVersionTags')).tags]",
"roleAssignmentsDefaultVersion": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": 0
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]",
"properties": {
"mode": "Incremental",
"parameters": {},
"copy": {
"name": "roleAssignment",
"count": "[length(variables('roleAssignmentsToCreate'))]",
"mode": "serial",
"batchSize": 1
},
"template": {
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"variables": {},
"resources": [
{
"name": "[guid(parameters('resourceId'), 'Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId, resourceGroup().id)]",
"type": "Microsoft.Authorization/roleAssignments",
"condition": "[less(int(union(variables('RoleAssignmentsDefaultVersion'), resourceGroup()).tags[variables('roleAssignmentVersionTagName')]), parameters('roleAssignmentsVersion'))]",
"apiVersion": "2020-04-01-preview",
"properties": {
"principalId": "[reference(parameters('resourceId'), '2018-11-30').principalId]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId)]",
"principalType": "ServicePrincipal"
}
}
]
}
},
"subscriptionId": "[parameters('rolesAssignmentSubscriptionID')]",
"resourceGroup": "[parameters('rolesAssignmentsResourceGroup')]"
}
Thanks

Remove:
"dependsOn": [
"roleAssignment"
],
From the tags resource - it's not needed.

Error :The deployment parameters are using case sensitive names. The error parameter name(s): name.(ARM template deployment)

I am creating ARM template for Route table creation. A simple ARM template downloaded from the template deployment is failing. After I run the ARM template, it asks for the name and throws the below error.
I have tried giving names like routeVnet, vnetroute etc.
Saw some posts where giving the combination of lowercase uppercase in name will fix the issue. But it doesn't work here.
The arm template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.5",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"tagsByResource": {
"type": "object",
"defaultValue": {},
"metadata": {
"description": "Optional tags provided by the user via createUiDefinition.json"
}
},
"disableBgpRoutePropagation": {
"type": "bool"
}
},
"variables": {},
"resources": [
{
"apiVersion": "2019-02-01",
"type": "Microsoft.Network/routeTables",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/routeTables'), parameters('tagsByResource')['Microsoft.Network/routeTables'], json('{}')) ]",
"properties": {
"disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]"
}
}
],
"outputs": {}
}
The parameter template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "eastus"
},
"Name": {
"value": ""
},
"tagsByResource": {
"value": {}
},
"disableBgpRoutePropagation": {
"value": true
}
}
}

The problem is with your parameter file where you are passing parameter name as "Name", in template your parameter is name while in parameter file you have mentioned it as Name.
The correct parameter file will look like:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "eastus"
},
"name": {
"value": "routeVnet12"
},
"tagsByResource": {
"value": {}
},
"disableBgpRoutePropagation": {
"value": true
}
}
}

InvalidResourceNamespace error when attempting to deploy Event Grid Subscription for Azure Function

I have an existing Event Grid Topic and want to add an Event Subscription to it, with an existing Azure Function endpoint.
To achieve this I am using Linked Templates. ARM Template validation passes, but deployment fails, with quite a peculiar error:
"InvalidResourceNamespace: "The resource namespace 'subscriptions' is invalid. (Code: InvalidResourceNamespace)"
Here's the raw error:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "InvalidContentLink",
"message": "Unable to download deployment content from 'https://storagearmtpl.blob.core.windows.net/arm-tpl-service-cd-11111-artifacts/nestedtemplates/eventGridSubscriptionTemplate.json?sv=sasartifactsstring'. The tracking Id is '11111111'. Please see https://aka.ms/arm-deploy for usage details."
},
{
"code": "InvalidResourceNamespace",
"message": "The resource namespace 'subscriptions' is invalid."
}
]
}
Where sasartifactsstring is a valid artifacts locations sas token. (I'm assuming, it looks correct)
I understand that this error stems from the "type" of the resource in the template being invalid, but as you can see below, it's simply Microsoft.EventGrid/topics/providers/eventSubscriptions.
/nestedtemplates/eventGridSubscriptionTemplate.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subscriptionName": {
"type": "string",
"metadata": {
"description": "Name of the event grid subscription"
}
},
"topicName": {
"type": "string",
"metadata": {
"description": "Event grid Topic Name to Subscribe."
}
},
"functionResourceGroupName": {
"type": "string",
"metadata": {
"description": "Resource group name for functionapp"
}
},
"functionAppName": {
"type": "string",
"metadata": {
"description": "function app name"
}
},
"subscriptionId": {
"type": "string",
"metadata": {
"description": "The id string of the Azure subscription"
}
},
"topicResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the topic resource group"
}
}
},
"variables": {},
"resources": [
{
"name": "[concat(parameters('topicName'), '/Microsoft.EventGrid/', parameters('subscriptionName'))]",
"type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
"location": "[resourceGroup().location]",
"apiVersion": "2020-06-01",
"properties": {
"topic": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('topicResourceGroupName'), 'providers/Microsoft.EventGrid/topics/', parameters('topicName'))]",
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('functionResourceGroupName'), '/providers/Microsoft.Web/sites/', parameters('functionAppName'), '/functions/HelloWorld')]",
"maxEventsPerBatch": 1,
"preferredBatchSizeInKilobytes": 64
}
},
}
},
"dependsOn": [
]
}
],
"outputs": {}
}
/azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"_artifactsLocation": {
"type": "string"
},
"_artifactsLocationSasToken": {
"type": "securestring"
},
"functionResourceGroupName": {
"type": "string"
},
"functionAppName": {
"type": "string"
},
"topicName": {
"type": "string"
},
"topicResourceGroupName": {
"type": "string"
},
"subscriptionId": {
"type": "string"
}
},
"variables": {
"templateFolder": "nestedtemplates",
"subscriptionTemplateFileName": "eventGridSubscriptionTemplate.json"
},
"resources": [
{
"name": "functionsubscription"
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10"
"resourceGroup": "[parameters('topicResourceGroupName')]",
"dependsOn": [ ],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'), '/', variables('templateFolder'), '/', variables('subscriptionTemplateFileName'), parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subscriptionName": {
"value": "FunctionSubscription"
},
"topicName": {
"value": "[parameters('topicName')]"
},
"functionResourceGroupName": {
"value": "[parameters('functionResourceGroupName')]"
},
"functionAppName": {
"value": "[parameters('functionAppName')]"
},
"topicResourceGroupName": {
"value": "[parameters('topicResourceGroupName')]"
},
"subscriptionId": {
"value": "[parameters('subscriptionId')]"
}
}
}
}
]
}
azure deploy parameters file
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
,
"functionResourceGroupName": {
"value": "functionResourceGroup"
},
"functionAppName": {
"value": "functionAppName"
},
"subscriptionId": {
"value": "1111111111"
},
"topicName": {
"value": "topicName"
},
"topicResourceGroupName": {
"value": "topicResourceGroup"
}
}
Really not sure what I'm doing wrong here. Worth noting that the first error is annoying as well and I'm not sure why it can't download the deployment content...
update/edit:
It's worth noting that the release is using Classic Azure Release Pipelines. And the error comes up during the release.
Looking into the deployment logs for the resource group, I was able to see that the deployment was trying to deploy an invalid resource, with the type starting "subscriptions/.....", so at least I know where the error is coming from. Still investigating what is causing this misread...

The cause of the odd 'subscriptions' error was due to the fact that I inserted a new resource into my resources list in my deployment (parent) ARM template, but not at the end of the list.
Once I put the deployment resource that references the new event grid subscription at the end of the resources list, the error did not show up.
azuredeploy.json
resources: [
{all other existing deployment resources ....},
{
"name": "functionsubscription"
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10"
"resourceGroup": "[parameters('topicResourceGroupName')]",
"dependsOn": [ ],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'), '/', variables('templateFolder'), '/', variables('subscriptionTemplateFileName'), parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subscriptionName": {
"value": "FunctionSubscription"
},
"topicName": {
"value": "[parameters('topicName')]"
},
"functionResourceGroupName": {
"value": "[parameters('functionResourceGroupName')]"
},
"functionAppName": {
"value": "[parameters('functionAppName')]"
},
"topicResourceGroupName": {
"value": "[parameters('topicResourceGroupName')]"
},
"subscriptionId": {
"value": "[parameters('subscriptionId')]"
}
}
}
}
]
However, I am still dealing with the InvalidContentLink error, the main problem of the question has been resolved.

using linkedtemplate to retrieve password from Keyvault

After reading some article from here and here and here and looking at this example
I have tried to retrieve a password from KeyValut with LinkedTemplate.
To achieve this aim I have create such a Linked arm template azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription().subscriptionId]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources":
[
{
"apiVersion": "2018-05-01",
"name": "dynamicSecret",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
}
}
}
}
],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('dynamicSecret').outputs.value]"
}
}
}
If I try to validate this template, I get this error message:
Deployment template validation failed: 'The template parameters 'adminPassword' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'vaultName, secretName, vaultResourceGroupName, vaultSubscription'. Please see https://aka.ms/arm-deploy/#parameter-file for usage details.'.
and in my azuredeploy.parameters.json I have:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": "kvnamer"
},
"secretName": {
"value": "ExamplePassword"
},
"vaultResourceGroupName": {
"value": "rgname"
}
}
}
Do you have any Idea how can I solve my problem?

Regarding the issue, please check if your linked template has the parameter "adminPassword". For more details, please refer to the document. You also can refer to my JSON file.
1.Create azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string",
"metadata": {
"description": "The name of the keyvault that contains the secret."
}
},
"secretName": {
"type": "string",
"metadata": {
"description": "The name of the secret."
}
},
"vaultResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the resource group that contains the keyvault."
}
},
"vaultSubscription": {
"type": "string",
"defaultValue": "[subscription()]",
"metadata": {
"description": "The name of the subscription that contains the keyvault."
}
}
},
"resources": [{
"apiVersion": "2015-01-01",
"name": "linkedTemplate",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "incremental",
"templateLink": {
"uri": "https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/keyvaultparameter/sqlserver.json",
"contentVersion": "1.0.0.0"
},
"parameters": {
"adminPassword": {
"reference": {
"keyVault": {
"id": "[resourceId(parameters('vaultSubscription'), parameters('vaultResourceGroupName'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"
},
"secretName": "[parameters('secretName')]"
}
},
"adminLogin": {
"value": "jimtest"
},
"sqlServerName": {"value": "jimteste12378902"}
}
}
}],
"outputs": {
"SQLPassword": {
"type": "string",
"value": "[reference('linkedTemplate').outputs.value]"
}
}
}
2.Create azuredeploy.parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"value": ""
},
"secretName": {
"value": ""
},
"vaultResourceGroupName": {
"value": ""
},
"vaultSubscription": {
"value": ""
}
}
}

The template, you're using in the nested deployment here:
"https://arm0storage.blob.core.windows.net/linkedtemplate/azuredeploy.json?sp=r&st=2019-07-17T13:28:26Z&se=2019-07-16T21:28:26Z&spr=https&sv=2018-03-28&sig=xxxv%2xxxxxxxxxxxxxxx%2FHmg9Yxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=b"
What does that template look like? The error message you're getting says that it does not have a parameter in it, named "adminPassword" - but your nested deployment resource is trying to pass it in.
The output you have in the template above is called "SQLPassword", they aren't necessarily related, but I'm guessing since we can't see the template you're linking to.

Azure storage enable encryption in ARM

I am trying to enable encryption in azure storage during its creation time through ARM. This is the simple storage resource I have.
{
"$schema": "https://schema.management.azure.com/schemas/2016-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "String"
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
}
},
"variables": {
"defaultApiVersion": "2016-01-01"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('StorageAccountName')]",
"apiVersion": "[variables('defaultApiVersion')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"properties": {
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": true
}
}
}
}
}
}
]
}
Which giving me following error
New-AzureRmResourceGroupDeployment : 8:21:59 AM - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'Template schema 'https://schema.management.azure.com/schemas/2016-01-01/deploymentTemplate.json#' is not supported. Supported versions are '2014-04-01-preview,2015-01-01'.
Then I change the schema url to https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
then got New-AzureRmResourceGroupDeployment : 8:26:40 AM - Error: Code=InvalidTemplateDeployment; Message=The template deployment 'myencryptedstorage' is not valid according to the validation
procedure.
Anyone know whats is the right way to do this ?

As far as the invalid template error goes I notice you do have properties listed twice:
"properties": {
"properties": {
You can reference this link to find the valid schema:
https://msdn.microsoft.com/en-us/library/azure/mt163564.aspx

I have copied your json file to Visual Studio. It give me the following error message:
I think this may be your issue.
I have tested use New-AzureRmResourceGroupDeployment to create Azure storage with encryption enabled. The following is my source code:
PowerShell Command:
New-AzureRmResourceGroupDeployment -ResourceGroupName jarg -TemplateFile E:\createstoragearm.json -
TemplateParameterFile E:\parameter.json
createstoragearm.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
"variables": {
"storageAccountName": "[parameters('storageAccountName')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2016-01-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[variables('storageAccountName')]"
}
}
}
parameter.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"StorageAccountName": {
"value": "jaarmtest1"
},
"StorageAccountType": {
"value": "Standard_LRS"
}
}
}
The Result

Resources