Related
I want to use the arm template to create the Event Subscription for the Event Grid Domain Topic. It's ok when I create Event Grid Domain and Event Grid Domain Topic but when I try to create the Event Subscription to listen to messages from Event Grid Domain Topic. It always fails. I think I defined the wrong "scrope" or "dependsOn".
Actually, I can't find the document or tutorial to create the Event Subscription for Event Grid Domain Topic. Almost document guide the way to create the Event Subscription for Event Grid Topic.
Thanks for support
This is my arm template
{
"type": "Microsoft.EventGrid/eventSubscriptions",
"apiVersion": "2021-06-01-preview",
"name": "[parameters('eventSubscription')]",
"scope": "[format('Microsoft.EventGrid/domains/topics/{0}', concat(variables('eventGridDomainName'), '/',parameters('topic')))]",
"properties": {
"deadletterdestination": {
"endpointType": "StorageBlob",
"properties": {
"blobContainerName": "parameters('containerName')",
"resourceId": "/subscriptions/{subscriptions}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{containerName}"
}
},
"destination": {
"endpointType": "WebHook",
"properties": {
"endpointUrl": "string"
}
},
"eventDeliverySchema": "EventGridSchema",
"filter": {
"advancedFilters": [],
"enableAdvancedFilteringOnArrays": true
},
"labels": []
},
"dependsOn": [
"[resourceId('Microsoft.EventGrid/domains/topics',variables('eventGridDomainName'),parameters('topic')]"
]
}
I had to modify the scope a bit to get it working, take a look at the snippet below.
"scope": "[concat('Microsoft.EventGrid/domains', '/', parameters('domains_azdomaineg_name'), '/', 'topics', '/', parameters('topicName'))]"
/
{
"type": "Microsoft.EventGrid/eventSubscriptions",
"apiVersion": "2020-06-01",
"name": "[concat(parameters('domains_azdomaineg_name'), 'topic-dommain-subscription')]",
"dependsOn": [
"[resourceId('Microsoft.EventGrid/domains', parameters('domains_azdomaineg_name'))]",
"[resourceId('Microsoft.EventHub/namespaces/eventHubs', parameters('eventHubNamespace'), parameters('eventHubName'))]"
],
"properties": {
"destination": {
"endpointType": "EventHub",
"properties": {
"resourceId": "[resourceId('Microsoft.EventHub/namespaces/eventhubs', parameters('eventHubNamespace'), parameters('eventHubName'))]"
}
},
"filter": {
"includedEventTypes": [
"first, last"
],
"advancedFilters": [
{
"key": "dataversion",
"operatorType": "StringIn",
"values": [
"test"
]
}
]
}
},
"scope": "[concat('Microsoft.EventGrid/domains', '/', parameters('domains_azdomaineg_name'), '/', 'topics', '/', parameters('topicName'))]"
}
]
}
Hopefully someone can help there.
I am trying to integrate Azure Application Gateway with Key Vault using ARM template and getting an issue:
SecretIdSpecifiedIsInvalid: SecretId '==' specified in '/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/rg-ProjectX-dev-infra/providers/Microsoft.Network/applicationGateways/appgw-ProjectX-dev/sslCertificates/appGwSslCert' is invalid. []
User assigned managed identity of Application Gateway has proper permissions ('Get' and 'List' under secrets and certificates) in Azure Key Vault.
Certificate is self-signed and generated in Azure Key Vault. It works as expected if I add certificate using Azure portal but it fails to add using ARM template.
The following guides were used during deployment:
TLS termination with Key Vault certificates and Pass sensitive values
Parameters.json file:
"app-gateway-httpsvaultCert": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/rg-projeX-dev-infra/providers/Microsoft.KeyVault/vaults/kv-ProjectX-dev"
},
"secretName": "zzz-zzz-zzz-zzz"
}
},
Defined parameter as secure string in the template file:
"app-gateway-httpsvaultCert": {
"type": "securestring",
"metadata": {
"description": "Secure access string from Azure Application Gateway to Key Vault."
}
},
Template.json file:
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-11-01",
"name": "[variables('app-gateway-name')]",
"location": "[parameters('location')]",
"tags": "[parameters('resource-Tags')]",
"dependsOn": [
"[resourceId('Microsoft.Insights/components', variables('app-insights-name'))]",
"[resourceId('Microsoft.Network/publicIPAddresses', variables('public-ip-name'))]",
"[resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name'))]",
"[resourceId('Microsoft.KeyVault/vaults', variables('kv-name'))]"
],
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('appgw-managed-id'))]": {
}
}
},
"properties": {
"sku": {
"name": "Standard_v2",
"tier": "Standard_v2",
"capacity": "[parameters('app-gateway-capacity')]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnet-name'), 'appgw-subnet')]"
}
}
}
],
"sslCertificates": [
{
"name": "appGwSslCert",
"properties": {
"keyVaultSecretId": "[parameters('app-gateway-httpsvaultCert')]"
}
}
],
"trustedRootCertificates": [],
"frontendIPConfigurations": [
{
"name": "appGwPublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('public-ip-name'))]"
}
}
}
],
"frontendPorts": [
{
"name": "port_443",
"properties": {
"port": 443
}
}
],
"backendAddressPools": [
{
"name": "gatewayBackEnd",
"properties": {
"backendAddresses": [
{
"fqdn": "[concat(variables('apim-name'), '.azure-api.net')]"
},
{
"fqdn": "[concat(variables('fr-name'), '.cognitiveservices.azure.com')]"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "global-gateway-https-setting",
"properties": {
"port": 443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"pickHostNameFromBackendAddress": true,
"requestTimeout": 20,
"probe": {
"id": "[resourceId('Microsoft.Network/applicationGateways/probes', variables('app-gateway-name'), 'global-gateway-probe')]"
}
}
}
],
"httpListeners": [
{
"name": "global-listener-https",
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/applicationGateways/frontEndIPConfigurations', variables('app-gateway-name'), 'appGwPublicFrontendIp')]"
},
"frontendPort": {
"id": "[resourceId('Microsoft.Network/applicationGateways/frontEndPorts', variables('app-gateway-name'), 'port_443')]"
},
"protocol": "Https",
"sslCertificate": {
"id": "[resourceId('Microsoft.Network/applicationGateways/sslCertificates', variables('app-gateway-name'), 'appGwSslCert')]"
},
"hostNames": [],
"requireServerNameIndication": false
}
}
],
"urlPathMaps": [],
"requestRoutingRules": [
{
"name": "global-routing-rule",
"properties": {
"ruleType": "Basic",
"httpListener": {
"id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('app-gateway-name'), 'global-listener-https')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('app-gateway-name'), 'gatewayBackEnd')]"
},
"backendHttpSettings": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('app-gateway-name'), 'global-gateway-https-setting')]"
}
}
}
],
"probes": [
{
"name": "global-gateway-probe",
"properties": {
"protocol": "Https",
"port": 443,
"path": "/status-0123456789abcdef",
"interval": 30,
"timeout": 30,
"unhealthyThreshold": 3,
"pickHostNameFromBackendHttpSettings": true,
"minServers": 0
}
}
],
"rewriteRuleSets": [],
"redirectConfigurations": [],
"privateLinkConfigurations": [],
"sslPolicy": {
"policyType": "Predefined",
"policyName": "AppGwSslPolicy20170401S"
},
"enableHttp2": true
}
},
An issue has been fixed changing template.json and parameters.json files accordingly:
Template.json:
"app-gateway-httpsvaultCert": {
"type": "String",
"defaultValue": "https://[KeyVaultName].vault.azure.net/secrets/[CertName]",
"metadata": {
"description": "The base-64 encoded SSL certificate PFX data. Must be supplied via a parameters file references to a Key Vault / Secret Name."
}
}
Parameters.json:
"app-gateway-httpsvaultCert": {
"value":
"https://[KeyVaultName].vault.azure.net/secrets/[CertName]"
}
While trying to deploy a CosmosDB instance with 2 collections ("MyCollection1", "MyCollection2") I keep getting the error:
NotFound: Entity with the specified id does not exist in the system
So I keep searching for "resourceId" in my custom ARM template (please see below) but cannot find the erorr cause.
I don't understand, why does not the pipeline at least print the line number for me?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"accountName": {
"defaultValue": "my-cosmosdb",
"type": "String"
}
},
"variables": {
"resourceName": "[concat(resourceGroup().name, '-', parameters('accountName'))]",
"resourceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]",
"apiVersion": "[providers('Microsoft.DocumentDB', 'databaseAccounts').apiVersions[0]]"
},
"outputs": {
"CosmosDbConnectionString": {
"type": "string",
"value": "[concat('AccountEndpoint=https://', variables('resourceName'), '.documents.azure.com:443/;AccountKey=', listKeys(variables('resourceId'), variables('apiVersion')).primaryMasterKey, ';')]"
},
"DatabaseName": {
"type": "string",
"value": "MyDB"
},
"CollectionName1": {
"type": "string",
"value": "MyCollection1"
},
"CollectionName2": {
"type": "string",
"value": "MyCollection2"
}
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2020-03-01",
"name": "[variables('resourceName')]",
"location": "[resourceGroup().location]",
"tags": {
"defaultExperience": "DocumentDB"
},
"kind": "GlobalDocumentDB",
"properties": {
"publicNetworkAccess": "Enabled",
"enableAutomaticFailover": false,
"enableMultipleWriteLocations": false,
"isVirtualNetworkFilterEnabled": false,
"virtualNetworkRules": [],
"disableKeyBasedMetadataWriteAccess": false,
"databaseAccountOfferType": "Standard",
"consistencyPolicy": {
"defaultConsistencyLevel": "Session",
"maxIntervalInSeconds": 5,
"maxStalenessPrefix": 100
},
"locations": [
{
"locationName": "[resourceGroup().location]",
"provisioningState": "Succeeded",
"failoverPriority": 0,
"isZoneRedundant": false
}
],
"capabilities": []
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyDB"
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/MyCollection1')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyCollection1",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
}
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/MyCollection2')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyCollection2",
"indexingPolicy": {
"indexingMode": "consistent",
"automatic": true,
"includedPaths": [
{
"path": "/*"
}
],
"excludedPaths": [
{
"path": "/\"_etag\"/?"
}
]
},
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": []
},
"conflictResolutionPolicy": {
"mode": "LastWriterWins",
"conflictResolutionPath": "/_ts"
}
},
"options": {}
}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
]
}
UPDATE:
I have removed the part creating collections and the error is still there.
UPDATE 2:
The following part seemingly causes the error, but why?
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
What is wrong with the dependsOn entry "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), 'MyDB')]?
UPDATE 3:
Trying to deploy the complete ARM template listed above manually results in:
Try setting your throughput in the options for your database.
UPDATE: You cannot specify throughput on a resource that did not have it when initially provisioned. Databases and containers provisioned without throughput cannot be updated later to have it. Conversely, a resource provisioned with throughput, cannot be updated to remove. You must delete and recreate the resource. This will require migrating your data.
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/MyDB')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"id": "MyDB"
},
"options": { "throughput": "[parameters('throughput')]" }
}
},
btw, there are lots of samples you can use to start with here Cosmos DB templates
The following has worked for me, I had to replace "sqlDatabases/throughputSettings" by "sqlDatabases/containers/throughputSettings":
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings",
"apiVersion": "2020-03-01",
"name": "[concat(variables('resourceName'), '/', variables('DatabaseName'), '/', variables('CollectionName1'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers', variables('resourceName'), variables('databaseName'), variables('CollectionName1'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', variables('resourceName'), variables('databaseName'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('resourceName'))]"
],
"properties": {
"resource": {
"throughput": 400
}
}
}
And then similar entry for CollectionName2
I am trying to create an event grid topic subscription with "endpointType": "AzureFunction". It is giving following error: -
"error": {
"code": "InvalidRequest",
"message": "Invalid event subscription request: Supplied URL is invalid. It cannot be null or empty and should be a proper HTTPS URL
like https://www.example.com." }
My ARM template is given below: -
{
"name": "[concat(variables('eventGridTopicName'), '/Microsoft.EventGrid/', variables('myFuncName'))]",
"type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
"apiVersion": "2019-01-01",
"location": "[parameters('location')]",
"properties": {
"topic": "[concat('/subscriptions/', parameters('subscriptionId'),'/resourcegroups/', parameters('resourceGroupName'), '/providers/Microsoft.EventGrid/topics/', variables('eventGridTopicName'))]",
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[resourceId('Microsoft.Web/sites/functions/', variables('funcAppName'), variables('myFuncName'))]",
"maxEventsPerBatch": 1,
"preferredBatchSizeInKilobytes": 64
}
},
"filter": {
"advancedFilters": [
{
"operatorType": "StringIn",
"key": "eventType",
"values": [
"xyzEvent"
]
},
{
"operatorType": "StringIn",
"key": "subject",
"values": [
"xyzEventReceived"
]
}
]
},
"labels": [],
"eventDeliverySchema": "EventGridSchema"
},
"dependsOn": [
"[variables('eventGridTopicName')]"
]
}
Earlier, I was using EndpointType as a webhook since new event handlers like Azure Function, storage Queues, etc. were not available (https://learn.microsoft.com/en-us/azure/event-grid/event-handlers). I used the generated arm template from Azure portal as shown below: -
Has anyone faced this issue?
Yes ! found this when I had same issue! ..
Update! found an example that uses another API version and it seems to work beter, now my issue is that there is no code on it when deploying first time, so I need to break the template into two and deploy content in btween (or deploy content via template ofc).
"apiVersion": "2020-01-01-preview",
https://blog.brooksjc.com/2019/07/19/arm-template-for-event-grid-integration-with-a-new-azure-function/
Update 2, after adding the content and rerunning the template, it work fine!
here is my full code for my storage trigger
{
"name": "[concat(variables('storageAccountName'), '/Microsoft.EventGrid/coreCostManagementExport')]",
"type": "Microsoft.Storage/storageAccounts/providers/eventSubscriptions",
"apiVersion": "2020-01-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName'))]",
"[resourceId('Microsoft.Web/sites',parameters('functionAppName'))]"
],
"properties": {
"topic": "[resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName'))]",
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[resourceId('Microsoft.Web/sites/functions/', parameters('functionAppName'), 'QueueUsageOnExport')]",
"maxEventsPerBatch": 1,
"preferredBatchSizeInKilobytes": 64
}
},
"filter": {
"subjectBeginsWith": "/blobServices/default/containers/usage",
"subjectEndsWith": ".csv",
"includedEventTypes": [
"Microsoft.Storage.BlobCreated"
],
"advancedFilters": [
]
},
"labels": [
],
"eventDeliverySchema": "EventGridSchema"
}
}
Jakob's suggestion for changing api version worked for me with change in resourceId. Here is my modified working template: -
{
"name": "[concat(variables('eventGridTopicName'), '/Microsoft.EventGrid/', variables('myFuncName'))]",
"type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
"apiVersion": "2020-01-01-preview",
"location": "[parameters('location')]",
"properties": {
"topic": "[concat('/subscriptions/', parameters('subscriptionId'),'/resourcegroups/', parameters('resourceGroupName'), '/providers/Microsoft.EventGrid/topics/', variables('eventGridTopicName'))]",
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[concat('/subscriptions/', parameters('subscriptionId'),'/resourcegroups/', parameters('resourceGroupName'), '/providers/Microsoft.Web/sites/', variables('funcAppName'), '/functions/' , variables('myFuncName'))]",
"maxEventsPerBatch": 1,
"preferredBatchSizeInKilobytes": 64
}
},
"filter": {
"advancedFilters": [
{
"operatorType": "StringIn",
"key": "eventType",
"values": [
"xyzEvent"
]
},
{
"operatorType": "StringIn",
"key": "subject",
"values": [
"xyzEventReceived"
]
}
]
},
"labels": [],
"eventDeliverySchema": "EventGridSchema"
},
"dependsOn": [
"[variables('eventGridTopicName')]"
]
}
In my scenario, I was trying to add a function app Subscription to an event grid topic using "AzureFunctionEventSubscriptionDestination" as the destination. My issue was I missed adding the /functions/{targetFunctionName} to the resource id.
"resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{functionAppName}/functions/{targetFunctionName}"
I'm trying to deploy arm template with New VM and setting up Linux Diagnostic Extension/LAD without the creation of new Storage account but using an existing one. I found this article https://samcogan.com/generate-sas-tokens-in-arm-teamplates/ to use "listAccountSas" and I've set in "ProtectedSettings":
"storageAccountSasToken":
"[listAccountSas(parameters('existingStorageName'), '2018-07-01',
variables('accountSasProperties')).accountSasToken]"
"resources": [
{vm creation bla bla},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]",
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
},
"settings": {
"StorageAccount": "[parameters('existingStorageName')]",
"ladCfg": {
"diagnosticMonitorConfiguration": {
"eventVolume": "Medium",
"metrics": {
"metricAggregation": [
{
"scheduledTransferPeriod": "PT1H"
},
{
"scheduledTransferPeriod": "PT1M"
}
],
"resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
},
"performanceCounters": {
"sinks": "WADMetricJsonBlob",
"performanceCounterConfiguration": [
{
"annotation": [
{
"displayName": "Memory percentage",
"locale": "en-us"
}
],
"class": "memory",
"counter": "percentusedmemory",
"counterSpecifier": "/builtin/memory/percentusedmemory",
"type": "builtin",
"unit": "Percent"
}
]
},
"syslogEvents": {}
},
"sampleRateInSeconds": 15
}
}
}
},
When I try to deploy the template I get an error during validation:
"InvalidTemplate","message":"Deployment template validation failed:
'The template reference 'myExistingStorageAccount' is not valid: could
not find template resource or resource copy with this name. Please see
https://aka.ms/arm-template-expressions/#reference for usage
details.'."}
According to MS:
The reference function and list* functions don't create an implicit
dependency when the resource is referred to by its resource ID. To
create an implicit dependency, pass the name of the resource that is
deployed in the same template.
However, I tried with a nested template where to "create" the SAS token and in outputs to set sasToken.Id where later on to call, in my Main template, Diagnostic Extension with sastoken.Id:
{
"apiVersion": "2017-08-01",
"name": "SasTokenNestedTemplate",
"type": "Microsoft.Resources/deployments",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"mode" : "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion" : "2018-03-01",
"type": "Microsoft.Resources/deployments",
"name": "NestedSasTokenCreation",
"properties": {
"sasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
}
}
],
"outputs": {
"sasToken": {
"type": "string",
"value": "[resourceId('Microsoft.Resources/deployments', parameters('sasToken'))]"
}
}
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": { "value": "[reference('SasTokenNestedTemplate', '2017-08-01').outputs.sasToken.value]" },
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
But still getting the same error as above.
Thanks in advance for your help!
you need to give it resource id of the storage account, because its not the part of the template, it cant figure it out on it own.
listAccountSas(resourceId('Microsoft.Storage/storageAccounts', parameters('existingStorageName')), '2018-07-01', variables('accountSasProperties')).accountSasToken