I created Azure Databricks in my resource group. This created the managed resource group with a storage account. My resource group also contains other database services such as Cosmos DB and SQL Server.
I removed the resource group after my work was complete. Unfortunately, the managed resource group did not get removed. Note: I did not remove the Databricks service, I deleted the resource group itself.
When I try to remove the managed resource group manually, I get the following error:
the access is denied because of the deny assignment with name 'System deny assignment created by Azure Databricks
Under IAM, I do see the Deny Assignment that was created by Databricks. Due to this, the resource group cannot be deleted.
It's been a few days since my resource group was deleted, but the managed resource group still remains.
How can I remove this managed resource group?
The managed resource group created by Databricks cannot be deleted from portal or through any scripts since it was created by the Databricks resource itself. The deny assignment prevents deletion of the managed resource group. The only option is to contact support team.
Microsoft support allowed me to create a free ticket to raise the issue. The engineering team removed the restriction on the managed resource group and informed me that I can go ahead with deleting the same.
I was able to delete the managed resource group successfully. Also note that I was not able to re-produce the issue (it must be a one-off incident).
Thanks for all the help.
Related
In our organization, we have a common Azure subscription with a separate resource group for each solution. I have Owner rights for my solution's resource group, but when we create Databricks workspaces, a separate managed resource group databricks-rg-*** is created which I don't have access to. To be able to manage our Azure costs, I need to have access to the Cost analysis section of this managed resource group. What role do I need in this resource group to be able to see the costs?
To be able to manage our Azure costs, I need to have access to the Cost analysis section of this managed resource group. What role do I need in this resource group to be able to see the costs?
To see the cost, the Reader role is enough. If you want to do other operations except reading, you need the role e.g. Contributor, Owner.
I have two SQL managed instance in two different region(One in Australia East another one in Australia Southeast. They are in a Pay-As-You-Go subscription. Now I want to move those resources to a CSP subscription. Is it possible to move SQL managed instance across subscription?
Azure SQL managed instance supports the move operation: move to another resource group or another subscription. You can get this from this document: Move operation support for resources.
If you want to move the managed instance subscription, you need to operate on the resource group overview. Choose all the resource about managed instance.
For more details, please see this Azure tutorial: Move resources to new resource group or subscription:
Summary:
This article shows you how to move Azure resources to either another Azure subscription or another resource group under the same subscription. You can use the Azure portal, Azure PowerShell, Azure CLI, or the REST API to move resources.
Both the source group and the target group are locked during the move operation. Write and delete operations are blocked on the resource groups until the move completes. This lock means you can't add, update, or delete resources in the resource groups, but it doesn't mean the resources are frozen. For example, if you move a SQL Server and its database to a new resource group, an application that uses the database experiences no downtime. It can still read and write to the database.
Moving a resource only moves it to a new resource group. The move operation can't change the location of the resource. The new resource group may have a different location, but that doesn't change the location of the resource.
It also gives you many examples about how to move resource group or subscription:
By using Azure portal.
By using Azure PowerShell.
By using Azure CLI.
By using REST API.
Hope this helps.
There is a peculiar issue while build image using packer. Our service principle in azure will not have access to create or delete resource group, whereas packer is trying to create the temporary resource group in each build.
I changed the temp_resource_group_name to build_resource_group_name which is pointing to an existing resource group. Post that I got following error message while building, can you please help me figure our where I'm doing wrong.
Specify either a location to create the resource group in or an
existing build resource group name, but not both packer stack overflow
If you want to create the image using Packer with an exist resource group as the creation, there is a limitation for it.
Providing temp_resource_group_name or location in combination with
build_resource_group_name is not allowed.
So you should more carefully for the creation, and for more details about that, see Azure Resource Manager Builder.
Update
The update for the issue that multi subscriptions in the same resource group. The property subscription_id already shows that which subscription was chosen for the build_resource_group_name. So you do not worry about which subscription will be chosen.
When I try to deploy my solution on MS azure using an existing resource group it gives me an error as follows:
"This resource group contains existing resources.Choose an empty resource group or create a new one".
Can someone point how can I fix the error in CreateUIdefination.json or something else I need to do.
According to the message, we can't create that resource to that resource group which contains existing resources, we should create a new resource group, or use an empty resource group.
As 4c74356b41 said, by default, Azure not support to deploy managed application to resource group with resources.
Please try to use an empty resource group to deploy it.
Some times we had deleted the 'resource group' accidentally on azure cloud, its fine that if our/your resource group does not have any deployments on it and we can create immediately newer one and will proceed our stuff, but if we had deployments on it, then its becomes major problem/task.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
You can export service configurations that belong to a resource group as JSON. Within the portal, there is an option "Export Template" under the Resource Management Navigation Group.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
Unfortunately, we have no way to recovery it, if the resource group is deleted . We could get the warning if we try to delete resource group from the azure portal. Connect to Azure support team for help maybe a way, but I don't think it could be easy for restoring.
Note : based on my understanding even if we could re-create the resource with ARM template(If we have exported the ARM template before delete), it seems that just with the same resource names with deleted resource that is not equal recovery action.