Develop Reference

How can I use dependsOn on copy resources in nested deployment?

I'm trying to deploy a RG tag for saving the roleAssignments version. I want that the tag deployment will be depended on the creation of the roleassignments. the roleassignments are created by using "copy" and the deployment is nested (since I need to change the scope to another RG and subscription).
I'm getting the following error message: {"code":"InvalidTemplate","message":"Deployment template validation failed: 'The template resource '[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]' at line '82' and column '9' is not valid: The template function 'copyIndex' is not expected at this location. The function can only be used in a resource with copy specified. Please see https://aka.ms/arm-copy for usage details.. Please see https://aka.ms/arm-template-expressions for usage details.'."}
How can I resolve it?
The template:
{
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"parameters": {
"managedIdentityName": {
"type": "String",
"metadata": {
"description": "The name of the managed identity resource."
}
},
"roleAssignmentsDefinitionIds": {
"type": "Array"
},
"roleAssignmentsVersion": {
"defaultValue": 0,
"type": "Int"
},
"resourceId": {
"type": "String"
},
"rolesAssignmentsResourceGroup": {
"type": "String"
},
"rolesAssignmentSubscriptionID": {
"type": "String"
}
},
"variables": {
"copy": [
{
"name": "roleAssignmentsToCreate",
"count": "[length(parameters('roleAssignmentsDefinitionIds'))]",
"input": {
"name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('managedIdentityName')), resourceGroup().id, parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')])]",
"roleDefinitionId": "[parameters('roleAssignmentsDefinitionIds')[copyIndex('roleAssignmentsToCreate')]]"
}
}
],
"roleAssignmentVersionTagName": "[concat(parameters('managedIdentityName'), 'RoleAssignmentVersion')]",
"roleAssignmentsVersionTags": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": "[parameters('roleAssignmentsVersion')]"
}
},
"updatedResourceGroupTags": "[union(resourceGroup(), variables('roleAssignmentsVersionTags')).tags]",
"roleAssignmentsDefaultVersion": {
"tags": {
"[variables('roleAssignmentVersionTagName')]": 0
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "[uniqueString(concat('nonRegionalRoleAssignments-', parameters('resourceId'), variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId))]",
"properties": {
"mode": "Incremental",
"parameters": {},
"copy": {
"name": "roleAssignment",
"count": "[length(variables('roleAssignmentsToCreate'))]",
"mode": "serial",
"batchSize": 1
},
"template": {
"$schema": https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#,
"contentVersion": "1.0.0.0",
"variables": {},
"resources": [
{
"name": "[guid(parameters('resourceId'), 'Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId, resourceGroup().id)]",
"type": "Microsoft.Authorization/roleAssignments",
"condition": "[less(int(union(variables('RoleAssignmentsDefaultVersion'), resourceGroup()).tags[variables('roleAssignmentVersionTagName')]), parameters('roleAssignmentsVersion'))]",
"apiVersion": "2020-04-01-preview",
"properties": {
"principalId": "[reference(parameters('resourceId'), '2018-11-30').principalId]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', variables('roleAssignmentsToCreate')[copyIndex()].roleDefinitionId)]",
"principalType": "ServicePrincipal"
}
}
]
}
},
"subscriptionId": "[parameters('rolesAssignmentSubscriptionID')]",
"resourceGroup": "[parameters('rolesAssignmentsResourceGroup')]"
}
Thanks

Remove:
"dependsOn": [
"roleAssignment"
],
From the tags resource - it's not needed.

InvalidResourceNamespace error when attempting to deploy Event Grid Subscription for Azure Function

I have an existing Event Grid Topic and want to add an Event Subscription to it, with an existing Azure Function endpoint.
To achieve this I am using Linked Templates. ARM Template validation passes, but deployment fails, with quite a peculiar error:
"InvalidResourceNamespace: "The resource namespace 'subscriptions' is invalid. (Code: InvalidResourceNamespace)"
Here's the raw error:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "InvalidContentLink",
"message": "Unable to download deployment content from 'https://storagearmtpl.blob.core.windows.net/arm-tpl-service-cd-11111-artifacts/nestedtemplates/eventGridSubscriptionTemplate.json?sv=sasartifactsstring'. The tracking Id is '11111111'. Please see https://aka.ms/arm-deploy for usage details."
},
{
"code": "InvalidResourceNamespace",
"message": "The resource namespace 'subscriptions' is invalid."
}
]
}
Where sasartifactsstring is a valid artifacts locations sas token. (I'm assuming, it looks correct)
I understand that this error stems from the "type" of the resource in the template being invalid, but as you can see below, it's simply Microsoft.EventGrid/topics/providers/eventSubscriptions.
/nestedtemplates/eventGridSubscriptionTemplate.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subscriptionName": {
"type": "string",
"metadata": {
"description": "Name of the event grid subscription"
}
},
"topicName": {
"type": "string",
"metadata": {
"description": "Event grid Topic Name to Subscribe."
}
},
"functionResourceGroupName": {
"type": "string",
"metadata": {
"description": "Resource group name for functionapp"
}
},
"functionAppName": {
"type": "string",
"metadata": {
"description": "function app name"
}
},
"subscriptionId": {
"type": "string",
"metadata": {
"description": "The id string of the Azure subscription"
}
},
"topicResourceGroupName": {
"type": "string",
"metadata": {
"description": "The name of the topic resource group"
}
}
},
"variables": {},
"resources": [
{
"name": "[concat(parameters('topicName'), '/Microsoft.EventGrid/', parameters('subscriptionName'))]",
"type": "Microsoft.EventGrid/topics/providers/eventSubscriptions",
"location": "[resourceGroup().location]",
"apiVersion": "2020-06-01",
"properties": {
"topic": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('topicResourceGroupName'), 'providers/Microsoft.EventGrid/topics/', parameters('topicName'))]",
"destination": {
"endpointType": "AzureFunction",
"properties": {
"resourceId": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('functionResourceGroupName'), '/providers/Microsoft.Web/sites/', parameters('functionAppName'), '/functions/HelloWorld')]",
"maxEventsPerBatch": 1,
"preferredBatchSizeInKilobytes": 64
}
},
}
},
"dependsOn": [
]
}
],
"outputs": {}
}
/azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"_artifactsLocation": {
"type": "string"
},
"_artifactsLocationSasToken": {
"type": "securestring"
},
"functionResourceGroupName": {
"type": "string"
},
"functionAppName": {
"type": "string"
},
"topicName": {
"type": "string"
},
"topicResourceGroupName": {
"type": "string"
},
"subscriptionId": {
"type": "string"
}
},
"variables": {
"templateFolder": "nestedtemplates",
"subscriptionTemplateFileName": "eventGridSubscriptionTemplate.json"
},
"resources": [
{
"name": "functionsubscription"
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10"
"resourceGroup": "[parameters('topicResourceGroupName')]",
"dependsOn": [ ],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'), '/', variables('templateFolder'), '/', variables('subscriptionTemplateFileName'), parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subscriptionName": {
"value": "FunctionSubscription"
},
"topicName": {
"value": "[parameters('topicName')]"
},
"functionResourceGroupName": {
"value": "[parameters('functionResourceGroupName')]"
},
"functionAppName": {
"value": "[parameters('functionAppName')]"
},
"topicResourceGroupName": {
"value": "[parameters('topicResourceGroupName')]"
},
"subscriptionId": {
"value": "[parameters('subscriptionId')]"
}
}
}
}
]
}
azure deploy parameters file
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
,
"functionResourceGroupName": {
"value": "functionResourceGroup"
},
"functionAppName": {
"value": "functionAppName"
},
"subscriptionId": {
"value": "1111111111"
},
"topicName": {
"value": "topicName"
},
"topicResourceGroupName": {
"value": "topicResourceGroup"
}
}
Really not sure what I'm doing wrong here. Worth noting that the first error is annoying as well and I'm not sure why it can't download the deployment content...
update/edit:
It's worth noting that the release is using Classic Azure Release Pipelines. And the error comes up during the release.
Looking into the deployment logs for the resource group, I was able to see that the deployment was trying to deploy an invalid resource, with the type starting "subscriptions/.....", so at least I know where the error is coming from. Still investigating what is causing this misread...

The cause of the odd 'subscriptions' error was due to the fact that I inserted a new resource into my resources list in my deployment (parent) ARM template, but not at the end of the list.
Once I put the deployment resource that references the new event grid subscription at the end of the resources list, the error did not show up.
azuredeploy.json
resources: [
{all other existing deployment resources ....},
{
"name": "functionsubscription"
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10"
"resourceGroup": "[parameters('topicResourceGroupName')]",
"dependsOn": [ ],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'), '/', variables('templateFolder'), '/', variables('subscriptionTemplateFileName'), parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"subscriptionName": {
"value": "FunctionSubscription"
},
"topicName": {
"value": "[parameters('topicName')]"
},
"functionResourceGroupName": {
"value": "[parameters('functionResourceGroupName')]"
},
"functionAppName": {
"value": "[parameters('functionAppName')]"
},
"topicResourceGroupName": {
"value": "[parameters('topicResourceGroupName')]"
},
"subscriptionId": {
"value": "[parameters('subscriptionId')]"
}
}
}
}
]
However, I am still dealing with the InvalidContentLink error, the main problem of the question has been resolved.

How to tag Current time as a Tag for an ARM Deployment

I am trying to create a Log Analytics Workspace using an ARM template and a parameter files. I am also thinking to tag currrent time as CreatedOn tag for the resource.
Below is my ARM template-
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"LAWName": {
"type": "string"
},
"LocationName": {
"type": "string"
},
"SKUName": {
"type": "string"
},
"Tags": {
"type": "object"
}
},
"resources": [
{
"apiVersion": "2017-03-15-preview",
"name": "[parameters('LAWName')]",
"location": "[parameters('LocationName')]",
"tags": "[parameters('Tags')]",
"type": "Microsoft.OperationalInsights/workspaces",
"properties": {
"sku": {
"name": "[parameters('SKUName')]"
}
}
}
]
}
and here is my param file-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"LAWName": {
"value": "atifmtest1"
},
"LocationName": {
"value": "westeurope"
},
"SKUName": {
"value": "pergb2018"
}
"Tags": {
"value": {
"CreatedBy": "Atif",
"CreatedOn": "[utcNow()]",
"Purpose": "Monitoring"
}
}
}
}
I read here https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-date#utcnow that there is utcNow() function for ARM template but that is being considered as a string here and the current time does not appear as a tag for the resource.
What is the other way using which this can be achieved ?
Thanks in advance !!

Here is a working example:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"utcShort": {
"type": "string",
"defaultValue": "[utcNow('d')]"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
}
},
"resources": [
{
"apiVersion": "2019-04-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat('storage', uniqueString(resourceGroup().id))]",
"location": "[parameters('location')]",
"tags": {
"Dept": "Finance",
"Environment": "Production",
"LastDeployed": "[parameters('utcShort')]"
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
]
}
Source.

Please follow the below steps for better results.
Add the utcShort in parameters and give a default value "[utcNow()]", Its not work from the parameters file. add utcShort into variables to make an object type. Follow the below steps.
"utcShort ": {
"type": "string",
"defaultValue": "[utcNow()]"
},
"resourceTags": {
"type": "object"
}
},
"variables":{
"createdDate": {
"createdDate": "[parameters('utcShort ')]"
}
},
Use this variable in Tags like below..
"tags": "[union(parameters('resourceTags'), variables('createdDate'))]"

The template reference 'not valid error in arm template

I am deploying resource group using arm templates
Below is the command and error I am getting
az deployment create --name test-deployment --template-file azuredeploy.json --parameters azuredeploy.parameters.json -l westus2
This command has been deprecated and will be removed in a future release. Use 'deployment sub create' instead.
{'additionalProperties': {}, 'code': 'InvalidTemplate', 'message': "Deployment template validation failed: 'The template reference 'DEV-AI-POC-WESTUS2-RG' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'.", 'target': None, 'details': None, 'additionalInfo': [{'additionalProperties': {}, 'type': 'TemplateViolation', 'info': {'lineNumber': 0, 'linePosition': 0, 'path': ''}}]}
azuredeploy.json:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enviroment": {
"type": "string",
"defaultValue": "poc"
},
"location": {
"type": "string",
"defaultValue": "West US"
},
"depattmentName": {
"type": "string"
},
"project": {
"type": "string"
}
},
"variables": {
"rgName": "[concat(toupper(parameters('depattmentName')), '-', toupper(parameters('project')), '-', toupper(parameters('enviroment')), '-', toupper(replace(parameters('location'), ' ', '')), '-', 'RG')]",
"rgDeploymentName": "[concat(deployment().name, '-rg')]",
"_artifactsLocation": "https://xxxxxxx/xxxxxx"
},
"resources": [
{
"name": "[variables('rgDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"ResourceGroup": "[variables('rgName')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(variables('_artifactsLocation'),'/src/arm/templates/resourcegroup.json')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"rgName": {
"value": "[variables('rgName')]"
},
"rgLocation": {
"value": "[parameters('location')]"
}
}
}
}
],
"outputs": {
"resourceGroups": {
"type": "object",
"value": "[reference(variables('rgName'))]"
}
}
}
azuredeploy.parameters.json:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "westus2"
},
"depattmentName": {
"value": "Dev"
},
"project": {
"value": "AI"
},
"enviroment": {
"value": "poc"
}
}
}
resourcegroup.json(calling template)
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string"
}
},
"variables": {
"storageAccountType": "Standard_LRS"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage"
}
],
"outputs": {
"storageDetails": {
"type": "string",
"value": "[concat(parameters('storageAccountName'), '-', variables('storageAccountType'))]"
}
}
}
Can anyone please help me to fix,
I have to deploy/crease resource group if not exist in azure portal using arm template. arm template should be called through uri in blob storage.

what it tells you is that your output is not valid, you dont have a resource or resource copy with that name, because you are attempting to create a deployment (not a resource group) in another resource group, so the reference function doesnt know about that and hence fails.
So you need to first create the resource group and then create a deployment to that group

ARM template: issue with output in nested templates

I'm currently facing an issue with nested template.
When I'm applying my template (detail below), I get this answer from Azure:
Azure Error: InvalidTemplate
Message: Deployment template validation failed: 'The template reference 'sandbox.test.portal' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'.
However, I don't really understand why I get this issue, because for the content inside the nested template, I used what they provide in the documentation here: https://github.com/Azure/azure-quickstart-templates/blob/master/101-azure-dns-new-zone/azuredeploy.json
My ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"newZoneName": {
"type": "string",
"defaultValue": "sandbox.test.portal",
"metadata": {
"description": "The name of the DNS zone to be created. Must have at least 2 segements, e.g. hostname.org"
}
},
"newRecordName": {
"type": "string",
"defaultValue": "www",
"metadata": {
"description": "The name of the DNS record to be created. The name is relative to the zone, not the FQDN."
}
}
},
"variables": {
"publicIPAddressName": "[concat(resourceGroup().name, '-pip')]",
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "my-rg",
"subscriptionId": "[subscription().subscriptionId]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/dnszones",
"name": "[parameters('newZoneName')]",
"apiVersion": "2016-04-01",
"location": "global",
"properties": {
}
},
{
"type": "Microsoft.Network/dnszones/a",
"name": "[concat(parameters('newZoneName'), '/', parameters('newRecordName'))]",
"apiVersion": "2016-04-01",
"location": "global",
"dependsOn": [
"[parameters('newZoneName')]"
],
"properties": {
"TTL": 3600,
"ARecords": [
{
"ipv4Address": "1.2.3.4"
},
{
"ipv4Address": "1.2.3.5"
}
]
}
}
],
"outputs": {
"nameServers": {
"type": "array",
"value": "[reference(parameters('newZoneName')).nameServers]"
}
}
}
}
}
]
}

basically, you need to remove the outputs from the nested inline template, so remove this bit:
"outputs": {
"nameServers": {
"type": "array",
"value": "[reference(parameters('newZoneName')).nameServers]"
}
}
long story short, nested inline deployments are bad. dont use them.
alternatively move those to the parent template and do a real lookup:
reference(resourceId('Microsoft.Network/dnszones', parameters('newZoneName')))

You have several minor mistakes in your template:
Comma in variables '-pip')]",
Undefined parameter dnsLabelPrefix
The general mistake in nested outputs. When you use nested templates azure don't find it in your main template. Therefore you must use a reference function with identifier and API: "[reference(resourceId('Microsoft.Network/dnszones', parameters('newZoneName')), '2016-04-01').nameServers]".
I modified your template and validate in my subscription.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"newZoneName": {
"type": "string",
"defaultValue": "sandbox.test.portal",
"metadata": {
"description": "The name of the DNS zone to be created. Must have at least 2 segements, e.g. hostname.org"
}
},
"newRecordName": {
"type": "string",
"defaultValue": "www",
"metadata": {
"description": "The name of the DNS record to be created. The name is relative to the zone, not the FQDN."
}
},
"dnsLabelPrefix": {
"type": "string",
"defaultValue": "[concat('dns',uniqueString(resourceGroup().name))]"
},
"nestedResourceGroup": {
"type": "string",
"defaultValue": "my-rg",
"metadata": {
"description": "my-rg"
}
}
},
"variables": {
"publicIPAddressName": "[concat(resourceGroup().name, '-pip')]"
},
"resources": [
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-05-10",
"name": "nestedTemplate",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[parameters('nestedResourceGroup')]",
"subscriptionId": "[subscription().subscriptionId]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/dnszones",
"name": "[parameters('newZoneName')]",
"apiVersion": "2016-04-01",
"location": "global",
"properties": {
}
},
{
"type": "Microsoft.Network/dnszones/a",
"name": "[concat(parameters('newZoneName'), '/', parameters('newRecordName'))]",
"apiVersion": "2016-04-01",
"location": "global",
"dependsOn": [
"[resourceId('Microsoft.Network/dnszones', parameters('newZoneName'))]"
],
"properties": {
"TTL": 3600,
"ARecords": [
{
"ipv4Address": "1.2.3.4"
},
{
"ipv4Address": "1.2.3.5"
}
]
}
}
],
"outputs": {
"nameServers": {
"type": "array",
"value": "[reference(resourceId('Microsoft.Network/dnszones', parameters('newZoneName')), '2016-04-01').nameServers]"
}
}
}
}
}
]
}
Have a nice day!