我目前正在将我们的云基础设施迁移到 Terraform。我正在尝试将策略分配给资源组。但是它失败并出现错误
│ Error: ID cannot be a Resource Group ID
│ with azurerm_resource_policy_assignment.example, on main.tf line 50, in resource a zurerm_resource_policy_assignment" "example":
│ 50: resource_id = azurerm_resource_group.example.id
# Configure the Microsoft Azure provider
provider "azurerm" {
features {}
}
data "azurerm_subscription" "primary" {
}
data "azurerm_client_config" "example" {
}
# Define Policy
resource "azurerm_policy_definition" "example" {
display_name = "only-deploy-in-westus"
name = "only-deploy-in-westus"
policy_type = "Custom"
mode = "All"
policy_rule = <<POLICY_RULE
{
"if": {
"not": {
"field": "location",
"equals": "westus"
}
},
"then": {
"effect": "Deny"
}
}
POLICY_RULE
}
# Create a Resource Group if it doesn’t exist
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West US"
}
# Assign Permission
resource "azurerm_role_assignment" "example" {
scope = azurerm_resource_group.example.id
role_definition_name = "Reader"
principal_id = data.azurerm_client_config.example.object_id
}
# Assign Policy
resource "azurerm_resource_policy_assignment" "example" {
name = "example-policy-assignment"
resource_id = azurerm_resource_group.example.id
policy_definition_id = azurerm_policy_definition.example.id
}
最佳答案
要将策略分配给资源组,您不能使用 azurerm_resource_policy_assignment,但需要使用 azurerm_resource_group_policy_assignment。
resource "azurerm_resource_group_policy_assignment" "example" {
name = "example"
resource_group_id = azurerm_resource_group.example.id
policy_definition_id = azurerm_policy_definition.example.id
}
关于azure - Terraform - Azure 资源组 : Error: ID cannot be a Resource Group ID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73780821/