azurerm_subscription_policy_remediation issue

Question

azurerm_subscription_policy_remediation issue

zhangchl007 opened this issue 2 years ago · comments

Jimmy Zhang commented 2 years ago

Issue Template

Prerequisites

I am running the latest version
I checked the documentation and found no answer
I checked to make sure that this issue has not already been filed

Context

Module Version:
master branch
Terraform Version:
terraform version
Terraform v1.3.1
AzureRM Provider Version:
version = ">=3.23.0"

 on ../modules/def_assignment/main.tf line 139, in resource "azurerm_subscription_policy_remediation" "rem"

139 resource azurerm_subscription_policy_remediation rem {
140   count                   = local.create_remediation + local.remediate.sub > 1 ? 1 : 0
141   name                    = lower("${var.definition.name}-${formatdate("DD-MM-YYYY-hh:mm:ss", timestamp())}")
142   subscription_id         = local.remediation_scope
143   policy_assignment_id    = local.assignment.id
144   resource_discovery_mode = var.resource_discovery_mode
145   location_filters        = var.location_filters
146   failure_percentage      = var.failure_percentage
147   parallel_deployments    = var.parallel_deployments
148   resource_count          = var.resource_count
149 }

Expected Behavior

try to perform a testing for example

Current Behavior

make example works for testing

Possible Solution

Failure Information (for bugs)

Steps to Reproduce

git clone https://github.com/gettek/
cd terraform-azurerm-policy-as-code/example
terraform init
terraform plan -out=./myplan
terraform apply "./myplan"

Failure Logs

module.org_mg_configure_az_monitor_and_security_vm_initiative.azurerm_management_group_policy_remediation.rem["ASC_AMA_DefaultPipeline_Deploy"]: Creation complete after 4s [id=/providers/Microsoft.Management/managementGroups/policy_dev/providers/Microsoft.PolicyInsights/remediations/asc_ama_defaultpipeline_deploy-20-10-2022-01:32:03]
╷
│ Error: creating/updating /subscriptions/7996451c-728c-4b55-87f3-dfa8aeac980e/providers/Microsoft.PolicyInsights/remediations/inherit_resource_group_tags_modify-20-10-2022-01:32:00: remediations.RemediationsClient#RemediationsCreateOrUpdateAtSubscription: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidCreateRemediationRequest" Message="The policy assignment specified in remediation 'inherit_resource_group_tags_modify-20-10-2022-01:32:00' is out of scope. Policy assignments should be specified only at or above the remediation scope."
│
│ with module.team_a_mg_inherit_resource_group_tags_modify.azurerm_subscription_policy_remediation.rem[0],
│ on ../modules/def_assignment/main.tf line 139, in resource "azurerm_subscription_policy_remediation" "rem":
│ 139: resource azurerm_subscription_policy_remediation rem {

Jimmy Zhang · Answer 1 · Fri Oct 21 2022 09:35:05 GMT+0800 (China Standard Time)

I was caused by the assignment scope , I fixed it ,let me close this issue