I am following the steps mentioned in this exercise on Microsoft Azure, given the exercise link below:
Azure Developer League: Secure Azure Kubernetes Cluster
I am stuck at the below code.
When I run this code in the azure cloud shell(sandbox), as mentioned in the steps given in that course:
export DATABASE_NAME=contoso-ship-manager-$RANDOM && \
az cosmosdb create \
-n $DATABASE_NAME \
-g $RESOURCE_GROUP \
--kind MongoDB \
--enable-free-tier
Or this code:
export DATABASE_NAME=contoso-ship-manager-$RANDOM && az cosmosdb create --name $DATABASE_NAME --resource-group $RESOURCE_GROUP --subscription "Concierge Subscription"
Whenever I run anyone of the above codes, I get this error:
(RequestDisallowedByPolicy) Resource 'contoso-ship-manager-17984' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"containers-assignment","id":"/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment"},"policyDefinition":{"name":"Allowed resource types","id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c"},"policySetDefinition":{"name":"containers-initiative","id":"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative"}}]'. Additional Information:Type: PolicyViolation Info: { "policyDefinitionDisplayName": "Allowed resource types", "policySetDefinitionDisplayName": "containers-initiative", "evaluationDetails": { "evaluatedExpressions": [ { "result": "False", "expressionKind": "Field", "expression": "type", "path": "type", "expressionValue": "Microsoft.DocumentDB/databaseAccounts", "targetValue": [ "microsoft.compute/virtualmachinescalesets", "Microsoft.ContainerInstance/containerGroups", "microsoft.containerregistry/registries", "microsoft.containerregistry/registries/replications", "microsoft.containerservice/managedclusters", "microsoft.insights/components", "microsoft.keyvault/vaults", "Microsoft.MachineLearningServices/workspaces", "Microsoft.MachineLearningServices/workspaces/datastores", "microsoft.managedidentity/userassignedidentities", "microsoft.network/applicationgateways", "microsoft.network/dnszones", "Microsoft.Network/dnszones/A", "Microsoft.Network/dnszones/AAA", "Microsoft.Network/dnszones/all", "Microsoft.Network/dnszones/CAA", "Microsoft.Network/dnszones/CNAME", "Microsoft.Network/dnszones/MX", "Microsoft.Network/dnszones/NS", "Microsoft.Network/dnszones/PTR", "Microsoft.Network/dnszones/recordsets", "Microsoft.Network/dnszones/SOA", "Microsoft.Network/dnszones/SRV", "Microsoft.Network/dnszones/TXT", "microsoft.network/loadbalancers", "microsoft.network/networksecuritygroups", "microsoft.network/privatednszones", "microsoft.network/privatednszones/virtualnetworklinks", "microsoft.network/privateendpoints", "microsoft.network/publicipaddresses", "microsoft.network/routetables", "microsoft.network/virtualnetworks", "microsoft.operationsmanagement/solutions", "microsoft.operationalinsights/workspaces", "Microsoft.Storage/storageAccounts", "Microsoft.Storage/storageAccounts/blobServices", "Microsoft.Storage/storageAccounts/fileServices", "Microsoft.Storage/storageAccounts/queueServices", "Microsoft.Storage/storageAccounts/tableServices", "Microsoft.Storage/storageAccounts/blobServices/containers", "Microsoft.Storage/storageAccounts/fileServices/shares", "microsoft.web/connections" ], "operator": "In" } ] }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c", "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative", "policyDefinitionReferenceId": "allowed-resource-types_1", "policySetDefinitionName": "containers-initiative", "policyDefinitionName": "a08ec900-254a-4555-9bf5-e42af04b5c5c", "policyDefinitionEffect": "deny", "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment", "policyAssignmentName": "containers-assignment", "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45" }
I am trying this from last 2 days but again getting same error always. What can I do?
Please help me out.
Any help would be appreciated.
The reason you're getting this error is because you're creating a Cosmos DB resource/database and your Subscription Administrator has set a policy that disallows the creation of such resources.
You will need to contact your Subscription Administrator so that they can change the policy to allow creation of Cosmos DB resources.
Read more from here