Set-AzKeyVaultAccessPolicy: Cannot validate argument on parameter 'VaultName'. The argument is null or empty
Trying to Create Premium Key Vault using Azure PowerShell in Visual Studio Code:
Source Code Reference from Ned1313-GitHub.
#Prefix for resources
$prefix = "cmk"
#Basic variables
$location = "eastus"
$id = Get-Random -Minimum 1000 -Maximum 9999
#Log into Azure
Add-AzAccount
#Select the correct subscription
Get-AzSubscription -SubscriptionName "Test Subscription" | Select-AzSubscription
#Create a resource group for Key Vault
$keyVaultGroup = New-AzResourceGroup -Name "$prefix-key-vault-$id-rg" -Location $location
#Create a new Key Vault
$keyVaultParameters = @{
Name = "$prefix-key-vault-$id"
ResourceGroupName = $keyVaultGroup.ResourceGroupName
Location = $location
Sku = "Premium"
}
$keyVault = New-AzKeyVault @keyVaultParameters
#Grant yourself access to the Key Vault
# Give your user principal access to all storage account permissions, on your Key Vault instance
$accessPolicy = @{
VaultName = $keyVault.Name
UserPrincipalName = "USER_PRINCIPAL_NAME"
PermissionsToStorage = ("get","list","listsas","delete","set","update","regeneratekey","recover","backup","restore","purge")
}
Above Script is worked successfully.
Set-AzKeyVaultAccessPolicy @accessPolicy
Error:
Set-AzKeyVaultAccessPolicy: Cannot validate argument on parameter 'VaultName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
If I try replace Name with VaultName in the block of access policy, such as
VaultName = $keyVault.VaultName and the result would be:
Set-AzKeyVaultAccessPolicy: Operation returned an invalid status code 'NotFound'.
What would be the cause of the above errors, can anyone help me where I did wrong.
The error "Set-AzKeyVaultAccessPolicy: Operation returned an invalid status code 'NotFound'" occurs if the resource is not found i.e. Key Vault name is not passed correctly or null while executing the script.
When I executed the same script, I got the NotFound error as below:
Here the error occurred as the Key Vault is getting created and it is followed by setting by the Access Policy. It needs few seconds of time to be created.
New-AzKeyVault creates the Key Vault and the value of the $keyVault.VaultName will be empty because of no gap of seconds between creating Key Vault and setting access policy.
As a workaround, you can add Start-Sleep -Seconds 2.5 like below:
#Prefix for resources
$prefix = "cmk"
#Basic variables
$location = "eastus"
$id = Get-Random -Minimum 1000 -Maximum 9999
#Log into Azure
Add-AzAccount
#Select the correct subscription
Get-AzSubscription -SubscriptionName "Free Trial" | Select-AzSubscription
#Create a resource group for Key Vault
$keyVaultGroup = New-AzResourceGroup -Name "$prefix-key-vault-$id-rg" -Location $location
#Create a new Key Vault
$keyVaultParameters = @{
Name = "$prefix-key-vault-$id"
ResourceGroupName = $keyVaultGroup.ResourceGroupName
Location = $location
Sku = "Premium"
}
$keyVault = New-AzKeyVault @keyVaultParameters
Start-Sleep -Seconds 2.5
#Grant yourself access to the Key Vault
# Give your user principal access to all storage account permissions, on your Key Vault instance
$accessPolicy = @{
VaultName = $keyVault.VaultName
UserPrincipalName = "ruk@xxx.onmicrosoft.com"
PermissionsToStorage = ("get","list","listsas","delete","set","update","regeneratekey","recover","backup","restore","purge")
}
Set-AzKeyVaultAccessPolicy @accessPolicy
Otherwise, first create the Key Vault and then set the access policy separately like below:
$accessPolicy = @{
VaultName = $keyVault.VaultName
UserPrincipalName = "ruk@xxx.onmicrosoft.com"
PermissionsToStorage = ("get","list","listsas","delete","set","update","regeneratekey","recover","backup","restore","purge")
}
Set-AzKeyVaultAccessPolicy @accessPolicy
$accessPolicy
The Access policy got created successfully like below:
