Terraform: Create an Azure policy (allowed location) - missing a value
I encountered the following error message, but I couldn't identify what I missed.
Error: creating Scoped Policy Assignment (Scope: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" │ Policy Assignment Name: "Allowed locations"): unexpected status 400 with error: PolicyParametersMissingValue: The policy parameters 'listOfAllowedLocations' are missing a value.
Below is my Terraform code.
provider "azurerm" {
features {}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 2.96.0"
}
}
}
resource "azurerm_subscription_policy_assignment" "Allowedlocations2" {
name = "Allowed locations"
subscription_id = var.cust_scope
policy_definition_id = "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
description = "This policy enables you to restrict the locations your organization can specify when deploying resources."
display_name = "Allowed locations"
metadata = <<METADATA
{
"category": "General"
}
METADATA
parameters = <<PARAMETERS
{
"listOfAllowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of locations that can be specified when deploying resources.",
"strongType": "location",
"displayName": "Allowed locations",
"strongType": "location"
},
"defaultValue": [
"eastus"
],
"allowedValues": [
"eastus",
"eastus2"
]
}
}
PARAMETERS
}
As a Terraform beginner, I've missed a value, but I'm unable to find it. If anyone knows what it is and how to find it, please let me know.
azurerm_subscription_policy_assignment.Allowedlocations2: Creating...
╷
│ Error: creating Scoped Policy Assignment (Scope: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
│ Policy Assignment Name: "Allowed locations"): unexpected status 400 with error: **PolicyParametersMissingValue: The policy parameters 'listOfAllowedLocations' are missing a value.**
│
│ with azurerm_subscription_policy_assignment.Allowedlocations2,
│ on main.tf line 65, in resource "azurerm_subscription_policy_assignment" "Allowedlocations2":
│ 65: resource "azurerm_subscription_policy_assignment" "Allowedlocations2" {
│
│ creating Scoped Policy Assignment (Scope: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
│ Policy Assignment Name: "Allowed locations"): unexpected status 400 with error: PolicyParametersMissingValue: The policy parameters 'listOfAllowedLocations' are missing a value.
╵
Error: creating Scoped Policy Assignment (Scope: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" │ Policy Assignment Name: "Allowed locations"): unexpected status 400 with error: PolicyParametersMissingValue: The policy parameters 'listOfAllowedLocations' are missing a value.
The reason for the above error message indicates that the listOfAllowedLocations parameter is missing a value in your policy assignment.it seems you are defining the parameters block incorrectly.
When I try to pass it without the listOfAllowedLocations in the wrong format, I also get the same error as you.
Here is the update Terraform code to create Policy definition and assignment.
provider "azurerm" {
features {}
}
data "azurerm_subscription" "current" {}
data "azurerm_policy_definition" "example" {
display_name = "Allowed locations"
}
output "id" {
value = data.azurerm_policy_definition.example.id
}
resource "azurerm_subscription_policy_assignment" "example" {
name = "Allowed Locations Policy-1"
policy_definition_id = data.azurerm_policy_definition.example.id
subscription_id = data.azurerm_subscription.current.id
parameters = jsonencode({
listOfAllowedLocations = {
value = ["eastus", "westus"]
}
})
}
Terraform apply:
Once ran the above code policy is assigned to subscription scope as below.
