Deploy ARM template at management group scope with Azure DevOps Pipeline
I want to deploy an ARM template on a management group via an Azure Devops pipeline task. I created a task based on the AzureResourceManagerTemplateDeployment@3 task. Below is my task in the pipeline YAML file.
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Management Group'
azureResourceManagerConnection: 'My ARM Connection Name'
location: 'East US'
templateLocation: 'Linked artifact'
csmFile: 'template.bicep'
deploymentMode: 'Validation'
When I run the pipeline I get the error ##[error]Error: Task failed while initializing. Error: Endpoint data parameter ${ID} not present: ManagementGroupId
The AzureResourceManagerTemplateDeployment@3 task supports subscription, resource group, and management group deployment scope. Subscription level deployments have a parameter to provide the subscription ID, and resource group level deployments have a parameter for the resource group name. Management group level deployments don't seem to have any way to specify which management group to deploy the template.
I can deploy the template to a management group via the az cli by specifying the management group ID. Is there some way to make the pipeline task work or is this just a bug in the pipeline task?
As we all know:
- One Management Group can contain multiple Subscriptions.
- One Subscription can contain multiple Resource Groups.
When you set up an Azure Resource Manager service connection (ARM service connection), you can select the scope as either "Subscription" or "Management Group" on this connection. No other available scopes higher than "Management Group" on the connection.
- With the "
Subscription" scope ARM service connection, you can deploy the resources to "Subscription" or "Resource Groups". - With the "
Management Group" scope ARM service connection, you can deploy the resources to "Management Group", "Subscription" or "Resource Groups".
When you set up an ARM service connection with "Management Group" scope, you need to provide the ID and Name of the Management Group.
When you use the connection to deploy resources to "Management Group", the task will automatically fetch the ID and Name of the Management Group that you have provided on the connection. So, you do not need to provide the information again on the task.
When you deploy resources to "Subscription" or "Resource Groups", as mentioned above, within the scope of the connection, it might contain multiple Subscriptions and Resource Groups. So, you need to specify the ID and Name of the target Subscription and Resource Group on the task.
- Scope is not being added to Access Token returned from Azure Ad
- az cli : create container app via yaml fail due to parsing to json
- Display agents API ADO with SystemCapabilities filter
- Azure devops variables are not updating
- Azure DevOps Pipeline Throwing Error with Terraform While Deploying to Azure
- Azure AppService and SQL Server in Docker compose can't connect
- The required field 'nonce' is missing from the credential. Ensure that you have all the necessary parameters for the login request. [Azure Open ID]
- MongoDB - conditional uniqueness constraints on different "id" fields
- Retry delay on Function with Azure ServiceBus queue trigger
- Azure Static Web App: Add an header for each JS file
- How to configure Application Insights for sending telemetry from .net 4.8 application
- IServiceCollection does not contain a definition for AddAzureClients
- How to authenticate with Azure ACR from Azure container app service
- Azure Cli how to change subscription default
- Problem RDP to Azure Virtual Desktop through Azure Firewall
- az role assignment delete: The request did not have a subscription or a valid tenant level resource provider
- Azure PIM Role Settings for Owner role
- Graphclient ArgumentException: Only HTTP/1.0 and HTTP/1.1 version requests are currently supported. Parameter name: value
- Azure Static Web App ignoring config json sometimes
- How do I avoid "Couldn't find a metric" when creating a metric alert in Bicep
- Using Az.Websites module to set up user assigned managed identity to pull image from ACR
- resource not found with Azure OpenAI service
- Why I'm getting 404 Resource Not Found to my newly Azure OpenAI deployment?
- Azure Service Bus Topic - Using REST API to Send Message - Message going into Dead Letter Queue
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Azure Service Bus - REST API - Sending a message to a Session Enabled Topic/Subscription
- How are you supposed to install a Python library using azure webapp as template?
- Could not load file or assembly "System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
- Search-AzQuery querying authorizationresources returns 0 records
- Azure APIM: Identifying the API resource id from the portal