Terrform error when creating free app service plan

Terraform
#1

This is my terraform file. When i try to create it with terrafrom i am getting below error. but I can create it manually. Also this is a free resource i should be able to create it.
I am trying to create this Azure+terraform playground.

terraform {
required_version = “>= 1.3.0”

required_providers {
azurerm = {
source = “hashicorp/azurerm”
version = “>= 3.115.0”
}
}

}

provider “azurerm” {
features {}
skip_provider_registration = true
}

resource “azurerm_resource_group” “rg” {
name = “kml_rg_main-4ffb1a085fb94c09”
location = “West US”
}

resource “azurerm_service_plan” “faslanahmadfaz” {
name = “faslanahmadfaz”
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
os_type = “Linux”
sku_name = “F1”

}

This is the error i am getting.

  • Resource/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-4ffb1a085fb94c09/providers/Microsoft.Web/serverFarms/faslanahmadfaz

  • Operation nameUpdate hosting plan

  • Time stampSat Aug 10 2024 02:26:15 GMT+0530 (India Standard Time)

  • Event initiated bykk_lab_user_main-4ffb1a085fb94c09@azurekmlprodkodekloud.onmicrosoft.com

  • Error codeRequestDisallowedByPolicy

  • MessageResource ‘faslanahmadfaz’ was disallowed by policy. Policy identifiers: ‘[{“policyAssignment”:{“name”:“Azure_playground_TF_main-4ffb1a085fb94c09”,“id”:“/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-4ffb1a085fb94c09/providers/Microsoft.Authorization/policyAssignments/Azure_playground_TF_main-4ffb1a085fb94c09”},“policyDefinition”:{“name”:“core_policy_main-4ffb1a085fb94c09”,“id”:“/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policyDefinitions/core_policy_main-4ffb1a085fb94c09”},“policySetDefinition”:{“name”:“Azure_playground_TF_main-4ffb1a085fb94c09”,“id”:“/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policySetDefinitions/Azure_playground_TF_main-4ffb1a085fb94c09”}}]’.

#2

It would be helpful if you save your terraform code in a code block

type or paste code here
This will:
  1. Preserve indentation
  2. Prevent corrupting your code via changing quotes into "smart quotes"

Use the </> key to create a new block
#3 
terraform {
  required_version = ">= 1.3.0"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.115.0"
    }
  }

}

provider "azurerm" {
  features {}
  skip_provider_registration = true
}

resource "azurerm_resource_group" "rg" {
  name     = "kml_rg_main-4ffb1a085fb94c09"
  location = "West US"
}

resource "azurerm_service_plan" "faslanahmadfazz" {
  name                = "faslanahmadfazz"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  os_type             = "Linux"
  sku_name            = "F1"

}
#4

I Have attached the kode above. May i know the solution for it. I it would be better to try it yourself in the playground.

#5

[quote=“kam, post:1, topic:463317”]

The resource “faslanahmadfaz” which you are trying to create using terrafrom with resource azurerm_service_plan is denied by some policy applied in azuree playground.

The policy name is “Azure_playground_TF_main-4ffb1a085fb94c09” . This is the policy definition id “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policyDefinitions/core_policy_main-4ffb1a085fb94c09”

I do not have access to play grounds. you might need to have a look at the policy or any restrictions on the resource type on play grounds.

  • I guess this policy error shared is in complete ideally it should throw you why it failed as well

Thanks,
Krishnadhas

#6

I tried it; TBH, I don’t know if this is a resource type you should have access to or not. I’ve tried it in the playground, and get a similar access error on terraform apply. I’ve asked our engineers what they think .

#7

One of our engineers took a look at this. He rewrites your code a bit; this should work:

terraform {
  required_version = ">= 1.3.0"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.115.0"
    }
  }
}

provider "azurerm" {
  features {}
  skip_provider_registration = true
}

locals {
  service_plan_name = "example-app-service-plan"
}

data "azurerm_resource_group" "rg" {
  name = "kml_rg_main-6c28fed0f43946b2"
}

resource "azurerm_resource_group_template_deployment" "example" {
  name                = "example-deploy"
  resource_group_name = data.azurerm_resource_group.rg.name
  deployment_mode     = "Incremental"
  parameters_content = jsonencode({
    "servicePlanName" = {
      value = local.service_plan_name
    }
  })
  template_content = <<TEMPLATE
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "servicePlanName": {
            "type": "string",
            "metadata": {
                "description": "Name of the App Service Plan"
            }
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Web/serverfarms",
            "apiVersion": "2021-02-01",
            "name": "[parameters('servicePlanName')]",
            "location": "[resourceGroup().location]",
            "sku": {
                "name": "F1",
                "tier": "Free",
                "capacity": 1
            },
            "properties": {
                "reserved": true
            }
        }
    ],
    "outputs": {
      "servicePlanId": {
        "type": "string",
        "value": "[resourceId('Microsoft.Web/serverfarms', parameters('servicePlanName'))]"
      }
    }
}
TEMPLATE
}

output "arm_service_plan_id" {
  value = jsondecode(azurerm_resource_group_template_deployment.example.output_content).servicePlanId.value
}

output "arm_service_plan_name" {
  value = local.service_plan_name
}