4

I'm trying to apply the Azurerm_policy_assignment using Terraform - i'm unable to apply the policy assignment, looks like an identity related issue:

policy.AssignmentsClient#Create: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="MissingSubscription" Message="The request did not have a subscription or a valid tenant level resource provider

The following is the code that I am trying to run:

resource "azurerm_policy_assignment" "policyassignment" {
  name                 = "policy1assignment"
  scope                = var.policyscope
  policy_definition_id = "/providers/Microsoft.Authorization/policySetDefinitions/jfda8af9-198f-asa3-1234-dsa8dfs090fsd"
  description          = "TestPolicy"
  display_name         = "TestPolicy"
  location             = var.location
  identity {
        type = "SystemAssigned"
  }

}
user1197981
  • 133
  • 3
  • 8
  • Did you checked the scope defined in `var.policyscope`? Maybe try to hardcode it and ensure, that the principle that is executing the `terraform plan/apply` does have access to the scope – Martin Brandl Jun 06 '21 at 14:31
  • I did, it works on subscription level, but it does not work on the tenant root level. The principle executing the plan/apply does have access. Is there anything else that I could try ? Thanks for your response. – user1197981 Jun 06 '21 at 14:51
  • With tenant root level you mean a management group? Not sure whether this is supported. Maybe you have to use azurerm_policy_definition for that: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition – Martin Brandl Jun 06 '21 at 17:28

0 Answers0