Getting error on creating exemption on builtin policies #121
AnshuBhatiaGit
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I am getting the error when creating an exemption on resource group level for a specific builtin policy
When I mention the policy reference id with a specific value it works ok but when defining member_definitions_names it gives error
below is my code
`
Subscription Scope Resource Exemption
module "exemption_subscription_network" {
source = "../modules/exemption"
name = "Exempt Network Initiative - Subscription Level"
display_name = "Exempt Network Initiative"
description = "Exempt Log Analytics at RG Level"
scope = data.azurerm_subscription.current.id
scope = data.azurerm_management_group.org.id
scope = data.azurerm_resource_group.logAnalytics.id
policy_assignment_id = module.asgmnt_network.id
member_definition_names = concat(
[
"just_in_time" # Custom Policy
,"Event Hub namespaces should use private link" # BuiltIn Policy
]
)
exemption_category = "Waiver"
expires_on = "2025-12-25"
}
Error: creating/updating /subscriptions/xxxx/providers/Microsoft.Authorization/policyExemptions/Exempt Network Initiative - Subscription Level: policy.ExemptionsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InvalidPolicyDefinitionReference" Message="The policy exemption 'Exempt Network Initiative - Subscription Level' create request is invalid. The specified policy definition reference id 'EventHubNamespacesShouldUsePrivateLink' is invalid."
│
│ with module.exemption_subscription_network.azurerm_subscription_policy_exemption.subscription_exemption[0],
│ on ../modules/exemption/main.tf line 14, in resource "azurerm_subscription_policy_exemption" "subscription_exemption":
│ 14: resource "azurerm_subscription_policy_exemption" "subscription_exemption" {
Any help is appreciated.
Beta Was this translation helpful? Give feedback.
All reactions