The provider hashicorp/azurerm does not support resource type "azurerm_resource_group_policy_assignment"
Im trying to set some policy rules on the Rg level with this.
My code looks like this:
locals {
tenant_id = "xxxxxxxxxxxx"
subscription_id = var.env == "dev" ? "xxxxxxxx" : "xxxxxxxxxxx"
aad_group = "xxxxxxxxxxxxx" # az_nemolink_data_engineers
}
locals {
common_tags = {
"Application Name" = "${var.env == "dev" ? "dev nll-001" : "prd nll-001"}"
"Environment" = "${var.env == "dev" ? "DEV" : "PRD"}"
}
common_dns_tags = {
"Environment" = "${var.env == "dev" ? "DEV" : ""}"
}
}
provider "azuread" {
client_id = var.azure_client_id
client_secret = var.azure_client_secret
tenant_id = var.azure_tenant_id
}
# PROVIDER REGISTRATION
provider "azurerm" {
storage_use_azuread = false
skip_provider_registration = true
features {}
tenant_id = local.tenant_id
subscription_id = local.subscription_id
client_id = var.azure_client_id
client_secret = var.azure_client_secret
}
# LOCALS
locals {
location = "West Europe"
}
# MODULES
module "subnet_ranges" {
source = "hashicorp/subnets/cidr"
base_cidr_block = var.base_cidr_block
networks = [
{
name = "vm-endpoint"
new_bits = 5 # 28 bits => 16 adresses
}
]
}
########### Resource Group #############
resource "azurerm_resource_group" "dataplatform" {
name = "rg-xxx-xxx-${var.env}"
location = "West Europe"
}
module "policy_deny_public_storage_account" {
source = "./policies/policy_storage_account"
count = try(var.deploy_policies.policy_deny_public_storage_account, false) == true ? 1 : 0
resource_groups = azurerm_resource_group.dataplatform.name
}
this is my module
resource "azurerm_policy_definition" "policy_deny_public_storage_account" {
name = "DenyPublicStorageAccount"
policy_type = "Custom"
mode = "Indexed"
display_name = "Restrict Public-Facing Storage Accounts - Terraform"
description = "This policies denies that storage accounts in the given scope can be reached from their public endpoint"
metadata = <<METADATA
{
"category": "MDP-Security"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "Microsoft.Storage/storageAccounts/networkAcls.defaultAction",
"notequals": "Deny"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
}
resource "azurerm_resource_group_policy_assignment" "deny_public_storage_accounts" {
for_each = var.resource_groups
name = format("DenyPublicStorageAccounts-%s", each.value.name)
resource_group_id = each.value.id
# not_scopes = var.security_policy_deny_public_storage_accounts_excluded
policy_definition_id = azurerm_policy_definition.policy_deny_public_storage_account.id
description = "Policy Assignment to restrict public-facing Storage Accounts"
display_name = format("Terraform - Deny Public-Facing Storage Accounts - %s", each.value.name)
}
│ Error: Invalid resource type │ │ on policies\policy_storage_account\main.tf line 41, in resource "azurerm_resource_group_policy_assignment" "deny_public_storage_accounts": │ 41: resource "azurerm_resource_group_policy_assignment" "deny_public_storage_accounts" { │ │ The provider hashicorp/azurerm does not support resource type "azurerm_resource_group_policy_assignment".
Am I using old version of AzureRM or do I need to use other provider?
provider hashicorp/azurerm does not support resource type "azurerm_resource_group_policy_assignment
Hello Greencolor, seems like you already found a solution to your problem, I am just posting it here for ease of other folks who are facing similar issue on SO. Please feel free to add any points / your inputs to this if required.
As per the github link azurerm_resource_group_policy_assignment is supported by azurerm from the version = "3.49.0" so make sure youre using the version greater or equal to that.
Seems you're using the version = "2.52.0" is very outdated. As per the HarshiCorpdoc the latest version = "4.7.0" as of today.
As MarkoE suggested in always the best practice to use the latest version provider so that most up-to-date features, improvements, and security enhancements will be up-to date.
- Using same terraform Project to create the Kubernetes infrastructure and deploy apps
- The provider hashicorp/azurerm does not support resource type "azurerm_resource_group_policy_assignment"
- Variable definition
- Azure Terraform Create a Firewall rule for a flexible MySql Database
- Null values in a map
- Handle reordered list attributes in Terraform Provider
- Multi-line if expression in assignment context
- Looping through a list of string terraform
- Can null_resource Execute Scripts on Local Machine Instead of Terraform Cloud?
- How to prevent terraform developers from viewing secrets with the nonsensitive function
- Create google cloud bucket and save terraform state to it with the same terraform script?
- Simplify an expression that makes nested calls to coalesce
- How to set variables in a module based on a conditional?
- Disabling allow public blob access using terraform
- Map in tfvars in a module
- Terraform Azure Key Vault - context deadline exceeded
- Using Terraform to import existing resources on Azure
- Error when programmatically deleting Recovery Service Vault using Terraform
- Terraform to link Fabric capacity with a workspace
- GCP authentication fails in GitHub actions - IaC with Terraform
- Creating two Google Cloud VPCs in different regions using the same Terraform main.tf file
- Enable caching for url query parameters in aws api gateway with terraform
- terraform - set a variable from commandline for module variable
- ADO: TerraformCLI@1 Init task asking for az login
- ECS nightly scale in of fargate services
- Why I can't create azurerm_app_service connection?
- Why commenting private_dns_zone_id in azurerm_postgresql_flexible_server has not effect in terraform?
- AWS EKS nodeGroup stuck at 'deleting' status
- "Variables may not be used here" during terraform init
- Deploy AlienVault USM from Azure Marketplace using Terraform