azure-policy icon indicating copy to clipboard operation
azure-policy copied to clipboard

Published 20 hours ago verified publisher icon Azure

Assigning a azure policy to management group using terraform

Open reddyak0603 opened this issue 3 years ago • 2 comments
trafficstars

Iam trying to assign an azure policy for management group using the terraform , while running the script i am seeing the below issue. For management group there will be no subscription id, can someone suggest what are the credentials required to implement a policy at management group level?

Error: building AzureRM Client: 1 error occurred: * A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret. with provider["registry.terraform.io/hashicorp/azurerm"] on provider.tf line 11, in provider "azurerm": provider "azurerm" {

reddyak0603 avatar Jul 28 '22 01:07 reddyak0603

Any subscription will do, TF (and CLI for that matter) must scope to a subscription to run. I usually point at a management subscription for actions like this, most important it that the SPN has sufficient rights to assign policies on management group level.

micknieman avatar Aug 04 '22 08:08 micknieman

@micknieman Thanks for the response, But when we are applying the rule to whole management group there will be no specific subscription id , since the rule needs to be applied to the entire management group. If i specify a subscription id , then it is not able to find the management group

reddyak0603 avatar Aug 04 '22 14:08 reddyak0603