Reputation: 3949
creating ARM template for storage devops
I try to create a storage account via a devops pipeline.
So I have this yaml file:
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- master
pool:
vmImage: ubuntu-latest
steps:
- script: echo Hello, world!
displayName: 'Run a one-line script'
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'spn-azure--contributor-002'
subscriptionId: 'fea4c865-1e54-44b3-ba1d-07315468f083'
action: 'Create Or Update Resource Group'
resourceGroupName: 'rg-idn-'
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '**/template.json'
csmParametersFile: '**/parameters.json'
deploymentMode: 'Incremental'
- task: AzureResourceManagerTemplateDeployment@3
inputs:
azureResourceManagerConnection: 'spn-azure--contributor-002'
subscriptionId: 'fea4c865-1e54-44b3-ba1d-07315468f083'
resourceGroupName: 'rg-idn-'
location: 'West Europe'
csmFile: ARMTemplates/storage/azuredeploy.json
csmParametersFile: ARMTemplates/storage/azuredeploy.parameters.json
Upvotes: 0
Views: 311
Answers (1)
Reputation: 1064
It looks like you have an Azure Policy blocking your deployment here - meaning that your ARM template does not meet the rules of this policy. Someone from your organization most probably implemented this one to make sure that you are complying to specific security / architecture standards.
You can see it from the error message : Error Type: PolicyViolation, Policy Definition Name : ESLZ Storage Account set to minimum TLS and Secure transfer should be enabled, Policy Assignment Name : ALZ_DeployEncrTLS.. You should be able to retrieve it under your Subscription / Resource Group, in the Policy blade.
Basically, and this is an assumption as we would need to look into that specific policy, but you most likely have to specify an TLS version here (probably 1.2, to be checked in the policy) and enable secure transfer.
For this you need to set minimumTlsVersion to the correct version and supportsHttpsTrafficOnly to true within your ARM template. You can have a look at Storage Account ARM specs.
Upvotes: 2
Related Questions
- Azure pipeline iteration for ARM template Parameters
- The template parameter is not valid. The parameter value must be null
- Azure DevOps YAML stage template
- Making yaml template configurable
- Azure - ARM Template deployment
- Azurepipeline runtime paramter for the ARM template Json file
- Turning an azure-pipeline.yml into a template
- Deploy ARM Template and Docker image
- Azure build pipeline yaml template reference
- Using ARM Templates from external repository