我们正在尝试使用terraform启动Azure订阅。但无法找到任何可成功创建订阅的确切代码。以下是我们尝试执行的可能方案的简要描述。
1.我们使用了下面的代码并执行了它,我们拥有的角色是Account Owner Role
-但是代码是成功的,但是我们无法在门户中看到订阅。代码链接:
https://github.com/aztfmod/terraform-azurerm-caf/tree/5.4.8/modules/subscriptions
- Below is the next code we tested with again
Account Owner role
- But the error message is below. Link for the code: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription#example-usage---creating-a-new-alias-and-subscription-for-a-microsoft-customer-account
Error Message: creating new Subscription (Alias "XXXX7"):
subscription.AliasClient#Create: Failure sending request:
StatusCode=0 -- Original Error: Code="InvalidSubCreationScope"
Message="Not a valid subscription creation scope", with
azurerm_subscription.testtf, on main.tf line 31, in resource
"azurerm_subscription" "testtf": 31: resouce
"azurerm_subscription" "testtf" {
- Another code we tried executing - But its destroying the older subscription. Link for the code is same: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription#example-usage---creating-a-new-alias-and-subscription-for-a-microsoft-customer-account
请求任何建议/帮助,在最早的相同,所以可以帮助我们。提前感谢!
2条答案
按热度按时间quhf5bfb1#
正如我在注解中提到的,上述问题是与创建订阅时使用的计费范围有关的。您应该在
billing_account_name
和enrollment_account_name
参数中使用Billing account No.
和Enrollment no.
,而不是Name
,如下所示:注意:请确保您使用的是可以从EA门户网站找到的所有正确详细信息。
qvtsj1bj2#
我最近得到了这个问题,问题是在Terraform中用于调用订阅创建的身份没有新API的订阅创建者角色。我的spn具有旧版API的订阅角色。要将订阅角色授予spn,请使用此链接:
请关注此部分:将订阅创建者角色分配给SPN
https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/assign-roles-azure-service-principals
https://learn.microsoft.com/en-us/rest/api/billing/2019-10-01-preview/enrollment-account-role-assignments/put?tabs=HTTP