Unable to Deploy ARM template from Azure cloud shell

Mary Vineela Lella 0 Reputation points
2024-09-03T16:40:59.5566667+00:00

I'm trying to deploy ARM template to create a resource group and storage account from azure cloud shell using below commands, I have uploaded the files to cloud shell before running the deployment command.

New-AzSubscriptionDeployment -Location "westus3" -Name "MyResourceGroupDeployment" -TemplateFile "/home/mary/clouddrive/main-template.json" -TemplateParameterFile "/home/mary/clouddrive/variables.json"

but getting below error,
User's image

I tried clearing cache and cookies from cloud shell and installed Az modules, imported Az modules, updated powershell version using below commands,

Remove-Module Az -Force -ErrorAction SilentlyContinue Remove-Module AzureRM -Force -ErrorAction SilentlyContinue

Install-Module -Name Az -AllowClobber -Force Import-Module Az

But still facing the same issue.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,105 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,458 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Konstantinos Passadis 19,066 Reputation points MVP
    2024-09-04T18:47:38.7133333+00:00

    Hello @@Mary Vineela Lella

    The core issue you're facing is a mismatch in deployment scopes:

    • Resource Group Creation: Your template tries to create a new resource group, which is a subscription-level operation.
    • Storage Account Creation: The template also creates a storage account, which must reside within an existing resource group.
    • Deployment Command: Your New-AzSubscriptionDeployment command explicitly states that you're deploying at the subscription level.

    This conflict causes the "InvalidScope" error because Azure is trying to create the storage account directly under the subscription, which isn't allowed.

    You are looking in Nested Templates :https://video2.skills-academy.com/en-us/azure/azure-resource-manager/templates/linked-templates?tabs=azure-powershell

    It is a complex deployment i have to say !

    --

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    1 person found this answer helpful.
  2. Konstantinos Passadis 19,066 Reputation points MVP
    2024-09-04T19:44:20.3733333+00:00

    Hello @@Mary Vineela Lella

    Only if it is mandatory for other reasons you can use something like:

    {

    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

    "contentVersion": "1.0.0.0",

    "parameters": {

    "location": {

    "type": "string",

    "defaultValue": "[resourceGroup().location]",

    "metadata": {

    "description": "Location for all resources."

    }

    },

    "resourceGroupName": {

    "type": "string",

    "metadata": {

    "description": "Name of the resource group to create."

    }

    },

    "storageAccountName": {

    "type": "string",

    "metadata": {

    "description": "Name of the storage account to create."

    }

    }

    },

    "resources": [

    {

    "type": "Microsoft.Resources/deployments",

    "apiVersion": "2022-09-01",

    "name": "createResourceGroup",

    "properties": {

    "mode": "Incremental",

    "template": {

    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

    "contentVersion": "1.0.0.0",

    "resources": [

    {

    "type": "Microsoft.Resources/resourceGroups",

    "apiVersion": "2022-09-01",

    "name": "[parameters('resourceGroupName')]",

    "location": "[parameters('location')]"

    }

    ]

    }

    }

    },

    {

    "type": "Microsoft.Resources/deployments",

    "apiVersion": "2022-09-01",

    "name": "createStorageAccount",

    "dependsOn": [

    "createResourceGroup"

    ],

    "properties": {

    "mode": "Incremental",

    "template": {

    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

    "contentVersion": "1.0.0.0",

    "resources": [

    {

    "type": "Microsoft.Storage/storageAccounts",

    "apiVersion": "2023-04-01",

    "name": "[parameters('storageAccountName')]",

    "location": "[parameters('location')]",

    "sku": {

    "name": "Standard_LRS"

    },

    "kind": "Storage",

    "properties": {}

    }

    ]

    }

    }

    }

    ]

    }

    In this example, the createResourceGroup deployment resource deploys a Resource Group, and the createStorageAccount deployment resource deploys a Storage Account. The createStorageAccount deployment resource depends on the createResourceGroup deployment resource, so the Resource Group is created before the Storage Account is deployed.

    • az deployment group create --resource-group <YourResourceGroup> --template-file nestedTemplate.json

    https://video2.skills-academy.com/en-us/azure/azure-resource-manager/templates/linked-templates?wt.mc_id=knwlserapi_inproduct_azportal#nested-template

    Otherwise you can :

    1. Separate Templates (Recommended)
    • Create two separate ARM templates:
      • resource-group-template.json: Contains only the resource group creation.
      • storage-account-template.json: Contains the storage account and container creation.
        • This template should take the resourceGroupName as a parameter, not create it.
    • Two-Step Deployment

    Step 1: Create Resource Group

    • Use New-AzSubscriptionDeployment to deploy resource-group-template.json.
    • Step 2: Create Storage Account
      • Use New-AzResourceGroupDeployment to deploy storage-account-template.json.
      • Pass the name of the newly created resource group to this command. 
        1. **Two-Step Deployment**

**Step 1: Create Resource Group**

      - Use `New-AzSubscriptionDeployment` to deploy `resource-group-template.json`.
      • Step 2: Create Storage Account
        • Use New-AzResourceGroupDeployment to deploy storage-account-template.json.
        • Pass the name of the newly created resource group to this command.
        # Step 1: Create Resource Group New-AzSubscriptionDeployment ` -Location "westus3" ` -Name "MyResourceGroupDeployment" ` -TemplateFile "/home/mary/clouddrive/resource-group-template.json" ` -TemplateParameterFile "/home/mary/clouddrive/parameters.json" # Step 2: Create Storage Account (Assuming resource group name is "MyResourceGroup") New-AzResourceGroupDeployment ` -ResourceGroupName "MyResourceGroup" ` -Name "MyStorageAccountDeployment" ` -TemplateFile "/home/mary/clouddrive/storage-account-template.json" ` -TemplateParameterFile "/home/mary/clouddrive/parameters.json"

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    1 person found this answer helpful.
  3. deherman-MSFT 36,831 Reputation points Microsoft Employee
    2024-09-04T17:46:20.1+00:00

    @Mary Vineela Lella

    I suspect this might be an issue with the file you are using. Are you able to share the ARM template you are using, please remove any private information before posting it. I used the template provided here to deploy are Resource Group and Storage Account:

    {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storagePrefix": {
      "type": "string",
      "maxLength": 11
    },
    "newResourceGroupName": {
      "type": "string"
    },
    "nestedSubscriptionID": {
      "type": "string"
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]"
    }
  },
  "variables": {
    "storageName": "[concat(parameters('storagePrefix'), uniqueString(resourceGroup().id))]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-04-01",
      "name": "[variables('storageName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "Storage",
      "properties": {
      }
    },
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2021-04-01",
      "name": "demoSubDeployment",
      "location": "westus",
      "subscriptionId": "[parameters('nestedSubscriptionID')]",
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "parameters": {},
          "variables": {},
          "resources": [
            {
              "type": "Microsoft.Resources/resourceGroups",
              "apiVersion": "2021-04-01",
              "name": "[parameters('newResourceGroupName')]",
              "location": "[parameters('location')]",
              "properties": {}
            }
          ],
          "outputs": {}
        }
      }
    }
  ]
}

    Hope this helps! Let me know if you are still facing issues or need further assistance.

    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A! User's image

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.