HI ,
I am deploying a Storage Account and then updating it to use Userdefined encryption. Unfortunately it throws an error:
{
"error": {
"code": "KeyVaultNotColocated",
"message": "The operation failed because keyvault is not colocated with storage account."
}
Its saying both keyVault and Storage account must be in same location. Although when i do it manually it works. Any suggestion's how to solve this issue??
below is the code:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"globalConfig": {
"type": "object",
"metadata": {
"description": "Object that contains the following properties: hyphenBasedPrefix, hyphenBasedPrefixWithoutDash, baseTemplateUrl, sasToken"
}
},
"name": {
"type": "string",
"metadata": {
"descritpion": "Name of the storage account following naming conventions"
}
},
"isBlobSoftDeleteEnabled": {
"defaultValue": true,
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"defaultValue": 6,
"type": "int"
},
"containerRestorePeriodDays": {
"defaultValue": 5,
"type": "int"
},
"changeFeed": {
"defaultValue": true,
"type": "bool"
},
"isContainerRestoreEnabled": {
"defaultValue": true,
"type": "bool"
},
"skuName": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "sku name of the storage, like e.g. Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_LRS"
}
},
"storageKind": {
"type": "string",
"defaultValue": "BlobStorage",
"allowedValues": [
"Storage",
"StorageV2",
"BlobStorage"
],
"metadata": {
"description": "defines storage type, like e.g. blob or standard storage"
}
},
"accessTier": {
"type": "string",
"defaultValue": "Hot",
"allowedValues": [
"Hot",
"Cool"
],
"metadata": {
"description": "Defines acceess tier of storage, possible values are Hot (blob storage), Cold (blob storage)."
}
},
"supportsHttpsTrafficOnly": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Allows https traffic only to storage service if sets to true."
}
},
"tags": {
"type": "object",
"defaultValue": {},
"metadata": {
"description": "The tags which are supposed to be assigned to this resource."
}
},
"rsgAdd": {
"type": "string",
"defaultValue": {},
"metadata": {
"description": "The addition for resource group."
}
},
"enableSoftDelete": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Whether SoftDelete should be enabled or not."
}
},
"loopOutputs": {
"type": "array",
"metadata": {
"description": "Parameter that is used to "
}
},
"minimumTlsVersion": {
"defaultValue": "TLS1_2",
"type": "string"
}
},
"variables": {
"resourceTypeIdentifier": "",
"resourceFullName": "[concat(parameters('globalConfig').basicPrefix, variables('resourceTypeIdentifier'), parameters('name'))]",
"kvtName": "[concat(parameters('globalConfig').hyphenBasedPrefix, '-', 'kvt')]",
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "[concat('https://',variables('vaultName'),'.vault.azure.net')]",
"keyname": "API-KEY"
}
},
"apiVersion": "2021-02-01",
"encryptionJson": "[if(empty(parameters('rsgAdd')),'',union(variables('encryption'),union(variables('encryption').services.file,variables('encryption').services.blob)))]",
"vaultName": "[if(empty(parameters('rsgAdd')),variables('kvtName'),concat(variables('kvtName'),'-',parameters('rsgAdd')))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('skuName')]",
"tier": "[first(split(parameters('skuName'), '_'))]"
},
"kind": "[parameters('storageKind')]",
"name": "[variables('resourceFullName')]",
"apiVersion": "2019-06-01",
//"location": "[resourceGroup().location]",
"location": "[if(empty(parameters('rsgAdd')),resourceGroup().location,'westus')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"supportsHttpsTrafficOnly": true
},
"tags": "[union(parameters('globalConfig').tags, parameters('tags'))]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-07-01",
"name": "updateStorageAccount",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('resourceFullName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "0.1.0.0",
"resources": [{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(variables('vaultName'), '/add')]",
"apiVersion": "2019-09-01",
"properties": {
"accessPolicies": [{
"tenantId": "[subscription().tenantid]",
"objectId": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('resourceFullName')),'2019-06-01', 'full').identity.principalId]",
"permissions": {
"keys": [
"wrapkey",
"unwrapkey",
"sign",
"get",
"list"
],
"secrets": [],
"certificates": []
}
}
]
}
}, {
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('skuName')]",
"tier": "[first(split(parameters('skuName'), '_'))]"
},
"kind": "[parameters('storageKind')]",
"name": "[variables('resourceFullName')]",
"apiVersion": "2019-06-01",
//"location": "[resourceGroup().location]",
"location": "[if(empty(parameters('rsgAdd')),resourceGroup().location,'westus')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "[concat('https://',variables('vaultName'),'.vault.azure.net')]",
"keyname": "[if(empty(parameters('rsgAdd')),'API-KEY','Sys-API-KEY')]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults/accessPolicies', variables('vaultName'), 'add')]"
]
}
]
}
}
}
],
"outputs": {
"deployedObject": {
"value": "[reference(variables('resourceFullName'), variables('apiVersion'), 'Full')]",
"type": "object"
},
"name": {
"value": "[variables('resourceFullName')]",
"type": "string"
},
"loopOutputs": {
"type": "array",
"value": "[concat(parameters('loopOutputs'), array(json(concat('{\"name\": \"', variables('resourceFullName'), '\", \"deployedObject\": ', string(reference(variables('resourceFullName'), variables('apiVersion'), 'Full')), '}'))))]"
}
}
}
Thanks