question

Pranay-9917 avatar image
0 Votes"
Pranay-9917 asked Pranay-9917 published

ARM tempelate Storage account deployment Error: KeyVaultNotColocated

HI ,

I am deploying a Storage Account and then updating it to use Userdefined encryption. Unfortunately it throws an error:
{
"error": {
"code": "KeyVaultNotColocated",
"message": "The operation failed because keyvault is not colocated with storage account."
}

Its saying both keyVault and Storage account must be in same location. Although when i do it manually it works. Any suggestion's how to solve this issue??


below is the code:

 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
     "globalConfig": {
       "type": "object",
       "metadata": {
         "description": "Object that contains the following properties: hyphenBasedPrefix, hyphenBasedPrefixWithoutDash, baseTemplateUrl, sasToken"
       }
     },
     "name": {
       "type": "string",
       "metadata": {
         "descritpion": "Name of the storage account following naming conventions"
       }
     },
     "isBlobSoftDeleteEnabled": {
       "defaultValue": true,
       "type": "bool"
     },
     "blobSoftDeleteRetentionDays": {
       "defaultValue": 6,
       "type": "int"
     },
     "containerRestorePeriodDays": {
       "defaultValue": 5,
       "type": "int"
     },
     "changeFeed": {
       "defaultValue": true,
       "type": "bool"
     },
     "isContainerRestoreEnabled": {
       "defaultValue": true,
       "type": "bool"
     },
     "skuName": {
       "type": "string",
       "defaultValue": "Standard_LRS",
       "allowedValues": [
         "Standard_LRS",
         "Standard_GRS",
         "Standard_RAGRS",
         "Standard_ZRS",
         "Premium_LRS"
       ],
       "metadata": {
         "description": "sku name of the storage, like e.g. Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_LRS"
       }
     },
     "storageKind": {
       "type": "string",
       "defaultValue": "BlobStorage",
       "allowedValues": [
         "Storage",
         "StorageV2",
         "BlobStorage"
       ],
       "metadata": {
         "description": "defines storage type, like e.g. blob or standard storage"
       }
     },
     "accessTier": {
       "type": "string",
       "defaultValue": "Hot",
       "allowedValues": [
         "Hot",
         "Cool"
       ],
       "metadata": {
         "description": "Defines acceess tier of storage, possible values are Hot (blob storage), Cold (blob storage)."
       }
     },
     "supportsHttpsTrafficOnly": {
       "type": "bool",
       "defaultValue": true,
       "metadata": {
         "description": "Allows https traffic only to storage service if sets to true."
       }
     },
     "tags": {
       "type": "object",
       "defaultValue": {},
       "metadata": {
         "description": "The tags which are supposed to be assigned to this resource."
       }
     },
     "rsgAdd": {
       "type": "string",
       "defaultValue": {},
       "metadata": {
         "description": "The addition for resource group."
       }
     },
     "enableSoftDelete": {
       "type": "bool",
       "defaultValue": true,
       "metadata": {
         "description": "Whether SoftDelete should be enabled or not."
       }
     },
     "loopOutputs": {
       "type": "array",
       "metadata": {
         "description": "Parameter that is used to "
       }
     },
     "minimumTlsVersion": {
       "defaultValue": "TLS1_2",
       "type": "string"
     }
   },
   "variables": {
     "resourceTypeIdentifier": "",
     "resourceFullName": "[concat(parameters('globalConfig').basicPrefix, variables('resourceTypeIdentifier'), parameters('name'))]",
        
     "kvtName": "[concat(parameters('globalConfig').hyphenBasedPrefix, '-', 'kvt')]",
     "encryption": {
       "services": {
         "file": {
           "enabled": true
           },
         "blob": {
           "enabled": true
           }
         },
         "keySource": "Microsoft.Keyvault",
         "keyvaultproperties": {
           "keyvaulturi": "[concat('https://',variables('vaultName'),'.vault.azure.net')]",
           "keyname": "API-KEY"
           }
         },
    
     "apiVersion": "2021-02-01",
        
     "encryptionJson": "[if(empty(parameters('rsgAdd')),'',union(variables('encryption'),union(variables('encryption').services.file,variables('encryption').services.blob)))]",
     "vaultName": "[if(empty(parameters('rsgAdd')),variables('kvtName'),concat(variables('kvtName'),'-',parameters('rsgAdd')))]"
   },
   "resources": [
     {
             "type": "Microsoft.Storage/storageAccounts",
             "sku": {
               "name": "[parameters('skuName')]",
               "tier": "[first(split(parameters('skuName'), '_'))]"
             },
             "kind": "[parameters('storageKind')]",
             "name": "[variables('resourceFullName')]",
             "apiVersion": "2019-06-01",
             //"location": "[resourceGroup().location]",
             "location": "[if(empty(parameters('rsgAdd')),resourceGroup().location,'westus')]",
             "identity": {
                 "type": "SystemAssigned"
             },
             "properties": {
                 "supportsHttpsTrafficOnly": true
             },
             "tags": "[union(parameters('globalConfig').tags, parameters('tags'))]"
         }, 
         {
    
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2019-07-01",
             "name": "updateStorageAccount",
             "dependsOn": [
                 "[resourceId('Microsoft.Storage/storageAccounts', variables('resourceFullName'))]"
             ],
             "properties": {
                 "mode": "Incremental",
                 "template": {
                     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                     "contentVersion": "0.1.0.0",
                     "resources": [{
                             "type": "Microsoft.KeyVault/vaults/accessPolicies",
                             "name": "[concat(variables('vaultName'), '/add')]",
                             "apiVersion": "2019-09-01",
                             "properties": {
                                 "accessPolicies": [{
                                         "tenantId": "[subscription().tenantid]",
                                         "objectId": "[reference(resourceId('Microsoft.Storage/storageAccounts',  variables('resourceFullName')),'2019-06-01', 'full').identity.principalId]",
                                         "permissions": {
                                             "keys": [
                                                 "wrapkey",
                                                 "unwrapkey",
                                                 "sign",
                                                 "get",
                                                 "list"
                                             ],
                                             "secrets": [],
                                             "certificates": []
                                         }
                                     }
                                 ]
                             }
                         }, {
                             "type": "Microsoft.Storage/storageAccounts",
                             "sku": {
                               "name": "[parameters('skuName')]",
                               "tier": "[first(split(parameters('skuName'), '_'))]"
                             },
                             "kind": "[parameters('storageKind')]",
                             "name": "[variables('resourceFullName')]",
                             "apiVersion": "2019-06-01",
                             //"location": "[resourceGroup().location]",
                             "location": "[if(empty(parameters('rsgAdd')),resourceGroup().location,'westus')]",
                             "identity": {
                                 "type": "SystemAssigned"
                             },
                             "properties": {
                                 "encryption": {
                                   "services": {
                                     "file": {
                                       "enabled": true
                                       },
                                     "blob": {
                                       "enabled": true
                                       }
                                     },
                                     "keySource": "Microsoft.Keyvault",
                                     "keyvaultproperties": {
                                       "keyvaulturi": "[concat('https://',variables('vaultName'),'.vault.azure.net')]",
                                       "keyname": "[if(empty(parameters('rsgAdd')),'API-KEY','Sys-API-KEY')]"
                                          
                                       }
                                     }
                             },
                             "dependsOn": [
                                    
                                 "[resourceId('Microsoft.KeyVault/vaults/accessPolicies', variables('vaultName'), 'add')]"
                             ]
                         }
                     ]
                 }
             }
         }
     ],
     "outputs": {
     "deployedObject": {
       "value": "[reference(variables('resourceFullName'), variables('apiVersion'), 'Full')]",
       "type": "object"
     },
     "name": {
       "value": "[variables('resourceFullName')]",
       "type": "string"
     },
     "loopOutputs": {
       "type": "array",
       "value": "[concat(parameters('loopOutputs'), array(json(concat('{\"name\": \"', variables('resourceFullName'), '\", \"deployedObject\": ', string(reference(variables('resourceFullName'), variables('apiVersion'), 'Full')), '}'))))]"
     }
   }
 }




Thanks

azure-storage-accounts
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers