使用Terraform创建Azure订阅

wpx232ag  于 2022-11-25  发布在  其他
关注(0)|答案(2)|浏览(189)

我们正在尝试使用terraform启动Azure订阅。但无法找到任何可成功创建订阅的确切代码。以下是我们尝试执行的可能方案的简要描述。
1.我们使用了下面的代码并执行了它,我们拥有的角色是Account Owner Role-但是代码是成功的,但是我们无法在门户中看到订阅。代码链接:
https://github.com/aztfmod/terraform-azurerm-caf/tree/5.4.8/modules/subscriptions

  1. Below is the next code we tested with again Account Owner role - But the error message is below. Link for the code: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription#example-usage---creating-a-new-alias-and-subscription-for-a-microsoft-customer-account
Error Message: creating new Subscription (Alias "XXXX7"):
subscription.AliasClient#Create: Failure sending request:
StatusCode=0 -- Original Error: Code="InvalidSubCreationScope"
Message="Not a valid subscription creation scope", with
azurerm_subscription.testtf, on main.tf line 31, in resource
"azurerm_subscription" "testtf":   31: resouce
"azurerm_subscription" "testtf" {
  1. Another code we tried executing - But its destroying the older subscription. Link for the code is same: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription#example-usage---creating-a-new-alias-and-subscription-for-a-microsoft-customer-account
    请求任何建议/帮助,在最早的相同,所以可以帮助我们。提前感谢!
quhf5bfb

quhf5bfb1#

Error Message: creating new Subscription (Alias "XXXX7"): subscription.AliasClient#Create: Failure sending request: StatusCode=0
-- Original Error: Code="InvalidSubCreationScope" Message="Not a valid subscription creation scope", with azurerm_subscription.testtf, on main.tf line 31, in resource "azurerm_subscription" "testtf":   31: resouce "azurerm_subscription" "testtf" {

正如我在注解中提到的,上述问题是与创建订阅时使用的计费范围有关的。您应该在billing_account_nameenrollment_account_name参数中使用Billing account No.Enrollment no.,而不是Name,如下所示

data "azurerm_billing_enrollment_account_scope" "example" {
  billing_account_name    = "1234567890"
  enrollment_account_name = "0123456"
}

resource "azurerm_subscription" "example" {
  subscription_name = "My Example EA Subscription"
  billing_scope_id  = data.azurerm_billing_enrollment_account_scope.example.id
}

注意:请确保您使用的是可以从EA门户网站找到的所有正确详细信息。

qvtsj1bj

qvtsj1bj2#

我最近得到了这个问题,问题是在Terraform中用于调用订阅创建的身份没有新API的订阅创建者角色。我的spn具有旧版API的订阅角色。要将订阅角色授予spn,请使用此链接:
请关注此部分:将订阅创建者角色分配给SPN
https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/assign-roles-azure-service-principals
https://learn.microsoft.com/en-us/rest/api/billing/2019-10-01-preview/enrollment-account-role-assignments/put?tabs=HTTP

相关问题