I am attempting to deploy new resources and update to existing using my original ARM Templates that I deployed with a few months ago. Unfortunately, the deployment does not get to Azure, as I do not see a deployment entry in my resource group. The error that is presented is local before things start calling into Azure.
I am deploying using the Visual Studio 2017 Arm Template Deployment Context menu.
Here is the error that is output. I get this and a nearly identical one when running the validation command as well.
08:58:22 - VERBOSE: Performing the operation "Creating Deployment" on target "MigrationPlaybook_Prod".
08:58:23 - New-AzureRmResourceGroupDeployment : Multiple error occurred: Forbidden,Forbidden. Please see details.
08:58:23 - At C:\workspaces\Migration Playbook\MigrationPlaybookRegion\ProductionResourceGroup\bin\Debug\staging\ProductionResourc
08:58:23 - eGroup\Deploy-AzureResourceGroup.ps1:108 char:5
08:58:23 - + New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $Templat ...
08:58:23 - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
08:58:23 - + CategoryInfo : CloseError: (:) [New-AzureRmResourceGroupDeployment], CloudException
08:58:23 - + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDep
08:58:23 - loymentCmdlet
08:58:23 -
08:58:24 -
08:58:24 - Template deployment returned the following errors:
08:58:24 - Multiple error occurred: Forbidden,Forbidden. Please see details.
Mitigations:
- The template involves a KeyVault - I made sure that the ARM Template permission was Enabled
- The project is several months old - I generated a new project to make sure that the PowerShell script, that is generated into the project at creation time, did not have any significant change
- Account permissions - I have verified that my account permissions on the subscription has not changed in a way to prevent me from adding/modifying resources
While the mitigations address issues that arise when the ARM Template is being deployed the error, and its resulting records, suggest that there is an issue before it gets to Azure.
What could be the issue here and what can I do to remedy this?
-Verbose
and-DeploymentDebugLogLevel 'All'
? docs.microsoft.com/en-us/azure/azure-resource-manager/… – Stringfellow-Verbose -Debug
. They will also give output forDEBUG: ============================ HTTP REQUEST ============================
... andDEBUG: ============================ HTTP RESPONSE ============================
... – Stringfellow