资源'myresource'被策略禁止。策略:'允许的位置'。原因:资源位置'eastus2'不被允许。允许的位置:['westus', 'westeurope']
Resource 'myresource' was disallowed by policy. Policy: 'Allowed locations'. Reason: 'The resource location 'eastus2' is not allowed. Allowed locations: ['westus', 'westeurope']
ID: policy/azure-policy-resource-location-not-allowed
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Azure CLI 2.57.0 | active | — | — | — |
| Azure PowerShell 11.0.0 | active | — | — | — |
| Terraform azurerm 3.100.0 | active | — | — | — |
根因分析
Azure策略'允许的位置'将资源创建限制在特定区域;请求的位置不在允许列表中。
English
Azure Policy 'Allowed locations' restricts resource creation to specific regions; the requested location is not in the allowlist.
官方文档
https://learn.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations解决方案
-
在允许的位置部署资源,例如在ARM模板中将位置从'eastus2'改为'westus':`"location": "westus"`
-
通过Azure策略门户向策略管理员请求资源豁免。
-
使用Azure CLI更新策略分配以包含所需位置:`az policy assignment update --name 'allowed-locations' --scope '/subscriptions/...' --params '{"listOfAllowedLocations": {"value": ["westus", "westeurope", "eastus2"]}}'`
无效尝试
常见但无效的做法:
-
Retrying the deployment in the same disallowed region with different resource names
100% 失败
The policy is location-based, not name-based; the region itself is blocked regardless of resource name.
-
Adding the resource to an existing resource group in the allowed region but specifying the disallowed location in the template
80% 失败
The location is evaluated per resource, not per resource group; the template location must match the allowed list.
-
Creating a new subscription to bypass the policy
60% 失败
Azure Policies can be assigned at management group level, affecting all subscriptions under it; a new subscription may still inherit the policy.