# 资源'myresource'被策略禁止。策略：'允许的位置'。原因：资源位置'eastus2'不被允许。允许的位置：['westus', 'westeurope']

- **ID:** `policy/azure-policy-resource-location-not-allowed`
- **领域:** policy
- **类别:** config_error
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

Azure策略'允许的位置'将资源创建限制在特定区域；请求的位置不在允许列表中。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Azure CLI 2.57.0 | active | — | — |
| Azure PowerShell 11.0.0 | active | — | — |
| Terraform azurerm 3.100.0 | active | — | — |

## 解决方案

1. ```
   在允许的位置部署资源，例如在ARM模板中将位置从'eastus2'改为'westus'：`"location": "westus"`
   ```
2. ```
   通过Azure策略门户向策略管理员请求资源豁免。
   ```
3. ```
   使用Azure CLI更新策略分配以包含所需位置：`az policy assignment update --name 'allowed-locations' --scope '/subscriptions/...' --params '{"listOfAllowedLocations": {"value": ["westus", "westeurope", "eastus2"]}}'`
   ```

## 无效尝试

- **Retrying the deployment in the same disallowed region with different resource names** — The policy is location-based, not name-based; the region itself is blocked regardless of resource name. (100% 失败率)
- **Adding the resource to an existing resource group in the allowed region but specifying the disallowed location in the template** — The location is evaluated per resource, not per resource group; the template location must match the allowed list. (80% 失败率)
- **Creating a new subscription to bypass the policy** — Azure Policies can be assigned at management group level, affecting all subscriptions under it; a new subscription may still inherit the policy. (60% 失败率)