Conflict
policy
config_error
ai_generated
true
资源被策略禁止。策略:'要求资源带有标签'
Resource was disallowed by policy. Policy: 'Require a tag on resources'
ID: policy/azure-policy-resource-tagging-enforcement
90%修复率
85%置信度
1证据数
2023-11-10首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Azure Policy v1.0 | active | — | — | — |
| Azure CLI 2.40+ | active | — | — | — |
根因分析
Azure Policy 在缺少必需标签(如 'Environment'、'CostCenter')时拒绝资源创建或更新,但部署模板或 CLI 命令未包含标签。
English
Azure Policy denies resource creation or update if required tags (e.g., 'Environment', 'CostCenter') are missing, but the deployment template or CLI command omitted the tags.
官方文档
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects解决方案
-
在 ARM 模板或 Bicep 文件的 'tags' 属性中包含必需标签。
-
使用 Azure CLI 创建资源时添加 --tags 参数。
无效尝试
常见但无效的做法:
-
80% 失败
Azure Policy deny effect blocks the resource creation entirely; the resource never exists to be updated.
-
60% 失败
Requires Contributor permissions at the management group level, which most developers lack, and violates compliance requirements.