Conflict
policy
config_error
ai_generated
true
资源 'myresource' 被策略禁止。策略:'要求在资源上添加标签'。原因:'该资源没有标签。'
Resource 'myresource' was disallowed by policy. Policy: 'Require a tag on resources'. Reason: 'The resource has no tags.'
ID: policy/azure-policy-tagging-enforcement-failure
80%修复率
88%置信度
1证据数
2023-11-01首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Azure CLI 2.57.0 | active | — | — | — |
| Azure Policy 1.0.0 | active | — | — | — |
根因分析
Azure 策略计划要求所有资源具有特定标签;缺少标签导致部署被拒绝。
English
Azure Policy initiative requires specific tags on all resources; missing tags cause deployment denial.
官方文档
https://learn.microsoft.com/en-us/azure/governance/policy/overview解决方案
-
Add required tags in the deployment template. For ARM templates, add 'tags': { 'Environment': 'Production' } in the resource definition. -
Use Azure CLI to deploy with tags: 'az deployment group create --resource-group myRG --template-file template.json --parameters tags={Environment:Production}' -
Request policy exemption for the resource group from Azure Policy team via: 'az policy exemption create --name myExemption --policy-assignment <assignment-id> --scope /subscriptions/<sub-id>/resourceGroups/<rg>'
无效尝试
常见但无效的做法:
-
Redeploy the resource without any changes, hoping the policy is temporary.
100% 失败
Azure Policy is persistent and evaluated on every deployment; the same error will occur.
-
Remove the resource group and recreate it.
99% 失败
The policy is applied at subscription or management group level, not resource group. Deleting the group doesn't remove the policy requirement.
-
Add tags after deployment via Azure Portal.
90% 失败
The policy blocks the deployment itself; the resource is never created to add tags later.