policy
config_error
ai_generated
true
Resource 'myresource' was disallowed by policy. Policy: 'Allowed locations'. Reason: 'The resource location 'eastus2' is not allowed.'
ID: policy/azure-resource-location-not-allowed
88%Fix Rate
89%Confidence
1Evidence
2023-05-20First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Azure Policy | active | — | — | — |
| Azure Resource Manager | active | — | — | — |
| Azure CLI 2.50+ | active | — | — | — |
| Terraform azurerm 3.0+ | active | — | — | — |
Root Cause
Azure Policy 'Allowed locations' restricts resource deployment to specific regions, and the requested location is not in the allowed list.
generic中文
Azure 策略“允许的位置”将资源部署限制在特定区域,而请求的位置不在允许列表中。
Official Documentation
https://learn.microsoft.com/en-us/azure/governance/policy/samples/allowed-locationsWorkarounds
-
90% success Deploy the resource to an allowed location. Use Azure CLI to list allowed locations: az policy assignment list --query "[?displayName=='Allowed locations'].properties.parameters.listOfAllowedLocations.value" -o tsv. Then redeploy to one of those regions.
Deploy the resource to an allowed location. Use Azure CLI to list allowed locations: az policy assignment list --query "[?displayName=='Allowed locations'].properties.parameters.listOfAllowedLocations.value" -o tsv. Then redeploy to one of those regions.
-
70% success Request an exception to the policy from the Azure Policy administrator via a change request or by updating the policy assignment to include the desired location.
Request an exception to the policy from the Azure Policy administrator via a change request or by updating the policy assignment to include the desired location.
中文步骤
Deploy the resource to an allowed location. Use Azure CLI to list allowed locations: az policy assignment list --query "[?displayName=='Allowed locations'].properties.parameters.listOfAllowedLocations.value" -o tsv. Then redeploy to one of those regions.
Request an exception to the policy from the Azure Policy administrator via a change request or by updating the policy assignment to include the desired location.
Dead Ends
Common approaches that don't work:
-
95% fail
Azure Policy evaluates at deployment time; any location not in the allowed list will be rejected. The policy is enforced at the subscription or management group level.
-
60% fail
This requires high-level permissions (Owner or Policy Contributor) and may violate organizational compliance. It's not a viable workaround for most developers.