policy
config_error
ai_generated
true
资源 'myresource' 被策略禁止。策略:'允许的位置'。原因:'资源位置 'eastus2' 不被允许。'
Resource 'myresource' was disallowed by policy. Policy: 'Allowed locations'. Reason: 'The resource location 'eastus2' is not allowed.'
ID: policy/azure-resource-location-not-allowed
88%修复率
89%置信度
1证据数
2023-05-20首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Azure Policy | active | — | — | — |
| Azure Resource Manager | active | — | — | — |
| Azure CLI 2.50+ | active | — | — | — |
| Terraform azurerm 3.0+ | active | — | — | — |
根因分析
Azure 策略“允许的位置”将资源部署限制在特定区域,而请求的位置不在允许列表中。
English
Azure Policy 'Allowed locations' restricts resource deployment to specific regions, and the requested location is not in the allowed list.
官方文档
https://learn.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations解决方案
-
Deploy the resource to an allowed location. Use Azure CLI to list allowed locations: az policy assignment list --query "[?displayName=='Allowed locations'].properties.parameters.listOfAllowedLocations.value" -o tsv. Then redeploy to one of those regions.
-
Request an exception to the policy from the Azure Policy administrator via a change request or by updating the policy assignment to include the desired location.
无效尝试
常见但无效的做法:
-
95% 失败
Azure Policy evaluates at deployment time; any location not in the allowed list will be rejected. The policy is enforced at the subscription or management group level.
-
60% 失败
This requires high-level permissions (Owner or Policy Contributor) and may violate organizational compliance. It's not a viable workaround for most developers.