Create subscription and deploy into the subscription #14982
pecjag
started this conversation in
Authoring Help
Replies: 2 comments
-
You need an extra layer of indirection to make this work. The linked blog post shows a nested deployment within a nested deployment, and the Bicep equivalent is to have a module deploy a module: main.bicep targetScope = 'managementGroup'
param EnvName string
param IsProd bool = false
resource envSub 'Microsoft.Subscription/aliases@2021-10-01' = {
name: EnvName
scope: tenant()
properties: {
additionalProperties: {
managementGroupId: '/providers/Microsoft.Management/managementGroups/${(IsProd) ? 'Prod' : 'NonProd'}'
//subscriptionOwnerId: 'string'
subscriptionTenantId: tenant().tenantId
}
billingScope: redacted
displayName: EnvName
workload: 'Production'
}
}
output subId string = envSub.properties.subscriptionId
module indirection 'indirection.bicep' = {
name: 'subresources'
params: {
subscriptionId: envSub.properties.subscriptionId
EnvName: EnvName
Location: Location
}
} indirection.bicep targetScope = 'managementGroup'
param subscriptionId string
param EnvName string
param Location string
module module_subresources 'custenv-main.bicep' = {
name: 'subresources'
scope: subscription(subscriptionId)
params: {
EnvName: EnvName
Location: Location
}
} Just FYI, because the subscription ID can't be predicted prior to the start of the deployment, this pattern will make What-If unable to analyse the template. Not sure if that's a concern for you, but just something to keep in mind. |
Beta Was this translation helpful? Give feedback.
0 replies
-
Thanks very much Johnny, I hadn’t spotted the double-nesting!
From: Jonny Eskew ***@***.***>
Date: Thursday, 5 September 2024 at 00:14
To: Azure/bicep ***@***.***>
Cc: Peter Cresswell ***@***.***>, Author ***@***.***>
Subject: Re: [Azure/bicep] Create subscription and deploy into the subscription (Discussion #14982)
You need an extra layer of indirection to make this work. The linked blog post shows a nested deployment within a nested deployment, and the Bicep equivalent is to have a module deploy a module:
main.bicep
targetScope = 'managementGroup'
param EnvName string
param IsProd bool = false
resource envSub ***@***.***' = {
name: EnvName
scope: tenant()
properties: {
additionalProperties: {
managementGroupId: '/providers/Microsoft.Management/managementGroups/${(IsProd) ? 'Prod' : 'NonProd'}'
//subscriptionOwnerId: 'string'
subscriptionTenantId: tenant().tenantId
}
billingScope: redacted
displayName: EnvName
workload: 'Production'
}
}
output subId string = envSub.properties.subscriptionId
module indirection 'indirection.bicep' = {
name: 'subresources'
params: {
subscriptionId: envSub.properties.subscriptionId
EnvName: EnvName
Location: Location
}
}
indirection.bicep
targetScope = 'managementGroup'
param subscriptionId string
param EnvName string
param Location string
module module_subresources 'custenv-main.bicep' = {
name: 'subresources'
scope: subscription(subscriptionId)
params: {
EnvName: EnvName
Location: Location
}
}
Just FYI, because the subscription ID can't be predicted prior to the start of the deployment, this pattern will make What-If unable to analyse the template. Not sure if that's a concern for you, but just something to keep in mind.
—
Reply to this email directly, view it on GitHub<#14982 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AJOXTH5TJJ7IQ4W3R6PCDHLZU6H4ZAVCNFSM6AAAAABNVBYEXWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJVGE2DAMQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
Is it possible to create a subscription and deploy into it, all initiated from a single deployment?
It's possible with ARM templates: url
But when I try to do this in Bicep, I can create the subscription ok, but cannot reference the subscription Id in the module that creates the Resource Group.
I get this error "This expression is being used in an assignment to the "scope" property of the "module" type, which requires a value that can be calculated at the start of the deployment. Properties of envSub which can be calculated at the start include "apiVersion", "id", "name", "type"."
Is this possible? If so how can I reference the subscription as the scope for my subscription deployment?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions