Home > database >  Creating an Azure Subscription with a Bicep template fails with error 'InvalidSubCreationScope
Creating an Azure Subscription with a Bicep template fails with error 'InvalidSubCreationScope

Time:11-24

I am trying to create a new Azure Subscription with the following Bicep template:

targetScope = 'tenant'

var spokeSubscriptionName = 'Test Sub'
resource spokeSubscription 'Microsoft.Subscription/aliases@2020-09-01' = {
  scope: tenant()
  name: name: guid(spokeSubscriptionName, tenant().tenantId)
  properties: {
    displayName: spokeSubscriptionName
    billingScope: '/providers/Microsoft.Billing/billingAccounts/foo:bar'
    workload: 'Production'
  }
}

When I execute the deployment with this command:

az deployment tenant create --name 01TestSubDeploy2021-11-21 --location uksouth --template-file .\subscription-only.bicep

I recieve the following error:

{
    "status": "Failed",
    "error": {
        "code": "DeploymentFailed",
        "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
        "details": [
            {
                "code": "BadRequest",
                "message": "{\r\n  \"error\": {\r\n    \"code\": \"InvalidSubCreationScope\",\r\n    \"message\": \"Not a valid subscription creation scope\"\r\n  },\r\n  \"code\": \"InvalidSubCreationScope\",\r\n  \"message\": \"Not a valid subscription creation scope\"\r\n}"
            }
        ]
    }
}

Running the command with the --what-if switch returns the following:

The deployment will update the following scope:

Scope: /

    Microsoft.Subscription/aliases/[SUBGUID] [2020-09-01]

      apiVersion:              "2020-09-01"
      id:                      "/providers/Microsoft.Subscription/aliases/[SUBGUID]"
      name:                    "[SUBGUID]"
      properties.billingScope: "/providers/Microsoft.Billing/billingAccounts/foo:bar"
      properties.displayName:  "Test Sub"
      properties.workload:     "Production"
      type:                    "Microsoft.Subscription/aliases"

The account I am using has Owner permission at the Root scope.

This post suggests that the value I am using for the billing scope may be incorrect. I obtained the billing scope value from the ID property returned by the command az billing account list. I have tried both the full scope path and also just the ID value.

The billing account is of type 'Microsoft Customer Agreement' (e.g. not EA). Most of the documentation for programmatic subscription creation specifically states that the examples are for EA tenants and that 'modifications will need to be made' for other tenant types. However, nothing says that it is not possible.

I would either like to confirm that subscription creation via Bicep template is not currently possible for MCA billing accounts, or correct any errors in my template or deployment command.

Thanks in advance!

CodePudding user response:

This error was due to an invalid billing scope.

The correct scope for an MCA subscription needs to include the billing account, billing profile and invoice section.

More details here: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement.

  • Related