Assistance Required: Issues with ARM Template Deployment for Managed Identity

Question

Hello Azure Community,

I am experiencing issues with deploying my resources via an ARM template. Despite having all the 'dependsOn' elements specified, the deployment continues to fail. Below, I have provided the relevant parts of my ARM template and the error message I received.

Identity operation for resource '/subscriptions/383ab422-47be-42d4-9003-45ea721a6e27/resourceGroups/datapath-df-webapp-eus2euap-rg/providers/Microsoft.DocumentDb/databaseAccounts/datapath-df-eus2euap-cosmosdb' failed with error 'Failed to perform resource identity operation. Status: 'BadRequest'. Response: '{"error":{"code":"BadRequest","message":"Resource '/subscriptions/383ab422-47be-42d4-9003-45ea721a6e27/resourcegroups/datapath-df-webapp-eus2euap-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/farix-msi-lll' was not found.

I have confirmed that the Managed Identity is correctly referenced in the ARM template. The 'dependsOn' elements are specified as shown, but the deployment still fails. Additionally, the sqlRoleAssignments resource depends on the identity, and I have included the necessary 'dependsOn' references, yet it still indicates that the identity does not exist. What's more weird, after deployment failure, MSI is present inside Resource Group. I would appreciate any guidance or suggestions on resolving this issue.

{
  "resources": [
    {
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
      "apiVersion": "2018-11-30",
      "name": "[parameters('identityName')]",
      "location": "[resourceGroup().location]"
    },
    {
      "type": "Microsoft.Web/sites",
      "apiVersion": "2016-08-01",
      "name": "[parameters('siteName')]",
      "location": "[variables('location')]",
      "identity": {
        "type": "UserAssigned",
        "userAssignedIdentities": {
          "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]": {}
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]",
        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]"
      ],
      "properties": {
        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]"
      }
    },
    {
      "type": "Microsoft.DocumentDb/databaseAccounts",
      "apiVersion": "2021-06-15",
      "name": "[parameters('cosmosDbAccountName')]",
      "location": "[parameters('secondaryResourceRegion')]",
      "identity": {
        "type": "UserAssigned",
        "userAssignedIdentities": {
          "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]": {}
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]"
      ],
      "properties": {
        "databaseAccountOfferType": "Standard"
      }
    },
    {
      "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
      "apiVersion": "2021-05-15",
      "name": "[concat(parameters('cosmosDbAccountName'), '/', guid('roleAssignment1', 'data'))]",
      "dependsOn": [
        "[concat('Microsoft.DocumentDB/databaseAccounts/', parameters('cosmosDbAccountName'))]",
        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]"
      ],
      "properties": {
        "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosDbAccountName'), '00000000-0000-0000-0000-000000000001')]",
        "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))).PrincipalId]",
        "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDbAccountName'))]"
      }
    }
  ]
}

Share via

Assistance Required: Issues with ARM Template Deployment for Managed Identity

Your answer