Azure learnのモジュール内から起動するVM用のSandbox環境において、NATゲートウェイを作成することは不可能ですか?
【やろうとしていること】
https://learn.microsoft.com/ja-jp/azure/load-balancer/quickstart-load-balancer-standard-public-portal?source=recommendations
上記の内容を、以下のページから起動できるSandboxから試そうとしています。
https://learn.microsoft.com/ja-jp/training/modules/create-windows-virtual-machine-in-azure/3-exercise-create-a-vm
【症状】
NATゲートウェイの確認および作成タブで検証に失敗する
【エラー】
{
"code": "InvalidTemplateDeployment",
"message": "The template deployment failed because of policy violation. Please see details for more information.",
"details": [
{
"code": "RequestDisallowedByPolicy",
"target": "test-nat",
"message": "リソース 'test-nat' はポリシーによって許可されませんでした。ポリシー識別子: '[{\"policyAssignment\":{\"name\":\"vm-assignment\",\"id\":\"/providers/Microsoft.Management/managementGroups/1ba712d0-8089-7ba5-e106-fe759dfda658/providers/Microsoft.Authorization/policyAssignments/vm-assignment\"},\"policyDefinition\":{\"name\":\"Allowed resource types\",\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\"},\"policySetDefinition\":{\"name\":\"virtualmachines-initiative\",\"id\":\"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/virtualmachines-initiative\"}}]'。",
"additionalInfo": [
{
"type": "PolicyViolation",
"info": {
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "False",
"expressionKind": "Field",
"expression": "type",
"path": "type",
"expressionValue": "Microsoft.Network/natGateways",
"targetValue": [
"Microsoft.AlertsManagement/actionRules",
"Microsoft.Alertsmanagement/smartDetectorAlertRules",
"Microsoft.CognitiveServices/accounts",
"Microsoft.Compute/availabilitySets",
"Microsoft.Compute/disks",
"Microsoft.Compute/images",
"Microsoft.Compute/sshPublicKeys",
"Microsoft.Compute/virtualMachines",
"Microsoft.Compute/virtualMachines/extensions",
"Microsoft.Compute/virtualMachines/metricDefinitions",
"Microsoft.ContainerRegistry/registries",
"Microsoft.DataMigration/services",
"Microsoft.DataMigration/services/projects",
"Microsoft.DBforMySQL/servers",
"Microsoft.DBforPostgreSQL/servers",
"Microsoft.DocumentDB/databaseAccounts",
"Microsoft.Devices/IotHubs",
"Microsoft.DevTestLab/schedules",
"microsoft.insights/actiongroups",
"microsoft.insights/activityLogAlerts",
"microsoft.insights/autoscalesettings",
"microsoft.insights/alertrules",
"microsoft.insights/components",
"Microsoft.Insights/dataCollectionRules",
"Microsoft.insights/metricalerts",
"Microsoft.insights/workbooks",
"Microsoft.IoTCentral/IoTApps",
"Microsoft.KeyVault/vaults",
"Microsoft.KeyVault/vaults/accessPolicies",
"Microsoft.KeyVault/vaults/secrets",
"Microsoft.Logic/workflows",
"Microsoft.Network/applicationGateways",
"Microsoft.Network/applicationSecurityGroups",
"Microsoft.Network/connections",
"Microsoft.Network/dnszones",
"Microsoft.Network/dnszones/A",
"Microsoft.Network/dnszones/AAA",
"Microsoft.Network/dnszones/all",
"Microsoft.Network/dnszones/CAA",
"Microsoft.Network/dnszones/CNAME",
"Microsoft.Network/dnszones/MX",
"Microsoft.Network/dnszones/NS",
"Microsoft.Network/dnszones/PTR",
"Microsoft.Network/dnszones/recordsets",
"Microsoft.Network/dnszones/SOA",
"Microsoft.Network/dnszones/SRV",
"Microsoft.Network/dnszones/TXT",
"Microsoft.Network/loadBalancers",
"Microsoft.Network/localNetworkGateways",
"Microsoft.Network/bastionHosts",
"Microsoft.Network/networkInterfaces",
"Microsoft.Network/networkSecurityGroups",
"Microsoft.Network/networkWatchers",
"Microsoft.Network/networkWatchers/connectionMonitors",
"Microsoft.Network/networkWatchers/lenses",
"Microsoft.Network/networkWatchers/pingMeshes",
"Microsoft.Network/publicIPAddresses",
"Microsoft.Network/publicIPPrefixes",
"Microsoft.Network/routeTables",
"Microsoft.Network/routeTables/routes",
"Microsoft.Network/trafficmanagerprofiles",
"Microsoft.Network/virtualNetworkGateways",
"Microsoft.Network/virtualNetworks",
"Microsoft.OperationalInsights/workspaces",
"Microsoft.OperationsManagement/solutions",
"Microsoft.Portal/dashboards",
"Microsoft.Resources/deployments",
"Microsoft.Resources/resourceGroups",
"Microsoft.Security/iotSecuritySolutions",
"Microsoft.Sql/servers",
"Microsoft.Sql/servers/databases",
"Microsoft.Storage/storageAccounts",
"Microsoft.StorageSync/storageSyncServices",
"Microsoft.Web/connections",
"Microsoft.Web/serverFarms",
"Microsoft.Web/sites"
],
"operator": "In"
}
]
},
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
"policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/virtualmachines-initiative",
"policyDefinitionReferenceId": "allowed-resource-types_1",
"policySetDefinitionName": "virtualmachines-initiative",
"policySetDefinitionDisplayName": "virtualmachines-initiative",
"policyDefinitionName": "a08ec900-254a-4555-9bf5-e42af04b5c5c",
"policyDefinitionDisplayName": "Allowed resource types",
"policyDefinitionEffect": "deny",
"policyAssignmentId": "/providers/Microsoft.Management/managementGroups/1ba712d0-8089-7ba5-e106-fe759dfda658/providers/Microsoft.Authorization/policyAssignments/vm-assignment",
"policyAssignmentName": "vm-assignment",
"policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/1ba712d0-8089-7ba5-e106-fe759dfda658",
"policyAssignmentParameters": {},
"policyExemptionIds": []
}
}
]
}
]
}