Troubleshoot the RequestDisallowedByPolicy error code (for cluster deletions)
This article discusses how to identify and resolve the RequestDisallowedByPolicy error that occurs when you try to delete a Microsoft Azure Kubernetes Service (AKS) cluster.
Symptoms
When you try to delete an AKS cluster, you receive the following error message:
internalErrorCode: "RequestDisallowedByPolicy"
StatusCode=403 (forbidden)
StatusCode=BadRequest
{
Message: "Resource 'aks-agentpool-test-routetable' was disallowed by policy. Policy identifiers: 'policyAssignment: "name: ....Microsoft.Management/managementGroups/test/providers/Microsoft.Authorization/policyAssignments/test"
}
Cause
The RequestDisallowedByPolicyerror can have many policy-related causes. Only customers (not Microsoft) can manage the policies in their environment. Microsoft can't disable or bypass those policies.
Solution
Verify that you have permission to make any changes to policy services. If you don't have permission, find someone who has access so that they can make the necessary changes. Also, check the policy name that's causing the problem, and then temporarily deny that rule so that you (or someone who has permission) can do the delete operation.
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for