Coder Perfect

“Changing property > ‘agentPoolProfile.vnetSubnetID’ is not allowed,” says the Azure Bicep script. During the second execution


I’m using Azure Bicep to establish a virtualNetwork with a single subnet, which I then use as the input for an aks cluster with the following parameters: vnet[0].id[0].id[0].i

The first time I execute the command, it successfully builds the virtual network and cluster, but the second time I run it, I receive the following error:

I double-checked, and the virtualNetwork generated by the deployment only has one subnet (no other magically appeared or anything).

I performed the experiment using a different resource group and got the same results, so it’s repeatable.

Here’s the complete biceps file (just call az deployment group create —resource-group showcase-kevinplayground2 -f cluster.bicep in the resource group of your choice)

targetScope = 'resourceGroup'
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = {
  name: 'aksVirtualNetwork'
  location: resourceGroup().location
        name: 'aks'
          addressPrefix: ''


resource aksManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
  name: 'playgroundIdentity'
  location: resourceGroup().location

resource aks 'Microsoft.ContainerService/managedClusters@2021-02-01' = {
  name: 'playground-cluster0'
  location: resourceGroup().location
  identity: {
    userAssignedIdentities: {
      '${}': {}
  sku: {
    name: 'Basic'
    tier: 'Free'
  properties: {
    kubernetesVersion: '1.21.2'
    dnsPrefix: 'playground'
    enableRBAC: true

    networkProfile: {
      networkPlugin: 'azure'
      networkPolicy: 'calico'

    aadProfile: {
      managed: true
      enableAzureRBAC: true

    autoUpgradeProfile: {}

    apiServerAccessProfile: {
      enablePrivateCluster: false

    agentPoolProfiles: [
        name: 'aksnodes'
        count: 1
        vmSize: 'Standard_B2s'
        osDiskSizeGB: 30
        osDiskType: 'Managed'
        osType: 'Linux'
        maxCount: 1
        minCount: 1
        enableAutoScaling: true
        type: 'VirtualMachineScaleSets'
        mode: 'System'
        orchestratorVersion: null

Asked by Kevin Coulombe

Solution #1

You should utilize the resourceId function, according to this github issue. Something along those lines should suffice in your case:

vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', 'aksVirtualNetwork', 'aks')

Answered by Thomas

Post is based on