This page describes configuration and troubleshooting steps for Azure cloud account setup.

Customize the Install

Both the Single Account and Organizational Account code examples are configured with appropriate defaults for the underlying inputs. But, you can edit the region, module enablement, and other inputs. See details for:

Enable Image Scanner

Image Scanner feature is disabled by default. If you want to enable it, just use the deploy_scanning input variable on your snippet such as:

module "secure-for-cloud_example"{
 deploy_scanning = true


Find more troubleshooting options on the Secure for Cloud - Terraform Azure module source repository

1. Insufficient Permissions on Subscription

This error might occur if your current Azure authentication session does not have the required permissions to create resources in the specified subscription.

Solution: Ensure you are authenticated to Azure using a Non-Guest user with the Contributor or Owner role on the target subscription.

Error: Error Creating/Updating Lighthouse Definition "dd9be15b-0ee9-7daf-b942-5e173dae13fb" (Scope "/subscriptions/***"): managedservices.RegistrationDefinitionsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InsufficientPrivilegesForManagedServiceResource" Message="The requested user doesn't have sufficient privileges to perform the operation."
     with module.cloudvision_example_existing_resource_group.module.cloud_bench.module.trust_relationship["***"].azurerm_lighthouse_definition.lighthouse_definition,
         on ../../../modules/services/cloud-bench/trust_relationship/ line 28, in resource "azurerm_lighthouse_definition" "lighthouse_definition":
         28: resource "azurerm_lighthouse_definition" "lighthouse_definition" {

2. Conflicting Resources

This error might occur if the specified Azure Subscription has already been onboarded to Sysdig

Solution: You can import the resource into Terraform using the terraform import command. This will bring the resource under management in the current Terraform workspace.

Error: A resource with the ID "/subscriptions/***/resourceGroups/sfc-resourcegroup" already exists - to be managed via Terraform this resource needs to be imported into the State. For details, see the resource documentation for `azurerm_resource_group`.
         with module.cloudvision_example_existing_resource_group.module.infrastructure_eventhub.azurerm_resource_group.rg[0],
         on ../../../modules/infrastructure/eventhub/ line 6, in resource "azurerm_resource_group" "rg":
          6: resource "azurerm_resource_group" "rg" {

3. Missing ‘Microsoft.ManagedServices’ Namespace Registration

This error occur if the specified Azure Subscription is not registered in the ‘Microsoft.ManagedServices’ namespace.

Solution: You can register a Resource Provider by following the Microsoft Documentation.

Error: creating/updating Lighthouse Assignment: (Lighthouse Definition ID "***" / Scope "/subscriptions/***"): managedservices.RegistrationDefinitionsClient#CreateOrUpdate: Failure sending request: StatusCode=409 -- Original Error: Code="MissingSubscriptionRegistration" Message="The managed services resource provider not allowed to access the subscription '***'. The subscription must be registered to use namespace 'Microsoft.ManagedServices'. Please see for details on how to register subscriptions." Details=[{"code":"AuthorizationFailed","message":"The client '***' with object id '***' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/***' or the scope is invalid. If access was recently granted, please refresh your credentials."}]

  with module.subscriptions-sysdig-sfc-agentless["***"].module.trust_relationship["***"].azurerm_lighthouse_definition.lighthouse_definition,
  on .terraform\modules\subscriptions-sysdig-sfc-agentless\modules\services\cloud-bench\trust_relationship\ line 24, in resource "azurerm_lighthouse_definition" "lighthouse_definition":
  24: resource "azurerm_lighthouse_definition" "lighthouse_definition" {