| title | BCP135 |
|---|---|
| description | Scope <scope-name> isn't valid for this resource type. Permitted scopes <scope-name>. |
| ms.topic | reference |
| ms.custom | devx-track-bicep |
| ms.date | 10/30/2025 |
In Bicep, scopes determine the hierarchical level at which resources are deployed within Azure. ARM provides four deployment scopes—resource group, management group, subscription, and tenant. Resources must be deployed within the allowed scopes. For more information, see Deployment scope.
Scope <scope-name> isn't valid for this resource type. Permitted scopes: <scope-name>.
Error
Deploy resources to the permitted scopes.
The following example raises the diagnostic because storageAccounts can't be deployed at the management group scope.
targetScope = 'managementGroup'
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
name: 'demostorage0220'
location: 'eastus'
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
}You can fix the diagnostic by setting the targetScope to resourceGroup.
targetScope = 'resourceGroup'
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
name: 'demostorage0220'
location: 'eastus'
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
}
For more information about Bicep diagnostics, see Bicep core diagnostics.