How to Enable Programmatic Deployment for ARM Resources
Before we go into programmatic deployment, it's important to understand what ARM actually is. Azure Resource Manager is the family of API's behind Azures latest resource model. The older model was called Azure Service Management (ASM). If you are familiar with ASM, you might find terms like Cloud Services familiar instead of Resource Group. On these API families are built PowerShell cmdlets, portal GUI elements, Azure CLI commands, and any else that is available to us to configure our Azure environment. The most notable distinction about ARM is the availability of ARM templates, key/value JSON pairs that you can place in a JSON file and submit to Azure for deployment.
Recently, I found myself building a template for a pair of highly available Palo Alto firewalls. As I got ready to deploy, I came across an error that prompted me to do the following:
"Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal….and configure programmatic deployment for the Marketplace item or create it there for the first time"
I rarely build templates for third party marketplace deployments so this was the first time I had seen this error. Upon some digging, I found that programmatic deployment is somewhat of a safeguard. First, it ensures that you are giving permission to deploy a third party tool in your environment (which can run up quite a bill depending on the resource) and second, that programmatic deployment cannot be enabled programmatically, which is a bummer. There's no PoSH, or switch in an ARM template that can bypass this error.
To enable programmatic deployment, you must go into the portal and actually deploy the type of resource that you are trying to deploy via other means so that you can accept the terms and conditions explicitly. Once deployed, you must go to the Azure portal, go to your subscription blade. You should see a tab called programmatic deployment. In the information for that tab you should see an option to enable the type of resource you just deployed. Click Enable and you will be able to deploy that resource programmatically (PowerShell, Azure CLI, ARM template, API) forevermore.