@Ezopek Thank you for submitting the problem, but I can manage the AKS resource in your way, and the resource was created successfully. But from your error, is your error because the policy does not allow your subscription to manage this resource? Thank you!

@Fred-sun AKS resource itself is created, but with failed agent(s)_pool. The error I posted is targeted on deployment of VMSS (VirtualMachineScaleSets) for the agent_pool - my company doesn't allow creating that resource since it doesn't have required custom tags.

So yea, as a workaround I could just handle this specific error and create needed agent_pools later with azure_rm_aksagentpool with those tags. But it would be nice-to-have to do that with just azure_rm_aks without errors since the option is there (and it needs atleast one system agent_pool).

To speak more plainly - I would like the VirtualMachineScaleSets created by azure_rm_aks for agent_pools to have the tags that we provide in the properties of azure_rm_aks, as at the moment they seem to be created without them.
It is possible to do so via Azure GUI:

@Ezopek Currently the SDK does not support defining tags in this way, so it is not possible to do so for the time being. Thank you!

@Fred-sun I can see in SDK documentation for azure-mgmt-containerservice > ManagedClustersOperations > begin_create_or_update > ManagedCluster object > ManagedClusterAgentPoolProfile object used in list for agent_pool_profiles - and there is an option for specifying tags

Also, this is possible via Terraform azurerm provider (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#default_node_pool) same as with REST API (https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/create-or-update?view=rest-aks-2024-07-01&tabs=HTTP#managedclusteragentpoolprofile)

Actually after some thought I might have overcomplicate this issue a little.
All that I actually want to achieve is to be able to set tags on agent_pool_profiles like that:

- name: Create AKS
  azure_rm_aks:
    name: "{{ aks_name }}"
    location: "{{ location }}"
    resource_group: "{{ resource_group }}"
    # [...]
    agent_pool_profiles:
      - name: master
        mode: System
        vm_size: Standard_B2s
        type: VirtualMachineScaleSets
        # [...]
        tags: # <-- this right now is not possible in ansible azure_rm_aks, yet it is via REST API, Terraform azurerm provider or Python Azure SDK
          some: custom
          tags: aks
    tags:
      some: custom
      tags: aks

Sorry for all the confusion with "inheriting" stuff... At first I thought simply of copying tags from main azure_rm_aks properties to agent_pool_profiles, but simply being able to set them manually will be well and enough

@Fred-sun can you look at it once again and verify 'hold' label - there are available features for agent-pools tags in Azure Python SDK - #1713 (comment)

@Ezopek You mean to add tags to the parameter 'agent_pool_profiles', right?

@Ezopek What you're asking for is something like #1713, add tags to agent_pools ？

@Fred-sun @xuzhang3 Sorry I was out-of-office. Yes, exactly. Again sorry for all the misunderstanding and overcomplicating and thank you very much for cooperation and quick change!