TerraformPilot

Troubleshooting

Fix: Azure Container Registry SKU Upgrade Required

Fix Azure Container Registry SKU errors in Terraform. Covers feature availability per tier, geo-replication, private endpoints, and in-place upgrades.

LLuca Berton2 min read

Quick Answer

#

The feature you're trying to use requires a higher ACR SKU tier. Upgrade from Basic to Standard or Premium — geo-replication, private endpoints, and content trust all require Premium SKU.

The Error

# 
Error: creating/updating Container Registry "myacr":
  SkuUpgradeRequired: The registry SKU 'Basic' doesn't support
  geo-replications. Please upgrade to 'Premium'.
Error: Private endpoints are only available for Premium SKU registries.

What Causes This Error

#

Using a feature that's restricted to a higher SKU tier. ACR has three tiers with different capabilities.

ACR SKU Feature Matrix

#
FeatureBasicStandardPremium
Storage10 GB100 GB500 GB
Geo-replication
Private endpoints
Content trust
Customer-managed keys
Webhooks210500
Price (approx/month)$5$20$50

How to Fix It

#

Solution 1: Upgrade SKU

# 
resource "azurerm_container_registry" "main" {
  name                = "myappacr${var.environment}"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  sku                 = "Premium"  # Upgrade from Basic/Standard
  admin_enabled       = false
 
  # Now you can use Premium features
  georeplications {
    location = "West Europe"
  }
}

Solution 2: Add Private Endpoint (Premium Only)

# 
resource "azurerm_container_registry" "main" {
  name                          = "myappacr${var.environment}"
  resource_group_name           = azurerm_resource_group.main.name
  location                      = azurerm_resource_group.main.location
  sku                           = "Premium"
  public_network_access_enabled = false
}
 
resource "azurerm_private_endpoint" "acr" {
  name                = "acr-pe"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  subnet_id           = azurerm_subnet.endpoints.id
 
  private_service_connection {
    name                           = "acr-psc"
    private_connection_resource_id = azurerm_container_registry.main.id
    subresource_names              = ["registry"]
    is_manual_connection           = false
  }
}

Solution 3: Choose the Right SKU Per Environment

# 
variable "acr_sku" {
  type = map(string)
  default = {
    dev     = "Basic"
    staging = "Standard"
    prod    = "Premium"
  }
}
 
resource "azurerm_container_registry" "main" {
  name                = "myappacr${var.environment}"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  sku                 = var.acr_sku[var.environment]
}

Troubleshooting Checklist

#
  1. ✅ Which feature requires the upgrade? (Check error message)
  2. ✅ What's the current SKU? (az acr show --name myacr --query sku.name)
  3. ✅ Is Premium SKU needed, or is Standard sufficient?
  4. ✅ Is the SKU upgrade within budget?

Prevention Tips

#
  • Start with Premium for production — most enterprise features require it
  • Use Basic for dev/test — cheapest option for non-production
  • SKU upgrades are in-place — no need to recreate the registry
  • Document required SKU per feature in your project README
#

Conclusion

#

ACR SKU errors mean you're using a feature that requires a higher tier. Geo-replication, private endpoints, and content trust all need Premium. Upgrades are in-place — just change the sku field in your Terraform config. Use different SKUs per environment to optimize costs.

#Terraform#Azure#Troubleshooting#Error Fix

Share this article

Related articles