Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployer VM RBAC roles requirements for correct bicep build #1901

Open
vanzod opened this issue Apr 30, 2024 · 0 comments
Open

Deployer VM RBAC roles requirements for correct bicep build #1901

vanzod opened this issue Apr 30, 2024 · 0 comments
Labels
discussion

Comments

@vanzod
Copy link
Contributor

vanzod commented Apr 30, 2024
edited
Loading

When building the Az-HOP infrastructure using bicep from a deployer VM with system managed identities, to successfully complete the build a subscription contributor role is required.
If I run the build.sh script with the roles described in the documentation with contributor role restricted to the resource group, the deployment fails with the following error:

{"code": "AuthorizationFailed", "message": "The client 'c2e131eb-4338-40b6-ad04-894582f10917' with object id 'c2e131eb-4338-40b6-ad04-894582f10917' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/subscriptions/f5a67d06-2d09-4090-91cc-e3298907a021' or the scope is invalid. If access was recently granted, please refresh your credentials."}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vanzod