Comments (3)
Would it be possible for you to open a support case to get this resolved? I suspect we will need to do some digging on our side to find out what is happening and support will be able to help you get all the details we need to investigate.
from azure-blueprints.
Seems that problem is still relevant - got the same deploying Blueprint using Azure Cli (updating existing assignment). Solved manually granting owner rights to Azure Blueprints SP:
- get Azure Blueprints SP Id
az ad sp show --id f71766dc-90d9-4b7d-bd9d-4499c4331c3f --query "id"
- get your subscription id (choose needed from list)
az account list --query "[].{name:name, id:id}" --output tsv
- grant owner permissions
az role assignment create --assignee "_Blueprints_SP_Id_" --role "Owner" --subscription "_Subscription_Id_"
After procedure I made assignment update from Azure Cli work again.
from azure-blueprints.
I had this issue as well, I think the azure deployment error should have a link here.
https://learn.microsoft.com/en-us/azure/governance/blueprints/overview
If using a system-assigned managed identity, the service principal for Azure Blueprints requires the Owner role on the assigned subscription in order to enable deployment. If using the portal, this role is automatically granted and revoked for the deployment. If using the REST API, this role must be manually granted, but is still automatically revoked after the deployment completes. If using a user-assigned managed identity, only the user creating the blueprint assignment needs the Microsoft.Blueprint/blueprintAssignments/write permission, which is included in both the Owner and Blueprint Operator built-in roles.
from azure-blueprints.
Related Issues (20)
- Parameter Names are Case Sensitive
- Blueprint as arm template deployment [for your example]
- Need guidance on properly formatted default access policy for keyvault in CAF Foundation HOT 1
- BluePrint configure resourceGroup tags from parameter HOT 3
- ARM-Template Sample for Full Blueprint definition HOT 1
- Assigning a Blueprint to a ManagementGroup HOT 7
- Deleting assignments using REST API HOT 2
- Blueprint Assignment IaC Issue HOT 1
- Unable to use artifacts function to specify roleDefinitionId. HOT 3
- Authentication via managed identity for assign blueprint with rest api
- Need apiVersion on fw to ip reference in ASBF & ASBF_Gov
- Linter for azure blueprints HOT 1
- Set-AzBlueprintAssignment using earlier published version of the definition HOT 5
- Creating a blueprint of target scope 'managementGroup' fails HOT 1
- delegated subnet, created by blueprint, does not allow actions of service; blocked by deny assignment
- Assignment with user-assigned managed identity at management group scope : The request did not have a subscription or a valid tenant level resource provider HOT 2
- Blueprints HOT 3
- Deny assignment using blueprint for particular Management group HOT 1
- This repo is missing important files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-blueprints.