Where using the above client_id, tenant_id, subscription_id, client_secret (they are obtained from az account show and was able to successfully create other resources like vnet, subnets etc), it gives below error
Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '4d8a138b-5734-441a-a3cd-00f60be1d7c0' with object id '4d8a138b-5734-441a-a3cd-00f60be1d7c0' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/xxx/resourceGroups/scale-rg/providers/Microsoft.Network/virtualNetworks/scale-vnet/providers/Microsoft.Authorization/roleAssignments/144a2f0d-1f3b-fb7a-3e20-62261e44a9c1' or the scope is invalid. If access was recently granted, please refresh your credentials."
It look like the account which was using to apply Terraform template has no permission enough on Azure resources.
To fix this, please assign appropriate Azure RBAC role to your service principal in the Azure Subscription. The RBAC roles that would allow role assignment are Owner or User Access Administrator.
Leave a Reply