Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Terraform - Azure as a provider and limited access account

Tags:

subscription

azure

terraform

provider

terraform-provider-azure

I want to deploy some resources on Azure with Terraform. On Azure, I have an account with "Owner rights" on one Resource Group only(RGName). Not at the subscription level.

From my linux server, I installed "az cli" and I did "az login". At this step, everything is OK.

The problem appears when I want to execute terraform to create one resource.

Content of provider.tf (the only one .tf file for now) :

provider "azurerm" {
}

If I do a "terraform plan", it works.

If I add the following line, it fails. Please see the error at the end :

resource "azurerm_virtual_network" "myterraformnetwork" {
    name                = "myVnet"
    address_space       = ["10.0.0.0/16"]
    location            = "eastus"
    resource_group_name = "RGName"

    tags = {
        environment = "Terraform Demo"
    }
}

I do not have right on subscription level but I do not need to. With the Azure WebUI I can create resource on this Resource Group without problem.

The error :

Error: Error ensuring Resource Providers are registered: Cannot register provider Microsoft.DevSpaces with Azure Resource Manager: resources.ProvidersClient#Register: Failure responding to request: StatusCode=403 -- Original Error: autor est/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'accountName' with object id 'IDaccountName' does not have authorization to perform action 'Microsoft.DevSpaces/r egister/action' over scope '/subscriptions/subscriptionID' or the scope is invalid. If access was recently granted, please refresh your credentials.".

on provider.tf line 1, in provider "azurerm": 1: provider "azurerm" {

Thank you all !

like image 596
Lbebitas Avatar asked Sep 11 '19 15:09

Lbebitas

1 Answers

If anyone else has this issue in a corporate (restricted) Azure environment, and doesn't have the patience to register the provider (which may not be necessary if you don't use the specified terraform resource) - have a look at https://github.com/terraform-providers/terraform-provider-azurerm/issues/4440

Specifically, this may help:

provider "azurerm" {
  skip_provider_registration = "true"

It obviously won't help if you actually need the resource that fails to get registered (in our case it was Cannot register provider Microsoft.DevSpaces with Azure Resource Manager, but the resource will be variable depending on your environment and what Terraform decides to support)

like image 124
Geehan Avatar answered Nov 15 '22 04:11

Geehan
Sign in to Comment

Related questions

homogeneous vs heterogeneous in documentdb
How to push to azure app service from a branch other than master?
How to get all results from azure search?
Deleting Azure Active Directory returns Delete all App registrations although there is no app
Should I create a resource group or subscription?
Graph API get users from Azure AD
Azure App Service - write to filesystem - ASP.NET web application
Azure Automation Powersell Runbook fails: 'Invoke-Sqlcmd' is not recognized as the name of a cmdlet
Azure classification using vba
Azure SQL large deletes
View Request Body in Application Insights
Azure Service Bus in .Net Core - how to receive only one message
Replace new line in string
How to Deploy Angular 6 to Azure Web App - You do not have permissions
How to login Multi-Factor Authentication to Dynamics 365 using C#
Publish an Azure DevOps extension from command line fails with 401
Azure vpn error A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)
Windows Machine File Copy - DevOps task and IP address
What is the best way to provide a private SSH key in Azure DevOps Pipeline?
ARM template transform array of strings into array of objects

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!