Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Terraform - Azure as a provider and limited access account

I want to deploy some resources on Azure with Terraform. On Azure, I have an account with "Owner rights" on one Resource Group only(RGName). Not at the subscription level.

From my linux server, I installed "az cli" and I did "az login". At this step, everything is OK.

The problem appears when I want to execute terraform to create one resource.


Content of provider.tf (the only one .tf file for now) :

provider "azurerm" {
}

If I do a "terraform plan", it works.

If I add the following line, it fails. Please see the error at the end :

resource "azurerm_virtual_network" "myterraformnetwork" {
    name                = "myVnet"
    address_space       = ["10.0.0.0/16"]
    location            = "eastus"
    resource_group_name = "RGName"

    tags = {
        environment = "Terraform Demo"
    }
}

I do not have right on subscription level but I do not need to. With the Azure WebUI I can create resource on this Resource Group without problem.


The error :

Error: Error ensuring Resource Providers are registered: Cannot register provider Microsoft.DevSpaces with Azure Resource Manager: resources.ProvidersClient#Register: Failure responding to request: StatusCode=403 -- Original Error: autor est/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'accountName' with object id 'IDaccountName' does not have authorization to perform action 'Microsoft.DevSpaces/r egister/action' over scope '/subscriptions/subscriptionID' or the scope is invalid. If access was recently granted, please refresh your credentials.".

on provider.tf line 1, in provider "azurerm": 1: provider "azurerm" {


Thank you all !

like image 596
Lbebitas Avatar asked Sep 11 '19 15:09

Lbebitas


1 Answers

If anyone else has this issue in a corporate (restricted) Azure environment, and doesn't have the patience to register the provider (which may not be necessary if you don't use the specified terraform resource) - have a look at https://github.com/terraform-providers/terraform-provider-azurerm/issues/4440

Specifically, this may help:

provider "azurerm" {
  skip_provider_registration = "true"

It obviously won't help if you actually need the resource that fails to get registered (in our case it was Cannot register provider Microsoft.DevSpaces with Azure Resource Manager, but the resource will be variable depending on your environment and what Terraform decides to support)

like image 124
Geehan Avatar answered Nov 15 '22 04:11

Geehan