none
Permissions failure when deploying HDInsight cluster with ARM template RRS feed

  • Question

  • Hi all,

    I am getting an error when trying to deploy a HDInsight cluster from an ARM template using a runbook under an Azure Automation Account. The error is as follows:

    New-AzureRmResourceGroupDeployment : The client '***********' with object id '<Automation account Run As Service Principal ID' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/subscriptions/<SubscriptionID>/resour cegroups/<RGName>/providers/Microsoft.Resources/deployments/dev-esp-template' or the scope is invalid. If access was recently granted, please refresh your credentials. At line:75 char:5 + New-AzureRmResourceGroupDeployment -ResourceGroupName $ResourceGr ... +

    The Automation Account Run As Service Principal is a contributor for the Resource Group referenced in the above error message, and other HDInsight templates are deploying fine using the same automation account.

    Any ideas?

    Regards

    Dave

    Tuesday, December 10, 2019 3:55 PM

All replies

  • Hello DangerMoose87,

    Contributor role should work in your scenario. Here are 3 resolution options for you to explore.

    Let me know if that helps.

    1. PowerShell is authenticated under a different/incorrect user context. (Get-AzContext will show you this information)

    2. Deploying to the wrong resource group (verify resource group name)

    3. Deploying to the wrong subscription (Get-AzContext will show you this information; you can switch subscription with Select-AzSubscription)

    Hope this helps.

    Cheers.



    Friday, December 13, 2019 1:44 AM
    Moderator