Permissions failure when deploying HDInsight cluster with ARM template RRS feed

  • Question

  • Hi all,

    I am getting an error when trying to deploy a HDInsight cluster from an ARM template using a runbook under an Azure Automation Account. The error is as follows:

    New-AzureRmResourceGroupDeployment : The client '***********' with object id '<Automation account Run As Service Principal ID' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/subscriptions/<SubscriptionID>/resour cegroups/<RGName>/providers/Microsoft.Resources/deployments/dev-esp-template' or the scope is invalid. If access was recently granted, please refresh your credentials. At line:75 char:5 + New-AzureRmResourceGroupDeployment -ResourceGroupName $ResourceGr ... +

    The Automation Account Run As Service Principal is a contributor for the Resource Group referenced in the above error message, and other HDInsight templates are deploying fine using the same automation account.

    Any ideas?



    Tuesday, December 10, 2019 3:55 PM

All replies

  • Hello DangerMoose87,

    Contributor role should work in your scenario. Here are 3 resolution options for you to explore.

    Let me know if that helps.

    1. PowerShell is authenticated under a different/incorrect user context. (Get-AzContext will show you this information)

    2. Deploying to the wrong resource group (verify resource group name)

    3. Deploying to the wrong subscription (Get-AzContext will show you this information; you can switch subscription with Select-AzSubscription)

    Hope this helps.


    Friday, December 13, 2019 1:44 AM