Do Blueprints support inline deployment scripts within ARM template?

Question

My aim is to add users to the Cost Management Contributor role as part of my baseline subscription blueprint.

My first thought was to try the Role Assignment artifact available in Blueprint GUI. However, this only allows you to select one user - I want to add more than one user.

My second thought was to use the ARM deployment script feature, using an inline powershell command within ARM template to create an AZ AD group and assign it to the Cost Management Contributor role. This works fine if I deploy the ARM template via powershell but complains about json formatting error when I try deploying it as part of a Blueprint.

So my question is, do Blueprints support inline deployment scripts within ARM templates? I suspect not.

Is there another way I could assign more than one user (or create an AZ AD Group and assign that) to a Role Assignment as part of a Blueprint deployment?

Thanks
G

Answer 1

Happy to help, @Gavlarc ,
By " support inline deployment scripts within ARM templates" Are you asking if BP supports running ARM template with an embedded deployment script?
AFAIK, Blueprint supports this since its just passing the ARM template to Resource Manager as actualy deployment.

If this is a new sub, then the deployment scripts require a user-assigned managed identity with the contributor's role on the target management scope.

Also curious about the JSON formatitng errors you called out. Are there any details that could shine some light on the failure.
If you havent seen these already, here are some publicly documented troubleshooting steps for your reference.

Looking fwd to your reply.