Hello @Jonathan Share , Thanks for the post. Per official ACM documentation, adding the built-in role: Cost Management Contributor should resolve this.
Hope this helps but do let me know if you have any followup questions.
Cheers.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm trying to create a minimal CustomRole for running terraform on my hobby project. One of the first things I'm trying to automate is the creation of a Budget so that I can be sure I get alerted before spending too much money.
The terraform provider uses the following API https://learn.microsoft.com/en-us/rest/api/consumption/budgets/createorupdate
My role definition currently looks like the following
{
"assignableScopes": [
"/subscriptions/<redacted>"
],
"description": "Perform only the actions necesary for running Terraform from GitLab CI",
"id": "/subscriptions/<redacted>/providers/Microsoft.Authorization/roleDefinitions/<redacted>",
"name": "<redacted>",
"permissions": [
{
"actions": [
"Microsoft.Consumption/budgets/read",
"Microsoft.Consumption/budgets/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Web/serverfarms/Read",
"Microsoft.Web/serverfarms/Write",
"microsoft.insights/actionGroups/read",
"microsoft.insights/actionGroups/write",
"microsoft.web/register/action"
],
"dataActions": [ ],
"notActions": [ ],
"notDataActions": [ ]
}
],
"roleName": "my-ci-role",
"roleType": "CustomRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
However terraform is still failing with the following error message
Service returned an error. Status=401 Code="401" Message="Unauthorized. Request ID: 9e51f598-886e-4d66-a037-b82660a72862"
Some services give information on which permission is missing, unfortunately this one doesn't and I have no idea where to find this information.
Hello @Jonathan Share , Thanks for the post. Per official ACM documentation, adding the built-in role: Cost Management Contributor should resolve this.
Hope this helps but do let me know if you have any followup questions.
Cheers.