ACE-IAC Lab1 Azure Resource Group error

Hello Community,

I have been having the following Terraform run task error when I was creating the Lab1 exercise:


Error: failed to create a new VPC: rest API create_custom_vpc Post failed: Create VNet ace-iac-spoke2 failed. Azure Error: AuthorizationFailed Message: The client '90b0afae-fcc2-4b37-9c18-dbba0b96d382' with object id '90b0afae-fcc2-4b37-9c18-dbba0b96d382' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/xxxx-xxxx-xxxx-xxxx/resourcegroups/rg-av-ace-iac-spoke2-xxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.

with module.azure_spoke_2.aviatrix_vpc.default[0]

on .terraform/modules/azure_spoke_2/ line 2, in resource "aviatrix_vpc" "default":

resource "aviatrix_vpc" "default" {


In the Terraform Cloud, I have inserted all credentials as instructed using secret environment variables and terraform variables. The AWS resources were provisioned, but the Azure resources (despite having a PAYG account and custom role with permissions including "Microsoft.Resources/subscriptions/resourcegroups/*") are not.

The obfuscated subscription ID that I'm using for the lab's Custom role was also added to the JSON policy's assignable scope.

Please advise. Thank you in advance for your assistance and guidance.


Best answer by Aviatrix ACE Team 26 July 2022, 03:42

View original

2 replies

Userlevel 5

Hi Babatope Babafemi , do you get farther when you try this with a Contributor role instead of Custom? Refer to this page:


Only after getting this to work with Contributor, then try with Custom permissions:

Aviatrix Certified Engineer Thank you for the support. It worked! I've been able to finish Lab1 and 2. Wrapping up soon to hopefully take the exam before the end of the month. Thanks once again. I'll reach out if I have any other issues.