Hello Community,
I have been having the following Terraform run task error when I was creating the Lab1 exercise:
Error: failed to create a new VPC: rest API create_custom_vpc Post failed: Create VNet ace-iac-spoke2 failed. Azure Error: AuthorizationFailed Message: The client '90b0afae-fcc2-4b37-9c18-dbba0b96d382' with object id '90b0afae-fcc2-4b37-9c18-dbba0b96d382' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/xxxx-xxxx-xxxx-xxxx/resourcegroups/rg-av-ace-iac-spoke2-xxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.
with module.azure_spoke_2.aviatrix_vpc.default[0]
on .terraform/modules/azure_spoke_2/main.tf line 2, in resource "aviatrix_vpc" "default":
resource "aviatrix_vpc" "default" {
In the Terraform Cloud, I have inserted all credentials as instructed using secret environment variables and terraform variables. The AWS resources were provisioned, but the Azure resources (despite having a PAYG account and custom role with permissions including "Microsoft.Resources/subscriptions/resourcegroups/*") are not.
The obfuscated subscription ID that I'm using for the lab's Custom role was also added to the JSON policy's assignable scope.
Please advise. Thank you in advance for your assistance and guidance.
Best answer by Aviatrix ACE Team
View original