How do I assign Azure RBAC roles at the subscription level?
In this example, we will demonstrate how to assign Azure RBAC roles at the subscription level using Pulumi. We will create a role assignment that grants a specific role to a user or service principal at the subscription level.
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
// Define the principal ID (user or service principal) to which the role will be assigned
const principalId = "YOUR_PRINCIPAL_ID"; // Replace with the actual principal ID
// Define the role definition ID (role) to be assigned
const roleDefinitionId = "/subscriptions/YOUR_SUBSCRIPTION_ID/providers/Microsoft.Authorization/roleDefinitions/YOUR_ROLE_DEFINITION_ID"; // Replace with the actual role definition ID
// Create the role assignment
const roleAssignment = new azureNative.authorization.RoleAssignment("exampleRoleAssignment", {
principalId: principalId,
roleDefinitionId: roleDefinitionId,
scope: "/subscriptions/YOUR_SUBSCRIPTION_ID", // Replace with your subscription ID
});
// Export the role assignment ID
export const roleAssignmentId = roleAssignment.id;
Key Points
- The
principalId
is the ID of the user or service principal to which the role will be assigned. - The
roleDefinitionId
is the ID of the role definition that specifies the permissions. - The
scope
is set to the subscription level, which means the role assignment applies to the entire subscription.
Summary
We have demonstrated how to assign an Azure RBAC role at the subscription level using Pulumi. This involves specifying the principal ID, role definition ID, and the scope (subscription) for the role assignment. The resulting role assignment ID is exported for reference.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.