1. Answers
  2. Deploy an Azure Role Assignment

How do I deploy an Azure role assignment?

In this example, we will demonstrate how to deploy an Azure role assignment using Pulumi. A role assignment in Azure is used to grant access to Azure resources by binding a user or service principal with a role. We will need a user or service principal ID, the scope of the assignment, and the role definition ID.

We will create a sample resource group and then assign the “Reader” role to a user within that resource group.

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const current = azure.core.getSubscriptionOutput({});
const reader = azure.authorization.getRoleDefinitionOutput({
    name: "Reader",
});
const exampleAssignment = new azure.authorization.Assignment("example", {
    scope: example.id,
    roleDefinitionName: reader.apply(reader => reader.name),
    principalId: "<YOUR_PRINCIPAL_OBJECT_ID>",
});
export const resourceGroupName = example.name;
export const roleAssignmentId = exampleAssignment.id;

This code does the following:

  1. Configures the Azure provider.
  2. Creates a resource group named “example-resources”.
  3. Retrieves the current Azure subscription and the “Reader” role definition.
  4. Creates a role assignment, assigning the “Reader” role to a specified user or service principal within the scope of the resource group.
  5. Outputs the name of the resource group and the ID of the role assignment.

With this setup, you’re granting read-only access to the specified principal for the resource group. This is a common use case for granting limited access to specific Azure resources.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up