I'm the owner of multiple subscriptions and multiple management groups within which these subscriptions are contained.
I want to use BICEP to deploy resources across several subscriptions within a management group. When I scope to subscription, I have no issues with this. Now I'm scoping to management group, I'm hitting a problem.
I am using VSCODE and logged into the correct Azure account
When I deploy my bicep file, I get the error below. This is shown after the 'search bar' in VSCODE has displayed all my subscriptions and when it's searching for my management groups.
You do not have access to any management group. Please create one in the Azure portal and try to deploy again
What additional permissions beyond the owner of the management group do I need?
A simple example code is below.
main.bicep
targetScope='managementGroup'
module deployCoreResourceGroup 'createResourceGroup.bicep' = {
scope: subscription(subscriptionIdCoreHub)
name: resourceGroupCoreName
params: {
location: location
resourceGroupName: resourceGroupCoreName
}
}
createResourceGroup.bicep
param location string
param resourceGroupName string
targetScope = 'subscription'
resource resourceGroupCore 'Microsoft.Resources/resourceGroups@2022-09-01' = {
name: resourceGroupName
location: location
}
Image showing I am the owner of a management group.
As discussed in the comments, providing a detail way below on how to resolve your issue.
If you are deploying bicep code from
Visual Studio Code, make sure that the Azure accountsign insettings and accountcredentialsare properly set to the relevant management group and subscription.Go to
VScode >> Terminal>> useaz account management-groupcommand as shown below to set the above.Also run
az logincommand from theVScodeterminal as it is very needed before deploying any code.Note: Also check if you have necessary permissions to deploy the bicep into the corresponding Azure Management group.
After executing the above, I tried the same code as you and was able to deploy it successfully as shown below.
Output: