CODEWITHSUNDEEP
azureazure-resource-managerazure-keyvaultazure-rm-template
Alan B
Alan B

Reputation: 2289

Adding an access policy to a Key Vault which is in another resource group

I am trying to add access policy to an existing key vault which belongs to a different resource group. There was a suggestion from stackoverflow but I have authorization issue on implementing write. . How to add Access Policy to a Keyvault in different Resource Group through ARM Templates

I am trying a different way as below. I am adding the resource group in the name. But I am getting "different segment length" error

"resources": [
     {
      "type": "Microsoft.KeyVault/vaults/accessPolicies",
      "name": "[concat("/",parameters('resourceGroupName'),"/",parameters('keyVaultName'), '/add')]",
      "apiVersion": "2019-09-01",
      "properties": {
        "accessPolicies": [
          {
            "tenantId": "[reference(concat('Microsoft.Web/sites/',  variables('functionAppName'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').tenantId]",
            "objectId": "[reference(concat('Microsoft.Web/sites/',  variables('functionAppName'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]",
            "permissions": {
            "secrets": [
                    "get",
                    "list"
                ]
            }
          }
        ]
      }
    }
  ]

Is this even possible to add the resource group in the name?

Upvotes: 3

Views: 2158

Answers (1)

RamaraoAdapa
RamaraoAdapa

Reputation: 3119

As you are using resources in another resource group, you need to change the deployment scope to Subscription.

As suggested by Matt Stannett, you can either use Azure CLI or PowerShell script task in Octopus to get the Resource ID of your key vault

Upvotes: 0

Related Questions