Reputation: 4289
Powershell module can't find subscription when a bicep kicks it off
I am using a bicep to call a powershell script. The bicep script makes a call to Set-AzCognitiveServicesAccount.
It works as expected when I call the script from the command line. When I start the bicep from the command line, and it calls the script, I get this error:
No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Connect-AzAccount to login
I have logged in from the command line using Connect-AzAccount. Why would it behave differently when the bicep kicks it off?
This is the PowerShell script:
param(
[string] $resourceGroup,
[string] $resourceName
)
Write-Output "Disable public network access on language $resourceName"
$result = Set-AzCognitiveServicesAccount -Name $resourceName -ResourceGroupName $resourceGroup -PublicNetworkAccess "Disabled"
Write-Output "Result is $($result.ProvisioningState)"
Here is the relvant portion of my bicep:
var scriptArgumentsEndpoint = {
resourceName: language.name
resourceGroup: resourceGroup().name
}
var scriptContentEndpoint = loadTextContent('./disablePublicAccess.ps1')
resource scriptEndpoint 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: 'DisableendpointScript'
location: location
kind: 'AzurePowerShell'
properties: {
azPowerShellVersion: '10.1'
retentionInterval: 'PT1H'
scriptContent: scriptContentEndpoint
arguments: join(map(items(scriptArgumentsEndpoint), arg => '-${arg.key} ${arg.value}'), ' ')
}
}
There is a reason I am not disabling pulicNetworkAccess from the bicep. I have another post about that.
Upvotes: 0
Views: 113
Answers (1)
Reputation: 7805
Powershell module can't find subscription when a bicep kicks it off
I do agree with Thomos for suggesting same point.
If you are deploying a deployment script in Bicep with API version 2020-10-01, it may require an Identity to authenticate Azure resources or the use of Connect-AzAccount inside the script. Follow the MS DOC on Developing a deployment script in Bicep.
Here is the updated Bicep script to deploy a deployment script in Bicep using the identity method.
Note: Make sure to assign the required role to identity to perform the action.
var scriptArgumentsEndpoint = {
resourceGroup: resourceGroup().name
}
var scriptContentEndpoint = loadTextContent('./disablePublicAccess.ps1')
resource scriptEndpoint 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: 'DisableendpointScript'
location: resourceGroup().location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'/subscriptions/<SUB_ID>/resourceGroups/Venkat-RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Venkat-UAM': {}
}
}
kind: 'AzurePowerShell'
properties: {
azPowerShellVersion: '10.1'
retentionInterval: 'PT1H'
scriptContent: scriptContentEndpoint
arguments: join(map(items(scriptArgumentsEndpoint), arg => '-${arg.key} ${arg.value}'), ' ')
}
}
Output:
New-AzResourceGroupDeployment -ResourceGroupName "Automation_RG" -TemplateFile "COngitive.bicep"
After executing the script, public access has been disabled.
Refer: Follow the MS DOC to use identity in Bicep.
Upvotes: 1
Related Questions
- Bicep deployment script ERROR: argument --query: invalid jmespath_type value: '"[?contains(name,'. Please refer to
- When referencing a Managed Identity from a bicep module the identity cannot be found (resource group is passed as <null>)
- Unable to change active subscription in yaml/Azure PowerShell pipeline
- Creating Azure Storage account from PowerShell giving error
- Azure Automation account Powershell Error setting context
- How to List Azure Network Security Group from all Subscription using powershell
- Azure Powershell script throwing 'Forbidden'
- Azure Powershell command cannot find my VM under my resource group?
- SAS token error in Azure
- Error trying to lock vm in Azure