Justin Codes

Creating a Virtual Machine Operator Role with Azure CLI

Sometimes you want to be able to create custom roles that give fine grained control over your cloud platform and environments. This can be done entirely with the Azure command line interface and it is awesome!

The example role are going to create is a role that allows a user to start and stop a virtual machine.

  1. Start by creating creating a json file on your local system called new_role.json with the following content:
    {
      "Name": "Virtual Machine Operator",
      "IsCustom": true,
      "Description": "Can deallocate, start  and restart virtual machines.",
      "Actions": [
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/virtualMachines/start/action",
        "Microsoft.Compute/virtualMachines/restart/action",
        "Microsoft.Compute/virtualMachines/deallocate/action"
      ],
      "NotActions": [
      ],
      "AssignableScopes": [
        "/subscriptions/11111111-1111-1111-1111-111111111111"
      ]
    }

2. Log into Azure through the CLI:

az login

3. Create a role definition:

az role definition create --role-definition new_role.json

4. Create a role assignment for the new role for a user:

az role assignment create --assignee user@tenant.onmicrosoft.com --role "Virtual Machine Operator" --scope /subscriptions/c72acede-d539-45d9-963d-3464ec4ddae0/resourceGroups/ExampleRG/providers/Microsoft.Compute/virtualMachines/ExampleVM

You are done!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: