Deploy to AKS using Azure pipeline

damian esene 10 Reputation points


I'm trying to deploy to AKS using azure pipeline but I get the below error message:

Failed to set Azure permission 'RoleAssignmentId: 'xxx' for the service principal 'xxx' on subscription ID 'xxx': error code: BadRequest, inner error code: RoleAssignmentUpdateNotPermitted, inner error message Tenant ID, application ID, principal ID, and scope are not allowed to be updated. Ensure that the user has 'Owner' or 'User Access Administrator' permissions on the Subscription.

I have owner role on the subscription. The app registration I use as a service connection also has owner role on the subscription.

I also noticed that the service principal stated In the error message is different from the service principal for the app registration i created. It seems Azure pipeline is creating another SP and I'm not sure why it's doing that and not using the already created one.

Please assist.


Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,884 questions
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,466 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Manu Philip 16,991 Reputation points MVP

    As the error message says 'RoleAssignmentUpdateNotPermitted' there could be chances that the role assignment exists from a previous failed deployment. You can check this in Subscription role assignments area. I suggest you delete the entire resource group if possible, which will delete the Role Assignments too.

    --please don't forget to upvote and Accept as answer if the reply is helpful--