3,267 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 33%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Thanks @Thomas Spear I wonder, when you don't use a SP, but an App Registration, how would this look like. It does not seem so straightforward. Ideas?
How to fix "AuthorizationFailed" when terraform plan?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 4%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
Zhao Mingyang (GI-DE)
30
Reputation points
Error: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '8ced9281-7ee9-4468-9fc3-2000bfc06497' with object id '8ced9281-7ee9-4468-9fc3-2000bfc06497' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/eef1fc59-c568-4c81-9557-f0396ef58714' or the scope is invalid. If access was recently granted, please refresh your credentials."
Microsoft Security Microsoft Entra Microsoft Entra External ID
Microsoft Security Microsoft Authenticator
9,247 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 21%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Thomas Spear 5 Reputation points2023-06-15T01:24:01.8433333+00:00 You'll need to assign a role to the service principal in the azure portal. In my case, I was trying to use the SP to create/update managed identities, so I had to grant it Managed Identity Contributor in the Subscription. Details can be found here (permalink: https://registry.terraform.io/providers/hashicorp/azurerm/2.31.1/docs/guides/service_principal_client_secret#3-granting-the-application-access-to-manage-resources-in-your-azure-subscription)
Sign in to comment