AKS Cluster association with Capacity Reservation Group

KK1969 306 Reputation points

We are trying to provision the AKS Cluster through Terraform. We have tried using an already provisioned Capacity reservation group (i.e., https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_clusterBlock: default_node_pool, Attribute: capacity_reservation_group_id).

Somehow getting an error which is not straightforward and unable to understand how/where the association has to be done.

Kindly provide guidance and suggest a resolution.


Code="CreateVMSSAgentPoolFailed" Message="Code="LinkedAuthorizationFailed" Message="The client '71a3b75f-212d-4532-dea1-6d21633ac4a6' with object id '71a3b75f-212d-4532-dea1-6d21633ac4a6' has permission to perform action 'Microsoft.Compute/virtualMachineScaleSets/write' on scope '/subscriptions/xxxxx/resourceGroups/rg-aksnodes-dev-01/providers/Microsoft.Compute/virtualMachineScaleSets/aks-agentpool-44442093-vmss'; however, it does not have permission to perform action 'deploy/action' on the linked scope(s) '/subscriptions/xxxxx/resourceGroups/rg-general-dev-01/providers/Microsoft.Compute/capacityReservationGroups/capgrp-dev-01' or the linked scope(s) are invalid.""

versions used: Terraform 1.5.5, AzureRM 3.65.0

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
5,935 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,551 questions
Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets
Azure compute resources that are used to create and manage groups of heterogeneous load-balanced virtual machines.
300 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. kobulloc-MSFT 17,291 Reputation points Microsoft Employee

    Hello, @KK1969 !

    Why am I getting a permissions error on my deployment?

    Based on the error provided, it appears that there are sufficient permissions for write on the aks agent pool however either permissions are missing for deploy/action on the capgrp-dev-01 capacity reservation group or the linked capacity reservation group is invalid.

    • Check your client's/service principal's role assignments and scope.
    • Confirm the capacity reservation group is valid (and intended)
    • Make sure you are using the latest version of Terraform and AzureRM

    Let me know if this is helpful or if you need additional assistance and I'd be happy to continue to troubleshoot this with you.


    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    User's image

    0 comments No comments