Share via

Unable to retrieve/check existing role assignments on AVD Application group using Bicep

Chitharthi Palanisamy 0 Reputation points
2024-11-11T07:53:24.22+00:00

We are facing issues while deploying role assignments on AVD Application group using Bicep.

The Bicep code assigns role assignment to the AVD App group if there are no role assignments present. It throws error if the role assignment is already present.

We wanted to check if the role assignment is present or not. If it is present, it should skip the role assignment and if not, it should assign the role assignment as mentioned in the code.

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,835 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alistair Ross 7,466 Reputation points Microsoft Employee
    2024-11-11T09:51:48.0366667+00:00

    Hi @Chitharthi Palanisamy

    Azure Resource Manager is a declarative method for deploying resources, BICEP templates being one way of building this declaration. Because of this there isn't a way of checking if something exists and if it doesn't deploy it, you need to ensure that the template is idempotent, meaning that it can be run multiple times and ensure consistent results. Ensure that the role assignment name, roleDefinitionId and principalId are the same in all deployments, and you are not generating a new name each time with a function like newGuid, This is typically what causes the error RoleAssignmentExists

    You can find an ARM template example. https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template#resource-group-or-subscription-scope

    If you still have issues, please share the template

    kind regards

    Alistair

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.