Share via

Which permission is needed to view Azure Spot VM pricing history?

jsmartt 1 Reputation point
2021-07-02T15:46:26.17+00:00

When going to the Azure Portal -> Virtual Machines -> Create VM -> (select location and VM size, and check the "Azure Spot Instance" box) -> Click "View pricing history and compare prices in nearby regions", users I've given the generic "Reader" role to are seeing this:
111369-azure-error.png

Looking at the web inspector, there is an authorization error saying: "The client 'xxxx' with object id 'xxxx' does not have authorization to perform action 'Microsoft.Compute/locations/spotPriceHistory/bulkQuery/action' over scope '/subscriptions/xxxx' or the scope is invalid. If access was recently granted, please refresh your credentials."

Signing out and back in didn't help, so, I tried creating a custom role with the following properties: 

{  
  "Name": "Spot Price History Reader",  
  "IsCustom": true,  
  "Description": "View Spot VM Price History",  
  "Actions": [  
    "Microsoft.Compute/locations/spotPriceHistory/bulkQuery/action"  
  ],  
  "NotActions": [],  
  "DataActions": [],  
  "NotDataActions": [],  
  "AssignableScopes": [  
    "/subscriptions/xxxx"  
  ]  
}

Using the az CLI to create the role definition... 

az role definition create --role-definition @spot_reader.json

But the az CLI is giving me the following error:

'Microsoft.Compute/locations/spotPriceHistory/bulkQuery/action' does not match any of the actions supported by the providers.

I've tried other variations of that action, but nothing seems to work. Is there a built-in role or other action value that I can use to give my users access to view spot VM pricing history, without giving them access to create VMs?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,044 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 34,101 Reputation points Volunteer Moderator
    2025-01-18T19:01:35.3766667+00:00

    I couldn't find any documentation available for Microsoft.Compute/locations/spotPriceHistory/bulkQuery/action as a valid action in Azure RBAC permissions.

    You need to contact Azure Support for clarification about the Microsoft.Compute/locations/spotPriceHistory/bulkQuery/action permission. It might not be publically documented or available for custom roles yet.

    The Reader role should allow read-only access to most Azure resources. However, as per your issue, it seems it might not cover Spot pricing history.

    Check the "Activity Log" for any permissions denied entries when the user tries to view the Spot pricing history.

    https://azure.microsoft.com/en-us/pricing/spot-advisor/

    https://learn.microsoft.com/en-us/azure/virtual-machines/spot-portal

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.