Share via

Programmatically create Azure Subscriptions

Nick Paramonov 51 Reputation points
2022-07-26T08:52:08.523+00:00

Helllo,

I've been browsing different frameworks and it looks like most of them - even CAF Enterprise Scale - totally skip programmatic subscription creation and I'm wondering if that's for a reason.
In our day to day operations we have to create subscriptions fairly often and I'd like to automate this process with Terraform, together with RG, Policy and a few resource creation.

I have a terraform service principal in azure AD, could you please explain what kind of access it needs, and how exactly should this access be granted for it to be able to create subscriptions in my tenant?

This article somewhat describes the process but:

  • Can it be done somehow else, besides a PUT API call?
  • What kind of role exactly does my SPN need? Here's what the article says:

PUT https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}/billingRoleAssignments/**{billingRoleAssignmentName**}?api-version=2019-10-01-preview

{
"properties": {
"principalId": "99a1a759-30dd-42c2-828c-db398826bb67",
"principalTenantId": "7ca289b9-c32d-4f01-8566-7ff93261d76f",
"roleDefinitionId": "/providers/Microsoft.Billing/billingAccounts/7898901/enrollmentAccounts/225314/billingRoleDefinitions/a0bcee42-bf30-4d1b-926a-48d21664ef71"
}
}

How do I find the billing role assignment name?

Thanks in advance,
Nick

Microsoft Partner Center API
Community Center | Not monitored
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Paramonov 51 Reputation points
    2022-07-27T08:45:43.783+00:00

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.