Wednesday, October 3, 2018

Azure Blueprints: Role Assignment

In a previous post, I started the discussion on Azure Blueprints and we built our first blueprint.  It was a simple blueprint that essentially created a set of resource groups.  In this blog post, we are going to expand on that by adding RBAC controls (or role assignments as they are called) to our artifacts.

First some of my opinions.  When setting RBAC controls, you have the option of assigning user and/or group objects to various Azure roles at a defined scope (think contributor, reader, owner, etc).  Personally, I am a big fan of Azure Active Directory, and using groups to manage memberships (and all the cool features that come with it).  This is the type of setup I like to see.



Doing things this way, in my opinion, you get the best of both world from a management perspective.  You also get a happy admin.

Image result for meme kid fistpump yah

Okay, so how do we do this using Azure Blueprints.  The first thing you will need is to pre-create the Azure Active Directory groups you want to use in your blueprints.  I would love to see Azure Blueprints be able to create these principals, but right now you can't.

Head into Azure Blueprints and find the blueprint you would like to edit.



Under Artifacts and the correct resource group, click the Add Artifact button.



Add a Role Assignment artifact type with appropriate values.


After that, save the draft and publish it to have it automatically applied.