Module 8: Assignment - 1
Tasks To Be Performed:
- Create a custom role which can view, start and stop VMs
- But should not be able to do anything else
Step 1: Define the Custom Role
-
I Open Azure Cloud Shell:
-
I Create a JSON Definition for the Custom Role:
- I define the role in a JSON file with the necessary permissions. Here’s a sample JSON that allows viewing, starting, and stopping VMs:
{ "Name": "VM Operator", "Id": null, "IsCustom": true, "Description": "Can view, start, and stop virtual machines.", "Actions": [ "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/virtualMachines/instanceView/read" ], "NotActions": [], "AssignableScopes": ["/subscriptions/SUBSCRIPTION_ID"] } - I replace
SUBSCRIPTION_IDwith my actual subscription ID.
- I define the role in a JSON file with the necessary permissions. Here’s a sample JSON that allows viewing, starting, and stopping VMs:
-
I Save the JSON Definition:
- I save the JSON content to a file named
vm-operator-role.json.
Step 2: Create the Custom Role Using Azure Cloud Shell
-
I Run the az Command to Create the Role:
- I run the following command to create the new role:
az role definition create --role-definition ./vm-operator-role.json
- I run the following command to create the new role:
Verify
Go to Subscriptions > Access control (IAM) > Roles
Success
