How do we get permission to spin up resources for users?
Should we do this? Is this against AZ thinking?
As you can see in the demo we have a slight issue with permissions. I can't figure out a clean way of a user delegating the required permissions to the spawner to act on their behalf to do things like create AML instances and create File Shares. The work around is to use the Azure CLI device log in, and request that the user goes to that url and enters that code. We don't feel like this is a particularly good solution.
How do we get permission to spin up resources for users? Should we do this? Is this against AZ thinking?