ERROR: deployment failed: failing invoking action 'provision', error deploying infrastructure: deploying to subscription:

microsoft / azurechat

🤖 💼 Azure Chat Solution Accelerator powered by Azure Open AI Service

MIT License

1.14k stars 949 forks source link

ERROR: deployment failed: failing invoking action 'provision', error deploying infrastructure: deploying to subscription: #373

Closed na20aak-herts closed 1 month ago

na20aak-herts commented 2 months ago

I am trying to deploy to deploy the solution in a customers tenant using the Azure CLI but I am receiving the error below. I have owner access on the subscription so not sure why I am getting the error. Any help is greatly appreciated, thanks.

robbinsjd4 commented 2 months ago

As an Owner of an Azure subscription, you don't automatically have write access to a Key Vault; you need to specifically grant yourself this access either through Key Vault access policies or by assigning a Key Vault-specific RBAC role. Even with subscription Owner rights, these permissions must be configured directly on the Key Vault to manage its contents.

vlad-tsoy commented 2 months ago

This can also be due to Entra ID being in another subscription where you are not the owner. You must get elevated permission to access that subscription to make security changes. I have a Cloud Application Administrator role that I activate through PIM when provisioning resources or making security-related changes.

na20aak-herts commented 1 month ago

@vlad-tsoy, @robbinsjd4. Thank you both for the help, I have managed to fix it with your advice.