问题描述
我目前正在为 Azure 自定义角色和托管标识创建 ARM 模板。我可以成功创建自定义角色和托管标识。现在我想将该自定义角色分配给该标识。我想在 ARM 模板本身中获取新创建的自定义角色的角色定义。如何获取 ARM 模板中的角色定义 ID ?
"properties": {
"roleDeFinitionId": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Authorization/roleDeFinitions/','<Your Role deFinition ID>')]","principalId": "<your-principal-id>"
}
解决方法
只需使用带有角色名称的 resourceId 函数
{
"type": "Microsoft.Authorization/roleAssignments","apiVersion": "2018-09-01-preview","name": "[guid(subscription().id,'something')]","properties": {
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions',guid(subscription().id,'<role definition name>'))]","principalId": "<your-principal-id>","scope": "[subscription().id]"
}
},