0

I need to use REST APIs to create, publish and assign Azure Blueprints on a Subscription level. I went through the documentation
https://learn.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-rest-api#:~:text=as%20v20180622%2D135541.-,Assign%20a%20blueprint,be%20assigned%20to%20that%20subscription.
This documentation only has APIs to create, publish and assign from Management Group level. I however changed the API calls from 

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/{YourMG}/providers/Microsoft.Blueprint/blueprints/MyBlueprint?api-version=2018-11-01-preview

to

PUT https://management.azure.com/subscriptions/{{subscriptionId}}/providers/Microsoft.Blueprint/blueprints/MyBlueprint?api-version=2018-11-01-preview

and it worked fine. I could even create artifacts using a similar way, but I'm not able to run assign command. I get 403 Forbidden The problem is, since blueprint is already defined at Subscription level, there is some change in the assign request too. Can anyone please help? Thanks

Ruthvik Ravi Kumar
  • 1
  • 1
  • Did you change the scope to subscription in the JSON body of the request? – Ken W - Zero Networks Mar 31 '21 at 10:22
  • Yes I have @Ken. The problem is that, we need Owner access to the service principal for assigning the blueprint. Every other operations can be done with default service principal access(contributor). Even deletion of blueprint can be done using contributor access. That is the reason it was difficult to figure out where I was going wrong. Yes, once I changed service principal to the one with owner access, I'm getting proper response to the request. I'm however now facing issue in the Portal. It is not getting assigned. It remains in waiting and I get timeout error after 5 mins. – Ruthvik Ravi Kumar Mar 31 '21 at 13:26

0 Answers0