0

We have a requirement that needs to create a VM in a one Subscription using Image. But the image will be in another subscription. This should be done without copying or moving the image to the destination subscription. We tried the shared image gallery service in azure. This worked fine. Are there any other possibilities like RBAC. If yes, how could we achieve this?

Bhargavi Annadevara
  • 4,923
  • 2
  • 13
  • 30
user6264
  • 175
  • 1
  • 7
  • 22
  • is your image in a storage account? – Bevan Dec 04 '19 at 09:37
  • According to my research, we can use Azure Shared Image Gallery service to share image across Azure subscriptions. For more details, please refer to https://learn.microsoft.com/en-us/azure/virtual-machines/windows/shared-image-galleries#frequently-asked-questions. – Jim Xu Dec 04 '19 at 09:41

1 Answers1

3

Yes, Azure Shared Image Gallery would be the go-to service for such requirements.

Also, know that since the Shared Image Gallery, Image Definition, and Image version are all provisioned as resources in Azure, the regular/native Azure RBAC controls should work as is.

This has been detailed in the docs as well:

Using RBAC you can share these resources to other users, service principals, and groups. You can even share access to individuals outside of the tenant they were created within. Once a user has access to the Shared Image version, they can deploy a VM or a Virtual Machine Scale Set. We recommend sharing at the Gallery level for the best experience. We do not recommend sharing individual image versions. Images can also be shared, at scale, even across tenants using a multi-tenant app registration.

Hope this helps!

Bhargavi Annadevara
  • 4,923
  • 2
  • 13
  • 30
  • Is there a way to automatically share the Images to all the subscriptions in the tenant, so if a new subscription is added it should be able to access the images without explicitly giving access. – Kiran Bheemarti Jul 17 '20 at 18:13