So I have an identity(azure AD email id) that has access to multiple subscriptions in the azure portal. when I create a service principal using that identity, it binds it to only 1 subscription and i am not able to use that service principal to access resources in other subscriptions. Do I have to create a Service principal for each subscription? I use this Service principal in a devops pipeline. I want to access resources across multiple subscriptions. But because this Service principal is associated to only 1 subscription, I am not able to do that. Should I create a Service principal for each subscription? I dont want to do that. Is there some other solution to this problem?
Asked
Active
Viewed 389 times
1 Answers
1
You can achieve this by adding role assignment to that service principal to each of the subscriptions.
Go to Azure portal, and pick each of the subscription resources. Pick the Access Control (IAM) tab, and click on "Add role assignments". Here you get the option to pick the role you can assign (for example: contributor) and in "assign access to" you pick the service principal you created that needs access to this subscription. Once you save, that service principal will have contributor access to that subscription. Repeat for each of the other subscriptions.
udayxhegde
- 311
- 1
- 6